01.27.08
Posted in FUD, GPL, Security, HP, FOSS, Rumour at 2:29 am by Roy Schestowitz
Accusations against H-P and Palamida seem baseless
It wasn’t long ago that McAfee and InformationWeek were both harshly (and rightly) accused for spreading GPL fear [1, 2, 3]. This was not appreciated. It is actually worth reminding ourselves of speculations and predictions of a McAfee-Novell tie-up because Novell too was caught using FUD to market itself.
“Empty allegations are used against Hewlett Packard (H-P) and Palamida and we wish to present them here in order to make some clarifications.”On the other hand, some baseless accusations are flying about at the moment. Having been in touch with some of the parties involved, we wish to debunk FUD (or just lies) about FUD that never was. Empty allegations are used against Hewlett Packard (H-P) and Palamida and we wish to present them here in order to make some clarifications.
Let us start with H-P. Just the other day, when H-P introduced a set of services and tools that assist tracking of software and licensing, Dana Blankenhorn accused rather than thanked.
The Hewlett-Packard open source strategy is becoming clear.
Fear the source.
I’m certain HP officials will disagree with that. But when your press release is headlined, ” HP Promotes Open Source Software Governance with New Initiative,” there is no other conclusion to draw.
Your big company can’t go into open source alone. It’s dangerous out there. Here, hold our hand.
PJ disagrees with this, as do I. “HP is trying to do something very good with Flossology. I totally support it,” she says.
Why would anyone try to show just the negative side-effect (and yes, we’re sometimes accused of doing this as well)? Maybe because it stands out from the crowd and because ZDNet bloggers can be rewarded for provocations. Regardless of the issue at hand, H-P did make either an observation or a complaint back in 2005 (maybe 2006) when it said there were too many open source licences. But coversely, In this newer case, there is an attempt to address the issue, not just raise it. We should be happy. We should be thankful. And here were have the latest report from Palamida (published on Friday) which heralds to the world that GPLv3 finds love. This is good news, not bad news. Project evolve successfully.
The GPL v3 growth for this week is consistent with our average growth rate. As of January 25th, the GPL v3 count is at 1579 GPL v3 projects, up 44 projects over the past week. The LGPL v3 list is growing slowly but steadily and is currently at 150 LGPL v3 projects, as compared to last weeks number of 148 LGPL v3 projects.
At least one person claimed to have found flaws in Palamida’s work. Here is what one of our readers had to tell to us before we heard from Palamida (it’s reverse-chronological):
[Anonymised:]
I have been visiting Palamida GPLv3 site and I think they are doing a great job at tracking the license adoption, and their statistics can be very useful to counter the established proprietary software oligopolies’ and the mainstream tech media’s FUD machine.
But today I have been warned by Pieter Hitjens about the following: I copy-paste the conversation about recent statements made in the palamida gplv3 site (gplv3.palamida.com -which redirects to –> gplv3.blogspot.com)
[Pieter:]
http://gpl3.blogspot.com/
This site looks like it’s promoting GPLv3 but in fact it looks like subtle anti-GPLv3 FUD. E.g.:
“In the case of putting a GPL v3 project under a commercial license as well, there is high potential to violate the terms of the GPL v3. This is not to say that any of the aforementioned projects are or are not
in violation of the license, since our analysis of the terms are not yet complete, but caution should be used if a project is under both the GPL v3 and a commercial license.”
What they are saying, I think, is that GPL projects that do not have a clear copyright centralization cannot easily be re-licensed. However they don’t state this clearly, and they are not publishing my comments on the blog.
-Pieter
[Anonymised:]
as somebody who has gotten note of Palamida very early after GPLv3 was released and I’ve got a bit of contact with actual GPLv2->v3 conversions, I can say this:
Palamida, the owner of this blog (it’s advertized in the banner on the top of the blog) is a company who’s business is software risk management, so it’s the business of marketing at this company to show what risks may be there and that risk is increasing.
It is increasing, because GPLv3 makes things indeed a bit more complicated by the simple fact that it is a successor of GPLv2.
The only long-term solution to that which I see is to convince as many free software developers that licensing under “GPL v2 only” is a __very__ bad idea.
I think you guessed right that they may suggest that companies might want to buy services from Palamida, to improve legal security in software distribution.
What I see, rather looks like research which gives great information of the GPLv3 adoption, and no clear FUD.
[Anonymised:]
I see clear FUD, in this respect.
Dual-licensing is in fact a very strong argument for using GPLv3 but it depends on clear centralization of copyright. Projects like 0MQ - see www.zeromq.org - are careful to demand copyright assignments and/or MIT licensing from all contributors. For these projects, dual licensing is essential. This statement:
“This is not to say that any of the aforementioned projects are or are not in violation of the license, since our analysis of the terms are not yet complete, but caution should be used if a project is under both the GPL v3 and a commercial license.”
Is really bad. It suggests that we have to wait for Palamida to give the green light on whether it’s safe to use 0MQ. That’s very misleading and designed to create business for Palamida by exaggerating the complexity of the GPLv3 and ignoring the key role of copyright ownership.
If a company owns its code, how can it be in violation of the GPLv3 by dual-licensing its own code? That’s pure FUD, and worse, it brings into question one of the key business models for new smart FOSS businesses.
[Anonymised:]
Care if I forward your message to Pamela Jones (groklaw) and Roy Schestowitz (boycottnovell) so they alert about the issue. Think the palamida guys, who are doing a great tracking of projects adopting the GPLv3 should be aware as well. And of course the FSF/FSFE
[Pieter:]
Forward away, of course. Tracking GPLv3 usage is fine. Throwing fear and uncertainty onto other businesses to try to create extra business is not fine.
-Pieter
Shared with implicit permission, the above is intended to at least show the arguments that were thrown into this debate, which we believe is resolved by several factors.
For starters, PJ says: “I don’t agree they are doing that [spreading fear]”. Further: “They want business, so they highlight problems without telling you the solution, because they want business, but that isn’t, to me, exactly the same thing as FUD, although it can have a similar effect.”
Our reader adds: “Up to now, their work at tracking GPLv3 project has proven nice and useful to counter quite a lot of FUD […] I think Palamida at least should publish Pieter’s comments. If they don´t do it after a while, “someone” should be pointing at the problem. Of course making clear that the tracking of GPLv3 projects is nice and useful.”
We received a response from Palamida quite quickly and it was very convincing. Judge for yourselves however:
I can say with 100% honesty that no, Palamida does not resort to FUD to sell our services. However, we do point out what can happen if you don’t know what you’ve got in your code base, which is a reality, and it’s what drives a lot of lawsuits and insecure apps. It’s just something people want to avoid and we’re here to help organizations figure it out so they can get it right. There is a subset of folks (including you) that know what the heck is going on and would vet and check you code, versions, and licenses ahead of time. Funny though that very large organizations often do not, or possibly can not, because of their size and geographically dispersed team of developers. These are the folks who have the Top 5 Most Overlooked OS vulnerabilities (and many more but let’s stick with 5) and don’t know it.
So in general, our message and mantra has always been “Know What’s In Your Code.” It’s a message that shouldn’t be considered FUD, because not knowing has very real consequences (can anyone say Busybox?).
Since H-P came under similar unjustified scrutiny we brought up this issue, which quite expectedly revealed sympathy:
In general, we like HP but here’s something to think about. Back at the beginning of Palamida, folks used to ask us, “Why wouldn’t I just use Google Code Search instead of paying for Palamida?” Our response was always that
they certainly could use Google if they only wanted a skim the surface view of what was going on in one single segment (say, JBoss code). However, our expertise coupled with the depth and breadth of our code base (which weighs in at 3 Terabytes) could give you a little more (to put it mildly). So I personally feel the same about FOSSology. This is my singular opinion, it’s a fantastic tool but it answers only one of the many, many questions people need to be asking (take a look at the blog we just posted Friday) about: what code are you using? What version? What license is it under? Is it secure?
How often is the FOSSbazaar updated? What does it include? What are its rates of false positives or irrelevant search matches? How comprehensive is it? Who has tested it? Would you bet your eBanking system security on it?
That sort of thing.
This hopefully resolves the issue, at least for those who were involved in a blame game. Censorship (aka “selective approval”) of comment was probably the main reason for going this far. We never delete comments in this Web site and only a single abusive reader has his comments flagged (still truly visible) for repetitive abuses even against other readers. Transparency brings better answers than censorship, which we last complained about just an hours ago (ODF/OOXML). █
Permalink
Send this to a friend 
View as PDF
12.09.07
Posted in Formats, Microsoft, Windows, GNU/Linux, Novell, Office Suites, GNOME, Standard, OpenDocument, Open XML, Ecma, Rumour at 12:43 am by Roy Schestowitz
Speculation: shill tactics and OOXML Web ‘extension’
Doug Mahugh is said to be getting a “new horse”. Microsoft continues to use various individuals to push forward its OOXML agenda.
You see how humilation works at Microsoft: You get the guys that preserve an independent mind in charge of propaganda for broken specs and let them keep a big smile about standardization torture. Smile, not laughter.
An anonymous reader sends us a pointer to an interesting comment that Miguel de Icaza has just left. He participates in a discussion in Brian Jones’ own blog. From de Icaza’s comment:
The work that was done by Jody Goldberg while at ECMA had a much higher quality as he was actually trying to implement the specification.
[…]
So I applaud Brian’s work (driven for whatever business reason) that allows third parties (and in this case, free software users) to interop better with their software.
Yes, well done Microsoft. Congratulations on luring in GNOME developers (and until recently — a former GNOME Foundation President) who praise or at the very least re-implement your proprietary formats, which are slightly more XML-structured now. XML does not mean open. Interoperability is not open standards but a case against them.
Watch the last comment about proprietary IE capabilities getting integrated with Microsoft Office [PDF] and get a load of this new Internet Explorer 8 shocker. It has just landed in a few Web site with contextual remarks suggesting that Microsoft might already have intentions to ‘extend’ the World Wide Web (once again).
IE8
Don’t ask what it’s going to fix. Ask what it’s going to break… And I’m not even kidding :
” I do realize that there is a new engine, there is some other information, and this information is not being made public — we are being asked not to talk about it ” — Molly Holzschlag
Remember that Outlook 2007 had its rendering engine replaced at the last minute. This surprised (and annoyed) quite a lot of people. The Office rendering engine is not the same as that which you find in Internet Explorer. .NET, XAML and other issues return to one’s mind. Here are some previous posts that we wrote on this topic:
Related and external references:
Permalink
Send this to a friend View as PDF
11.03.07
Posted in Novell, Asia, Rumour at 6:21 pm by Roy Schestowitz
Yesterday we mentioned a rumour which talked about 1,100 jobs to be axed at Novell. This aligns with Matt Asay’s inside knowledge about 20-25% of the workforce possibly being cut.
As reported and confirmed by the press, 250 jobs were recently moved to India. It is not the only story, however, because the EFYTimes has just revealed some equally discouraging stories from India itself.
The buzz is that, as part of this reorganisation, top shots at Novell India have moved out including Revathi Kasturi, managing dierctor, Novell India. And now Sandeep menon, the ex-IBMer who was heading Linux sales, will head the entire Indian sales team/operations.
[…]
Sources indicate that the new team is now going to totally focus on Linux-related products and services, while all other products like GroupWise, etc. will be sold only when the customer demands. It is still to be seen what role Novell’s ‘colonial cousin’ Microsoft played in this earthquake.
Left with Novell:
Sandeep Menon, head, Novell’s sales operations in India
Nishant Verma, head, government and telecom
Rahul Krishna Gupta, linux business
Dr PK Mishra.
Left novell
Revathi Kasturi, managing director
Jayant Rastogi, director channels
Amit Nagar, director channels
Amit Bhatnagar, BSFI and manufacturing
Shashi Kapoor, director, government and telecom.
Why has Novell been so quiet in the past week? This comes shortly after a rumour that many more may lose their jobs.
Novell made a real moronic move with that ‘deal’ — a deal with its predatory rival. Not only has it hurt everyone else that sells Linux, but it hasn’t helped Novell, either.
It’s the employees that are now being punished as a whole, due to the poor management, which apparently received hidden personal benefits. We want the old Novell back — the Novell that used to sell and promote Linux (without the FUD) back in 2005.
Permalink
Send this to a friend View as PDF
06.03.07
Posted in Microsoft, Deals, Rumour at 10:02 pm by Roy Schestowitz
Moments ago I spotted a shocking item in my feeds reader. It suggests that Xandros and Microsoft got together to establish a ‘protection racket’ deal. The link, however, is broken, indicating that the article was probably retracted. A quick search reveals another such observation. What is going on? GPLv3 is already resolving these problems. Are Microsoft on a last-minute shopping spree? We are relieved that Linspire didn’t cave, but what is the truth about Xandros? It seems too early to tell, but a Novell-type deal seems like a possibility, unless the article was retracted due to inaccuracy (or fabrication) of information.
Article headline: Microsoft Gives Xandros Linux Users Patent Protection
Excerpt: Redmond has signed a set of broad collaboration agreements with Linux provider Xandros that include an intellectual property assurance.
Update: whether this is true or not, I was finally able to find one site that had grabbed a portion of the text before it was removed.
Redmond has signed a set of broad collaboration agreements with Linux provider Xandros that include an intellectual property assurance.
Microsoft, shrugging off licensing moves to prevent it from repeating its controversial patent deal with Novell, has signed a set of broad collaboration agreements with Linux provider Xandros that include an intellectual property assurance under which Microsoft will provide patent covenants for Xandros customers.
These covenants, which are almost identical to the patent agreement and covenant not to sue that Microsoft signed with Novell last November, will ensure that the Xandros Linux technologies customers use are compliant with Microsoft’s IP, David Kaefer, Microsoft’s General Manager for IP and Licensing, told eWeek
The collaboration agreements between Microsoft and Xandros, which are valid for five-years and will be announced June 4, also cover a set of technical, business and marketing commitments designed to give customers enhanced interoperability and more effective systems management solutions, he said.
Under the agreement, Microsoft and Xandros will focus on five primary areas over the next five years: systems management interoperability, server interoperability, office document compatibility, sales and marketing support, and IP assurance.
This looks eerily similar to Novell’s deal, sans the exchange of money and patents. Also worth mentioning is the following educated guess:
Based on eWEEK’s now-disappeared headline, it sure looks like Xandros may have gone the Novell route and signed a patent-protection deal with Microsoft. (The other possibility is eWEEK believed Xandros was ready to sign on the dotted line, but didn’t. My educated guess is there is a deal and eWEEK jumped the gun in publishing the “exclusive” story. Guess we’ll find out for sure in a few more hours.)
Permalink
Send this to a friend View as PDF
05.15.07
Posted in Microsoft, Novell, Deals, Patents, Rumour at 11:55 pm by Roy Schestowitz
Here is a funny contradiction (among several, including a very recent one).
We have three options here:
- Microsoft may be changing the story it tells;
- Novell is simply not being honest;
- or it is just a case of flawed journalism
Let us have a look. Microsoft tells its story to ComputerWorld in the article which is aptly titled “Analysis: Microsoft patent claims hint at internal issues”.
Horacio Gutierrez, Microsoft vice president of intellectual property and licensing, said that although Microsoft won’t discuss specific patents publicly, it has discussed them in private with companies like Novell Inc.
The story suggests that Microsoft did discuss the patents with Novell, possibly showing them these 235 patents which they wave. Have a look at Novell’s stance and Novell’s side of the story.
While providing numbers is new, the claims that violations exists are not new. In response to similar Microsoft claims back in November, we put out an open letter from our CEO, Ron Hovsepian, that states our position on this issue. That position hasn’t changed.
Here is another contradiction.
Microsoft executives had previously told Computer Business Review that the company had not carried out a detailed patent assessment before reaching its patent covenant agreement with Novell.
So, is Mr. Horacio Gutierrez lying to enhance the level of FUD? Or is it just poor reporting?
Permalink
Send this to a friend View as PDF
Highlight: Novell was the first to acknowledge that Microsoft FUD tactics had substance. Novell then used anti-Linux FUD to market itself. 
Highlight: Xandros let Microsoft make patent claims and brag about (paid-for) OOXML support. 
Highlight: Linspire's CEO not only fell into Microsoft arms, but he also assisted the company's attack on GNU/Linux. 
Highlight: Microsoft craves pseudo (proprietary) standards and gets its way using proxies and influence which it buys. 
Highlight: The invasion into the open source world is intended to leave Linux companies neglected, due to financial incentives from Microsoft. 
Analysis: Xen, an open source hypervisor, possibly fell victim to Microsoft's aggressive (and stealthy) acquisition-by-proxy strategy.