A Senior Microsoft Attorney Looks at Open-Source Licensing
The Open Source movement has yet another fan: Robert W. Gomulkiewicz, a senior corporate attorney for Microsoft Corporation and, not coincidentally, the Business Software Alliance's top gun for the proposed UCITA reforms to commercial software licensing law.
Writing in the Houston Law Review, Gomulkiewicz (1999) argues that open-source licenses typically contain precisely the UCITA provisions that are giving fits to consumer advocates, such as the denial of any legal recourse should a consumer suffer loss, harm, or injury through use of the software. What's more, he argues, the Open Source movement's history and recent success show why the UCITA's protections are needed. When somebody like Gomulkiewicz expresses admiration for what you're doing, it's time to stop for some serious reflection. After all, this is tantamount to Darth Vader publishing an essay that praises the way the Rebellion is headed.
I'll fill in the background of what follows, but here's the main point. As Gomulkiewicz himself observes, the open-source initiative finds it expedient to downplay the "anti-commercial baggage" and "confrontational attitude" of the Free Software Foundation in general (and Richard Stallman in particular). But there's a risk. As Gomulkiewicz's work shows, this strategy can backfire by playing right into the hands of people and corporations who oppose everything our community stands for. In the end, open-source software isn't going to make sense to outsiders unless our principles are made clear from the get-go. If you're skeptical, read on; I hope you'll see why.
As you're probably aware, there's something of a split between the Free Software Foundation (FSF) and the Open Source Initiative (OSI). To trivialize a rather complex situation, the split mainly boils down to a disagreement over tactics, not principles. FSF founder Richard M. Stallman (RMS) emphasizes the principles, specifically the Software User's Bill of Rights, which I'll discuss a bit later. In contrast, OSI plays down the principles in hopes of making free software enterprises more appealing to businesses and investors. In this, OSI has succeeded quite brilliantly, as the recent wave of Linux-related initial public stock offerings demonstrates.
Does OSI really play down the principles? Take it from OSI advocate Eric Raymond. Basically, the answer is "yes". Raymond is quick to point out, though, that OSI has "never condemned RSM's principles... the real disagreement between OSI and FSF is not over principles. It's over tactics and rhetoric." And what are the gains? According to Raymond, tremendous progress: "The same press that used to dismiss `free software' as a crackpot idea now falls over itself writing laudatory articles... And the same corporate titans who dismissed RMS as a `communist' are lining up to pour money and effort into open-source development." Without disagreeing with the FSF's principles, Raymond argues, the community should reject Stallman's confrontational rhetoric. "That kind of language," Raymond concludes, "simply does not persuade anyone but us. In fact, it confuses and repels most people outside our culture... as an evangelist to the mainstream, [Stallman] has been one fifteen-year-long continuous disaster" (Raymond, "Shut Up and Show Them the Code", dated 28 June 1999).
Is Raymond right? It's quite possible that rhetorical style has had very little to do with the success of the Open Source movement. Stallman's fifteen years of putative rhetorical "disaster" were accompanied by fifteen years of arduous coding, after all. But his efforts focused on utilities, so the project didn't bear fruit until a viable, GPL-licensed kernel came along. From this view, it was the Linux kernel, not rhetoric (good, bad or otherwise), that got the ball rolling. But let's leave that aside. My question is this: What are the risks of downplaying our principles? Let's take a look at Gomulkiewicz's argument.
If you take Gomulkiewicz's article at face value, you would think he's a kindly and caring advocate for open-source software authors. Praising open-source authors for their daring, innovative new products, Gomulkiewicz notes that these brave, pioneering programmers could be put out of business for good by a lawsuit, or even the threat of a lawsuit. And that's why, he argues, that open-source licenses typically incorporate take-it-or-leave-it licensing in which the user legally assents by clicking "I agree" or by using the software; outright denial of any form of warranty protection for users; and a shift to the user of any and all liabilities for product failure as well as intellectual property infringement. These are among the provisions of UCITA that alarm consumer advocates, Gomulkiewicz notes, but open-source authors need them--and by extension, the whole industry needs them.
Shorn of free-software principles, the OSI literature provides fertile ground for Gomulkiewicz's argument. For example, open-source licenses can be made to read like a page out of UCITA. And, in Gomulkiewicz's hands, open-source advocates start sounding like they'd willingly testify on behalf of the proposed legislation. Erstwhile OSI advocate Bruce Perens is cited approvingly: "If free software authors lose the right to disclaim all warranties and find themselves getting sued over the performance of the programs that they've written, they'll stop contributing free software to the world." So it's obvious, Gomulkiewicz concludes, that we need a "contract law regime that allows revolutionaries like the open source hackers to succeed". And why shouldn't Microsoft get the same, needed protection?
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Firefox 46.0 Released
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- The Death of RoboVM
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- Open-Source Project Secretly Funded by CIA
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide