A Senior Microsoft Attorney Looks at Open-Source Licensing
Gomulkiewicz's argument is utterly without merit, of course, but an outsider wouldn't be able to figure out why, and that's dangerous. Here's the rebuttal. Sure, open-source licenses disclaim liability. And sure, open-source authors can't handle lawsuits. But there's a world of difference between a disclaimer of responsibility from an open-source author and a similar disclaimer made by a corporation that's trying to shove closed-source software down your throat.
Why? It's all in the nature of the deal. With open-source software, you don't need warranty protection (and indeed, it would arguably be bad faith to demand it) because you are, in principle, walking into the deal with your eyes wide open. You know what you're getting, and if you don't, you can find someone who does. Open-source licenses enable the community of users to inspect the code for flaws and to trade knowledge about such flaws, which they most assuredly do. Such licenses allow users to create derivative versions of the code that repair potentially hazardous problems the author couldn't foresee. They let users determine whether the program contains adequate safeguards against safety or security risks. In contrast, the wealthy software firms pushing UCITA are asking us to buy closed-source code that may well contain flaws, and even outright hazards attributable to corporate negligence--but they won't let us see the code, let alone modify it. You don't know what you're getting. And that's why it's not worth giving up your right to sue the bastards, if they've been negligent and stuck you with something that hurts or kills somebody.
Here's the difference, in a nutshell. Suppose you're about to get on an airplane. A nice-looking young man hands you a carry-on bag and says, "Would you please take this with you? My wife forgot it." And then, he's gone. Uh-oh, no warranty. Does the bag contain a bomb, or is it just swimsuits and underwear? If the package is wide open when he hands it to you, you're free to see what's inside ("Yup, it's just clothes.") Of course, you still shouldn't take it on the plane (who knows; perhaps some terrorist somewhere has figured out how to make explosive underwear) but you get my point: When the package is open, you're not just a powerless pawn. But what if the package is wrapped up tight, and you're told you could be sued or jailed if you tried to see what's inside? That's the deal you get from UCITA.
In sum: even without warranties, free software is a good deal because you're free to determine just what you're risking. It's not just because the package is open; it's because the openness gives you freedom. Unless you talk about freedom, you can't understand free software, and you can't correctly interpret the provisions of free-software licenses.
What's so horrible about talking about giving users freedom? Here's the "confrontational", seditious language that OSI wants to suppress (from the GNU Project's home page):
Free software" refers to the users' freedom to run, copy, distribute, study, change, and improve the software. More precisely, it refers to four kinds of freedoms for users of software:
The freedom to run the program, for any purpose (freedom 0).
The freedom to study how the program works, and adapt it to your needs (freedom 1).
The freedom to redistribute copies so you can help your neighbor (freedom 2).
The freedom to improve the program and release your improvements to the public, so that the whole community benefits (freedom 3).
And that, my friends, is what it's all about.
By keeping quiet about our principles, we're handing the likes of Gomulkiewicz the tools they need to further their aims, which are most decidedly not those of the Free Software movement or the Open Source software movement. And if you think this doesn't matter, think again. UCITA proponents will use Gomulkiewicz's argument in their effort to convince legislators to adopt UCITA's provisions--and we're all going to have to live with them.
What do you get when you bring principles back in the picture? Try this: contrary to your argument, Mr. Gomulkiewicz, the examples you discuss disclose all too clearly why the authors of closed-source, commercial programs should be held liable for program defects--unless, of course, your clients are willing to give users the countervailing freedoms that make GPL-licensed software an acceptable deal.
Gomulkiewicz, Robert W. "How Copyleft Uses License Rights to Succeed in the Open Source Software Revolution and the Implications for Article 2B", Houston Law Review, 1999, 36 (Spring 1999). Note that Gomulkiewicz expressly states that the views expressed in his article are his own, and not those of Microsoft Corporation or the Business Software Alliance.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- BitTorrent Inc.'s Sync
- The Humble Hacker?
- The Death of RoboVM
- The US Government and Open-Source Software
- New Container Image Standard Promises More Portable Apps
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide