Bobulate
Home [ade] cookies
Looking at Licenses – LLVM
November 2nd, 2009
I was surfing around — you know, the usual sequence of Slashdot, Groklaw, random linked articles — and encountered the LLVM license (actual license text). I thought I would take a moment to look at this one and compare it to other permissive Free Software licenses. Broadly speaking, the LLVM license is one that allows everything, and requires: retaining copyright notice and disclaimers, in source or in documentation, and disallow using authors names for endorsement. Compare it to the 3-clause BSD license , 2-clause FreeBSD license or the 1-clause MIT license.
A couple of comments on this license family is in order; one is that I find the MIT license a tad unclear(!) because I don’t understand how to include a copyright and permission notice that is part of a comment in a source file in the software. The intention is clear enough, I guess: put the notice in a README or at the end of the software manual, and you’re clear. It seems to me that some mention of binary distribution vs. source should have been done, if only to clarify that point.
The second is that the header of the LLVM license invites a form of poor copyright management; this isn’t the license’s fault per se, but it contains language that suggests to other developers to do things sub-optimally [[ gosh, it’s hard to pick just the right words here; “wrong” sounds more pithy, but is also more likely to annoy people into not listening at all; the point is there are best-practices ways of doing things and anything else isn’t, well .. , the best ]]. It’s the inclusion of a group of developers at the top — the “Developed by” line, as well as the “Copyright <Owner organization name>”. These are tempting to developers of community-led projects to put in non-existent organizations or poorly-defined groups like (and I’m culling these examples exclusively from KDE because I happen to have a KDE SVN source checkout here)
(c) 1996-2008 The KDE System Monitor Developers
(c) 1999-2008, The KDE Developers
(c) 2003, The KHelpCenter developers
(c) 1998-2000,2003 The KFM/Konqueror Developers
(C) 1999-2008, The Konqueror developers
Program copyright 1997-2001 The KInfoCenter Developers
The problem lies in the fact that these groups are defined if and only if you have access to information outside the sources themselves — e.g. mailing list archives or version control system history. Putting these non-existent groups in a copyright header weakens the copyright (just a little — after all, each original author is a rightsholder, regardless of whether he or she puts her name to it) and makes compliance engineering just a little more difficult. Note that putting an existing organization there that actually holds the rights is just fine: my own code in KDE SVN should read “Copyright 1999-2008 KDE e.V.” because I used a Fiduciary License Agreement to assign the rights. Again, none of this is the license’s fault per se, it’s just an easy-to-misconstrue example.
So here it would be better — for everyone, and KDE coders in particular — to follow an example that said “Copyright <year> by <name of actual author> <email address>” because that is safer from a governance standpoint in the long run. There’s no fictitious entities involved, and complete documentation of who might be a holder of copyright in the file (besides, clause 2a of the GPLv2 wants you to do this as well).
Finally, the last bit of commentary goes not to the license text but to the explanation given by LLVM for their reasons for choosing this license over the GPL — except for llvm-gcc, which is necessarily GPL-licensed because it is a derived work of gcc, which is GPL licensed itself. And it’s the use of the word “viral” that bugs me here. It’s bolded on the LLVM license webpage, and is wholly unnecessary since they manage to explain what the GPL does pretty darn well; it’s just adding a typical FUD-word to an otherwise fine page explaining a license choice (a legitimate license choice for a Free Software license done by the original authors, and hence one to be respected). A better line for that particular web page would be “any code linked into llvm-gcc (which is GPL licensed) must also be released under the GPL, as per clauses 2 and 3 of that license.” (This assumes it’s GPLv2-licensed).
Anyway, an interesting (for me, but then I like to read licenses and the reasoning behind license choices) jaunt into non-copyleft licensing territory. [[ PS. And yes, there is a 4-clause BSD license, which has the Advertising Clause; I’m not aware of a 5-clause one, but there is a 3′-clause license, the Sleepycat license, which is formatted like a BSD-style license but has a strong copyleft component. ]]
OSOL + KDE 4.3.2
November 2nd, 2009
A while back I mentioned OpenSolaris packages for KDE 4.3.2, and while strictly true, they weren’t anything to write home about particularly. Some time — and some weekends at home, which is the critical bit — has passed, leading to improved specfiles; I have not published a full package set anywhere public yet.
Main issues that were gotten out of the way: nepomuk-rcgen was crashing on runtime-linking because of bad library order. Minor compile error in kdenetwork, already committed in trunk. That gives us all the regular KDE SVN modules again, plus konversation. I haven’t tried Qt creator this time around. Remaining obvious runtime problem is Akonadi, which doesn’t find the MySQL server (in /usr/mysql/bin, but then I can’t find a way to configure that at all, and all the akonadi tools segfault on startup anyway).
In any case, one step forward, meaning it might be almost done by the time KDE 4.4 comes out.
Roundup of NLUUG Fall Conference
October 31st, 2009
Time to put down my NLUUG hat (that’s the purple one, matching the NLUUG color scheme) for this conference round and look back for a moment. It’s good to hear kind words from Sebas about the conference. They pretty much match my impressions of the whole: a conference with strong technical talks (I chaired three, on Legal aspects, Ampache and Midgard2) and a satisfied audience. The coffee was darn good — but you had to order a cappucino (after 11am) to get the full sense of artistry; Schuberg-Philis takes good care of its people. They had a nice talk on data storage tiers at the previous (spring) conference — the same conference where Ben Marin talked about libferris, so I’m happy to see him show up on planet KDE as well, now.
Kudos especially to Jos Poortvliet for filling in on short notice. I fully expect some form of revenge for that, even if the dinner and lengthy discussion about Free Software usability made up for some of it (quoth I “surely someone who drives a car has some mental model of what’s going on?” saith the usability expert “ha ha ha.”).
Thanks too to the programme committee, headed by Armijn, and to Interactie, represented by Andrea, for their dedication to the conference. As they say in Inspector Gadget: “next time” (the topic is “Systems Administration”, nice and traditional, and the call for abstracts is up if you’d like to submit a paper.)
The Economist on Clouds
October 27th, 2009
Last week’s The Economist has a leader article titled “Battle of the Clouds” and a six-page briefing “Clash of the Clouds.” It contains some interesting tidbits, such as labeling Apple’s key market “digital music”, Microsoft’s as “operating systems” (with 93% market share) and Google as “search.” Funny, I would have expected “online advertising” for the latter.
Anyway, there are two key — and somewhat contradictory — parts to the leader article. It starts off like this (edited for brevity):
The new approach has great promise. It makes life easier for consumers and cheaper, too: many cloud services are free, supported by advertising or subsidised by users who pay for a premium service. — The Economist, 17/10/2009, p. 13
I find it hard to believe that a massive shift to cloud computing — as in supporting everyone’s email and document handling — could ever be advertising supported, and the rates for maintaining massive amounts of servers for a broad slice of the population can’t be kept low for very long. Any user is going to consume a non-negligable amount of resources (electricity) in the course of a working day one the server end — that needs to be recouped.
The other end of the same leader article is headed “A storm brewing?” and touches on the issues and social implications of cloud computing. Something the FSF and FSFE have been concerned about as well. Here my feeling is that the article has done reasonably well: it mentions technological lock-in, “favour service providers who allow them to switch between services without too much hassle,” privacy implications, “most users will be happy to trade some privacy for free services,” (cue Ben Franklin) and data integrity and sustainability, “data stored in the cloud may not be safe.” Yes, those are the umbrella problems of clouds. For now, local storage and local computing are the best bet to avoid those problems and keep out of the rain.
We are out of Foz
October 25th, 2009
Well, it has been a wild four days here in Foz do Iguacu. This is the social and travel entry, with KDE and FTF related ones to follow. First off, it was fun to see old friends again — Helio in particular, and a belated congratulations to him for joining Collabora. Met many new friends, from Python Brasil, from KDE MG (not the racing car, but Minas Gerais). Heard from Ane Cecilia about her GSOC work on Plasma, watched some Gluon games, saw a bit of Rocs, and had James Italiano explain Fluid to me. All very impressive pieces of technology or innovation. Anne-Marie Mahfouf was here as well, on vacation, and we just kept having to say to various KDE-BR folk “you need to go to Akademy.” Good times.
As for the Iguacu Falls themselves, Eleanor Roosevelt was right. Four of us — Sandro, James, Anne-Marie and myself — went on saturday afternoon. There had been a heavy rain and wind storm in the morning, so there were trees down all over Foz; however, mere rain doesn’t get you nearly as wet as the swollen river thundering over the falls into the Devil’s Throat. Advice: wear sandals and short shorts, and buy the raincoat.
Going to Paraguay for shopping is a popular pastime here, so I joined in an expedition this morning. Expedition is the wrong word, since it’s a ten minute taxi ride across the Friendship Bridge. However, shopping in an area crushed by poverty feels very wrong. The contrast between the two sides of Foz is striking and uncomfortable. The Brasilian side of Foz is relatively clean and neat, and — although I have very little material for comparison — feels safe and somewhat welcoming. I know I’ll be planning for next year.
Free Software but not Open Source
October 22nd, 2009
It is possible for software to be Free Software (in the sense of GPL version 2 compatible), and yet not satisfy the requirements of the Open Source Initiative for being an Open Source license. This is an obscure corner case in the GPL, because people usually (not always) mean Free Software when they say “Open Source” — stressing a technical detail that is a prerequisite for Freedom over Freedom itself.
The relevant bit of the GPLv2 is clause 8:
8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
You could write GPLv2 licensed software whose distribution to the United States is prohibited, for instance. This clause allowing additional restrictions based on geography has not survived in the GPL version 3.
In any case, for a GPLv2 plus geographical restriction license, the problematic requirement is requirement 5, No Discrimination Against Persons or Groups, formulated as: The license must not discriminate against any person or group of persons. Clearly restricting a GPLv2 licensed product to a certain geographical area discriminates against a specific group (i.e. those outside that area).
I’m told — but have not verified — that there are also two Open Source licenses that are not Free Software (i.e. the converse of the compatibility issue pointed out here). I’m also told that they are used by one project each, so it’s not a huge burden on the Free Software community.
A Travelogue
October 22nd, 2009
What’s to say about Amsterdam – it’s too far away from my house to be convenient, and then dead boring with its shopping concourse. Even the whisky store is of little interest because it has prices comparable to the local place at home; there is no benefit to “tax-free”.
Paris Charles de Gaulle, though, is arguably worse. Most of the shops are closed at 19:00, and lights go out in parts of the terminal buildings, so it seems empty and deserted. Signposting for the shuttle bus that goes around the six terminal halls is erratic, so I ended up walking. It’s only 15 minutes from one end to the other, but again you need to search every now and then for the next sign to 2A. For those who have gone to FOSDEM by car with me, think “like Brussels, only less grotty.”
The flight with TAM from Paris to Sao Paulo was surprisingly pleasant. Not too cramped, mostly, and that’s important on a 12 hour flight. Watched some movies I otherwise would not have. Wolverine was terribly unfinished, I thought. If you know the comics perhaps it makes a little more sense, or the time jumps are dealt with better. The SFX could be described as “cheesy” at best. Ah well, at least I’ve seen an American comic-based action movie this decade.
Much better — at least until 5 minutes from the end — was Adventureland, one of those comic growing-up movies. Set in 1987, this was terribly recognizable for me. Not the drunk driving and copious use of marijuana, but the rest of the cultural setting. Billy Idol, the Cure and faux-philosophical conversations? Check. The overly feel-good ending felt tacked-on, though. That tied up one loose end that need not have been.
Anyway, Sao Paulo airport is boring like most others. I should go for a coffee. At R$ 2.90 it’s 35% of the price of an espresso in Amsterdam. Probably better coffee, too.
In about an hour I carry on to Foz do Iguacu for Latinoware. I still need to rassle up my slides, but there’s enough time for that — and it looks like a beautiful day now the sun is coming up. [[ Posted much later in the day because I fell asleep once I got to the hotel, and later the ‘net was down. ]]
Going South
October 20th, 2009
Up until today, the furthest south I had been in pursuit of Free Software was Abuja, although that was just a touchdown. I have practiced Free Software in Kano (12.1N) and in Bangalore (13.0N). Today, that barrier gets smashed as I head down to Latinoware in Foz Do Iguacu (25.5S). So that is four continents and the subcontinent (India has a special place in my heart); I have my sights set on Australia this winter, but the Antarctic will probably just not happen.
So, Latinoware. South America’s largest Free Software conference? Eight parallel tracks? I’m tremendously honoured to be giving two talks at the conference. One with my blue hat — KDE — and one with my green hat — FSFE. That’s a technical and project plan talk about what KDE is doing and where it is going, and a project management and legal talk about how Free Software projects can be run. Both topics close to my heart, and I’ll likely talk about what the FSFE does for KDE in the KDE talk and use KDE as an example in the FSFE talk. Hats can be so confusing.
In the meantime, I expect to be slightly out-of-sync with goings-on in Europe. I hope, nay, expect, the network to be better than at some conferences I’ve attended, though. See you soon (Helio, Mauricio, and others).
smbmount functionality
October 20th, 2009
Because I was futzing around with Samba yesterday, I installed smbmount (a shell wrapper around /sbin/mount.cifs). I needed to (briefly) mount a network-based NAS in order to move some files to it. I’ll reconfigure the NAS later to take either FTP (unsecure, but it is on a local wired network) or NFS — although I’m not sure it actually supports NFS. Anyway, apt-get install smbfs on a Kubuntu 9.04 box. So, who’s to be surprised when this happens:
$ /sbin/mount.cifs Segmentation fault
That is, shall we say, not an ideal response if there are mandatory parameters that have been left out. Good thing it’s Free Software, so you can see the source code and realise that the check for argc < 3 is a little late and that mountpoint = argv[2] might not be a good idea if no arguments are given. Hey, it’s worth a bug report, patch — and then hope for a release faster than when fixing Windows 7 SMB bugs 🙂
SMB2 Security
October 19th, 2009
While looking to install smbclient on my laptop this morning to talk to some devices on my home network, I was pointed at a security advisory regarding SMB2. It’s about a known defect the SMB2 implementation on Windows 7 — kind of interesting to have pre-release security defects publicised already. The FSFE’s statement is here, and you can find English-language Heise coverage here.
The intermediate work-around — isolate Windows machines from the Internet with a good firewall — is good practice anyway. Do not let SMB traffic escape from your local network.