lrosen (attorney Lawrence Rosen) writes with a response to an article that appeared on Opensource.com late last month, detailing a court case that arose between Versata Software and Ameriprise Financial Services; part of the resulting dispute hinges on Versata's use of GPL'd software (parsing utility VTD-X, from Ximpleware), though without acknowledging the license. According to the article's author, attorney Aaron Williamson (former staff attorney for the Software Freedom Law Center), "Lawyers for commercial software vendors have feared a claim like this for essentially the entire 20-odd-year lifetime of the GPL: a vendor incorporates some GPL-licensed code into a product—maybe naively, maybe willfully—and could be compelled to freely license the entire product as a result. The documents filed by Amerprise in the case reflect this fearful atmosphere, adopting the classically fear-mongering characterization of the GPL as a 'viral' license that 'infects' its host and 'requires it to become open source, too.'" Rosen writes: I want to acknowledge Aaron's main points: This lawsuit challenges certain assumptions about GPLv2 licensing, and it also emphasizes the effects of patents on the FOSS (and commercial) software ecosystem. I also want to acknowledge that I have been consulted as an expert by the plaintiff in this litigation (Ximpleware vs. Versata, et al.) and so some of what I say below they may also say in court. Read on for the rest (and Williamson's article, too, for a better understanding of this reaction to it). An important take-away: it's not just the license that matters.
Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
Apache is behind a huge percentage of the world's websites, and the Apache Software Foundation is the umbrella organization that provides licensing and stucture for open source projects ranging from the Apache Web server to Apache OpenOffice to small utilities that aren't household names but are often important to a surprising number of people and companies. Most of us never get to meet the people behind groups like the Apache Software Foundation -- except today we tag along with Tim Lord at OSCON and chat with Apache Software Foundation Executive Vice President Rich Bowen -- who is also Red Hat's OpenStack Community Liason. (Alternate Video Link) Update: 07/30 22:23 GMT by T : Note that Bowen formerly served as Slashdot sister site SourceForge's Community Manager, too.
An anonymous reader writes "Now that freshmeat.net / freecode.com doesn't accept any updates, I wonder how the Slashdot crowd gets news about new projects, and even new versions of existing projects. For project managers, where could you announce new versions of your project, so that it can reach not just those who already know the project. Freshmeat / Freecode had all the tools to explore and discover projects, see screenshots (a mandatory feature for any software project, even with only a console interface or no interface at all) and go to the homepage of the project. I subscribed years ago to the RSS feed and sometimes found interesting projects this way. You could replace these tools by subscribing to newsletters or feeds from the projects you follow, but that doesn't cover the discovery part." And do any of the major development / hosting platforms for Free / Open Source projects (GitHub, Launchpad, or Slashdot sister-site SourceForge) have tools you find especially useful for skimming projects of interest?
jones_supa (887896) writes It's been a while since a new ScummVM release, but version 1.7.0 is now here with many exciting features. New games supported are The Neverhood, Mortville Manor, Voyeur, Return to Ringworld and Chivalry is Not Dead. The Roland MT-32 emulator has been updated, there is an OpenGL backend, the GUI has seen improvements, AGOS engine is enhanced, tons of SCI bug fixes have been applied, and various other improvements can be found. This version also introduces support for the OUYA gaming console and brings improvements to some other more exotic platforms. Please read the release notes for an accurate description of the new version. SCUMM being the language/interpreter used by many classic adventure games.
Jim Hall (2985) writes "In a June 29, 1994 post in comp.os.msdos.apps on USENET, a physics student announced an effort to create a completely free version of DOS that everyone could use. That project turned into FreeDOS, 20 years ago! Originally intended as a free replacement for MS-DOS, FreeDOS has since advanced what DOS could do, adding new functionality and making DOS easier to use. And today in 2014, people continue to use FreeDOS to support embedded systems, to run business software, and to play classic DOS games!"
LeadSongDog (1120683) writes The venerable Freecode site has today gone static, blaming low traffic. No new content is being accepted, but they continue to serve existing content. They recommend projects consider moving to Sourceforge. Probably obvious, but Freecode/SourceForge/Slashdot share a corporate parent.
Daniel_Stuckey (2647775) writes "Following broad security scares like that caused by the Heartbleed bug, it can be frustratingly difficult to find out if a site you use often still has gaping flaws. But a little known community of software developers is trying to change that, by creating a searchable, public index of websites with known security issues. Think of Project Un1c0rn as a Google for site security. Launched on May 15th, the site's creators say that so far it has indexed 59,000 websites and counting. The goal, according to its founders, is to document open leaks caused by the Heartbleed bug, as well as 'access to users' databases' in Mongo DB and MySQL. According to the developers, those three types of vulnerabilities are most widespread because they rely on commonly used tools. For example, Mongo databases are used by popular sites like LinkedIn, Expedia, and SourceForge, while MySQL powers applications such as WordPress, Drupal or Joomla, and are even used by Twitter, Google and Facebook."
X10 (186866) writes "I use Truecrypt, but recently someone pointed me to the SourceForge page of Truecrypt that says it's out of business. I found the message weird, but now there's an explanation: Truecrypt has received a letter from the NSA." Anyone with a firmer source (or who can debunk the claim), please chime in below; considering the fate of LavaBit, it sure sounds plausible. PCWorld lists some alternative software, for Windows users in particular, but do you believe that Microsoft's BitLocker is more secure?
Several readers sent word that the website for TrueCrypt, the popular disk encryption system, says that development has ended, and Windows users should switch to BitLocker. A notice on the site reads, "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. ... You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform." It includes a link to a new version of TrueCrypt, 7.2, and provides instructions on how to migrate to BitLocker. Many users are skeptical of a site defacement, and there's been no corroborating post or communication from the maintainers. However, the binaries appear to be signed with the same GPG key that the TrueCrypt Foundation used for previous releases. A source code diff of the two versions has been posted, and the new release appears to simply remove much of what the software was designed to do. It also warns users away from relying on it for security. (The people doing an audit of TrueCrypt had promised a 'big announcement' soon, but that was coincidental.) Security experts are warning to avoid the new version until the situation can be verified.
We're thankfully long past the days when an emailed Word document was useless without a copy of Microsoft Word, and that's in large part thanks to the success of the OpenOffice family of word processors. "Family," because the OpenOffice name has been attached to several branches of a codebase that's gone through some serious evolution over the years, starting from its roots in closed-source StarOffice, acquired and open-sourced by Sun to become OpenOffice.org. The same software has led (via some hamfisted moves by Oracle after its acquisition of Sun) to the also-excellent LibreOffice. OpenOffice.org's direct descendant is Apache OpenOffice, and an anonymous reader writes with this excellent news from that project: "The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 170 Open Source projects and initiatives, announced today that Apache OpenOffice has been downloaded 100 million times. Over 100 million downloads, over 750 extensions, over 2,800 templates. But what does the community at Apache need to do to get the next 100 million?" If you want to play along, you can get the latest version of OpenOffice from SourceForge (Slashdot's corporate cousin). I wonder how many government offices -- the U.S. Federal government has long been Microsoft's biggest customer -- couldn't get along just fine with an open source word processor, even considering all the proprietary-format documents they're stuck with for now.
rjmarvin (3001897) writes "Two Princeton computer science students have created an open source platform for developing voice-controlled applications that are always on. Created by Shubhro Saha and Charlie Marsh, Jasper runs on the Raspberry Pi under Raspbian, using a collection of open source libraries to make up a development platform for building voice-controlled applications. Marsh and Saha demonstrate Jasper's capability to perform Internet searches, update social media, and control music players such as Spotify. You need a few easily obtainable bits of hardware (a USB microphone, wifi dongle or ethernet, and speakers). The whole thing is powered by CMU Sphinx (which /. covered the open sourcing of back in 2000). Jasper provides Python modules (under the MIT license) for recognizing phrases and taking action, or speaking when events occur. There doesn't seem to be anything tying it to the Raspberry Pi either, so you could likely run it on an HTPC for always-on voice control of your media center.
New submitter brondsem writes: "Today the Apache Software Foundation announced the Allura project for hosting software development projects. Think GitHub or SourceForge on your own servers — Allura has git, svn, hg, wiki, tickets, forums, news, etc. It's written in python and has a modular and extensible platform so you can write your own tools and extensions. It's already used by SourceForge, DARPA, German Aerospace Center, and Open Source Projects Europe. Allura is open source; available under the Apache License v2.0. When you don't want all your project resources in the cloud on somebody else's walled garden, you can run Allura on your own servers and have full control and full data access." (SourceForge shares a corporate overlord with Slashdot).
Former chairman of VA Software and venture capitalist, Larry Augustin, co-founded VA Research in 1993 and was one of the driving forces behind the creation of Sourceforge. VA bought Andover.net in 2000, acquiring a number of media sites, including Slashdot. He serves on the board of several companies and is currently the CEO of SugarCRM. Larry has agreed to take some time and answer your questions about the world of venture capital, open source software, and surviving the dotcom bubble. As usual, ask as many as you'd like, but please, one question per post
enharmonix writes "I have a big decision to make. I am probably going to buy a laptop that I will primarily use for music. I would prefer an OEM distro so I don't need to install the OS myself (not that I mind), but I have no preference between open- and closed-source software as an end-user; I just care about the quality of the product. There are two applications that I absolutely must have: 1) a standard notation transcription program with quality auditioning (i.e., playback with quality sound fonts or something similar, better than your standard MIDI patches) that can also accept recorded audio in lieu of MIDI playback, and 2) a capable synthesizer (the more options, the better). If there's software out there that does both 1 and 2 in the same app, that's even better. I've played with some of Ubuntu's offerings for music a few years ago and some are very good, though not all of them are self-explanatory and the last time I checked, none of them really met my needs. I am not so worried about number 2 because I think I could pretty easily develop my own in .NET/Mono, which I think would be a fun project (which would be open source, of course). I am a Gnome fan so if I go with Linux, I will almost certainly go with standard Ubuntu over Kubuntu, but Gnome seems to rule out Rosegarden which was the best FOSS transcription software out there the last time I checked. The other solution I've thought of is to just shell out the $600 for Finale, which I'm more than willing to do, but I'm not so sure I want Windows 8 and I'm just not sure I can afford to go with a Mac on top of the $600 for Finale. I don't intend to put more than one OS on my laptop, either. Any slashdotters out there dabble in composing/recording, using MIDI, sound fonts, recorded audio, and/or synthesizers? What setup of hardware/OS/software works for you? Can FOSS music software compete with their pricier closed source competitors?" The KXStudio apps installed over Debian or Ubuntu tend to be pretty nice (better session handling that gladish provides at least).
First time accepted submitter hughbar writes "I live in a London suburb that has many activities and classes, yoga, IT [of course], running, art, assorted volunteering and many others. With the help of the local council, we'd now like to make a centralised, searchable database of these, with a number of helpful features: Easy to make submissions, otherwise the whole thing will always be out of date; Web accessible [obviously] but mobile phone friendly as well; Maybe, publish and subscribe, so people can 'subscribe' to yoga listings for example; Handles repeating events, like a classical web calendar; Maybe, can be consolidated with nearby events calendars. I'm aware of MRBS and WebCalendar, but I'm wondering whether there are other suggestions, especially as this is a useful social application. And, yes, I'd like it done with open source, then we can tailor it."
Their website's "About" page says, under the headline, "Our Big Mission": "The Eye Tribe intends to become the leading provider of eye control technology for mass market consumer devices by licensing the technology to manufacturers." Their only product at the moment is a $99 development kit ($142.50 with shipping and VAT). Some people may want to say, "This is old news. Wasn't there an open source project called Gaze Tracker that was originally developed to help handicapped people interact with the world?" Yes, there was. The Eye Tribe is an outgrowth of the Gaze Tracker research group, which is still going strong and still offers its software for free download (from SourceForge) under an open source license. The company's funding comes in large part from a government grant. In the interview (below), The Eye Tribe CEO Sune Johansen notes that they have just started shipping their development kit, and that they hope to start selling an eye control kit for tablet computers to the general public before long, but he doesn't want to commit to a specific shipping date because they don't want to sell to end users until "...we have enough applications out there so that it makes sense for the consumers to buy it directly."
An anonymous reader writes "The recent report of X11/X.Org security in bad shape rings more truth today. The X.Org Foundation announced today that they've found a X11 security issue that dates back to 1991. The issue is a possible stack buffer overflow that could lead to privilege escalation to root and affects all versions of the X Server back to X11R5. After the vulnerability being in the code-base for 23 years, it was finally uncovered via the automated cppcheck static analysis utility." There's a scanf used when loading BDF fonts that can overflow using a carefully crafted font. Watch out for those obsolete early-90s bitmap fonts.
In 1990, a development studio called Toys for Bob created a game called Star Control, a fun little space combat game with a bit of strategy added in. In 1992, they released Star Control 2, a full-blown space adventure RPG, which became one of the seminal works of early PC gaming. (Later open-sourced and released for modern systems.) After that, creators Fred Ford and Paul Reiche III lost control of the franchise to Accolade, who botched Star Control 3 and eventually abandoned the series. Last July, Stardock, the studio behind Sins of a Solar Empire, acquired the rights, and they're now discussing their plans to resurrect the classic series. They'll be using Star Control 2 as a template and an inspiration for all aspects of the game, though they won't be using any of the IP from Star Control I & II. They've also contacted Ford and Reiche and will try to hold true to their creative intentions. (The two currently run an Activision game studio, so they won't be involved with the new game.) Production will begin this winter.
jones_supa writes "A month ago there was worry about Kdenlive main developer being missing. Good news guys, Jean-Baptiste Mardelle has been finally reached and is doing fine. In a new mailing list post by Vincent Pinon, he says he managed to find Mardelle's phone number and contacted the longtime KDE developer. It was found out that Mardelle took a break over the summer but then lost motivation in Kdenlive under the burden of the ongoing refactoring of the code. Pinon agreed that there are 'so many things to redo almost from scratch just to get the 'old' functionalities'. The full story can be read from the kdenlive-devel mailing list. After talking with Jean-Baptiste, Vincent has called upon individual developers interested in Kdenlive to come forward. Among the actions called for is putting the Git master code-base back in order, ensuring the code is in good quality, provide new communication about the project, integrate new features like GPU-powered effects and a Qt5 port, and progressively integrate the new Kdenlive design."