Friday, May 23, 2008

GPL Project Watch List for Week of 05/23, Special Interview With Marco Barulli From Clipperz

The GPL v3 Watch List is intended to give you a snapshot of the GPLv3/LGPLv3 adoption for May 17th through May 23rd, 2008.

This Week:

  • Interview With Marco Barulli on Their New AGPL Suite
  • GPL v3 Numbers
  • New Projects

Interview With Marco Barulli on Their New AGPL Suite
This week we had the privilege of having a special interview with Marco Barulli, co-founder of Clipperz (
http://www.clipperz.com/
), who is working on a suite of web applications that are all under the AGPL. Clipperz, for those of you who are unfamiliar with the project, is a free and anonymous online password manager, and now they are working on a new open source project, and we have the first scoop. The Clipperz Community Edition was one of the first, if not the first, large project to adopt the Affero GNU General Public License and their group is a leading proponent of the license. In our interview, we gained insight to Clipperz stance on the AGPL, and we found out more information on their new suite.

Q: Why did Clipperz choose AGPL?

A: Clipperz source code has always been available under a reference
license in order to perform security reviews of our [online password
manager][1]. (Nobody should consider using a cryptography based
software solution that does not provide the source code! See the
[Kerckhoffs' principle][2].)

But then we felt that it was more appropriate to adopt an open source
license for several reasons:

1) coherence with our approach of complete transparency on any front:
code, money, strategies, ...

2) increase the chances to attract developers interested in writing
"zero-knowledge web apps" and improving the underlying crypto
libraries.

And eventually the advent of AGPL v3 provided the long awaited legal
framework for the protection of our code. Thanks FSF!

[1]:
http://www.clipperz.com/
[2]: http://en.wikipedia.org/wiki/Kerckhoffs%27_principle

Q: Why are you launching a project that aims to build a suite of AGPL
licensed web applications?

A: Because today I can easily make my choices between Photoshop and Gimp,
Internet Explorer and Firefox, between free and proprietary software.
But the programs I use are steadily and quickly moving from my
computer to the web. In this transition I gain a lot (ubiquitous
access, seamless upgrades, reliable storage, ...), but I lose the
freedom to study, modify and discuss the source code behind my
programs.

Using web applications with an AGPL license, the above freedom is preserved.

You can think of this project as a GNU Project for the web, a set of
web applications that provides tools for the most common needs.
The suite should include: word processor, web chat, password manager,
wiki, address book, to do list, calendar, bookmark manager, ... But
each web apps must be released under an AGPL license! So forget
Google, del.icio.us, Plaxo, Meebo, ... at least unless they switch to
AGPL.

While the GNU Project was targeted mainly to software developers and
advanced computer users, the "AGPL suite" could bring free software to
the average user.

I'm aware it's a bold and probably not well thought out initiative,
but ... I like it!

Q: What is the link between this new project focused on AGPL and the
zero-knowledge architecture introduced by Clipperz?

A: The "AGPL suite" is only the first step on a path to bring more
freedom and privacy to the world of web applications.

At Clipperz we envisioned a new architecture paradigm called
"zero-knowledge web apps" (here a more [detailed description][3]) that
combines the idea of browser-based cryptography with a set of rules
focused on the "learn nothing" mantra.

[3]:
http://www.clipperz.com/users/marco/blog/2007/08/24/anatomy_zero_knowledge_web_application

The name was both an homage to cryptography (a "zero-knowledge proof"
is a standard cryptographic protocol) and a promise of a specific
relation between the application provider and the users. The server
hosting the web app would know nothing of its users, not even their
usernames!

Clipperz built its [online password manager][1] as the first
zero-knowledge web app and it worked quite well. Therefore it would be
wonderful to apply zero-knowledge techniques to each component of the
above "AGPL suite".

Converting an existing web applications to the zero-knowledge
architecture is not easy, but at Clipperz we have a considerable
experience on the subject and we will be happy to share our knowledge
and code base.

We grew accustomed to trust web applications with our data (bookmarks,
text documents, chats, financial info, ... and now [health
records][4]). Now it's time to to regain complete and exclusive
control of our programs and our data.
AGPL plus zero-knowledge architecture could do this!

[4]:
http://googleblog.blogspot.com/2008/02/google-health-first-look.html


On to Our Numbers

We hope you enjoyed the interview with Marco Barulli. Maybe this early exposure to their new suite will bring more attention and projects to the AGPL to help them compile their suite. Speaking of which, our database now contains 95 AGPL v3 projects, up 9 AGPL v3 projects from last week and approaching its first benchmark of 100 AGPL v3 projects. The GPL v3 count is now at 2427 GPL v3 projects, an increase of 56 GPL v3 projects. And lastly, our LGPL v3 count is at 220 LGPL v3 projects.






















New project conversions this week include:
  • cvtool / CVL: CVL is a library for image and data processing using graphics processing units (GPUs). Cvtool is a general-purpose computer vision tool that is based on the CVL library.
  • Celerity: Celerity is a JRuby library for easy and fast automation of web application testing.
  • OpenVista: OpenVista is the open-source version of VistA, which is an enterprise grade health care information system developed by the U.S. Department of Veterans Affairs (VA) and deployed at nearly 1,500 facilities worldwide.

Notable Mention
Palamida actively takes submissions from visitors on updates on new GPL v3/LGPL 3 projects. We are amazed at the number of submissions we have gotten to date, but even more so, we are incredibly grateful to the almost 100 core contributors who have devoted their time and resources at helping us provide up-to-date information.



The Research Group (rdgroup@palamida.com)
  • Ernest Park
  • Antony Tran
  • Kevin Howard





Friday, May 16, 2008

GPL Project Watch List for Week of 05/16

The GPL v3 Watch List is intended to give you a snapshot of the GPLv3/LGPLv3 adoption for May 2nd through May 16th, 2008.

And We Are Back
As mentioned in our last posting, we have been making some changes to our database, so our numbers were stagnant up until yesterday. We have been changing our internal interface, to make our research more efficient and accurate. Most of the work is behind us now and our numbers are back up to date. For those of you who track our numbers carefully, you will have noticed the large jump in projects over the last couple days. That was partly from the completion of the changes as well as from inputing two weeks of data. We missed last weeks post due to the maintenance.

As of today, May 16th, our count for the GPL v3 is at 2371 GPL v3 projects. Since our last post, this is 160 new GPL v3 projects, which is the cumulation of over 2 weeks of projects. This matches with our estimate of approximately 50 projects per week. The AGPL v3 is still growing and is at 86 AGPL v3 projects, soon to hit 100 projects. And the LGPL v3 count is now at 219 LGPL v3 projects, up 19 projects since our last posting.

This Week:

  • New Projects
  • This Weeks Story: Storage and Computing "on the cloud"
  • See you later! LGPL's "or later" may be right now at discretion of the user.
  • User Updates























New project conversions this week include:
  • eyeEdu: eyeEdu is a web-based desktop (built from the eyeOS project), redesigned for the use of kids. Many applications are included that combine learning and fun, along with an intuitive kid-friendly interface.
  • AsmFile: AsmFile is a small and fast file manager written in assembler. It uses a two pane interface like "mc" and other file managers. AsmFile runs in a console or a terminal window.
  • Quakey: Quackey is a somewhat simplified but mostly feature-complete version of the Perquackey anagram word-building game.

Storage and Computing "on the cloud"
"Cloud services" such as online storage and computing resources have become a popular topic recently, with major players like Microsoft, Google and Amazon offering the use of fractions of their respective server farms to users. Amazon's Web Services ( http://www.amazon.com/webservices ) appears to be the heavyweight so far, offering unlimited computing and storage capacity and no monthly minimum service charges – you pay for what you actually use. However, it is oriented toward developers, not the regular consumer. Amazon's service is divided into a number of different functions developers might need, such as virtual computing environments, simple database querying, storage and a message queue service. These services are fully operational, not limited beta programs. Google's App Engine ( http://code.google.com/appengine/) is also available to developers, making Google's computing infrastructure available to them using Google's development tools. Google's App Engine is available only on a limited basis at this time.

A small sub-industry is developing around making developer-oriented resources like Amazon's available to consumers. Developers of products such as JungleDisk ( http://jungledisk.com/ ) an online backup and storage application, and DropBox ( currently in beta, http://www.getdropbox.com/ ), a content sharing and collaboration tool, write consumer-friendly front-ends to interface with Amazon's underlying cloud infrastructure.

Consumer-oriented storage services are also available. Microsoft's SkyDrive ( http://skydrive.live.com/ ), Microsoft's Live Mesh (coming soon - http://mesh.com/), AOL's Xdrive ( http://www.xdrive.com/ ) and Yahoo's Briefcase ( http://briefcase.yahoo.com/ ) are four examples from major players. These services are free, though storage space is limited (SkyDrive - 5GB, Live Mesh - 5GB, Xdrive - 5GB, Briefcase - 30MB) and allow users to upload files directly to the service, almost as if the service were an additional hard drive available to the user.

It will be interesting to see to what extent users and developers are willing to allow a third party store and manage their data and computing processes. One huge benefit to doing so is that users and developers have access to virtually unlimited computing and storage resources, available on-demand, which is paid for as it is used. No need to invest in your own server farm. It is unclear at this point whether any FOSS licensing issues will arise as a result of a user's local application interfacing with a cloud-based computing resource. For pure storage-type applications there doesn't appear to be any potential for FOSS licensing conflicts, but it is possible that a cloud-based infrastructure resource that plays a significant role in a tightly integrated computing process including local computing resources may warrant consideration of such licensing issues.

-Kevin Howard

http://blog.jungledisk.com/2008/05/06/another-cloud-storage-provider-enters-the-fray/
http://blogs.sun.com/jonathan/entry/opensolaris_amazon_mysql_and_glassfish



See you later! LGPL's "or later" may be right now at discretion of the user.
In July of last year, I posted an explanation of the reason that we give such significance to the "or later" option associated to the use of a GPL license. http://gpl3.blogspot.com/2007/07/gplv3-overwhelming-support-if-you-know.html. Matt Asay supported my well researched position on the impact of "or later". http://www.cnet.com/8301-13505_1-9798242-16.html

While I always want to believe that developers use our research and analysis of FOSS licensing, this is an example that was posted on the site. The biggest issue here is not that JasperReports is available under LGPLv3. the problem is that OSS licensing can be so complex that thinly staffed and over-worked development teams can unintentionally overlook how a license is implemented, the results of which can have unexpected implications.

As of this week, there are 6739 projects with releases licensed under GPL "or later". While I am sure that a number of these are representative of the support and solidarity that many developers have for FSF and GNU licenses, there may be a large number that are accidentally released under the latest GPL, at the user's choice.

******************************
*********************************************************************
Verified against version 2.0.5 on 5/16/08.
From JasperReport.java
/*
* ==============================
==============================================
* GNU Lesser General Public License
* ==============================
==============================================
*
* JasperReports - Free Java report-generating library.
* Copyright (C) 2001-2006 JasperSoft Corporation http://www.jaspersoft.com/
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
*
* JasperSoft Corporation
* 303 Second Street, Suite 450 North
* San Francisco, CA 94107
* http://www.jaspersoft.com/
*/
******************************
******************************************************************************

This is from the LGPL v2.1, found at http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html

Note the specific language from section Titled "TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION", section 0 , which reads . . .

"Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. "

__________________________________

Taken from a comment posted on http://gpl3.blogspot.com/2008/04/gpl-project-watch-list-for-week-of-0418.html

Nick Halsey said...
A quick correction - JasperSoft has not yet adopted v3 of either the GPL or LGPL, though we are currently studying this option. Currently we license JasperReports under LGPL v2, and the rest of the JasperSoft Business Intelligence Suite under GPL v2.
April 23, 2008 7:36 PM
______________________________
_________

After reviewing the information above, in this example, JasperReports version 2.0.5, licenses to a user to distribute and modify under the specific terms and conditions of the "GNU Lesser General Public License as published by the Free Software Foundation; either

version 2.1 of the License, or (at option) any later version", like version 3.

question: Is JasperReports release version 2.0.5 available under the terms and conditions of the LGPL v3?
While the developers chose to license the use of the software to be governed by the terms of the LGPL v2.1 and have not distributed an LGPLv3 release, it is possible that developers could download and redistribute JasperReports under LGPL v3.
answer: At the discretion of the users, as permitted within the terms of the license for JasperReports, maybe.

- Ernest Park


Thanks for the Continued Support and Contributions
Our database is partly maintained by our team of researchers as well by the contributions that are received from the community. Here is a submission we received last week through email:

****************************************************************************

Métamorphose


"Hello,

....ust wanted to let you know my program is now on gpl3 since the last release earlier this year. The newer alpha version is also on v3.

cheers

- ianaré sévi"

Description:
A cross platform file and folder mass renamer, allows many different renaming operations in a GUI. Features include search and replace (with RE), insert, numbering, date/time, id3 & EXIF tag read, change length, get all files in sub-dirs, undo/redo, etc.

Newest Release:
1.1.0 stable
****************************************************************************

We appreciate all the contributions that have been made, either through our form on our web page or by email, and we also like to hear why you are changing your project's license as in the email above. It gives us more insight into which direction license trends are moving. We will continue to post up user contributions to our blog each week, and we may quote parts of your emails. If you wish the email to remain private, just mention so and we will not disclose any part of it.

Much Appreciated,

Palamida R&D Group


Notable Mention
Palamida actively takes submissions from visitors on updates on new GPL v3/LGPL 3 projects. We are amazed at the number of submissions we have gotten to date, but even more so, we are incredibly grateful to the almost 100 core contributors who have devoted their time and resources at helping us provide up-to-date information.



The Research Group (rdgroup@palamida.com)
  • Ernest Park
  • Antony Tran
  • Kevin Howard




Friday, May 2, 2008

GPL Project Watch List for Week of 05/02

The GPL v3 Watch List is intended to give you a snapshot of the GPLv3/LGPLv3 adoption for April 26th through May 2nd, 2008.

Site Under Going Maintenance
This week, as well as next week, our site will be undergoing maintenance to clean the database, standardize entries, and validate information. Our numbers will vary over this time period as we sort all the information out. Do not take the count on our site as a hard number, for now it is more of a place holder while we are fixing things up.
The numbers may fluctuate up and down a bit until we finish the validations and the migration to a new platform. During this time, if you have and questions about the numbers or any other topic that we have covered, please contact us at rdgroup@palamida.com or post a comment. We are happy to answer any individual questions while our general information is under construction.


New project conversions this week include:
  • OdinMS: OdinMS attemps to replicate the functionality of a Maple Story game server. It's fully cross platform due to its Java nature.
  • Catalyst Blackberry Plugin: Blackberry plugin allows synchronize Contacts and Calendar with Funambol server. This program is based on Funambol Blackberry Plugin Community Edition v. 3.0.8.
  • SpringSource Application Platform: SpringSource Application Platform is a completely module-based Java application server that is designed to run enterprise Java applications and Spring-powered applications with a new degree of flexibility and reliability.

Sourceforge Affero GNU Public License Listing
With the recent conflict with Google not hosting Affero GNU Public License version 3, people have been looking for other places to host their AGPL3 projects. One repository that does allow for this license is probably the first one most programmers would check, Sourceforge.net. I would like to clear up an issue that has not yet become a big problem, but may cause some confusion in the future. Sourceforge, in the past, has not supported the previous versions of the AGPL. The "Affero GNU Public License" was recently added to support the variant of the GPL v3, so it would not be correct to place AGPL v1 licenses in this category. More solid evidence for this is that the AGPL v1 is not a GNU license. Only the GPL v3 variant of the AGPL is a GNU license, therefore the "Affero GNU Public License" listing on Sourceforge.net should only be used for projects under the AGPL v3. This may cause confusion because their is no version attached to the category, but the "GNU" part of the license indicates that it should be used for the AGPL v3.


Notable Mention
Palamida actively takes submissions from visitors on updates on new GPL v3/LGPL 3/AGPL3 projects. We are amazed at the number of submissions we have gotten to date, but even more so, we are incredibly grateful to the almost 100 core contributors who have devoted their time and resources at helping us provide up-to-date information.




The Research Group (rdgroup@palamida.com)
  • Ernest Park
  • Antony Tran
  • Kevin Howard