Tux

...making Linux just a little more fun!

Badgeware licences, Take Two (was: Ethical Restriction)

Rick Moen [rick at linuxmafia.com]
Wed, 31 Jan 2007 20:33:16 -0800

In which I point to what I believe is the elephant in the room.

----- Forwarded message from Matthew Flaschen <matthew.flaschen at gatech.edu> -----

Date: Wed, 31 Jan 2007 22:15:46 -0500
From: Matthew Flaschen <matthew.flaschen@gatech.edu>
To: TAG <tag@lists.linuxgazette.net>
Cc: license-discuss at opensource.org
Subject: Re: Ethical Restriction
Rick Moen wrote:

> Quoting Matthew Flaschen (matthew.flaschen at gatech.edu):
> 
> [Yesterday's new MuleSource thing:]
> 
>> It still counts on every UI being able to display that exact graphic
>> (the license text even includes the graphic), which doesn't seem to
>> comply with OSD 10.
>  
> Indeed, that's a good point -- that the presence of a "user interface"
> doesn't necessarily imply a graphical user interface.  (Come to think
> of it, I'm not even sure that a GUI would necessarily always be able
> to display that particular 250 x 52 pixel GIF, either.)
> 

Their FAQ (https://mulesource.com/products/licensing.php) also has the interesting interpretation that one cannot:

* Sell any MSPL covered code
* Sell derived works of Mule
No wonder "the MPL is one of the more accepted open source licenses" (same page)...

Matthew Flaschen

----- End forwarded message -----

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Wed, 31 Jan 2007 20:30:45 -0800
To: license-discuss at opensource.org
From: Rick Moen <rick@linuxmafia.com>
To: TAG <tag@lists.linuxgazette.net>
Subject: Badgeware licences, Take Two (was: Ethical Restriction)
Quoting Matthew Flaschen (matthew.flaschen at gatech.edu):

> Their FAQ (https://mulesource.com/products/licensing.php) also has the
> interesting interpretation that one cannot:
> 
> * Sell any MSPL covered code
> * Sell derived works of Mule

Yes. You may recall I asked John Roberts of SugarCRM to explain how a very similar FAQ entry on that firm's Web pages could possibly be consistent with SugarCRM supposedly being open source -- it's still there, by the way[1] -- and Roberts completely and scrupulously ignored my question.

Isn't it funny how many of these folk suddenly become selectively unable to perceive your mail, the moment it starts including inconvenient questions?

More to the immediate point, is there anyone left on this mailing list who still doubts that the primary aim of all the "Exhibit B" addenda we've seen from these 20-odd companies (most having cloned and slightly mutated SugarCRM's clause, which pioneered the concept) is to impair commercial reuse? The MuleSource and SugarCRM FAQs say third parties _may not sell derivatives_. And MuleSource's CEO says outright that their licence's main point is to force commercial users to buy separate commercial licences![2] How much clearer could this possibly be?

Anyway, predictably, we're now seeing the beginning of Badgeware Take Two -- MuleSource yesterday, probably Socialtext in a few days or so. The new tack seems to be to try to defuse the heretofore slam-dunk OSD#10 argument (which effort from MuleSource I do appreciate, as it at least tries, and can probably be fixed in that area), but retains from Take One the "big logo with name and URL must be shoved into every user's face" notion. Which, unlike an About screen that isn't force-fed, is, as noted, _advertising, not attribution_.

By analogy: If I slip a movie DVD into my Linux iBook and launch Xine, I'm able to skip the three minutes of trailers and Interpol notices the studios want me to have no choice but to sit through (which is why the Menu and similar remote-control buttons are locked out during startup, on consumer DVD players). The badgeware companies want to mandate in perpetuity the same level of eyeball control over users -- and I'll be surprised if Socialtext's resubmission doesn't follow suit. (If I end up being pleasantly surprised, great.)

Something I forgot to address earlier. Craig Muth wrote:

> Although I think many here on the list have made valid refutations for
> many points raised by SugarCRM, I think this one still stands:
>
> > I guess they didn't notice that it's not open source.  They
> > downloaded it, accessed the source, modified it, forked it, and
> > redistributed it.  If it smells like open source and tastes like
> > open source...maybe it's open source? 

I'll bet John Roberts (and Craig Muth) would really like SATAN, then. No, not Satan; SATAN, the Security Administrator Tool for Analyzing Networks, released in 1995 by Dan Farmer and Wietse Venema. The licence is similar to that of pre-3.0 releases of Tripwire and the source-available (pre-6.0) releases of PGP: You could download the source, access the source, modify the source, fork the source, and redistribute the source.

If you weren't paying attention, you might consider those facts to constitute "smelling like open source and tasting like open source" -- and might hastily conclude that it was open source.

Until you read the licence. If you were, and were paying attention, you'd realise that Farmer and Venema had reserved most commercial rights to themselves.

Oh, John seems to have forgotten about that: You can have the right to download, access, modify, fork, and redistribute the source, and yet it might not be open source.

SATAN's still available: It's just that nobody's cared in a decade, because its licensing crippled reuse, leaving a gap into which alternatives like Nessus stepped eventually.

SugarCRM's rather softer licence -- as Ben Tilly would point out in all capital letters -- doesn't actually make commercial users UNABLE to exercise those rights. It just seeks to make them UNWILLING. (And their FAQ, of course, claims "UNABLE".)

And that, friends, is what this is really all about.

[1] https://www.sugarcrm.com/crm/open-source/public-license-faq.html  
See
https://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2007/01/30/BUGI9NR2GM1.DTL&hw=SugarCRM&sn=001&sc=1000
for Monday's article about SugarCRM having raised over $26 million in
venture capital, including $8 million from its main VC backer, Draper
Fisher Jurvetson:  Obviously, there's a heavy VC push behind them.
Board members include Josh Stein from Draper Fisher Jurvetson, Larry
Augustin of Azure Capital Partners and Medsphere (also known to some of
us from elsewhere), Mary Coleman formerly of Internet Capital Group.
The Board of Advisors includes Matt Asay, and also Andrew Aitken of
Olliance Group.  (Olliance is also a recurring thread among these 20
firms, and in general you keep seeing a lot of the same faces.)
 
[2] https://www.nicholasgoodman.com/bt/blog/2006/12/22/badgeware-ceo-to-community-buy-a-commercial-license/
-- 
Cheers,        "History doesn't always repeat itself. Sometimes it just screams, 
Rick Moen      'Why don't you listen to me?' and lets fly with a big stick." 
rick at linuxmafia.com                               --John W. Campbell Jr.

Top    Back