The Open-Source Detector 340
McDutchie writes "With open-source related lawsuits on the rise, a
market is developing for automated tools that detect the presence of open-source code within larger
application development environments.
Palamida Inc.
stepped in with IP Amplifier 3.0,
essentially a search tool and a database that consists of more than 38 million
of the most commonly used open-source files. Something Google-inspired called
CodeRank is claimed to match code against the database. Hmm...
maybe
someone should run it on
this,
or even
this." Of course, some open source code is perfectly welcome in commercial software, even if that software's code is not itself open; it's no secret or surprise that Microsoft, for instance, has taken advantage in some products of BSD-licensed code.
Re:windows already has some (Score:2, Interesting)
I wonder... (Score:4, Interesting)
For example, one could write a bug-filled line of code, perhaps something with a buffer-overflow. This could then be matched with open-source projects and projects with buffer overflows are found. Of course, this could also be used to find vulnerabilities and so on.
The BSD license argument (Score:5, Interesting)
>Of course, some open source code is perfectly >welcome in commercial software, even if that >software's code is not itself open; it's no secret >or surprise that Microsoft, for instance, has taken >advantage in some products of BSD-licensed code.
This example (socket code) often pops up, and is often used in GPL advocacy.
Note however that the TCP/IP work was done under a DARPA grant, paid for by the US government, so it is not only legal, but even moral right for Microsoft to use this code.
high costs? (Score:4, Interesting)
That seems rather steep. Are they doing something really complicated or is this something that a well-maintained (open-source?) project could do? Of course they are storing a major amount of information (i.e. all of sourceforge/freshmeat).
This might in fact be a feature that sourceforge might want to implement (for a fee): doing a search in their database.
On the other hand, it might make more sense to check against proprietary source, data and images. They are, by their nature, harder to find.
Also: when outsourcing parts of a project, wouldn't a contract have to state explicitly conditions such as not stealing/borrowing code from elsewhere? It would be a minimum requirement that the licensing of any (sub-)code would have to fit the overall product.
This sounds like a nice idea, BUT... (Score:0, Interesting)
Lets do it the other way: the "de-OSS'ifier"... (Score:1, Interesting)
This would be an interesting challenge, and not entirely above the capabilities of most compiler writers. With such a tool, the motivation for releasing OSS software would be decreased; OSS writers would be de-moralized, since their original code isn't being used, only the outline/framework
I'm a big fan of OSS, really. Have been for years. But I think tools such as these loom on the horizon
(Just coz.)
Will probably find many blatant violators. (Score:5, Interesting)
We certainly would have violated the GPL in a second, given that one couldn't really prove damage to the other party (aging idealist hippies with beards who were naive enough to give away software with a silly "license").
The ripoff of commercial software was driving me nuts though -- it seemed quite wrong, esp. given that we were raking in the dough and were not paying just because we could easily avoid it through technical measures.
However, part of the "culture" was that we were so busy that we were sloppy about the misdeeds. We wouldn't have had time to cover our tracks.
Such tools would have caught us, so I'm guessing such tools will lead to finding many similar violators.
Re:No Gurantee Against reimplentation (Score:1, Interesting)
But why is the dumb comment being replied to at +5 while the truly insightful AND correct replies are at +3 max
Re:No Gurantee Against reimplentation (Score:4, Interesting)
Re:Stop thinking small! (Score:3, Interesting)
I'd say that's a good argument for them being prevented from using any open-source of public domain project. After all, it is communism...
But yeah, the point of the BSD license is to get closed-source companies like MS to use the standards. They in no way deserve it, but it's in everyone's best interests that they do.
Re:The BSD license argument (Score:3, Interesting)
What have they contributed? How has any Microsoft product ever made a business run better than the average competitor's product? But they certainly charge more, restrict more, lie/cheat/steal more, sue over invented infringment more, and hold back the industry more.
It's in everyone's interests to commoditize their complements, as an economist would put it. Hardware companies like free software (IBM, Intel, etc) and software companies like cheap hardware (Microsoft, etc). We the people, being neither hardware or software companies (usually), would benefit from cheaper hardware and software. Microsoft not only doesn't provide this, but goes out of their way to prevent anyone else providing it. They don't even have any confidence in their products themselves or they wouldn't be so busy locking people in with patent-encumbered data formats and just plain lies and obfuscation.
I submit that Microsoft is one of the biggest drains on the economy.
Re:Will probably find many blatant violators. (Score:3, Interesting)
That's interesting. I wonder what the legal position would be if it was transparently obvious that, rather than being an honest mistake or result of one lazy/crooked employee, the inclusion of GPLed code was quite deliberate, as a consequence of (what would be obvious when one or more violations was investigated) unofficial company policy to infringe licenses.
Damages aside, if one piece of GPLed code is inadvertantly included, a court is likely to demand that it is removed, but not that the whole product becomes GPL.
If this is being done as a matter of course (and regardless of whether or not there was any written evidence, it sounds like a consistent pattern of violation at your company would have presented almost incontrovertible evidence that this behaviour was sanctioned as unwritten policy), the court ruling may well be different.
Re:Trolling by submitter (Score:3, Interesting)
The submitter's article did not state that the submitter assumed that there was GPL'd code in MS products.
"On the other hand, what I would like to know is how many OSS projects reverse engineer Microsoft products to implement functionality"
Why do you believe that any laws or the EULA were broken by people implementing any funtionality in GPL'd software? If there were laws broken, do you not believe that Microsoft would have the people who broke the laws or the EULA in court?
"Did anyone notice that the Firefox popup blocked notification changed to look like the IE 6 SP2 blocker?
Did you notice that MS Windows looks alot like a windowing system that Xerox invented, or that MS Windows looks like the windowing system used on the Apple Lisa and the Apple Macintosh -- all of which predate MS Windows. Did you notice that Excel looks like VisiCalc and Lotus 1-2-3? Do you feel that it was wrong for MS to have copied the look and feel (and possibly even the name) of products invented by Xerox, Apple, and VisiCalc?
Re:windows already has some (Score:2, Interesting)
You know it's copied when... (Score:3, Interesting)
It was sockets in C. The code was very poorly written, it actually contained a couple of GOTO statements. One of the files contained a typo in the commenting, so I figured... Let's google it!
And wouldn't you know it, several hundred results.
I'm not sure what I was angry at: Our lecturer not giving any indication that she didn't write the code, or not citing her sources, or giving us such crappy code to start with...
But needless to say, I was angry.
So, to tie this to the topic, nothing works better than searching for typos!
- shazow