Slashdot Mirror
Your License Is Your Interface
dp619 writes "License-free software has become a thing. Only 14.9% of repositories on GitHub have a license, according to recent Software Freedom Law Center research. Red Monk has observed that this trend is occurring principally among younger software developers. Outercurve Foundation technical evangelist Eric Schultz has offered up his opinion, saying, 'As an active developer I want to add a slightly different perspective on the dangers of releasing unlicensed software. My perspective is based on a simple phrase: "Your License Is Your Interface."' He adds, 'A license similarly defines the interaction between the software, or more precisely the creators of the software, and users. Just like an interface, a license defines intended behavior of users of the software, such as the four essential freedoms or the ten pillars of the Open Source Definition. Just like an interface, a license prevents unintended behavior of users of the software, which depending on the open source license, may disclaim the original author of liability for use of the software, prohibit redistribution without recognizing the original author or prohibit distribution of derivatives under a more restrictive license. When it comes to legal use and distribution of your software, your license IS your interface.'"
Eric Schultz appears to underestimate the ability of programmers to not give shit about licensing.
Lawyers want to wheedle their ways into all our lives. Ignore them, they won't go away, but it will simplify your life.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
"different perspective on the dangers of releasing unlicensed software. "
Technically, you cannot release unlicensed software. Sure, go ahead and post it to a public repository, but without an explicit license, copyright law forbids anyone else to make use of it. So you haven't really released it, just posted it out there to tease people.
If you don't want to pick one and you don't care, at least say something like "released to the public domain" to make it explicit. (This option isn't available in all countries, though.)
Most creative commons requires attribution. If you really "don't care", you should explicitly state that your software is CC0
If you're a zombie and you know it, bite your friend!
I know that posts like this always get modded down by OSS-fanatics, but it is true. If I was to write a small piece of software and wanted people to actually use it, I would never release as GPL. Every company I've worked for refuses to use GPL code, at least for some kinds of applications.
Release as BSD or similar with a warranty disclaimer and be done with it. That way it might actually be widely useful. Pretty much every industry-standard de-facto library I can think of is BSD licensed, such as openSSL. if openSSL was GPL, no one would use it.
Here's what GitHub says in their terms of service:
We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours. However, by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories.
That creates some interesting issues. When someone "forks" something, what rights do they have?
I suspect that many people not specifying a license for what they put on GitHub just assume GitHub owns everything.
Default: public domain
not in any jurisdictions that are party to the Berne Convention.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Software without a license is like a poison for everyone else. There's typically no legal risk to a developer in releasing their software, since it's likely he has the copyright. But it creates a legal minefield for anyone else who uses or modifies the software, either directly or by using software that stupidly embeds such things. At any time the developer, or his employer, could sue, and there's nothing the user could do.
Ignoring lawyers does not simplify your life. Sure, it'll simplify your life today, but only by creating potential disasters in the future. You need to think about other people, and whole lifetimes, not just think about yourself today.
If you think that copyright should only apply to software if it's marked, then work to get the law changed. It used to be that way before 1976. But it's not 1976. I suspect that the law won't get changed, really. But intentionally creating dangers for other people is a terrible, nasty thing to do.
- David A. Wheeler (see my Secure Programming HOWTO)
Except that without a license, no one can do anything with it!
At least slap a CC0 on it, or a WTFPL.
If that is your wish, release under BSD
Legally the default is all rights reserved, so putting no license means that nobody can legally distribute or derive from your code
Snowden and Manning are heroes.
Here's the other thing: without a license I can't use a copy. All software is copyrighted by default, unless there's an explicit dedication to the public domain. Absent a license, only the author of the software may make and distribute copies of it. So with no license on the software I'm OK looking at it on Github of the like, but making a copy of it onto my machine to build, use and redistribute as part of my own software is right out. I have no license from the copyright holder to make and distribute those copies. So if your software doesn't include a license? I can't safely touch it nor can I use it.
If you want to put no restrictions on reuse of your code, put it under something like the BSD or Apache license. But if you don't put it under some license, it's automatically under a license that says "You may not copy or redistribute this work, nor may you make and distribute works based on or derived from this work.".
Obscurity is a perfectly valid layer of security as long as the security mechanism's integrity is not based solely on that obscurity. Just because certain information can be made public about a security system without damaging its integrity as a whole does not mean you necessarily should make that information public. Bruce Schneier even says so himself:
Kerckhoffs' Principle is just one half of the decision process. Just because security does not require that something be kept secret, it doesn't mean that it is automatically smart to publicize it.
From: http://www.schneier.com/crypto-gram-0205.html#1
Nope, not legally. Code is automatically copyrighted in any Berne signatory country. You can not relicense a work that you do not hold the copyright to.
I know that posts like this always get modded down by OSS-fanatics, but it is true. If I was to write a small piece of software and wanted people to actually use it, I would never release as GPL. [.. blah blah..] Release as BSD or similar with a warranty disclaimer and be done with it. [..blah blah..]
Or perhaps they're modded down because anyone outside the GPL vs. BSD zealotry sees them for what they are- the tedious and inevitable tendency of fanatics on either side to steer any vaguely license-related discussion into being yet another tedious identikit rehash of the GPL vs. BSD holy war.
As I already said
Never mind that we've had this discussion countless times before and every possible debating point and issue has been raised and discussed exhaustively a million times. Never mind that the chances of any new insight coming out of the billionth tedious discussion of this long-established subject is next to nothing. Never mind that those involved on both sides feel the need to repeat the same entrenched positions- which mostly come down to personal philosophy and not an incomplete understanding of the issues (which everyone knows full well by now) and will therefore be unlikely to change in the face of the discussion... not that this was the point anyway.
No, the point is that those involved in every one of these pointless rehashes of the exact same to-ing and fro-ing and restatements of the same old facts and arguments on both sides know this damn well, but can't reign in their desire to indulge in the argument yet again.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
I think what the GP meant is that any crypto system in which the security of the data depends on the secrecy of the mechanism itself is fundamentally flawed. For example, keeping crypto keys secret is critical to security, which is why DRM doesn't work; the only thing protecting those keys from the user is the way in which the DRM code hides those keys, so as soon as that hiding mechanism is exposed, the entire scheme breaks down.
Check out my sci-fi/humor trilogy at PatriotsBooks.
If you don't want to use a real license, just use the DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE. It's one of the more permissive licenses...
I make the observation quite frequently that people who complain about the GPL never seems to realize that you can just contact the original developer and negotiate with him a different license. For a big project like the Linux kernel there is of course the problem to contact every contributor, but most projects are rather small or the copyrights are belonging to a company or organization.
So if you see a GPL code out there just think of it as a demo version, that is fully functional. If you want to take the code for your proprietary project, you can contact the developer and negotiate a different license.
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
The definition of obfuscation is to confuse, bewilder, or stupefy, or to make obscure or unclear.
In security, the normal rule is that the algorithm chosen should still be secure _even if the attacker knows what it is_.
On the other hand, passwords, crypto keys, etc. are all pieces of data that are secrets. This is a very different thing from obscure.
If GitHub made your personal interpretation a requirement for using its site at no charge, that might work. But GitHub's terms don't really make sense for what people are trying to do on it. GitHub only allows you to "view" and "fork".
Are users allowed to run the code? The answer appears to be "no". That's because under most countries' law, including the US, by default users have NO rights unless they are granted somehow. Heck, as far, as I can tell, users aren't even allowed to modify it, because you can make a fork without modifying it, and only "forks" are allowed. Now we have to dance on what a "fork" means, and the LAWYERS, not the programmers get to decide.
If you want to release software, and collaborate, great! Posting stuff without a license is not a release, it's a legal minefield.
If don't include a license, the LAWYERS decide what is allowed... not the programmers. You probably won't like what the lawyers decide.
- David A. Wheeler (see my Secure Programming HOWTO)
A better example is that "no man dies without a will". If YOU don't make one OTHER PEOPLE's Lawyers will.
The same applies to software licenses. If you are not using LAWYERS to write a license before publishing, then your ignorant not to pick an OSI-approved license. The list is long enough to be useful, and the OSI approved licenses have enough establishment legally as "reasonable and customary" "industry standards" that there is LOTS of stuff written about the technicalities and interactions that real layers have done lots of work on.
Otherwise, you are just waiting to be a victim of some corporate lawyer hijacking your stuff.
Indeed. And in fact you indirectly raise another issue - if the "original" author is so ignorant of copyright law that they "share" their code without any licensing information, then there's a fair chance that they have themselves incorporated other people's code into their work without regard to copyright restrictions, so you may be opening yourself up to legal liability for having GPLed, "shared source", or other restrictively licensed code incorporated into your software without realising it.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Everyone picks GNU GPL because they think it sounds cool, but it is toxic for people not making software they want to provide source code to.
That is 100% why I release my source code under the GPL. I'm willing to take payments in money too, but you should give back some how. No free lunch.
"First they came for the slanderers and i said nothing."
In this specific case, there's -already- a default licence that says who can do what wit software in the absence of specific permission from you. It's called copyright. It spells out clearly and unambigously what one can do, and what one needs the permission of the author to do.
The only possible source of confusion is if publishing something openly on the web constitutes implicit permission to do something more than what copyright already allows.