Slashdot Mirror
The Open-Source Detector
McDutchie writes "With open-source related lawsuits on the rise, a
market is developing for automated tools that detect the presence of open-source code within larger
application development environments.
Palamida Inc.
stepped in with IP Amplifier 3.0,
essentially a search tool and a database that consists of more than 38 million
of the most commonly used open-source files. Something Google-inspired called
CodeRank is claimed to match code against the database. Hmm...
maybe
someone should run it on
this,
or even
this." Of course, some open source code is perfectly welcome in commercial software, even if that software's code is not itself open; it's no secret or surprise that Microsoft, for instance, has taken advantage in some products of BSD-licensed code.
fIRST pOST
Sounds like a lot of work when you can just type "open source" and whatever you want the code to do in google, and get a bunch of project homepages. Unless they mean to detect open-source code in a compiled executable, in which case, who cares?
...it's really a sad day for America when we require a goddamn ACT OF CONGRESS to make our DVD players work properly. ~
frist ps0t
areems is fat
Doesn't traceroute or some dos prompt network util under Windows already contain some BSD code? Why hasn't anyone gone after MS for this?
appears to be the whole point of this tool anyway.
I hope it can crack PGP encrypted libraries.
That's the next thing for the OSS thieves. Then their malfeasance will be well-nigh undetectable...
Intolerance for ambiguity is the mark of the authoritarian personality.
Maybe someone should run it on its own codebase...
Usually the key to things is not the actual implementation used, but the algorithm behind it. This tool can't possibly ensure that some binary wasn't made by someone who looked at the open source version, and just reimplemented the same ideas. There are so many different ways of doing the same thing that this would be trivial. All this does is mean that someone who wants to use GPL code in their closed project must change a few stylistic things around. Open Source software, OTOH, is open to a much higher level of scrutiny, since anyone can see exactly what is going on underneath the hood. It will still be fun to run it against old software though ;-)
Could this tool be used in reverse?
For example, one could write a bug-filled line of code, perhaps something with a buffer-overflow. This could then be matched with open-source projects and projects with buffer overflows are found. Of course, this could also be used to find vulnerabilities and so on.
what MS anti-spyware suite does, when I first installed it it labeled vnc and something else (can't remember now.. ) as spyware.. open source infection indeed..
Having inherited, and now to clean up and later to maintain a fairly big chunk (unbelievably huge, cumbersome and bloated actually, when considering what it should do) of Microsoft code at my job, I don't wonder anymore about anything concerning Microsoft products, except them reliably working. Found no OpenSource code in there though. Only loads of Microsoft technology where it isn't needed, and retarded code constructs where there is actually an appropriate standard way in the MS environment.
/. MS rant.
In private I'm all MS less for months already (after another Windows breakdown I decided it was time to part). Still have to deal at work with it though.
Ok, so here we have the standard
Just because I can imagine doing a hippopotamus, doesn't mean I'd like to do it.
Talk about paranoid.
Okay, I can appreciate the need to protect your intellectual property, but what sort of a control freak will go through megabytes of files to work out if some guy may have used a few lines of your code?
I thought the RIAA was overly protective of their rights, but it seems the open source commuity feels exactly the same way.
>Of course, some open source code is perfectly >welcome in commercial software, even if that >software's code is not itself open; it's no secret >or surprise that Microsoft, for instance, has taken >advantage in some products of BSD-licensed code.
This example (socket code) often pops up, and is often used in GPL advocacy.
Note however that the TCP/IP work was done under a DARPA grant, paid for by the US government, so it is not only legal, but even moral right for Microsoft to use this code.
Palamida charges $50,000 to $250,000 for an annual subscription to IP Amplifier. Cost depends upon the size of the customer's development environment.
That seems rather steep. Are they doing something really complicated or is this something that a well-maintained (open-source?) project could do? Of course they are storing a major amount of information (i.e. all of sourceforge/freshmeat).
This might in fact be a feature that sourceforge might want to implement (for a fee): doing a search in their database.
On the other hand, it might make more sense to check against proprietary source, data and images. They are, by their nature, harder to find.
Also: when outsourcing parts of a project, wouldn't a contract have to state explicitly conditions such as not stealing/borrowing code from elsewhere? It would be a minimum requirement that the licensing of any (sub-)code would have to fit the overall product.
see a Text Widget
There are too many things that this won't do, as already pointed out in the thread. The problem I see here is how someone, somewhere will use this tool once or twice, find something and that looks like infringing code and "AH HA! THERE is the REAL offender" taking something out of context or not understanding in full the hows or whys of how the code got there in the fist place, and run screaming to whoever will listen. There are a lot of issues surrounding Open Source code and mixing it with proprietary code. While this may help, I only fear this will create more problems.
I'm not a troll, but I play one on Slashdot.
The whole advantage of open source is you are not tied to the whims of the original developer.
This seems to be a resurrection of an old attack strategy, pretend that open source is such an burdensome onerouse license that you have to hunt open source code down like a virus.
Its not something to be encouraged!
The whole concept of code seems to scream "Some will be the same". Very basic things will look very similar between several things and with the current "justice" system and ignorance of most people this is going to screw OSS.
I just think it's pathetic that we live in an era where people trying to do something nice gets stabbed in the back for it..
I like muppets.
Just today on the way to work I was wondering what it would take to write a C pre-processor which takes as input a set of .c and .h files, and spits out a re-formatted, 'changed' version of the same sort of code .. effectively 're-writing' the OSS into something still functional, but unrecognizable from the original.
..
.. and if I had the spare time (I don't), I'd make one myself, and .. of course .. release it under the GPL.
This would be an interesting challenge, and not entirely above the capabilities of most compiler writers. With such a tool, the motivation for releasing OSS software would be decreased; OSS writers would be de-moralized, since their original code isn't being used, only the outline/framework
I'm a big fan of OSS, really. Have been for years. But I think tools such as these loom on the horizon
(Just coz.)
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
We have scanned your computer and found the following files that are in violation off corporate IP protection policy for development: /usr/include/signal.h /usr/include/socket.h /usr/include/stdio.h /opt/java/src.zip
Please remove them.
Now its wonderfull theat they help people get the most out of OSS software but i dont like the fact they are making outsourcing easier .This is not so much a problem where i live but in the USA as i understand it many people are loosing their jobs in the tech industry thanks to companys trying to save a fair bit by outsourcing to cheaper areas .
Again my second problem is there strong patent support here .It just makes me as someone who uses and contributes to OSS uneasy.(just my opinion and how i feel , not a statment of fact )
On to the legal section ,Their bussines model is basicaly that of enforcing IP rights , sure that may help us find companys abusing GPL code , but it also swings both ways and can open up a whole host of patent cases against GPL software.
Fair enough this can be usefull in this day and age , allowing you to pay them to make sure your not infringing on any patents , But this just dosn't work on 90% of the OSS projects out there , i am betting it costs a fair whack.Most people using this on OSS are IMHO going to be looking to enforce a patent case ala SCO.The potential minefield here is not fun.
Now that is alot better ,I can strongly respect what they are doing here .Still i dont like that they keep harping on about IP compliance..
I am probably just being paranoid an
The only things certain in war are Propaganda and Death. You can never be sure which is which though
Yeah maybe someone should try to run it on MS or SCO software. And if you really want to see if it works then CherryOS is then thing to run it on. But i assume you need to run it one the applications source code, if so it's hard to frame someone for using Open Source code. You'll probably have to file a law suit first, and use this tool to build some evidence.
Bits of News Giving you the latest bits.
To whomever has access to the Windows source (via their "shared source" channel or any other _legitimate_ way): please check their source.
I worked at a ruthless company. Part of the culture was to get results as fast as possible and completely ignore things like licenses, rules and laws, if it helped to make money.
We certainly would have violated the GPL in a second, given that one couldn't really prove damage to the other party (aging idealist hippies with beards who were naive enough to give away software with a silly "license").
The ripoff of commercial software was driving me nuts though -- it seemed quite wrong, esp. given that we were raking in the dough and were not paying just because we could easily avoid it through technical measures.
However, part of the "culture" was that we were so busy that we were sloppy about the misdeeds. We wouldn't have had time to cover our tracks.
Such tools would have caught us, so I'm guessing such tools will lead to finding many similar violators.
http://www.thebricktestament.com/the_law/when_to_
I wonder what would come up if they compared their own source code with GNU grep?
If the BSD liscence permits shady dealings, doesn't that show the superiority of the GPL?
Now all we need are bots to automatically scan S/W and send out C&D notices -- it would be like the perfect mirror image of the RIAA version.
70e808a22cb027cde4a6abddf6435d55
For the submitter to assume that Microsoft has GPL code is nothing short of trolling. Internally, Microsoft has a strict policy against GPL code. And by the tons of good programmers they have, it is ludicrous to suggest that they need GPL code anyway. The core Windows kernel, IIS, .NET,etc are so different from their OSS counterparts that it would be impossible to import algorithms, let alone code.
As for the BSD code, that code has been in the kernel for over a decade. AFAIK, that code has been rewritten and changed several times. They can't change the external characteristics as that would break backwards compatibility.
On the other hand, what I would like to know is how many OSS projects reverse engineer Microsoft products to implement functionality. It doesn't matter whether Microsoft's EULAs are moral or not - once you agree to one, you are legally and morally bound to follow it.
Don't like it? Dont use MS products.
Did anyone notice that the Firefox popup blocked notification changed to look like the IE 6 SP2 blocker?
Yes, actually, it would. Restricting my freedom to kill is what we call exchanging freedom for security. And BSD is more free because it places fewer restrictions on those it affects. Unless you're talking about monetary cost, in which case it's still more free, because releasing source code on a for-profit project results in a reduction of profit (effectively a monetary price on the use of GPLed code).
...it's really a sad day for America when we require a goddamn ACT OF CONGRESS to make our DVD players work properly. ~
If your app uses a single line of material (code) from a header file belonging to an LGPL library, then your app's binary code can be classified as *derived* work of LGPL based on this criteria:
.jar libaries into their java projects. So at least Apache Foundation isn't screwing over LGPL libraries.
LGPL Section 5 Paragraph 3:
'When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.'
This means it is impractical or virtually impossible to use LGPL library without the binaries of your entire application to be classified as "work that is *BASED* on the library" rather than "work that *USES* the library".
Which means commercial vendors who's software link to LGPL libraries (like c runtime on Linux) must abide by the terms of LGPL relating to derived works (not works that use the library).
Since they are not granting us patent licenses related to their binaries or rights to modify their binaries, they are literally screwing us out of rights they are obligated to provide under the terms of the LGPL.
If products like Bitkeeper linked to LGPL libraries (ie c runtime), then they cannot whine about end-users reverse engineering their product--and their EULA clause prohibiting reverse-engineering is invalid. And even if they have a patent on it, good luck to them trying to enforce it against an end-user of their now LGPL binaries. Richard Stallman is a freakin genious!!!
Prove me wrong. You cannot.
ps
This is why Apache Foundation didn't allow LGPL
you forgot to mention that this should be checked too.
To the 'Ooo Darwin is BSD!' crowd: fuck you. I bet there's a bazillion GNU lines all over OSX.
...seriously, have you looked at how well people respect copyright? Do you expect employees to cease being human when they walk in the door? All it takes is one worker to "download a tarball, extract it, open it in a text editor, copy and past the code", then tell his boss the task is done.
Kjella
Live today, because you never know what tomorrow brings
...of bribing a Microsoftie to "accidentally" include some of the Linux kernel source into Longhorn.
... but I'd SWEAR that Mac OS X has BSD code in it.
Note however that the TCP/IP work was done under a DARPA grant, paid for by the US government, so it is not only legal, but even moral right for Microsoft to use this code.
Not only that but whenever I've been present when someone has asked the people who wrote the code if it's OK for Microsoft to use it, they didn't say "we can't stop them", they said "we want them to use it".
I don't see how you can possibly come up with a more ethical or moral justification for it than that.
koders
It's good that a company is offering a comprehensive solution for this, and one that already contains lots of FOSS code.
Contrary to the company's claims of being "groundbreaking", that's not new: plagiarism detectors, code duplication detectors, etc. have been around for a while.
Reimplementation under other licenses of software under free or open source licenses is permitted. That is one of the essential freedoms of free software, and it's one way in which such source code differs from commercial source code.
With commercial source code ("community license", "shared source license", etc.), companies usually try to attach restrictions on your ability to re-implement the APIs, or even on your ability to compete with them. Sun's Java licenses are an example of such behavior.
That's why it's perfectly fine for employees to look at open source or free software, as long as they don't actually copy it into a closed source product. What you need to be scared stiff about is if your employees look at source code that is not under a FOSS license, because the risks of that are enormous.
? who moded this offtopic ... That makes no sense.
I am more paranoid daily about the influx of comerical articals on slashdot .People who say anything negative about the companys are mysteriously getting modded offtopic. I have seen this about 20 times atleast .
The above post to me seems 100% ontopic , it is about the company who runs the product , and it rightfully questions their lauralls(not their hardys though).
Im a robot your a robot , That however is a row-boat
Fine moderation work their .. offtopic my arse you idiots , it couldn't be more ontopic .
Trolls with mod points?
Or paid storys ?
this tool can help you to make sure you change just enough the stolen implementation so that the tool won't detect the similarities, giving you an approval stamp without too much work :)
Sneak teach kids Algebra using a game
They say so here:
Use the software development kit (SDK), which supports more than 1,900 UNIX APIs and migration tools (conforming to the IEEE 1003.1-1990 standard), such as make, rcs, yacc, lex, cc, c89, nm, strip, gbd, as well as the gcc, g++, and g77 compilers.
So this article got me thinking about what it would take to make a program which automatically scans binary software for OS code. I imagine it is possible but it would be an interesting programming problem.
One early thought is that you could scan for matching arithmetic operations. Walk through the assembely and keep a table of register contents/memory contents/constant loads to regenerate algabraic operations. By transforming these operations to some canonical form one could match algabraic operations from the source regardless of compiler optimization or variable renaming.
Of course there are several problems with this approach. First implemented in the obvious fashion it is horribly slow (like N^2M^2 N=binary size M=Source code files). Secondly some programs may do very little explicit algabraic manipulations. Finally common snippets of array bounds logic or pointer arithmetic may trigger false positives.
I wonder if there is a better solution?
If you liked this thought maybe you would find my blog nice too:
quickly, mod parent down as troll or flamebait, there is nothing 'Insightful' about it - it is the perfect case of a Trollish Flamebait and this sort of thing is not harmless either because he can be later quoted or referenced to. What he is talking about is paramount to applying a patent not a copyright and a GPL compatible license.
You can't handle the truth.
I've got to say, this guy Timothy who chooses these headlines has got to be the biggest Anti-MSFT FUD maker out there. Talk about unfair, biased reporting. Did Bill Gates kill your first born or something?
I'd put the source for the components out there.
... I develop code in Smalltalk. Its __always__ been open source.)
What I DO with them, my value adding application, doesn't __have__ to be open source. (Well
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
you accept that unlimited freedom isn't such a good thing anyway when you agree to the protection of the copyright (I am a rabbid copyright supporter.)
You can't handle the truth.
I know this was sort of a joke but I think we have already done better. The project manager for Caldera of the LKP project dhas indicated he is willing to testify to the fact that the LKP code in SCO used a process for development that would make it a derived work of the Linux kernel and thus subject to GPL. Sworn testimony from a former employee in a position of authority is generally more useful then output from a tool.
I don't know if you've ever considered the revenue generated from having the desktop operating system monopoly being developed in the US, but perhaps you should...
Great point, and everyone reading this should absolutely be aware that Microsoft has considered it, and the US government has considered it, and they all know about it, and it's a filter that they listen to everything you say to them about Microsoft and Open Source through.
There's a very real "he's a son-of-a-bitch, but he's OUR son-of-a-bitch" effect.
Essentially, the business model (of having development in the US or similar countries) is a failing one and, as such, if companies do not wish to find themselves disappearing - they need to adopt to the changing market or die.
Sound familiar? It's the key point made by people on here about the RIAA and MPAA's business models. If it doesn't work any more, it's time to change it.
Unfortunately it's really easy to rationalise it when you have nothing to do with that market (a la music and the RIAA) but when it starts to directly affect you (outsourcing) then the arguments become more emotional.
Avantslash - View Slashdot cleanly on your mobile phone.
Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction.
Never trust a man wearing a coat and tie!
Hey, hey, hey -- it's CopyLEFT!
Some user programs (like ftp and ping) are taken from BSD, but they're hardly big enough to be worth worrying about, IMO.
finding matching pieces of DNA in science is mostly done by comparing Pieces of the sequence you are investigating with huge databases containing all known dna sequences, and trying if the match is bigger than the initially found piece.
This method allows for naturally occurring mutations, deletions and additions. You will have to tweak some parameters (a match of 20 letters in dna is pretty significant, in code it is not) to get meaningfull results, but you will find the cases whwere somebody has done a search and replace on the variables and passed it off as his own work.
Unfortunately this method requires big clusters of computers to execute the queries quickly...
This space is intentionally staring blankly at you
For one of our second year programming assignments, our lecturer posted a bunch of example code that she used during lecture.
:D Still am! *shakes fist*
:D Google does a decent job for those who don't have access to a fancy OSS database.
It was sockets in C. The code was very poorly written, it actually contained a couple of GOTO statements. One of the files contained a typo in the commenting, so I figured... Let's google it!
And wouldn't you know it, several hundred results.
I'm not sure what I was angry at: Our lecturer not giving any indication that she didn't write the code, or not citing her sources, or giving us such crappy code to start with...
But needless to say, I was angry.
So, to tie this to the topic, nothing works better than searching for typos!
- shazow
Restricting my freedom to kill is what we call exchanging freedom for security
..it is exchanging liberty for security.
http://en.wikipedia.org/wiki/Freedom/
http://en.wikipedia.org/wiki/Liberty/
The problem is that outsourcing is to up profits not save a dying company or to change the bussiness model , half these companys that are outsourcing labour are quite profitable . . . .
,Most likely risk loosing my job.
My company for example saw a nice surge in profits last year , In-spite of it they outsourced 2000 jobs a month later and alot of my co-workers are now unemployed , the luck ones like me kept their jobs but our future is uncertain
The CEO was awarded a rather hefty Pay rise and bonus (enough to employ 10 people for two years based on average wages)
So don't use that failing bussiness model crap , ethicaly belive what you want
However the reality is that big bussiness dosn't give a flying f**k so long as they can maximise profits , there are no safe-gaurds to protect the workers.
I harbour no grudge against those who get the work , I would do the same in their position.
If we sit here and take it very soon America will suffer a brain drain or at worst a Depresion to rival that of the Great depresion.
our economy is a mess , more and more skilled work is outsourced
Very soon the only jobs in the USA will be service industrys and utilities (Things that require local workers)
The Trend is not restricted to the IT industry either.
I posts anonymously as if I posted as myself I could get in alot of trouble
yea, because everyone knows ms is nothing more than a front for a software company. Their record for stealing and crushing 'real' companies has been noted by most. This tool probably won't help find illegal activities however in their code.
:)
However, since we already 'know' that ms steals code, ideas, in violation of gpl, open source (linux specifically), copywrite and patent infringment, then it is obviouse that it is time to 'make-them' open up their code (like sco is/was trying to do) in a court of law.
This would not only help kill the evil giant, but would allow the (world) community (oss) to make it easier to switch over to software that will be more user friendly, without waiting for criminals like bill gates to stifel more advances.
I will gladly loose all of life's battles.. in order to win the war..
Does this tool presume that the binary produced by gcc would be equal to the binary produced by VC6 or VC7 or Watcom or Borland Builder?
Either this "tool" is going to have an absolutely HUGE hash table in it, or it's going to presume only one or two possible compilers
Then again, if it's going ASCII compares against the source code, GREP and it's cousins is your friend.
Ron Gage - Westland, MI
I forsee a market for companies that contract, worried perhaps that the people they hired saved time and money by dropping in a little pre-made OSS code. Yes you can have an agreement with them that makes them liable but I can easily imagine why such agreements won't let the CFO sleep well at night.
Everyone know OSS is a steaming pile of some of the shittiest code ever belched forth by retarded zealot monkeys. Go with Windows, zealots. At least then you know you're getting a quality product, and not some shitty-ass crap code written by retarded zealots. LinSux blows big hairy balls, faggots.
there is nothing wrong with outsourcing. outsourcing is in fact GREAT (my business exists soley because companies outsource stuff)
offshoring is not a bad thing. outsourcing means hiring a different company to do a task. offshoring means moving your department outside the country.
Both the same thing's one firms profit gain but in the end the workers loose out , they lose long term benefits in general .
They also lose their power of union in many areas.
Would be interesting to run this tool's code through this tool. I'm sure there's GPL'd code cut&pasted somewhere. :0)
While I think companies should be encouraged to comply with open source licenses I don't think it is in the spirit of the open source comunity to be license police. It seems like a distraction and a waste of time. I've already gotten flak from management for using GPL packages because it was unclear what this meant to our product. My manager's words were "We don't want the GPL to "poison" our software and we can't afford to hire a lawyer to be sure we are safe".
The whole license issue is getting more confusing and divisive with every passing year. I was not able to make a clear defense of my project to my manager.
I think it's a bad sign when the best that the open source community has to offer is now suspected of being "poison". I realize this is ignorance on the part of management, but it still reflects a problem with Open Source Advocates sending THE WRONG MESSAGE.
Yours,
Noah
Hehehe. I love irony...been waiting for this since the inception of thou's crusade. 'Tis the most rightous of pursuits for all to share...HEY!! Did that SOB steal our !*&#$ code!!?!?!?!
This is the distinction (once again) between freedom of the CODE (that is to say, that code itself carried rights and freedoms itself that people cannot infringe upon) and freedom of the DEVELOPER (that is to say, the developer has rights and freedoms that no code license presumes to infringe upon).
If there were no laws regarding copyright or other intellectual property, you'd effectively have all code released under public domain, to which the BSD license is very similar. That is absolute developer freedom. Person A releases some source code; Person B is free to modify that code and not release the changes; but anybody else can still use the code Person A released! Person B hasn't taken that code away from anyone.
The GPL is actually a very restrictive license in the sense that it imposes many responsibilities on people to assure that the CODE, in all of its changing forms and permutations, always remains free, at the sacrifice of some developers' freedoms (or rather, at an additional responsibility to developers). That is, not just the code that was released is still free to use, but that anything based on that code must also be free to use - it pulls MORE code into free availability, giving OTHER people more code; but in doing so, it limits what some developers can do with that code (limits their freedoms), since they may not otherwise be able or allowed to do what is required to use the GPL'd code.
To use a very loose political metaphor: BSD or public domain licenses are like anarchy (freedom of the individual from imposed responsibility); GPL type licenses are like communism (freedom of the product via imposed responsibility). Both have admirable goals in mind, and both have their flaws. Pick your poison.
-Forrest Cameranesi, Geek of all Trades
"I am Sam. Sam I am. I do not like trolls, flames, or spam."
Script:
- unpack leaking Windows Source,
1) emerge -f world or apt-get the source
2) unpack
3) run against IP Amplifier
4) reply to slashdot before the story becomes uncommentable!
A blog I run for the wealth
...and when did you stop working for Microsoft?
...(I don't DO "open"), but I happen to know of a really good free software detector.
The issue is over use of Gnu Public License (GPL) code which requires that use (beyond that permissible as fair use) of the GPL code in a proprietary (non-GPL) application used by the public requires the proprietary application's source to be released under the GPL. It is for this reason - companies wanting to keep their code proprietary - that they want to be sure they are not using GP licensed code; it doesn't matter if they use BSD licensed code.
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
I just searched the comments and found no mention of BlackDuck They have been in this business since 2002.
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
If you poke around in the win32/ and wince/ directories in the Perl source you'll find a handful of C source and header files which are:
* (c) 1999 Microsoft Corporation. All rights reserved.
* Portions (c) 1999 ActiveState Tool Corp, http://www.activestate.com/
*
* You may distribute under the terms of either the GNU General Public
* License or the Artistic License, as specified in the README file.
These came about as a result of work ActiveState did for Microsoft (remember all that unnecessary wailing and nashing of teeth about ActiveState "selling out Perl" to Microsoft?) Yes, sometimes a little Open Source work leaks out of Redmond.
What marketing BS! Use Google if you don't understand what BS stands in. So there are a series of tags in open source software that they look for to see how popular some code is? I guess they hope to have an IPO like Google, that I believe. Google searches for stuff, so there software does too, must be every bit as good.
Or it is just their marketing guy.
For a nerd like me, it was not possible to understand from their web site to figure out the basics of how they hope to solve this technical problem. It certainly isn't using tags.
It would be good if there was a way to indepependantly test this emerging market (apparently www.blackducksoftware.com was the first in these waters). An open test of both would be cool.
Come on, I'm really going to pay for this information? Yeah you know, while I'm at it I'll just pay for the BBC as well..what a joke, AND an insult.
Unfortunately it's really easy to rationalise it when you have nothing to do with that market (a la music and the RIAA)
Funny, I'd have thought that being the customers of said market made us integral to its success...