Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

Court Says Non-open 'Open Source' Code is False Advertising

Accepted submission by upstart at 2022-03-19 10:43:57
News

upstart [soylentnews.org] writes:

████ # This file was generated bot-o-matically! Edit at your own risk. ████

Court says non-open 'open source' code is false advertising [theregister.com]:

False advertising to call software open source when it's not, says court Strap in for a wild ride of forks, trademarks, and licensing Copy

Last year, the Graph Foundation had to rethink how it develops and distributes its Open Native Graph Database (ONgDB) after it settled a trademark and copyright claim by database biz Neo4j.

The Graph Foundation agreed [regmedia.co.uk] [PDF] it would no longer claim specific versions of ONgDB, its Neo4j Enterprise Edition fork, are a "100 percent free and open source version" of Neo4J EE. And last month, two other companies challenged by Neo4j – PureThink and iGov – were also required by a court ruling to make similar concessions.

ONgDB is forked from Neo4j EE, which in May 2018 dropped the GNU Affero General Public License (AGPL) and adopted a new license that incorporates the AGPLv3 alongside additional limitations spelled out in the Commons Clause license. This new Neo4j EE license forbade non-paying users of the software from reselling the code or offering some support services, and thus is not open source as defined by the Open Source Initiative.

The Graph Foundation, PureThink, and iGov offered ONgDB as a "free and open source" version of Neo4j in the hope of winning customers who preferred an open-source license. That made it more challenging for Neo4j to compete.

So in 2018 and 2019 Neo4j and its Swedish subsidiary pursued legal claims against the respective firms and their principals for trademark and copyright infringement, among other things.

The Graph Foundation settled [courtlistener.com] [PDF] in February 2021 as the company explained in a blog post [graphfoundation.org]. The organization discontinued support for ONgDB versions 3.4, 3.5 and 3.6. And it released ONgDB 1.0 in their place as a fork of AGPLv3 licensed Neo4j EE version 3.4.0.rc02.

Last May, the judge hearing the claims against PureThink, and iGov granted Neo4j's motion for partial summary judgment [courtlistener.com] [PDF] and forbade the defendants from infringing on the company's Neo4j trademark and from advertising ONgDB "as a free and open source drop-in replacement of Neo4j Enterprise Edition…"

The defendants appealed, and in February the US Court of Appeals for the Ninth Circuit affirmed a lower court decision that the company's "statements regarding ONgDB as 'free and open source' versions of Neo4j EE are false."

On Thursday, the Open Source Initiative, which oversees the Open Source Definition [opensource.org] and the licenses based on the OSD, celebrated the appeals court decision.

"Stop saying Open Source when it's not," the organization said in a blog post [opensource.org]. "The US Court of Appeals for the Ninth Circuit recently affirmed a lower court decision concluding what we’ve always known: that it’s false advertising to claim that software is 'open source' when it’s not licensed under an open source license."

In an email to The Register, Bruce Perens, creator of the Open Source Definition and open-source pioneer, observed, "This is interesting because the court enforced the 'Open Source' term even though it is not registered with USPTO as a trademark (we had no lawyers who would help us, or money, back then). This recognizes it as a technical claim which can be fraudulent when misused."

Perens added that it's no surprise the court disallowed the removal of copyright holder Neo4j's Commons Clause terms.

"Even though the AGPL has some verbiage that allows such a removal, licenses are not all-powerful," he said. "They are really only good for enforcing that a party is a copyright infringer if they don't follow the terms. And the copyright holder themselves can not be an infringer of a work that they own, only that of others." ®

Get ourTech Resources [theregister.com]ShareCopySimilar topics

  • Database
  • Neo4j
  • Open Source
  • Software

Broader topics

  • Oracle

Narrower topics

  • AdBlock Plus
  • App
  • Audacity
  • IDE
  • LibreOffice
  • Map
  • Microsoft 365
  • Microsoft Office
  • Microsoft Teams
  • MongoDB
  • MySQL
  • NoSQL
  • OpenOffice
  • Software License
  • SQL Server
  • Visual Studio
  • Visual Studio Code
  • Web Browser

Corrections [theregister.com] Send us news [theregister.com] Other stories you might like

  • Linux Mint Debian Edition 5 is here Whether it's Mint-flavoured Debian or Debian-flavoured Mint, it's tasty [theregister.com]

    The Linux Mint project has announced version 5 of its Debian edition, code-named Elsie.

    Linux Mint is one of the longest-running and most polished distros downstream of Ubuntu, and really took off after Ubuntu switched to the controversial Unity desktop with 11.04. Around that time, Mint 12 retained a Windows-like look and feel that later evolved [theregister.com] into the Cinnamon desktop.

    This won it a lot of converts who didn't care for Ubuntu's more Mac-like look. Even thought Ubuntu killed Unity [theregister.com] and switched back to GNOME, it's GNOME 3 – still very unlike Windows. Mint provides familiarity for the many people who feel more comfy with a taskbar, a start menu, and so on.

    Continue reading [theregister.com]

  • Google Maps just got lost for a few hours Outage tripped up web, native apps while cloud had a wobble [theregister.com]

    Google Maps Platform services went missing for a few hours on Friday as various APIs fell over.

    Around 0847 am PDT (1347 UTC), users of Google Maps Platform services began reporting problems. These surfaced on crowdsourced reporting sites like DownDetector.com [downdetector.com] and on the Maps Platform Status Page [google.com].

    "We're seeing reports of difficulties accessing some Google Maps and Google Maps Platform services," a Google spokesperson told The Register via email. "Our team is investigating and working to resolve the issue as quickly as possible."

    Continue reading [theregister.com]

  • Take this $715,000 and find security gaps in quantum computers, says NSF Yes, the ones that don't exist yet [theregister.com]

    America's National Science Foundation has signaled yet again how important it thinks quantum computing is with a six-figure grant to Penn State.

    The $715,000 grant is heading to Swaroop Ghosh, associate professor at Penn State School of Electrical Engineering and Computer Science. Ghosh plans to use the funding to close gaps in quantum computing security and create a post-secondary quantum computing curriculum.

    Despite the fact that the world has yet to build a viable one [theregister.com], or perhaps because of it, the NSF has been heavily involved in quantum computing research lately. The Penn State grant is just the latest in a series of academic quantum computing investments the foundation has made; by backing Ghosh, the US government agency again indicates it is serious about building a base of research from which a quantum future can grow.

    Continue reading [theregister.com]

  • Equinix cuts $705m check for Chilean, Peruvian datacenters Colocation giant goes on a Santiago shopping spree [theregister.com]

    Equinix is set to acquire four datacenter facilities in South America, three in Chile and one in Peru, from Chilean telecom giant Entel in a sale expected to close the second quarter of 2022.

    The deal [equinix.com] will expand Equinix's reach into Latin American countries and will require the colocation giant to shell out $705m for the privilege of doing so.

    US-based Equinix first entered Latin America in 2011. Since then, the multinational said it has invested $1.2bn in operations in Columbia, Mexico, and Brazil. "Latin America holds enormous potential, and our commitment to the region has exponentially grown since we entered back in 2011," said Equinix President and CEO Charles Meyers.

    Continue reading [theregister.com]

  • This browser-in-browser attack is perfect for phishing If you're involved in malvertising, please don't read this. We don't want to give you ideas [theregister.com]

    A novel way of tricking people out of their passwords has left us wondering if there's a need to rethink how much we trust our web browsers to protect us and to accelerate efforts to close web security gaps.

    Earlier this week, an infosec researcher known as mr.d0x described a browser-in-the-browser [mrd0x.com] (BitB) attack. It's a way to steal login credentials by simulating the little browser windows that Google, Microsoft, and other authentication service providers pop up that ask you for your username and password to continue. You've probably seen these windows: you click on something like a "Sign in with Microsoft" button on a website, and popup appears asking for your credentials to access your account or profile.

    Services like Google Sign-In will display a Google URL in the popup window navigation bar, which offers some reassurance that the login service is actually coming from a trusted company and not an unknown one. And bypassing defenses built into the user's browser to fool them into trusting a malicious page tends to be difficult in the absence of an exploitable vulnerability, thanks to browser security mechanisms including Content Security Policy [mozilla.org] settings and the Same-origin policy [mozilla.org] security model.

    Continue reading [theregister.com]

  • Cyclops Blink malware sets up shop in ASUS routers Kremlin-backed Sandworm has its VPNFilter replacement, it seems [theregister.com]

    Cyclops Blink malware has infected ASUS routers in what Trend Micro says looks like an attempt to turn these compromised devices into command-and-control servers for future attacks.

    ASUS says it's working on a remediation [asus.com] for Cyclops Blink and will post software updates if necessary. The hardware maker recommends users reset their gateways to factory settings to flush away any configurations added by an intruder, change the login password, make sure remote management access from the WAN is disabled, and ensure the latest firmware is installed to be safe.

    Cyclops Blink has ties to Kremlin-backed Sandworm, the criminal gang behind the nasty VPNFilter malware [theregister.com] that in 2018 targeted routers and storage devices. The crew also carried out several high-profile attacks including the 2015 and 2016 cyber-assaults on Ukraine's electrical grid, NotPetya in 2017, and the French presidential campaign email leak that same year.

    Continue reading [theregister.com]

  • AlmaLinux OS Foundation welcomes AMD to the fold New signups bring skills in mainframes, IT services, hosting in quest for RHEL parity [theregister.com]

    The AlmaLinux OS Foundation is pulling in new members from the world of mainframes, hosting and IT services to contribute to the project and deliver a community-supported Linux compatible with Red Hat Enterprise Linux (RHEL).

    The non-profit organization that oversees AlmaLinux [almalinux.org] said four new entrants had arrived, with AMD, BlackHOST, and KnownHost joining at the Silver Member level, and Sine Nomine Associates joining the Gold tier.

    The foundation expects the contributions from these new members to help in bring AlmaLinux closer to full parity with RHEL.

    Continue reading [theregister.com]

  • Devs of bcachefs try to get filesystem into Linux again Maturity and merging: Manageable for bcachefs? [theregister.com]

    The lead developer of the bcachefs filesystem is gunning [kernel.org] to get it accepted into the Linux kernel… again.

    The story of bcachefs is quite long-running, and this isn't the first time – nor even the first time this year [kernel.org] the project has attempted this. The filesystem has been around for a while; The Regfirst reported on it [theregister.com] in 2015. But it looks like it's getting closer to its goal.

    Filesystems are serious stuff, and getting them right takes time. As of November 2021, bcachefs gained [kernel.org] snapshot support. With the latest update, the on-disk structures have changed. This means that when you mount a volume, the driver will update the format – so you can't go back. This is the sort of issue that would hinder integration into the mainline kernel.

    Continue reading [theregister.com]

  • Exotic Lily is a business-like access broker for ransomware gangs Google's TAG details operations of prolific group, including 9-to-5 workdays [theregister.com]

    A group with links to high-profile ransomware crews Conti and Diavol is working as an internet access broker (IAB) for a Russia-linked cybercriminal gang, according to Google's Threat Analysis Group (TAG).

    Exotic Lily gains access to vulnerable corporate networks then sells that access to the highest bidder among threat groups, which then run ransomware and other attacks against the victim. The group launches large-scale phishing campaigns, at one point sending as many as 5,000 emails a day to up to 650 targeted organizations around the world.

    The group initially went after such industries as IT, cybersecurity and healthcare, but as of November 2021 it appears to be targeting a broad range of industries with a less specific focus, Google researchers wrote in a blog post.

    Continue reading [theregister.com]

  • Microsoft Visual Studio: Cluttering up developer disks for 25 years A quarter of a century can put a fair few inches on the waistline, am I right, devs? [theregister.com]

    Microsoft is celebrating 25 years of Visual Studio [microsoft.com], as devs take a moment to ponder whether another quarter of a century of Microsoft's flagship Integrated Development Environment is in the cards.

    Visual Studio was first unleashed in 1997 and marked the first time Microsoft bundled so many of its development tools in one place, including Visual J++ (more on that later) and Visual InterDev, Microsoft Developer Network (MSDN), and bundled alongside all of that, Visual C++, Visual Basic and Visual FoxPro.

    There were two editions: Professional (which came on three CDs) and Enterprise (which was loaded on four.) Compared to the stand-alone languages of the time, such profligacy seemed insane but hinted at future bloat.

    Continue reading [theregister.com]

  • ITC judge recommends banning toner imports that infringe Canon's IP Can the US market manage without them? Commission wants to know [theregister.com]

    A bunch of toner manufacturers and sellers have infringed on Japanese electronics outfit Canon's patents, according to an initial finding from the US International Trade Commission (ITC), with a judge recommending imports of their products be banned.

    The notice [PDF [regmedia.co.uk]] from an administrative law judge this week said an Initial Determination (ID) was made on Tuesday 15 March, finding that "certain toner supply containers" violated Section 337.

    The ID itself has not been published but the notice asks for input from the public on whether to institute an import ban if the commission agrees and finds the firms violated the rule.

    Continue reading [theregister.com]

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

Biting the hand that feeds IT © 1998–2022

Do not sell my personal information [theregister.com]Cookies [theregister.com]Privacy [theregister.com]Ts&Cs [theregister.com]

Original Submission