foss tool to… detect foss

Saw the announcement for this and thought it would be of interest. It’s a new tool called Binary Analysis. You can go to the site for more info but in short it scans through object code (including firmware) to detect specified source code. Apparently it includes automated checking for Linux kernel code.

Might come in handy for compliance checking, though, as the site itself indicates, it’s no substitute for a compliance engineer and the development of appropriate development policies. Also might come in handy if you’re doing due diligence on a potential acquisition if you suspect there might be some open source in what you’ve been told is proprietary. Usually the vendor recommended for that sort of work is Black Duck but I imagine Binary Analysis may be good for a quick and dirty check.

Created with the participation of Armijn Hemel, the same fellow that runs gpl-violations.org – an organization that tracks, publicizes and occasionally takes legal action against those infringing GPL licensed software.

after one gpl body blow, skype yells uncle

As most of you probably know, there has been a case that just went to court earlier today in Germany on the GPL. It had been described by Harald Welte as one of the more time consuming cases he has worked on. For those of you not familiar with him, Mr. Welte founded gpl-violations.org, an organization that helps to enforce the provisions of the GPL.

Skype had apparently used certain elements of the Linux kernel in its WiFi phones without complying with the GPL, and was set to challenge the validity of the GPL based on its alleged contraventions of German legislation – in particular anti-trust legislation. It would be interesting to see the analysis in that regard, particularly on the anti-trust front, but so far I’ve not been able to get my hands on a translated copy of the pleadings – if anyone knows where to locate, do let me know.

Anyway, apparently, they didn’t get too far. According to the entry in Harald Welte’s blog, apart from the validity of such claims, the somewhat ironic result to which the court alluded at the hearing is that if Skype were able to successfully assert the invalidity of the license, then it would also be difficult for them to claim any right to use the impugned code. Makes sense. Invalid license = no use rights.

After the court suggested that Skype’s likelihood of success would be low, Skype apparently threw in the towel in such a manner that they would not be able to revisit it further, effectively giving the victory to Welte.

I find the case and Skype’s litigation strategy somewhat puzzling, both given the decision in the 2006 D-Link case, also in Germany and the relative costs of litigation in comparison to compliance. That being said, I haven’t been able to obtain much in the way of original documentation regarding the particular GPL violations that Skype allegedly committed. Presumably, Skype went down a path in its use of GPL code that would result in it incurring significant expenses (or facing significant risk, of some sort – perhaps exposure of their own proprietary IP?) if they were required to comply after the fact. Presumably, they would not have found themselves in this situation if they had turned their mind toward structuring their use of GPL code appropriately, by either ensuring they could comply in a cost-effective manner, or not using the GPL code.