Slashdot Mirror
The Open-Source Detector
McDutchie writes "With open-source related lawsuits on the rise, a
market is developing for automated tools that detect the presence of open-source code within larger
application development environments.
Palamida Inc.
stepped in with IP Amplifier 3.0,
essentially a search tool and a database that consists of more than 38 million
of the most commonly used open-source files. Something Google-inspired called
CodeRank is claimed to match code against the database. Hmm...
maybe
someone should run it on
this,
or even
this." Of course, some open source code is perfectly welcome in commercial software, even if that software's code is not itself open; it's no secret or surprise that Microsoft, for instance, has taken advantage in some products of BSD-licensed code.
appears to be the whole point of this tool anyway.
This tool is meant for commercial software companies to use, to ensure that they are not mistakenly using GPL code in their programs. It is not for open source developers to find misuses of their own code.
You have confused Open Source with GPL. There is nothing wrong with using Open Source in applications as long as the license permits it.
Why should Microsoft be singled out for it? Expecially when we had people taking GPL'ed code and selling it as closed source...
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
Usually the key to things is not the actual implementation used, but the algorithm behind it. This tool can't possibly ensure that some binary wasn't made by someone who looked at the open source version, and just reimplemented the same ideas. There are so many different ways of doing the same thing that this would be trivial. All this does is mean that someone who wants to use GPL code in their closed project must change a few stylistic things around. Open Source software, OTOH, is open to a much higher level of scrutiny, since anyone can see exactly what is going on underneath the hood. It will still be fun to run it against old software though ;-)
Talk about paranoid.
Okay, I can appreciate the need to protect your intellectual property, but what sort of a control freak will go through megabytes of files to work out if some guy may have used a few lines of your code?
I thought the RIAA was overly protective of their rights, but it seems the open source commuity feels exactly the same way.
"Mistakenly using GPL code"? How can anyone use GPL code on accident? You downloaded a tarball, you extracted it, you opened it in a text editor, you copied and pasted the code. And then you tell your boss that you did that "on accident"?
Can anyone explain this to me?
The whole advantage of open source is you are not tied to the whims of the original developer.
This seems to be a resurrection of an old attack strategy, pretend that open source is such an burdensome onerouse license that you have to hunt open source code down like a virus.
Its not something to be encouraged!
The whole concept of code seems to scream "Some will be the same". Very basic things will look very similar between several things and with the current "justice" system and ignorance of most people this is going to screw OSS.
I just think it's pathetic that we live in an era where people trying to do something nice gets stabbed in the back for it..
I like muppets.
This sounds more like an auditing software. It looks like this tool would allow you to scan an existing codebase to check for the existence of open-source code nuggets. Considering the licensing minefields that exist today, it's probably a good thing for a release manager to do before a "release to production". This is especially so because a lot of developers routinely copy-paste code from the net and usually don't read the license accompanying the code.
IMHO, this is quite an innovative tool, and would save a release or a project manager a lot of headaches in terms of legal compliance.
How can a perfectly acceptable use of BSD code (BSD code in non-OSS projects) be abuse ?
The BSD goal is good code, not open code.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Except decrypting the code before running it takes significant portion of CPU time, effectively making the "open source alternatives" much faster. Hiding, obscuring, obfuscating, all that creates a lot of overhead...
And of course it can be done by examining the memory dump instead of executable file. It must be decrypted to run.
Anagram("United States of America") == "Dine out, taste a Mac, fries"
Maybe you farmed it out to Elbonia, and got back thinly-veiled rip of some Free Software code.
Glad to know im not the only one worrying about this.The tool has an anual use fee in the tens of thousands , now the only people using this are not going to be companys who worry that GPL code may slip in(most will have a fairly good clue if it has and not want it publicised) its going to be people who want to try and make some money with patent litegation.
The only things certain in war are Propaganda and Death. You can never be sure which is which though
No one licence -- BSD, GPL, other oss, or any of the closed source licences -- are always ideal. Anyone who thinks there is one true licence isn't very smart. Advocate what is appropriate.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
For the submitter to assume that Microsoft has GPL code is nothing short of trolling. Internally, Microsoft has a strict policy against GPL code. And by the tons of good programmers they have, it is ludicrous to suggest that they need GPL code anyway. The core Windows kernel, IIS, .NET,etc are so different from their OSS counterparts that it would be impossible to import algorithms, let alone code.
As for the BSD code, that code has been in the kernel for over a decade. AFAIK, that code has been rewritten and changed several times. They can't change the external characteristics as that would break backwards compatibility.
On the other hand, what I would like to know is how many OSS projects reverse engineer Microsoft products to implement functionality. It doesn't matter whether Microsoft's EULAs are moral or not - once you agree to one, you are legally and morally bound to follow it.
Don't like it? Dont use MS products.
Did anyone notice that the Firefox popup blocked notification changed to look like the IE 6 SP2 blocker?
...seriously, have you looked at how well people respect copyright? Do you expect employees to cease being human when they walk in the door? All it takes is one worker to "download a tarball, extract it, open it in a text editor, copy and past the code", then tell his boss the task is done.
Kjella
Live today, because you never know what tomorrow brings
Tell me, when someone at work says "Boy, it's a real monkey on my back" do you find yourself wondering why there is no monkey behind them?
-Eric
SJW: Someone who has run out of real oppression, and has to fake it.
The GPL is less free than BSD because it does not grant the licensee as many freedoms.
No, the GPL is more free because it does not permit anyone to take away anyone else's freedom. Say I write some GPL code. You are free to use it, modify it, sell it if you want, but you may not tell any later user or developer that they can't enjoy the same freedoms you have enjoyed.
Scenario 1: Person A writes some GPL code. Person B uses it and modifies it, and releases the code. Everyone else is free to use that code as they wish, as long as they don't try to restrict anyone else's rights.
Scenario 2: Person A writes some BSD-licensed code. Person B uses it, modifies it and starts selling it as a shrink-wrapped product. All his users are restricted by EULAs. They can't have the source code, they can't legally share the program, and they're stuck if B discontinues the product.
In which scenario do you think the licensees have more freedom? It's free as in liberty, not free as in 'free ride'.
#define struct union
Note however that the TCP/IP work was done under a DARPA grant, paid for by the US government, so it is not only legal, but even moral right for Microsoft to use this code.
Not only that but whenever I've been present when someone has asked the people who wrote the code if it's OK for Microsoft to use it, they didn't say "we can't stop them", they said "we want them to use it".
I don't see how you can possibly come up with a more ethical or moral justification for it than that.
The reason I said "regardless of whether you think it is good or bad" was to ignore discussions such as this.
It is very simple: the BSD license is more free, because it grants more freedoms.
Yes, to take this to its logical extreme means that anarchy is maximum freedom. No, this would not be a good thing; but by trying to argue that the GPL is more free (when you should have said that it is better for the user of Person A's software) you have already accepted that unlimited freedom isn't such a good thing anyway.
Because the GPL spreads out to affect more than just the GPLed code that was originally introduced and its subsequent modifications.
this tool can help you to make sure you change just enough the stolen implementation so that the tool won't detect the similarities, giving you an approval stamp without too much work :)
Sneak teach kids Algebra using a game
I hear this argument a lot, and it's got one fatal flaw -- you cannot use GPL code legally without opening your source.
Correct.
This line of argument seems to be along the lines of "of course you can use GPLed code - just don't get caught", and it's always worried me. Correct me if I'm wrong, I frequently am!
No, that's not what it means. What it means is that the penalties and consequences of violating the GPL are not automatically that your source code itself falls under the GPL. In fact, placing your code under the GPL after the fact is not even sufficient as a legal remedy--it is simply not relevant to anything.
By analogy, if you park in a no-parking zone, the penalty and consequence is not automatically that your car gets towed; maybe you'll get a fine or maybe your car gets disabled instead. And it certainly isn't sufficient for you to say "my bad" and just drive away--you still got a ticket and will have to pay that.
How the copyright holder and how the courts deal with you if you violate the GPL depends on your behavior and on your product. You seem to think that forcing a company to GPL its code is the worst thing that can happen to it if they violate the GPL, but that's not true. On the other hand, that may be too severe a consequence. Either way, changes to the license of the code that was used to violate the GPL after the fact simply aren't relevant to the legal issue of the GPL violation. The only way they may enter is part of a voluntary negotiated settlement, if the copyright holder on the GPL'ed software agrees to accept that as a remedy.
No, that's not the point of the argument, the point of the argument is that illegally using GPL'd code is no different than illegally using proprietary code that you haven't properly licensed - it's a copyright violation, plain and simple.
Some people try to paint the GPL as even more dangerous by claiming that unlike proprietary code where you'd only have to pay damages, the GPL would force you to open up all your code and "take away" all of your "intellectual property".
The point isn't that corporations would be deliberately using code that they don't have a right to use, the point is that a large enough corporation can never trust all of its employees.
But you're just parroting the Microsoft line. They didn't make hardware cheap - the Apple2, C64, and a host of other computers were cheaper than any IBM clone you could buy for quite a while. Did Microsoft make the IBM clones cheaper? No, they charged for what had always been free in the PC world - an OS, that made computers more expensive.
They didn't make the office suite mainstream, that was already happening. Sure, it kept happening while they were around, but it's not like they made something happen that wouldn't have otherwise.
OLE and similar technologies aren't bad, but they're nothing the market wasn't exploring at the time. Apple's OS does the same things.
As for the IDE, they do release the most popular, but that's a function of market share. They didn't invent it - the first I used was Borland C in the early 90s and it was a pale copy of what commercial IDEs were on big iron. As for mainstreaming rapid application development... whoa - where to start?
And I'll take issue with your taking issue with my comment on prices. Microsoft's sole price advantage has always been working on commodity hardware. Arguably this is Intel's doing - the cross licensing they did to be a military supplier and the "clone" market this caused made the x86 the defacto standard. Microsoft just rode the cheap Taiwanese hardware market.
Sure, many Microsoft products are now cheap, and many people who couldn't have had an office suite in the 80s now have one, but they'd have one on whatever hardware and OS existed - every type of product Microsoft makes was already around on other platforms. It might have been WordPerfect or Appleworks, but they were already around in the mid 80s and seem to
You simply miss the perspective you'd have gained if you watched the PC revolution unfold instead of listening to Microsoft tell the story.
Seeing as how Microsoft hasn't brought us anything that other companies wouldn't have bought (likely with less criminal actions involved), their anti-open source policies, and their format and licensing lock-in, I stand by my statement that a PC is more costly today and the market worse off than it would have been if Microsoft hadn't become an OS monopoly and illegally leveraged that into market share dominance in other areas.