Friday, May 23, 2008

GPL Project Watch List for Week of 05/23, Special Interview With Marco Barulli From Clipperz

The GPL v3 Watch List is intended to give you a snapshot of the GPLv3/LGPLv3 adoption for May 17th through May 23rd, 2008.

This Week:

  • Interview With Marco Barulli on Their New AGPL Suite
  • GPL v3 Numbers
  • New Projects

Interview With Marco Barulli on Their New AGPL Suite
This week we had the privilege of having a special interview with Marco Barulli, co-founder of Clipperz (
), who is working on a suite of web applications that are all under the AGPL. Clipperz, for those of you who are unfamiliar with the project, is a free and anonymous online password manager, and now they are working on a new open source project, and we have the first scoop. The Clipperz Community Edition was one of the first, if not the first, large project to adopt the Affero GNU General Public License and their group is a leading proponent of the license. In our interview, we gained insight to Clipperz stance on the AGPL, and we found out more information on their new suite.

Q: Why did Clipperz choose AGPL?

A: Clipperz source code has always been available under a reference
license in order to perform security reviews of our [online password
manager][1]. (Nobody should consider using a cryptography based
software solution that does not provide the source code! See the
[Kerckhoffs' principle][2].)

But then we felt that it was more appropriate to adopt an open source
license for several reasons:

1) coherence with our approach of complete transparency on any front:
code, money, strategies, ...

2) increase the chances to attract developers interested in writing
"zero-knowledge web apps" and improving the underlying crypto

And eventually the advent of AGPL v3 provided the long awaited legal
framework for the protection of our code. Thanks FSF!


Q: Why are you launching a project that aims to build a suite of AGPL
licensed web applications?

A: Because today I can easily make my choices between Photoshop and Gimp,
Internet Explorer and Firefox, between free and proprietary software.
But the programs I use are steadily and quickly moving from my
computer to the web. In this transition I gain a lot (ubiquitous
access, seamless upgrades, reliable storage, ...), but I lose the
freedom to study, modify and discuss the source code behind my

Using web applications with an AGPL license, the above freedom is preserved.

You can think of this project as a GNU Project for the web, a set of
web applications that provides tools for the most common needs.
The suite should include: word processor, web chat, password manager,
wiki, address book, to do list, calendar, bookmark manager, ... But
each web apps must be released under an AGPL license! So forget
Google,, Plaxo, Meebo, ... at least unless they switch to

While the GNU Project was targeted mainly to software developers and
advanced computer users, the "AGPL suite" could bring free software to
the average user.

I'm aware it's a bold and probably not well thought out initiative,
but ... I like it!

Q: What is the link between this new project focused on AGPL and the
zero-knowledge architecture introduced by Clipperz?

A: The "AGPL suite" is only the first step on a path to bring more
freedom and privacy to the world of web applications.

At Clipperz we envisioned a new architecture paradigm called
"zero-knowledge web apps" (here a more [detailed description][3]) that
combines the idea of browser-based cryptography with a set of rules
focused on the "learn nothing" mantra.


The name was both an homage to cryptography (a "zero-knowledge proof"
is a standard cryptographic protocol) and a promise of a specific
relation between the application provider and the users. The server
hosting the web app would know nothing of its users, not even their

Clipperz built its [online password manager][1] as the first
zero-knowledge web app and it worked quite well. Therefore it would be
wonderful to apply zero-knowledge techniques to each component of the
above "AGPL suite".

Converting an existing web applications to the zero-knowledge
architecture is not easy, but at Clipperz we have a considerable
experience on the subject and we will be happy to share our knowledge
and code base.

We grew accustomed to trust web applications with our data (bookmarks,
text documents, chats, financial info, ... and now [health
records][4]). Now it's time to to regain complete and exclusive
control of our programs and our data.
AGPL plus zero-knowledge architecture could do this!


On to Our Numbers

We hope you enjoyed the interview with Marco Barulli. Maybe this early exposure to their new suite will bring more attention and projects to the AGPL to help them compile their suite. Speaking of which, our database now contains 95 AGPL v3 projects, up 9 AGPL v3 projects from last week and approaching its first benchmark of 100 AGPL v3 projects. The GPL v3 count is now at 2427 GPL v3 projects, an increase of 56 GPL v3 projects. And lastly, our LGPL v3 count is at 220 LGPL v3 projects.

New project conversions this week include:
  • cvtool / CVL: CVL is a library for image and data processing using graphics processing units (GPUs). Cvtool is a general-purpose computer vision tool that is based on the CVL library.
  • Celerity: Celerity is a JRuby library for easy and fast automation of web application testing.
  • OpenVista: OpenVista is the open-source version of VistA, which is an enterprise grade health care information system developed by the U.S. Department of Veterans Affairs (VA) and deployed at nearly 1,500 facilities worldwide.

Notable Mention
Palamida actively takes submissions from visitors on updates on new GPL v3/LGPL 3 projects. We are amazed at the number of submissions we have gotten to date, but even more so, we are incredibly grateful to the almost 100 core contributors who have devoted their time and resources at helping us provide up-to-date information.

The Research Group (
  • Ernest Park
  • Antony Tran
  • Kevin Howard

No comments: