I thought I’d illustrate how I’d solve the current licensing conundrum of single-vendor open source firms like MongoDB and Elastic using some graphics. In short: While open source application vendors can still dual-license, open source component vendors (like the companies just mentioned) need to triple-license to get the benefits of open source yet keep their competitors at bay.Continue reading “Triple-Licensing Single-Vendor Open Source Components (Illustrated)”
On a lighter note, someone with a similar name to mine just used one of my email addresses to register for the Lexus Remote app. Judging by the email I got, using this email address that I own, I can register for the app and presumably do something about the car behind it. Does Lexus already offer a “summon” feature? Seems like the car is based in the U.S. so it would be good if it was amphibious.
Abstract: Almost all software products today include open-source components. However, the obligations that open-source licenses put on their users can be difficult or undesirable to comply with. As a consequence, software vendors and related companies need to govern the process by which open-source components are included in their products. A key process of such open-source governance is license clearance, that is, the process by which a company decides whether a particular component’s license is acceptable for use in its products. In this article, we discuss this process, review the challenges it poses to software vendors, and provide unanswered research questions that result from it.
Keywords: Open source licenses, open source license compliance, software supply chain, product model
Reference: Riehle, D., & Harutyunyan, N. (2019). Open-Source License Compliance in Software Supply Chains. In Fitzgerald B., Mockus A., Zhou M. (eds) Towards Engineering Free/Libre Open Source Software (FLOSS) Ecosystems for Impact and Sustainability. Springer, Singapore, pp. 83-95.
Someone on Twitter asked this question and people loved to weigh in. Most answered: “No, just get an old $200 laptop.” While not wrong, this answer misses the point. Coding, here, apparently means reading and writing code. For that, indeed, any cheap computer will do. However, being able to read and write code does not mean you will be able to build and ship systems, which is what customers pay for.Continue reading “Do You Need a Macbook to Learn to Code? (Coding vs. Systems Building)”
The other day I ran into one of the oldest software engineering tropes in the book: That software engineering should be more like work in a factory, and that developers are best equated to assembly line workers who put together a software product by assembling components to a specification. I wasn’t sure whether I should be amused or irritated. In any case, this nonsensical idea has long been debunked by Peter Naur, before it even took roots in later work by others. In Naur’s words, programming is (best viewed as) theory building, and this gets to the heart of the matter.Continue reading “Why Software Engineering is Not Like Assembly Line Work”
Abstract: Commercial use of open source software is on the rise as more companies realize the benefits of using FLOSS components in their products. At the same time, the ungoverned use of such components can result in legal, financial, intellectual property, and other risks. To mitigate these risks, companies must govern their use of open source through appropriate processes. This paper presents an initial theory of industry best practices on getting started with open source governance and compliance, focusing on private companies. Through a qualitative survey, we conducted and analyzed 15 expert interviews in companies with advanced capabilities in open source governance. We also studied practitioner reports on existing practices for introducing FLOSS governance processes. We cast our resulting initial theory in the actionable format of best practice patterns that, when combined, form a practical handbook of getting started with FLOSS governance in private companies.Continue reading “Getting Started with FLOSS Governance and Compliance in Companies (OpenSym 2019)”
As you may have noticed, the move away from approved open source licenses to commercial almost-like-open-source licenses by single-vendor-owned open source projects has created a lot of bad press for the vendors behind such software. I don’t really understand this, because for all that I can tell, a triple-licensing rather than just a dual-licensing approach could have solved their problems. Let me explain.Continue reading “Solving the Commercial Open Source Licensing Dilemma With Triple-Licensing”
I just had another discussion with a reviewer (by way of an editor) who insisted that I cite (presumably their) work buried behind an Elsevier paywall. How obnoxious can you be?
It is 2019 and there are still editors and reviewers who consider articles, which are not freely accessible on the web, published research? That’s so wrong. Such work has been buried behind a paywall. It yet needs to be published.Continue reading “Pay-walled Research Papers Do Not Constitute Published Work”
I’m happy to report that the second article in the new Open Source Expanded column of IEEE Computer was published.
|Title||Free and Open Source Software Licenses Explained|
|Keywords||Open Source Software, Licenses, Computer Security|
|Authors||Miriam Ballhausen, Bird & Bird, LLP, Hamburg, Germany|
|Publication||IEEE Computer, June 2019, pp. 82-86, vol. 52|
Abstract: This installment of Computer’s series exploring free and open source software confronts a pressing issue, free and open source software licenses: what they are, the rights they convey, and the restrictions they impose.