Archive for the ‘Modern Life’ Category

Some thoughts on Licensing vs Copyright

Monday, September 5th, 2005

IANAL. This stands for: I Am Not A Lawyer. It doesn’t stand for “I (am) Anal”, although if you took a cross-section posts starting with that acronym you might be hard pressed to prove it either way. A lot of the people who like to argue about legal issues are very “detail oriented”.

Also, please note that I am not involved in the project, and have no insider knowledge at all.

I saw an announcement recently on the OSNews feed about (hereafter OOo) becoming LGPL only, (Sun is dropping SISSL license). I was curious about exactly how “open” OOo is, so I spent a few minutes reading the FAQ. Specifically this item. A while back I had to deal with some similar issues involving another large computer company, so I expected to see what I saw.

It’s really common sense from Sun’s point of view (or any other company that wants to protect their intellectual property). When you contribute code back to the project, you’re asked to sign a JCA (Joint Copyright Assignment). This allows Sun to maintain a copyright for all the code in the OOo project. This still leaves the owner with the copyright over his contribution, but frankly that doesn’t do them much good. The FAQ points out that this allows Sun to more effectively defend the copyright against infringement, but the FAQ doesn’t point out that this also allows Sun to stop licensing OOo under the LGPL. Sun could make it closed source, or license it only under some new license instead.

The previously released versions would still be modifiable under the rules of the LGPL (there is no provision for revoking the existing licenses), but new additions from Sun would not need to released under the LGPL.

Sun asks contributors to sign a JCA in order to have their contributions integrated into the main OOo branch of the source. But there is nothing that prevents anyone with enough time and energy to establish their own web site with a version of the OOo software that doesn’t require the Sun JCA to be signed.

Also, there is nothing to prevent Fred Flintstone from taking the gcc source (or any other GPL or LGPL source), starting a primary branch, and only accepting deltas after the contributor has assigned joint copyright to Fred Flintstone Inc. Of course, this wouldn’t do much good because so much of the gcc source code is NOT covered by a Fred Flintstone Inc copyright. So FFI wouldn’t be able to relicense the code in its entirety under a different license.

To be fair, I actually do believe that having one entity have a copyright for an entire work does make defending that work in court much easier. Sun has reason to be worried about such infractions, given our experience with Microsoft and Java. I believe that Sun has no intentions in the foreseeable future of making OOo closed source, or relicensing it, for the simple reason that it doesn’t make sense in the market. If we tried to, someone would just take a snapshot, make their own branch and start accepting deltas.

One thing this arrangement does enable that is more realistic is for Sun to take all or part of OOo and use it as part of a commercial product which is not open source. For example, the Star Office product, which Sun licenses for a modest fee.

The point of me writing all this was just that it might be something you hadn’t thought of before. Copyright is essentially a kind of intrinsic ownership of code, and unless you assign that right, you own all the code you write. Licensing doesn’t give away ownership. Licensing sets the rules by which you allow others to use your code.

Computer Science thought for the day:
“It is amazing what you can accomplish if you do not care who gets the credit.”
Harry S Truman

Technorati tags:


Monday, May 23rd, 2005

A trust network is the only thing that is safe against marketing.

Any individual person who becomes popular enough as an expert on a particular topic, will normally be commercialized into a product which can be sold. At that point you have to start looking at where they get their “corporate donations” from in order to interpret what they say.

How do I tell if an music album is good? I can find a forum, and look for what people have written about it. How do I know if the people writing about it know what they’re talking about? Well I can try to guess based on how they write, and what they say.

But maybe they know a lot about blues and jazz, and for some reason they decide to review a rock album? I’ve been playing around with Orkut recently. You can hook up with people and places you know, and reveal information about your self in a controlled way to people whom you name as “friends”.

When I read a message someone wrote about an album, I want to be able to go find out about them. Do they like music? How *much* do they like music. What kind of music do they like? How old are they? Are there interests like mine? Do they like other music that I like?

On the other hand, maybe the person who posted the review was just a scammer with a temporary account trying to boost sales? It would be nice to have a way to know if that’s true.

I am hopeful that in the next 10 years the idea of federated identity (aka “single-sign-on”) will become popular. Remember the book Ender’s Game? In that fictional story (science fiction) two people who were very well known and very influential in world politics were completely anonymous. Well not anonymous really, that’s the whole point. They were pseudonymous. They were well known personalities but nobody happened to know who they were in real life. The kind of protection this can give to free speech is mind boggling.

Any loony can post his or her ideas anonymously. If they reveal facts that can be checked by others, then they might spark a debate that can turn into something real. But free speech doesn’t really work unless you have free discussion. And to do that, you have to trust someone with your identity (whether it’s a re-mailer or a website).

If we had ubiquitous PKI (public key infrastructure), you wouldn’t have to trust anyone. You create a public/private key pair, register it with a made-up name, and you can carry on conversations for years, and let people get to know you without needing to reveal your true identity. If the website you’re using gets shut down (as they often do), you can use your same identity on another web site, just by signing your messages with the same key.

The only compelling reason to sell federated identity to Joe Six-pack is by telling him he doesn’t have to remember 100 passwords anymore. But I have higher hopes. Once the software becomes standardized I expect there to be trustable “repositories” for pseudonymous identities. This will be a step in the right direction.