The Open-Source Detector

McDutchie writes "With open-source related lawsuits on the rise, a market is developing for automated tools that detect the presence of open-source code within larger application development environments. Palamida Inc. stepped in with IP Amplifier 3.0, essentially a search tool and a database that consists of more than 38 million of the most commonly used open-source files. Something Google-inspired called CodeRank is claimed to match code against the database. Hmm... maybe someone should run it on this, or even this." Of course, some open source code is perfectly welcome in commercial software, even if that software's code is not itself open; it's no secret or surprise that Microsoft, for instance, has taken advantage in some products of BSD-licensed code.

Re:windows already has some

[jeroenb]

Because the BSD license explicitly allows them to do this.

Re:windows already has some

[petaflop]

That's the problem with the BSD license. It allows you to do exactly this, Microsoft are totally within their rights. As a result Microsoft are pretty happy for software to be BSD licensed. See the license text here [xfree86.org]

It's just the GPL [fsf.org] they hate, because they can't use GPL'ed software. See here [com.com] for example.

Re:No Gurantee Against reimplentation

[Speare]

This tool can't possibly ensure that some binary wasn't made by someone who looked at the open source version, and just reimplemented the same ideas.

Um, last time I checked, this is a quite reasonable approach. You can paraphrase your book report in school, you can paraphrase your predecessor's speech, you can take photographs from famous vistas, and you can rewrite your own closed code inspired from Open Source algorithms.

Source code is protected by copyright-- that is, literal or near-literal copies containing the essence of expression. Open Source code doesn't require that reverse engineering must be done in a clinical clean-room black-box methodology. That's kinda the POINT of Open Source: show people how it's done.

something about this dosn't make me as happy as ..

[FidelCatsro]

The company has some other bussiness such as , outsourcing

For companies engaging outsourced developers, Palamida:

* Reduces your exposure to inadventant IP risksTake hold of software outsourcing by quickly assessing the origins of software IP sourced from contractors.
* Helps the origins and ownership of third-party code.
* Gets the most of out open source and externally developed tools.
* Increases efficiency, consistency and understanding.

Now its wonderfull theat they help people get the most out of OSS software but i dont like the fact they are making outsourcing easier .This is not so much a problem where i live but in the USA as i understand it many people are loosing their jobs in the tech industry thanks to companys trying to save a fair bit by outsourcing to cheaper areas .

The Outsourcer: A Best-in-Class Tool for Best-in-Class Processes

Outsourcers are playing an increasingly crucial role in global software development. Large, medium and small companies are looking to tap developers in the hopes of advancing their own software IP and business opportunities.

<ecode>

Again , I wouldnt want to do bussiness with a company that promotes this behavious , i am all for globalistation , but not for screwing people over as the companys seek to hype profits by exploiting cheap labout , Now safely aparently.. Perhaps i missunderstand the term outsourcing in this sense , though to me it always say "Contracters so we dont have honour the workers rights, localy or globaly".

<ecode>For M&A teams, Palamida helps:

* Identify and quantify IP issues early in the deal.
* Improve certainty before closure, increasing your closure rate.
* Reduce your legal exposure.
* Immediately value software innovation and intellectual property.
* Tap into the most up-to-date software IP database available.
* Secure the best possible valuation.

<b>* Speed your assessment of open source and third-party code.</b>

Again my second problem is there strong patent support here .It just makes me as someone who uses and contributes to OSS uneasy.(just my opinion and how i feel , not a statment of fact )

IP Diligence, Compliance Enforced

On to the legal section ,Their bussines model is basicaly that of enforcing IP rights , sure that may help us find companys abusing GPL code , but it also swings both ways and can open up a whole host of patent cases against GPL software.

For counsel, Palamida:

* Improves the timeliness and quality of legal diligence
* Automates compliance processes.
* Provides real time information on your code base.
* Adapts to your business processes and workflow.

Fair enough this can be usefull in this day and age , allowing you to pay them to make sure your not infringing on any patents , But this just dosn't work on 90% of the OSS projects out there , i am betting it costs a fair whack.Most people using this on OSS are IMHO going to be looking to enforce a patent case ala SCO.The potential minefield here is not fun.

or the open source community, Palamida:

* Supports and evangelizes on the use of open source software.
* Boosts productivity by spending time developing and not worrying.
* Pushes forward in unison with legal and business staff.
* Materially reduces open source compliance concerns.
* Creates new business by proving the merits of open source technology

Now that is alot better ,I can strongly respect what they are doing here .Still i dont like that they keep harping on about IP compliance..

I am probably just being paranoid an

Re:windows already has some

[FidelCatsro]

Actualy thats a bit wrong , the nature of the BSD license allows people to do what the hell they want with it , so in essence you cant abuse the BSD license.
This is why some people love the BSD license as they see it as total freedom and i have much respect for it myself .
I just prefer the GPL way as we get back any changes and thats gaurenteed by the license(if the software is released , i belive its ok not to feed the changes if its an internal tool only)

Re:I wonder...

[McDutchie]

My employer already uses an internally-developed GPL-scanner tool which is required to be run across all sources before we release a new product version. The company also requires all developers to take yearly training on the issues of OSS and GPL. We do support the ideas of OSS and GPL, and put out OSS offerings of our own, but it would be financially devastating to us if our commercial products were forced to be open-sourced.

It's a widespread and unfortuate myth that your product automatically becomes subject to the GPL if you (accidentally or otherwise) violate the GPL by including GPL'ed code. In such a case, a copyright violation has been committed and you have to remove the code in question, and possibly pay damages -- but your product will not become open source (unless, of course, you choose to make it open source as a way of remedying the license violation).

Re:DLL encryption will render this ineffective

[fishbot]

It's not as hard as you make out to use GPL code by accident, especially library code. Consider the plight of a poor developer, forced with unmeetable deadlines and a fire-breathing boss with a P45 waiting (I've been there, it happens).

He needs to implement a specific piece of functionality and fast. He searches the web and finds some 'sample' code and thinks "just the job".

Copy.. paste..

You now have GPL code in your application, copied and pasted direct. Why? Malicious and callous hatred of free software? No, an accident. Carelessness. A quick fix in a tight spot.

It happens. I've seen it.

Re:No Gurantee Against reimplentation

[mzwaterski]

For students, paraphrasing is a part of learning. If you can read something that someone else wrote and rewrite it in your own words you probably know the material. If you go and photocopy a page in a book all you've learned is how to make photocopies.

Further, not everything that takes time is wasteful. Copyright is intended to protect the expression of ideas, not the underlying ideas. Thus, you don't protect the idea of love or even the words I love you, but you can protect the expression of love and the words I love you in the context of lyrics to a song possibly with a musical score.

Re:The BSD license argument

[drsmithy]

No it doesn't. It only affects code that is combined with the GPL code and released. You can use the code with your own code to your heart's content, but if you want to distribute GPL code then any code combined with it needs to be GPL (or GPL compatible) as well.

Indeed. Of course, "combined" in GPL-speak can mean "linked", so you can end up with code completely unrelated to any GPLed code having to be GPLed because it's magically become "combined" with the GPLed code.

As I said, the problem is the GPL can spread to "infect" code that has no relation whatsoever to the GPLed code. Hence, some people call it "cancerous".

But of course you accepted the license when you used the code so that shouldn't cause you any problems. It's entirely voluntary. If you decide you want to release your code, but not GPL it, you can just replace the GPL code with more of your own.

There are few things more reliable than the GPL zealot's tendency to dismiss anything remotely critical of the GPL with the "but it's voluntary" spiel. Hell, it's practically the Godwin's Law of the 2000s.

So it doesn't affect any code unless the author of that code wants it to. How's that for freedom?

Like your lines about it being "voluntary" above, completely irrelevant. The original poster wanted to know how "they" can refer to the GPL as "cancer". The answer to his question is because that's precisely what the GPL is *designed* to do - generate more GPLed code by "infecting" other code.

Re:Ouch.

[GigsVT]

They can demand you open-source any application that contains GPL'd code.

No, they can't. Stop spreading this myth.

Re:DLL encryption will render this ineffective

[cortana]

OH NOES TEH DLL ARE ENCRYPTED!!1one

The code must be decrypted at some point in order to be run. If what you said was true, we would have uncrackable copy protection.

Your scheme is a variant of DRM, and like all DRM schemes is fundamentally flawed, because the person you are trying to keep the data from, is the exact same person that you are making the data available to.

Re:No Gurantee Against reimplentation

[cahiha]

Frankly, that's why I never really understood the point of copyright.

The point of copyright is to let people derive commercial rewards from the expression of ideas; copyright does not protect the ideas themselves.

(I apply this word here to code as well as other textual material) is alright, even though fundamentally it's the same thing, only more time-consuming;

No, it's not "fundamentally the same thing". There have been thousands of Mary-with-baby pictures. It's the expression--the actual painting--that is the work. If you create a new painting yourself, it contains the same ideas, but the work is, as you observe, in the actual creation of the painting. That's what copyright is supposed to do.

Patents are designed for protecting ideas themselves; patents are deliberately harder to get and more limited.

Re:I wonder...

[zootm]

That's a fair enough argument -- but it always seems that people's queries are formed in the way "My company would like to (purposefully) use GPLed code, but we can't because we'd need to open ours" and people jump all over it as a fallacious argument, which it's not.