Open Source Adapted Bicycle Pedal Comes to the Rescue
Accessibility has always been important to designers of open source software. Now that open source has come to design, that's more true than ever, as demonstrated with this open source bicycle
Linux Action Show to End Eleven-Year Run at LFNW
Six more episodes before the popular Linux podcast, Linux Action Show, ends its nearly 11-year run in a live broadcast from LinuxFest Northwest.

Media



Jupiter Broadcasting's long-running
Dealing With Real-Life, Everyday Security Threats
No one has ever been shot by a hacker who was breaking into their computer through the Internet. Not so for thieves coming in through the back door.

Roblimo's Hideaway



I wrote a piece
Four Things a New Linux User Should Know
When you move from "that other operating system" to Linux, you're going to find that in most ways you'll be in familiar territory. However, that's not always the case. We sometimes do things a little differently
The Future of Desktop Ubuntu
With all the changes happening at Canonical, you might wonder what this means for the future of desktop Ubuntu, besides the return to the GNOME desktop.



There hasn't been this much news about a single Linux distro
Libreboot Reorganizes: Seeks to Make Amends
It appears the people developing Libreboot have done some of the hard work necessary to fix potentially toxic personal dynamics after last year's controversy, when the project removed itself from the
It's Windows Time in Linux Land Again
Using Windows. What a horrible thing to ask a Linux user to do.
February 23rd, 2017

New Open Source License Compatibility Company Debuts with a Bang

Finding compatibility issues in open source software is tedious and complex. Roblimo explains why organizations that look for compliance issues are a valuable asset to the FOSS community.

Roblimo’s Hideaway

examining code compliance compatibility

When I heard about FOSSA, my first thought was, “Don’t Black Duck and Palamida already have the FOSS license compatibility thing pretty well sewed up? Do we really need another company doing it?”

This was, of course, the question I immediately asked FOSSA founder Kevin Wang. His answer, via email:

  • Auditing tools like Black Duck or Palamida work best for things like M&A and due diligence; they were designed for those use cases to work with large detail-rich scans, bundled with human review and expert services for one-off transactions (something we’re not focusing on).

    However, we see companies hit roadblocks when they try to integrate or scale this into an ongoing workflow. It’s unrealistic to do large-scale code audits in real-time development, especially as we’re using more OSS than ever before and making releases faster than ever before (many of our customers have tried!)

    So to make OSS compliance work for an ongoing workflow, we actually had to take a completely different approach. While we do scan code, we work on top of build and code analysis rather than a registry-based approach. Then, we layered a lot more capabilities to make the tool smarter, easier and faster — ultimately to the point where you can run it per-commit during development rather than when you can afford to run, say, a quarterly code audit.

    This piece goes a little bit more in depth on what we do on top of scanning capabilities, and our feature tour at http://fossa.io/features should give a good overview of the workflow capabilities.

In the blog post Kevin links to in the preceding paragraph, he says, “Every time code is casually shared, it passes on a slew of unknown license and copyright responsibilities for every subsequent developer that uses or spreads the code. Today, developers have no easy way to see what’s inside the code they get. As more code is used/written/shared, legal obligations and risk cascade across the community. Even if your developers diligently avoid casual code sharing, they likely rely on code that doesn’t — and if they’re using a modern language/build system, their tools are automatically pulling in thousands of OSS libraries from casual developers.”

This is a good point. You don’t just need to know how the program you’re using is licensed, but about all the code and dependencies behind it (or hidden inside it). There are a lot of dubious snippets out there on code-sharing sites that may have been posted by employees somewhere who had no right to make them public. If so, and the hammer comes down on them, you don’t want it to come down on your company.

So code licensing compliance is a big deal, to the point where Kevin managed to raise seed capital of $2.2 million almost effortlessly from an impressive group of “angel” investors through world-famous Bain Capital. We have heard, from someone not authorized to tell us, that Kevin had more millions he could have had for the asking, but that he decided to take only the funding he thought he really needed, not all he could get.

Obviously, these people believe Kevin and FOSSA offer something his competitors don’t. For more about FOSSA, its investors, and what the company is up to, including some testimonials from current customers, check this press release.

Okay, (yawn) so this is yet another Silicon Valley company started by a guy so young that he’s only been legally able to buy beer for a year or two. This is true. But it’s also proof that some smart investors figure it’s worth investing in a company that will sink or swim along with FOSS acceptance, so FOSSA is part of a virtuous spiral wherein a new company wants to make it easier (and safer legally) for enterprises to use and write open souce software, which will hopefully lead to more FOSS use and creation, which will lead to more companies supporting FOSS in one way or another, and so on… until hopefully, in a rosy future, virtually all computer tasks can be performed with nothing but FOSS.

This is still a bit of a dream, but it’s a good one. Meanwhile, we’ll check back with Kevin and FOSSA in a month or two and see how they’re doing. You always get nothing but optimism during a company’s initial PR blast (disclosure: masterminded in this case by my old friend Jill Ratkevic), so the time to really find out what’s going on with a company and the market it’s in is after things have had a chance to shake down, and reality has set in. That’s when we’ll interview Kevin for real.
——————

Note to readers about free software video editing: I now have KDEnlive installed and running on Linux Mint, but the learning curve has turned out to be (let’s say)… substantial. I’ve managed to effortlessly ingest several MP4 clips, a few still images, and two MP3 audio files, which is a big deal compared to free software video editors only a few years ago. (Yay!) Now I need to scare up time to actually do some editing in KDEnlive!)

The following two tabs change content below.

Robin "Roblimo" Miller

Robin "Roblimo" Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat, Linux.com, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. He also publishes the blog Robin ‘Roblimo’ Miller’s Personal Site. @robinAKAroblimo

Comments are closed.