Are Your Licenses Compliant?
If you work with Open Source software every day, you probably do not think for a moment about license compliance. In fact, if you are not an IT manager or professional intellectual property lawyer, you might not even think about it at all. Until you get the phone call.
My last article was back in the first week of January. It was probably written over the Christmas break, before I got the phone call. It was not that I was not expecting the phone call, but I was certainly not expecting to disappear into a morass of legal discussion, code review, and debate sessions that would make Members of Parliament blanch. I was not expecting to be looking for loop holes to make my technical decisions easier or to be losing sleep wondering if we would get our product corrected soon enough to be able to get it out the door this quarter and fulfill the sales that our reps had already booked. And while the company was not blaming me per se, there was certainly a lot of focus on me and my team to clean up what was essentially a five-year-old mistake.
For a variety of reasons, I cannot go into some of the details. But let me explain the situation as best I can. The company makes a product. An appliance actually, and we use a lot of Open Source code. We also license a number of other pieces of code, both quasi-Open Source and proprietary, and bundle them all together into this appliance. One of the contracts with a piece of the quasi-Open Source code expired and we set about the task of renegotiating it. So far, not a big deal right? That was exactly what we were thinking back in the fourth quarter of last year when we started this. It rapidly went downhill. Like so many popular programs, the company we had originally signed the contract with had been bought by a larger company – actually a couple of them. So now we were not dealing with a friendly Open Source company but a group of…what’s the term? Oh, yes, flesh eating lawyers. Still, we were not really asking for much more than a renewal of the contract and more reasonable terms, because we do represent a revenue stream to them. So far, everything was good. And then we discovered that we were using the wrong binaries.
It turns out that the code existed in a licensed version and a community version. We had been using the community version. Slap!
It might have ended there, but we really kind of needed to use the software, so that meant that we had to get back on the good side. Simple, straightforward, and easy right? Just hit the Easy Button® and everything is good right? Um. No.
Again, I won’t dive into the messy details, the late nights, the impossible schedules, the lack of being able to deliver product, the yelling, the screaming, the sleepless nights, the long phone calls and of course the lawyers. I think Shakespeare might have had a point.
The moral of the story is this. Do not wait until the phone rings. Do not wait until the lawyers are sharpening their pencils. Make sure you are in good shape now. The costs -- monetary, health, and welfare -- are not worth it.
Shameless promotion: For those in the Washington, DC area, I will be presenting a talk entitled Linux and Amateur Radio: The Development Divide at the Columbia Area Linux User’s Group’s April meeting. Visit the CALUG’s website for details and directions.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide