Bruce Perens

The ARRL board held a special meeting via teleconference on November 14 at 9PM (Eastern) and publicly censured Southwestern Division Director Richard Norton N6AA.

I only have the board meeting minutes and the ARRL Board Director Code of Conduct which was cited. But from what I read here (and you can read it for yourself below), it’s clear that  Richard Norton publicly dissented against an ARRL board decision at an Amateur Radio meeting (Hamcon? Pacificon?), resulting in this censure.

While ARRL directors can argue with each other in private meetings, ARRL wants all directors to  publicly represent ARRL as a bloc, and does not tolerate it if one director publicly opposes some action of ARRL.

So, the members get minutes with bald notices of how directors voted upon a motion, but no transparency to a director’s own sentiment and rationale regarding any particular action. Of course, such information would usefully inform us when we vote for ARRL directors, thus the fact that it is concealed is troubling. Obviously, by doing this ARRL largely keeps the membership from being active in ARRL politics. Troubling indeed.

Here are the relevant minutes of the board meeting:

4. Mr. Carlson, moved, seconded by Mr. Lisenco that:

Whereas, Mr. Richard Norton, N6AA, publicly criticized the ARRL Code of Conduct for Board members at a public Amateur Radio gathering by virtue of his characterizations thereof, thus criticizing publicly the collective action of the Board of Directors adopting said Code of Conduct and drawing the Board’s collective decision making into disrepute, in violation of multiple portions of the Code of Conduct, including but not limited to Sections 1.b. and 8.a, 8.b., 8.d; and 8.f; and Whereas, Mr. Norton has been cautioned by Board members that his actions and his manner in the above respects are not acceptable and cannot continue, with no notable change in his behavior since that time; and

Whereas, Mr. Norton has been given a copy of the Recommendation of the Ethics and Elections Committee dated September 7, 2017, and has responded to it and tendered to the Board of Directors four statements of ARRL members in support of his response;

Now, therefore, the Board of Directors having considered the recommendation of the Ethics and Elections Committee at a Special Meeting of the Board of Directors duly called for the purpose of considering the actions of Mr. Norton and an appropriate remedy therefor, and in view of the information before it and taking into account Mr. Norton’s response and his submissions in response thereto, finds that there exists sufficient cause (i.e. a material violation of the ARRL Code of Conduct that has caused harm to the League) to publicly censure Mr. Norton for his unacceptable behavior as an ARRL Board Member, and Mr. Norton is admonished by the Board that no further, similar behavior will be tolerated. That action is so ordered.

After discussion and a roll call vote being requested, the motion was ADOPTED by a vote of 11 Aye, 3 Nay and 1 abstention with Directors Carlson, Olson, Norris, Williams, Lisenco, Blocksome, Frenaye, Pace, Boehner, Allen and Sarratt voting aye, Directors Abernethy, Norton and Woolweaver voting nay, and Director Vallio abstaining.

Here are the cited sections of the ARRL Board Director Code of Conduct:

1(b). A Board member should take no action that could adversely affect the reputation or credibility of the ARRL, or discourage membership in the organization.

8(a). A Board member, as a leader in Amateur Radio, is encouraged to be an ambassador and an advocate for ARRL and, subject to the Confidentiality Standard of this Code of Conduct, to publicly promote the activities and actions of the organization with the ARRL membership. In doing so, a Board member must act at all times faithfully to the intent of the Board as expressed in its official statements, and should not reinterpret or re-characterize the Board’s actions to reflect his/her own view or the views of any other Board Member.

8(b). While having the right and responsibility to exercise independent judgment and to express dissenting opinions during Board deliberations, a Board member also has the obligation outside the Boardroom to respect and support final decisions of the Board, even when the Board member dissented from the majority view.

8(d). A Board member must not take actions publicly or with respect to the ARRL membership that have the purpose or effect of undermining or discrediting the decisions or actions of the Board.

8(f). A Board member may not publicly oppose a Board action prior to the effective date of his or her resignation from the Board.

Source Material:

• ARRL Board Director Code of Conduct
• Minutes of Special Board Meeting

As you probably know, Open Source Security, Inc., and their CEO Mr. Bradley Spengler have sued me for defamation and half a dozen other things. It is obvious legal hygiene not to talk about a lawsuit in process. Meanwhile, you can follow the suit on Pacer, and please allow me to introduce my legal team!

I am incredibly pleased and impressed with my team and their firm O’Melveny. They have done superb work, assembled a very strong case for me, and are a pleasure to work with!

Heather Meeker and I first met about two decades ago and have had a business relationship for a decade. She’s the best attorney for any Open Source matter. I have often worked for her and her clients. So, it was natural that I would turn to Heather when I needed legal assistance. Heather is the author of Open (Source) for Business: A Practical Guide to Open Source Software Licensing — Second Edition and three other books.

Melody Drummond Hansen is a senior attorney at O’Melveny who was an obvious choice because of her previous experience with defamation cases. Because of Melody’s participation, my case is strong and I feel very secure.

Cara Gagliano got her J.D. in 2015 and has already built an impressive portfolio of cases. She does much of the research and writing for my case, and of course has the assistance of Melody and Heather. Cara is doing superb work! I could not ask for better.

Heather, Melody, and Cara are assisted by Marissa Rhoades and Eric Ormsby.

Finally, I have to thank their families, who have supported them while they burn midnight oil on my behalf.

I am so lucky to have all of these excellent people helping me.

In Monty Python’s Life of Brian, the Judean People’s Front hated the People’s Front of Judea. Unfortunately, it’s not at all funny when two similarly-named organizations in the Linux world battle with each other.

The Software Freedom Conservancy (SFC) holds the copyright interest for a long list of highly-respected Free Software / Open Source projects, serves as an IRS-certified 501(c)3 non-profit so that those projects don’t have to, provides the projects with legal and organizational advice, and when necessary enforces against those who infringe on their copyrights and the Free Software / Open Source licenses, including the GPL. You may know SFC’s officers Karen Sandler and Bradley Kuhn.

A similarly-named organization funded by the Linux Foundation, the Software Freedom Law Center (SFLC), has asked the US Patent and Trademark Office to void the trademark on SFC’s name.

The bizarre thing about this is that SFLC started SFC, acted as their attorney in filing the very same trademark on their behalf, and was their law firm for several years. And Linux Foundation originally funded both organizations, but now appears to be behind this action of one against the other.

This follows a decade-long trend during which I believe the Linux Foundation, and SFLC on their behalf, have turned against the Free Software / Open Source community. I believe this action is part of a greater war being carried out by the Linux Foundation against enforcement of the GPL license by the Free Software / Open Source developers.

There has always been a tension between independent Free Software / Open Source developers on one side, and the largest corporations that use the software (and sometimes participate in its development) on the other.

Independent Free Software / Open Source developers don’t produce their software as corporate welfare to the world’s richest corporations, or to facilitate the development of proprietary software by those companies. They make it so that Free Software and Open Source will be larger. Their preferred license is the GPL, which enforces share-and-share-alike terms that mean corporations must participate under the developers rules, or not at all.

The corporations would prefer to see the developers give up their GPL license and its “inconvenient” sharing rules, and make the software an outright gift. That way, the independent developers would act more like unpaid employees of the corporations.

On actual Free Software / Open Source projects, the corporations and independent developers get along, because the corporations are represented by their programmers, whose main interest is in making good software, just as the independent developers wish. It’s in the industry organizations, where the representatives are not the programmers, that the problems come up.

Linux Foundation started with a promise to represent the interest of the independent Linux developers as well as the corporations, but over the past decade, all developer representation was eliminated.

SFC also changed during this time, from a volunteer-only corner of SFLC with most of its volunteers coming from the Free Software Foundation, to its own organization with a full-time staff, supporting a long list of Free Software / Open Source organizations, and still with a strong bond to FSF. SFLC endorsed this change.

The disconnect started when SFC began enforcement of the GPL license against VMware on behalf of Free Software / Open Source developers. It had been suspected for years that VMware had incorporated portions of Linux in their ESX software, in an infringing manner. But VMware was at the time a “silver sponsor” of Linux Foundation, and Linux Foundation halted financial support of SFC in retaliation for the GPL enforcement. SFC responded with a fund drive and gained new private sponsors.

 

“Open Source” is the proper name of a campaign to promote the pre-existing concept of Free Software to business, and to certify licenses to a rule set. Please treat it as a proper name, rather than a descriptive term, when it is applied to any work to which a license compliant with the Open Source Definition could possibly apply. That means you should capitalize both words.

“Open Source software” is a subset of the general category of software, and can be written without capitalizing the word “software” where appropriate.

For a work to be Open Source, it must be entirely under a license or licenses which comply with the Open Source Definition.

If someone says that something is Open Source and the license does not comply with the Open Source Definition, please tell them that the proper definition of Open Source is a work under a license which complies with the Open Source Definition. Be firm but polite.

When “Open Source” is used as a descriptive term rather than a proper name, it becomes a fuzzy reference to a development paradigm with no concrete definition, rather than the specific set of license rules in the Open Source Definition. So, it can be made to mean just about anything. Don’t allow people to erode the definition of Open Source.

Where Did Open Source Come From?

Obviously, Richard Stallman was first with Free Software, and we stand on Richard’s shoulders.

The text of the Open Source Definition is taken directly from the Debian Free Software Guidelines (DFSG). I created the DFSG and the Debian Social Contract, and submitted the first draft to the Debian developers on their mailing list in June of 1997. I edited it, taking suggestions and building consensus on that same mailing list, for about a month and then announced the result as project policy.

The inspiration for the Debian Social Contract and DFSG was two events. The first was questions on the Debian developer mailing list regarding which licenses were acceptable into Debian (Erik Andersen says he asked the question which inspired me). The second was an email conversation between Ean Schuessler and Donnie Barnes (one of the early Red Hat employees). In his email to Donnie, Ean accused Red Hat of never having elucidated their social contract with the Free Software community.  Ean did not actually suggest that Debian form a social contract, he only complained about Red Hat’s lack of one, perhaps believing that Debian’s social contract was clear. I decided to create one.

Eric Raymond approached me with the intention of forming the Open Source Initiative, I believe on February 2, 1998. Eric had been visiting California to see Larry Augustin of VA Linux Systems, and a meeting was held at VA where Christine Peterson (of the Foresight Institute and then married to Eric Drexler) suggested “Open Source” as a way to promote Free Software without the stigma of “free” in the English language. Some references date the VA meeting as February 3, I suspect that’s incorrect.

I suggested to Eric that I use the already-written Debian Free Software Guidelines as the Open Source Definition. Eric agreed. That’s the only input he had, as the text had already been written and adopted as the DFSG eight months previously and was not modified other than removal of Debian references. I wrote an announcement of Open Source which was published on February 9, and that’s when the world first heard about Open Source.

By the way, the 20th anniversary of Open Source is February 9, 2018.

I’ve been asked whether I used the Four Freedoms of the Free Software Foundation when writing the DFSG. I didn’t. First, the Four Freedoms didn’t exist then, they were the Three Freedoms! These had been published in the first “GNUS Bulletin” by Richard Stallman, which was distributed in paper form around MIT. I had read Richard’s announcement of Free Software on a USENET newsgroup but might not have read the Three Freedoms at that time. At the time I wrote the DFSG, the web was in its infancy and FSF had built a web site just months before. I simply didn’t have a copy of the Three Freedoms in hand. The DFSG was mainly inspired by the licenses that Debian was already using, and of course the GPL, created by Richard, was among them.

I wrote to Richard with a new copy of the DFSG and he replied “this is a good definition of Free Software.” He didn’t suggest that I use the Three Freedoms.

It is unfortunate that for some time the Open Source Initiative deprecated Richard Stallman and Free Software, and that some people still consider Open Source and Free Software to be different things today. I never meant it to be that way. Open Source was meant to be a way of promoting the concept of Free Software to business people, who I have always hoped would thus come to appreciate Richard and his Free Software campaign. And many have. Open Source licenses and Free Software licenses are effectively the same thing.

The Raspberry Pi, Red Pitaya, and a number of other popular hardware devices used in the Maker community use some really huge U.S. companies as their U.S. dealers. In general this is Farnell/Newark/Element14/MCM (all the same company) or Mouser. These companies are too large to care about the business of us little Makers, and it shows in the way they operate their customer service with us.

Nobody likes Newark. Mouser can also be a pain. Today Mouser has refused to deliver to my address, an address which is perfectly fine for Amazon and a plethora of other Internet retailers. I have an account with their company of long duration and previous orders on record. I logged in with my password. But apparently I am a credit card fraud risk, according to their policies. I was invited to fax them my photo ID, or arrange for an electronic funds transfer from my bank. All of this is quite old-fashioned, they didn’t offer Paypal rather than EFT and didn’t have any of the common ways to verify a customer’s bona fides without bothering them about it.

Instead, I made the order through the Red Pitaya store in Europe. For their 14-bit SDR they charged me exactly what Mouser would have for the merchandise, an excellent price for shipping, and didn’t charge sales tax. So, the order came out about $24 less than Mouser.

Obviously, my complaint to Mouser won’t have any effect. I’m a little fish and they’re a very large company. But there are lots of businesses in the U.S. that want the business of Makers and will keep stock on hand and ship promptly, and with sensible policies that don’t require the customer to give up information they should not – like their ID or their bank account numbers for an EFT. We have credit cards and Paypal to protect ourselves from having to give out such things.

I’d encourage more companies to find a smaller, more agile U.S. company, rather than dealing with the difficult, old-fashioned, behemoth ones.

Update: MCM is closing as a separate business and Newark/Element14 will carry their inventory.

A lot of people (including me, for a time) thought that the Hellwig v. VMWare lawsuit, alleging that VMWare infringed upon the Linux Kernel copyright and violated the GPL, had been lost and was over. It’s being appealed. Things are moving slowly because the German court shuts down for much of the summer.

This is regarding the stupid memo issued by an ex-Google-employee, which got lots of news coverage for no reason I can understand. There has been that sort of jerk at places where I’ve worked before, but usually the complaints of jerks at work don’t leave the work place. There was nothing but old prejudices in this one, and I don’t understand why it became news.

I previously wrote The Empathy Gap: Why Women are Treated Badly in Open Source Communities. The issues I wrote about there extend beyond Open Source to the broader tech community.

There happen to be a lot of women in engineering, legal, and management positions at my customer firms. As a class, they seem to be at least as sharp as a man regarding their jobs. As a consultant, I am reporting to women quite often, and in general find them wonderful to work with.

I think it’s a pity that we have fewer women in Amateur Radio than men. Amateur Radio is unique in that it’s a technical pursuit, a way to meet people worldwide, and a path to technical self-education, but it isn’t employment or school. Women are sorely under-represented. In general, I feel it’s unhealthy for any community that isn’t specifically about the issues of one gender to have a gender imbalance in its participants.

I remain curious about the causes and would like to do more about the problem.

And of course I feel the same way about under-representation of women in the broader technical community.

Bruce

 

Our legal counsel is Heather Meeker of O’Melveny and Meyers, who also happens to be the author of the book “Open (Source) For Business, A Practical Guide to Open Source Software Licensing.”
https://www.amazon.com/Open-Source-Business-Practical-Licensing/dp/1544737645/ref=dp_ob_title_bk

Heather is without doubt the best attorney in the Open Source field. I recommend her wholeheartedly to anyone and everyone!

Heather is not responsible for my opinions on this blog or elsewhere. I speak for myself.

Update: Facebook will place React.js and several other programs under the straight BSD license.

[My apologies to the ReactOS project, which I named in the first version of this article. The software in question is React.js]

Recently the Apache project banned React.js, a Facebook project, from inclusion in Apache projects. The ban is over a patent license which Facebook issued for React.js. This license should be of concern to companies that could now be using React.js, perhaps without even knowing it.

The current text of the Facebook patent grant is at https://github.com/facebook/osquery/blob/master/PATENTS

Without this grant in explicit text, there would still be a patent grant which is implicit in the BSD license. This arises from an equitable doctrine in law, you can’t grant a license and then “trick” the recipient by suing them for doing exactly what you gave them permission to do.

The problem is that Facebook has replaced the implicit grant with an explicit one with a “strong” retaliation clause. If a company uses React.js, they essentially give Facebook a license to their ENTIRE patent portfolio, no matter how large. Actually, they agree to forego to sue for infringement, but it’s essentially the same thing. Most companies would find this unacceptable. This is called a “strong retaliation clause”.

Facebook has gone to a version 2 of their patent grant text, but there is still the same problem with the breadth of the patent grant. Version 1 implicitly banned counter-suit after Facebook sued you, Verison 2 explicitly permits counter-suit.

What we usually do in the Open Source world, and what we find acceptable in Open Source licenses, is to limit the termination to lawsuits regarding patents exercised in that specific Open Source software. So, if Facebook were to state that if you sue anyone regarding your patent grants that are exercised in the React.js software, your license terminates, that would be OK. Indeed, Apache uses similar text in their own licenses. This is called a “weak retaliation clause.”

Of course, we in the Open Source world would rather that software patents went away entirely. I am joined in this sentiment by many of my industrial customers who have been the target of non-practicing-entities and other software patent abuses.

It’s my strong opinion that your company should avoid the Grsecurity product sold at grsecurity.net because it presents a contributory infringement and breach of contract risk.

Grsecurity is a patch for the Linux kernel which, it is claimed, improves its security. It is a derivative work of the Linux kernel which touches the kernel internals in many different places. It is inseparable from Linux and can not work without it. it would fail a fair-use test (obviously, ask offline if you don’t understand). Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2.

Currently, Grsecurity is a commercial product and is distributed only to paying customers. Under their Stable Patch Access Agreement, customers are warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition.

By operating under their policy of terminating customer relations upon distribution of their GPL-licensed software, Open Source Security Inc., the owner of Grsecurity, creates an expectation  that the customer’s business will be damaged by losing access to support and later versions of the product, if that customer exercises their re-distribution right under the GPL license. Grsecurity’s Stable Patch Access Agreement adds a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms.  Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The GPL does not apply when Grsecurity first ships the work to the customer, and thus the customer has paid for an unlicensed infringing derivative work of the Linux kernel developers with all rights reserved.  The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.

As a customer, it’s my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity.

I have previously endorsed a company that distributes enhanced versions of GPL software to paying customers, but that company operated differently (and in a way that I would recommend to Grsecurity). They did not make any threat to customers regarding redistribution. They publicly distributed their commercial version within 9 months to one year after its customer-only distribution.

This other company was essentially receiving payment from its customers for the work of making new GPL software available to the public after a relatively short delay, and thus they were doing a public benefit and were, IMO, in compliance with the letter of GPL though perhaps not the spirit. In contrast, Grsecurity does no redeeming public service, and does not allow any redistribution of their Linux derivative, in direct contravention to the GPL terms.

In the public interest, I am willing to discuss this issue with companies and their legal counsel, under NDA, without charge.

I am an intellectual property and technology specialist who advises attorneys, not an attorney. This is my opinion and is offered as advice to your attorney. Please show this to him or her. Under the law of most states, your attorney who is contracted to you is the only party who can provide you with legal advice.