summaryrefslogtreecommitdiff
path: root/2016
diff options
context:
space:
mode:
Diffstat (limited to '2016')
-rw-r--r--2016/linaroconnect/compliance.adoc201
1 files changed, 201 insertions, 0 deletions
diff --git a/2016/linaroconnect/compliance.adoc b/2016/linaroconnect/compliance.adoc
new file mode 100644
index 0000000..ff8cf4a
--- /dev/null
+++ b/2016/linaroconnect/compliance.adoc
@@ -0,0 +1,201 @@
+Linux, Community and License Compliance
+=======================================
+:author: Harald Welte <laforge@gnumonks.org>
+//:copyright: sysmocom - s.f.m.c. GmbH (License: CC-BY-SA)
+:backend: slidy
+:max-width: 45em
+//:data-uri:
+//:icons:
+
+
+== Who am i and why am I here?
+
+[role="incremental"]
+* Former Linux kernel developer (mostly netfilter/iptables)
+* Lover of network and communications protocols, particularly _obscure_ ones
+* have had many, many other lives, including:
+** helping an (ARM) SoC maker to understand mainline development process
+** security research + ethical hacking @ German CCC
+** Open Hardware + FOSS firmware/software RFID reader (OpenPCD)
+** developing electronics + software for the first _100% FOSS_ Linux based Smartphone (OpenMoko, before Android...)
+** 2008 onwards: OpenBSC, Osmocom: FOSS implementation of telecom protocol stacks for GSM/GPRS/EDGE/UMTS infrastructure
+** 2011 onwards: running a small company in Berlin doing FOSS based cellular infrastructure
+* but also: Legal enforcement of the GNU GPL on the Linux kernel
+* I'm here to share my personal perspective on License compliance
+
+
+== My personal journey into _the communities_
+
+Every hacker is socialized differently, but in my case it was like
+this:
+
+* BBS communities (FIDO, Z-Netz, ...) and UseNet @ age 12
+* programming DOS shareware in TurboPascal @ age 13
+** I was young and didn't know about Free Software yet. My apologies
+* switched to GNU/Linux before Windows 95, never looked back
+** learning about Free Software, GNU, copyleft, the GPL
+* from 1994 on, helped building a non-for-profit ISP
+** started to write + contribute patches against software we used there
+* from 1999 onwards: netfilter/iptables, the Linux 2.3/2.4 packet filter
+
+[role="incremental"]
+=> all of the above were communities of enthusiasts
+
+[role="incremental"]
+* open to anyone
+* information and code was shared freely, to mutual benefit
+
+
+== Linux and license compliance
+
+* Until around 2000, Linux was still quite a small niche, the niche of the nerds
+** the Long-bearded gurus used a *real* UNIX
+** the rest of the world was trapped in Microsoft-land
+
+[role="incremental"]
+* GPL violations on the Linux kernel were not known to me until about 2002
+* First news about GPL violations made me very upset
+** the industry ignored our culture, rules and norms
+** they took what we had created and did not give back
+** as companies didn't react to friendly reminders, I started legal action
+** gpl-violations.org was started, first legal case in 2003
+** enforcement in hundreds of cases, most of them out of court
+** prevailed in several German court cases, 100% success rate
+
+
+== Technical GPL enforcement
+
+In the active phase of gpl-violations.org, we would
+
+[role="incremental"]
+* browse new product announcements, vendor web sites for suspicious-looking products
+* go into electronics stores and make test purchases
+* disassemble the hardware
+* reverse-engineer serial console, JTAG
+* dump flash via JTAG or hot-air-rework and offline flash dumping
+* manually unpack the (often proprietary) firmware image formats
+* search for strings/symbols of Linux kernel code that I hold copyright on
+* As this is the technical part, it can actually be quite enjoyable.
+* Buying new gadgets and probing test-points for UART/JTAG definitely
+ more enjoyable and rewarding than Sudoku for me ;)
+
+
+== Legal GPL enforcement
+
+After technical analysis is complete, the legal battle starts
+
+[role="incremental"]
+* explaining technical evidence to your lawyer
+* reviewing legal briefs of both parties
+* spending lots of time trying to teach corporate legal departments
+ what you have learned as a teenager growing up with FOSS
+* makes you **even more frustrated/upset**, as this costs time
+** not only do they insult the community and its culture
+** they now also keep me from writing more code by being hostile or ignorant
+** and they force me to take legal risks
+
+[role="incremental"]
+Starts all over again with each new vendor, department within
+the vendor, or at least in every new market Linux gets introduced :(
+
+== Taking a step back
+
+[role="incremental"]
+* companies start to work on/with Linux without following
+ collaborative development model. Their management is free to
+** ignore the decades-old requests by the community
+** ignore requests by their own engineers to contribute
+* community upset, because management did *not* enable, allow or require
+** FOSS development to be done in the regular, collaborative process
+** their engineers to contribute
+* gpl-violations.org uses the legal vehicle of copyright enforcement
+** senior management cannot ignore legal threats, we got their attention!
+* Result: they ask their lawyers what needs to be done to comply to
+ the absolute minimum _legally_ required to not get in trouble
+** they do still not follow the collaborative development process
+
+
+== The cultural impedance mis-match
+
+Surprise: FOSS is about collaborative development
+
+[role="incremental"]
+* participation on mailing lists
+* developing code in public repositories
+* using fine grained commits
+* to **jointly develop software**
+* it is **not about procrastinating over legal issues**
+* FOSS developers _really_ want **collaboration, not license compliance**
+** GPL is just a legal hack to ensure the bare absolute minimum of adherence to the FOSS culture
+** it suffers from impedance mismatch between what can be done under copyright law, and not what is _actually_ the goal in terms of a development model
+** focusing _just_ on legal compliance with the license indicates a lack of understanding
+* **GPL compliance should be driven by engineering, not legal!**
+
+
+== Cultural Differences
+
+[role="incremental"]
+* exist between every set of two cultures
+* think of _Western_ vs. _Asian_ culture
+* westerners (_farang/gaijin/laowei_) are considered rude, if they
+[role="incremental"]
+** stick chopsticks in a rice bowl anywhere in Asia
+** have loud phone conversations on a Japanese train
+** want to split a restaurant bill in China
+** decline to accept Soju offered by their Korean host
+** use a Buddha statues head as decoration in Thailand
+* Being European and coming to Asia likely causes me to make mistakes
+due to the _cultural differences_.
+* those mistakes may cause people to be upset with me. _How could I
+not know?_ Couldn't I at least inform myself before travelling?
+* This is not so different from an electronics or proprietary software
+company first engaging with FOSS
+
+
+== License Compliance in 2016?
+
+[role="incremental"]
+* those parts of the IT industry exposed to
+ (embedded) Linux for a longer time make more of an effort to comply
+ _with legal requirements only_
+** establishing the required release + business processes
+** FOSS + proprietary tools for aiding license compliance
+** world-wide Legal Network by FSFE with hundreds of legal experts
+* license compliance is driven by fear of legal threats, not by
+ understanding + following collaborative development models :(
+* Treated similar to compliance with environmental standards, regulatory requirements, etc.
+
+[role="incremental"]
+=> Bringing back the Western vs. Asian cultural analogy:
+
+[role="incremental"]
+* Our _farang/gaijin/laowei_ now complies with local laws by not
+ bringing illegal drugs into Asia that might be legal at his home
+ (legal compliance)
+* He still often ignores the local culture and social norms, and is
+ perceived by some of the locals as disrespectful or rude at times
+ (doesn't cause legal risks)
+
+
+== Summary
+
+[role="incremental"]
+* legal-to-the-letter compliance has significantly improved over the
+ last 15 years
+* awareness that license compliance is mandatory is widely present
+* collaborative FOSS development model is becoming more frequent
+* however, some industry players, particularly those doing FOSS for a shorter
+ time still think FOSS is a one-way road that enables them to profit
+ on the work of others while keeping their code private / out-of-tree
+** Sure, you can have a marriage that caters exclusively to the needs of one of the people involved
+*** But will it be sustainable _till death do us part_?
+*** Or will it just be a short affair?
+* we need to shift the focus from _legal-centric GPL compliance_ to
+ _engineering-centric collaborative development_
+
+
+== The End
+
+Thanks for your attention.
+
+* You have a license to raise questions now !
personal git repositories of Harald Welte. Your mileage may vary