Category: Tuesday Surprise
-
A new answer to open source vs. the cloud
Some time ago, people wondered (and worried) whether the cloud will kill open source. Today we have an answer, which is: The cloud is open source, most of it anyway. So we observe a peaceful coexistence, with both community and commercial open source software working well with cloud services. However, I would like to go…
-
Should I care about license compliance of container base images?
I just received the following question: “We ship our software application as a container image built on a base image. Surely we don’t have to worry about open source license compliance of the base image, do we?” My answer is: “Of course you have to worry.” Let me explain this step by step. If you…
-
Dependency graph vs. software supply chain
The human brain is just amazing when it comes to making sense of words. Still, it helps to be precise about terms, because it reduces confusion and improves understanding. One such terminology confusion in open source is between the concepts of dependency graph and software supply chain. A dependency graph is a set of components…
-
Commercial open source: Short-term gain, long-term liability?
Commercial open-source software is open-source software that is being developed for commercial exploitation. Often, there is a single vendor behind the software (Elastic, Mongo, etc.) which tightly controls the intellectual property and the software’s roadmap (in contrast to community open source that typically has a wide range of stakeholders and broadly distributed copyright). Sadly, the…
-
Google layoffs show the perils of working in an OSPO
Companies establish open source program offices (OSPOs) to manage the company’s transition to proficiently using, contributing, and leading open source projects. Among the leaders in open source is Google, yet in its recent round of layoffs, it decimated its OSPO, including its founder and many other high caliber open source enthusiasts. While nobody knows Google’s…
-
The three levels of source code analysis and their adversaries
In our software composition analysis (SCA) projects, we have run into three ways of identifying open source code that has been added to a code base. We provide both code scanning and snippet matching services and partner with specialized experts on semantic analysis, if requested by a client.
-
A small legality in an open source lawsuit keeps us breathless
The Software Freedom Conservancy (SFC) tells us that a lawsuit of theirs against TV maker Vizio was remanded (sent back) from US Federal Court to its original California court. Yawn!? Absolutely not! What is important here is why the lawsuit was sent back. The federal court agreed with the SFC that the problem at hand…
-
The costs of a Ph.D. student year around the world
Open source has made it much easier to navigate the treacherous waters of intellectual property (IP) negotiations between academia and industry. The growing open source competence of product managers also makes it easier for companies to parcel out components and to sponsor open source projects at universities. Just how expensive is it? A German Ph.D.…
-
Surprise! Open Robotics got acquired by Google’s Intrinsic
Last week the news broke that Intrinsic, an Alphabet (Google) company, acquired the Open Source Robotics Corporation (OSRC), makers of ROS 2. ROS 2 is an open source middleware for programming robots, and by now probably the most successful platform for this. The previous owner of OSRC was the Open Source Robotics Foundation (OSRF), an…