Category: Legal

Oracle Sues Google Over Java on Android

Oracle – now having purchased Sun – has sued Google over their custom Java virtual machine for the Android mobile platform. In doing so, Oracle has sent reverberations throughout the open source and Java communities.

Google took the Java APIs and enhanced and changed them – then created a virtual machine (called Dalvik) which runs a custom format executable. This was part of the Android software when it was introduced in November 2007, and there were many complaints about Google’s treatment of Java – including complaints from Sun itself. Google’s response at the time to Sun’s complaints was:

Google and the other members of the Open Handset Alliance are working to help solve fragmentation and supporting the developer community by creating Android, a mobile platform that responds to the needs of the developers, has the backing of industry leaders, and will be available as open source under a nonrestrictive license.

To break that statement down, Google was saying:

  • The Open Handset Alliance (not the Java Community Process or JCP) should be the Java stewards for mobile Java.
  • Android (and Android Java) responds to the needs of the developers.
  • Android is backed by industry.
  • Android is available as open source.
  • Android is available under a nonrestrictive license.
  • Java 2 Mobile Edition (J2ME) has none of these capabilities.

Don’t miss the fact that Google created the Open Handset Alliance at the same time, and serves mainly as a source for Android – though it has in recent days been seen as useless by some.

Sun (now Oracle) has had a mobile version of Java (known as J2ME) since before Android existed – but Google bypassed it (and the Java Community Process or JCP) when it created its own JVM. Dalvik executables, in fact, are created from Java binaries, thus involving Java itself in the process of creation and development.

It appears that Google’s Android Java implementation was a direct attack on the JCP and on J2ME. To use J2ME, Google would have had to license it, as it was not available under a license that would have allowed commercial closed-source development: it was under the GPL, but without the classpath exemption that the J2SE had. Because of this lack of the classpath exemption, any development on the standard J2ME platform would have to be released as source code under the GPL.

This action by Oracle fits perfectly into its public persona: consider that Sun’s Chief Open-Source Officer, Simon Phipps, was not even offered a position at Oracle at all. He is or was on the advisory boards for OpenSolaris, OpenJDK, and OpenSparc. Other distinguished Sun engineers have left, including Kohsuke Kawaguchi (chief developer of Hudson), Charles Nutter and Thomas Enobo (both lead developers of JRuby), Tim Bray (Director of Web Technologies – which includes Java and JRuby), and James Gosling (creator of Java). It is notable that all of these people except Simon Phipps are luminaries in the Java realm at Sun. It is as if the Java engineers left wholesale once Oracle was about to take over.

Coverage of the lawsuit has been extensive. Stephen Shankland over at CNet has a story about why Oracle may have chosen to sue. Stephen O’Grady over at RedMonk may have one of the best in-depth analyses of this conflict out there. Groklaw has committed to following the lawsuit through the courts, and has an excellent introductory piece on the lawsuit. Steven Vaughn-Nichols suggests that this lawsuit is only the beginning, and that JBoss, Apache Jakarta, and the JCP better watch out (though I disagree).

From when Google introduced Android and its associated virtual machine, Dalvik, Stefano Mazzochi had one of the most complete explanations of what Google was doing and its implications.

Do You Have a Data Retention Plan?

If you don’t, your company could find itself having to save documents it would much rather have gotten rid of when a lawsuit occurs. More importantly, customer information is protected by law and not handling it with care can lead to significant and adverse consequences.

Consider the tale reported over at the Clutter Diet blog. The company in this tale did not handle customer data properly at all.

Shredding document isn’t enough either; companies will reconstruct the shredded documents for a hefty fee – even from cross-cut documents. In the New York Times (July 17, 2003) Doublas Heingartner reports about an effort to reconstitute hundreds of documents from the East German Stasi (or secret police).

The best thing to do is to have a written and accurate plan for disposing of documents, and a method of disposal that precludes reconstitution. The US military now uses pulping and pulverizing of paper; it should be possible to do this with corporate documents in some fashion as well.

A data retention plan should, of course, manage electronic documents as well. Sensitive documents should be deleted and the hard drive space wiped. If the hard drive is to be disposed of, physical destruction is the only way to completely be assured of total data loss; however, your company may very well be satisfied with a complete wipe of the drive with tools like Darik’s Boot And Nuke.

Just do it. Your lawyers and customers will thank you.

LexisNexis Tools Come to Microsoft Office

At the LegalTech Conference taking place in New York City, Lexis announced a partnership with Microsoft. The competition has tools, but this partnership has all the markings of a competition killer.

LexisNexis research tools will be built into Microsoft Office products, in particular: Microsoft Word, Microsoft Outlook, and Microsoft Sharepoint. This means that no matter what Westlaw comes up with, and no matter what Bloomberg comes up with, Microsoft Office comes ready to use LexisNexis out of the box.

Thus, I would expect Microsoft Office upgrades to be high on every lawyer’s agenda shortly. Your corporate counsel is likely to be begging for it as soon as they hear about it.

Workplace Privacy in the News

Workplace privacy is in the news again. The U.S. Supreme Court will hear the case of City of Ontario v. Quon in which personal text messages were sent on an employer-provided pager. Are these text messages private? Does the user have an expectation of privacy?

The blogs SCOTUSblog and the Volokh Conspiracy both reported on this, as did the mainstream press, including National Public Radio, the Christian Science Monitor, Reuters, the New York Times, the L.A. Times, and many more. The New York Times hosted a written debate about the issue.

Workplace privacy doesn’t involve constitutional rights, as there is no right to privacy in general and the constitution has been held to be specific to the government, not private employers. However, the issue is such that many organizations have focused on this topic: for example, the Privacy Rights Clearinghouse, the Electronic Privacy Information Center, the Publishing Law Center, and the ACLU. The ACLU states that “…the ACLU receives more complaints about workplace rights violations than about any other issue.”

As administrators, these issues affect us directly: it is often administrators who implement and oversee much of the technological surveillance, including digital cameras, email surveillance, web filtering, and more. It also becomes important in terms of protecting privacy as well, preventing data from leaking out from corporate servers. There is also e-discovery in which documents must be turned over during the case of a trial.

Before implementing a new method of monitoring, one should be aware of the laws involved and also implement a written policy that all employees will be made aware of. If this is not done, an admin can find themselves on the wrong side of the law.

This lawsuit has the potential to rewrite the laws on workplace privacy; the SCOTUS Wiki has a nice write-up on all of the details.

ZFS and Apple’s new MacOS X (Snow Leopard)

Sun’s ZFS is, by all accounts, the most revolutionary file system to come along in years. The Wikipedia entry on ZFS has some details, and Sun has a ZFS Learning Center where you can learn how to use it.

Of course, ZFS is in OpenSolaris, but it is also being introduced into FreeBSD as well.

The Solaris Internals site has a beautiful ZFS Best Practices Guide.

What does all of this have to do with Apple’s MacOS X (Snow Leopard)?

Just this: early in the development of MacOS X 10.6, Apple announced that they would use ZFS in the new MacOS X Snow Leopard. The ability to read ZFS volumes had been put into MacOS X Leopard Server. However, ZFS is missing from MacOS X Snow Leopard and Snow Leopard Server entirely. Robin Harris over at ZDNet has an excellent article that explains it all. He then went on to expand on his ZDNet article with more details.

The one detail in particular I wanted to note is the lawsuit between NetApp and Sun over ZFS and related patents. Groklaw has been following the lawsuit, but the last update from Groklaw is October 2008; Sun has more details on their lawsuit page. Way back in 2007 when the patent lawsuit erupted, CompuerWorld had an article suggesting that Apple might be forced into the lawsuit since it had been courting ZFS – or could be sued next if NetApp won. Neither Apple nor NetApp would comment.

It would also be worth noting that when IBM was in talks to buy Sun in March 2009, there were articles about how the ZFS lawsuit would affect such talks – especially given that IBM and NetApp had a strong partnership already (IBM remarkets NetApp hardware for instance). AMLawDaily had a nice article about it, as did CNET. It wasn’t much more than a month later – in April 2009 – that Sun announced it was being bought by Oracle.

Powered by ScribeFire.

The Dark Side of Cloud Computing

If you have information in “the cloud” instead of on your personal computer, there is a dark side that you should be aware of.

The information that you save to the cloud resides on servers elsewhere, such as California or Korea or Canada. Wherever those servers reside, there are laws that govern them and the corporation that controls them. These laws may permit access to that information that is much looser than where you are.

Even within the United States, there is a big difference between the data stored on your personal computer or laptop and the information stored on external servers. The United States government must get a warrant signed by a judge before searching your home (and home computer); however, a warrant is not necessary to get a corporation such as an Internet Service Provider (ISP) or others to give the police your data. Companies such as Google and others can be forced to give the police data without notifying you.

This data is not just on the servers, but can also be found on backup tapes as well. Some services – either by their nature or by design – will keep multiple versions of your data, so all past versions can be scanned.

Cloud computing can be brought in-house to some extent, most notably by using open source projects such as eyeOS (which provides a remote desktop). If you are truly concerned by leaving your data open, do not use unsecured network protocols, and do not set up a server with a hosting service: you must run your own server internally.

Other services will provide a key which encrypts the data on their servers – such that the hosting service cannot read any of your data. These are the best services to use, although they may be harder to find. The most likely cloud computing services to do this are backup services as well as those specializing in privacy.

For example, SpiderOak keeps all data on their servers encrypted – so even they can’t read it. Mozy appears to offer the same capability.

Password storage sites also have security built-in; both Clipperz and PassPack have encrypted all of the data on their servers, preventing anyone from reading your data.

However, Google Docs, Zoho, and Thinkfree Office all appear to keep data on their servers readable by anybody – thus, your data could be subponeaed by a court of law if necessary.

It’s unlikely that any of the “micro” services would offer encryption of your data – services like del.icio.us or Joe’s Goals or Zotero.

There is also the possibility of losing all of your data due to a site shutting down. Some sites, polished though they may be, are run by individuals or tiny companies; thus one should not rely on cloud computing alone. Backups should be replicated internally – including backups of all data stored externally.

One good example of this would be the service Magnolia – the service suffered a total data loss stemming from a disaster that took place in February.

Thus, like RAID, cloud computing alone is not a backup!

Free Software Foundation Files Suit Against Cisco

This is incredible news. The behemoth Cisco has apparently not been in compliance with the GPL License (in relation to their Linksys routers for one), and one problem after another seems to have been cropping up as the Free Software Foundation (FSF) tried to resolve each one.

Finally, the FSF saw no recourse but to finally file a lawsuit to get them to resolve all of the issues and released a press release to that effect. The FSF gives more details in this article. The complaint filed by the Software Freedom Law Center (who announced the filing on their on site) on behalf of the FSF is also available.

The news is spreading far and wide: already, there are articles in InformationWeek, InternetNews, and NetworkWorld. It’s also already on Slashdot, and a Wikipedia page is aging nicely already. (Side note: it’ll be interesting to see how gnu.org handles the slashdot effect…. but I digress.)

I can’t wait until the folks at Groklaw get their hands on this; will be interesting (and will update with the results when it happens).

Lastly, if you believe in what the FSF has been doing, why not join today?

Helios Linux Attacked as Illegal Enterprise

I saw this article from Ken Starks, the maintainer of the Helios Linux distribution, about a letter he received. It is from a teacher who confiscated a number of live Linux CDROMs from a student and then accused the Helios maintainer of illegal activities. The teacher’s letter is astounding in its misunderstanding of the true nature of open source.

Setting aside the audacity and ignorance of the teacher for this article…. It goes to show that not everyone is as well-informed as many of us. The teacher in this case perhaps has never heard of Edubuntu, a distribution formed just for education – nor of OLPC, a nonprofit organization trying to get laptops (Linux laptops mind you) into the hands of all of the children of Africa and the third world.

We must be prepared for educating our supervisors, users, and others that rely on us as to why this or that open source project is worthwhile. In many cases, the fact that a product is open source (or not) is not a selling point: many folks will not use something because it is open source, but would rather pay for something which is better – or meets their needs – or is “what everyone uses.”

Examples of this abound: Linux v. Windows – Linux v. UNIX – Red Hat Enterprise v. CentOS – OpenOffice v. Microsoft Office – OpenSSH v. SSH – GNUCash v. Quicken – and more. Put aside the open source nature of the product and explain why it is better than the commercial product. Does it have more features? Does it work in more places? Is it easier to use? Does it cost less? (Okay, the last is not free of the open source movement – but freeware is there too…) Does it have a lighter footprint? Is it more widely used than the commercial product?

All of this must be explained to those who have no idea what open source is about – and perhaps have no technological background, much less an understanding of technical history.

Let’s get out there with our heads held high and educate the masses!

Update: this story has a happy ending. I’m also glad he didn’t name the teacher involved, and I can just imagine the vitriol that flew his way. The fact that he stood his ground speaks tremendously to his character. Kudos, Ken!

License wars: GPL vs. BSD (or What happened to the public domain?)

There is a very interesting article about the GPL copyright license and the BSD copyright license, and this author’s view that the public domain is the only way to go. This is a very interesting take on both licenses.

His (her?) view is that both licenses place restrictions on the user (as he suggests all licenses do). However, I would beg to differ with the assessment on both licenses…

The GPL license does place restrictions on the user; however, those restrictions are there to preserve the freedom to change, modify, and give away the source code. That’s it. The restrictions are there to preserve freedom.

The BSD license places restrictions that basically say the user is responsible for the software, and says nothing about anything else. The BSD license was designed to preserve the freedom to do whatsoever you will with the software (including putting it into proprietary systems and not releasing source code).

However, the public domain basically places no restrictions whatsoever on your software. Thus, someone can appropriate the software, start selling it, claim they wrote it, and more – without any recourse for you, the original author. It is for this reason that the Public Domain is not where you want your software.

Birthdays! (GNU, Debian, Google, and more!)

I just can’t believe all of the birthdays in the recent weeks.

The Debian Project celebrated 15 years on August 16th. There is a nice wiki page about the celebration (known as Debian Day) which occurs every year around the world.

FreeBSD also celebrates 15 years. The announcement of the celebration was made in the freebsd-announce mailing list by Matt Olander. The celebration will be at Meet BSD California ’08 on November 15-16 in Mountain View, California (and at Google no less!).

The GNU project turns 25 in September. There is a delightful film by Stephen Fry describing GNU and what it is and what it’s done (and an article about the film), and there is an article by Matt Lee about GNU and how it will celebrate.

Google turns 10 on Sep. 7. There are photos of what the Google computing center looked like over the years from a talk by James Dean give at the 2007 Seattle Scalability Conference.

One more birthday (though not one to celebrate!) is the one-year anniversary of the RIAA’s legal campaign against on-campus file sharing. Ars Technica has a nice article about it, and there is a nice response by Bill Wyman. It’s also the four-year anniversary of the RIAA’s general legal strategy against file sharing; this is covered nicely in an article by David Kravets at Wired. That article starts with an impressive number indeed: 20,000 lawsuits? Astounding…

Any other anniversaries I missed?