- | Home |
- Company |
- Contact |
- News |
- S/ware Eng |
- Standards |
- Academic Support |
- Documents |
- | Requirements |
- Validation |
- RTOS |
- Analysis |
- Software |
- Resources |
- Products |
 |
Embedded Curmudgeon Column
|
 |
Chris Hills, our embedded curmudgeon, looks at the alligators in the swamp of software licences.
Some years ago there was a forum discussion where a programmer boasted that his team, working on a project for the MoD, had given up using the “expensive bug-ridden tools management told them to use.” Instead they used GCC and some Open Source libraries. He and his team found it very funny when The Management “went berserk” after they discovered the change in tools when it was too late to change back. They could not understand why I thought they should all have been fired for gross misconduct. The problem was not the GCC, nor open source per say, but the issues of licensing.
I was reminded of this when a business acquaintance called me recently with an interesting story. He had bought a consumer device made by a well-known multi-national company. Whilst hacking around some of the sub menus on the device he came across the licenses for some of the software components and, to his surprise, part of it was GPL Open Source. Well, being a software person, he decided to ask for the software source code. Thoughts of modifying the device came to mind!
After several weeks of stone-walling and buck-passing, with corporate (stalling) emails and phone calls, he has got nowhere. He says that the company concerned does use GPL Open Source alongside bought in software with many other licenses, which is why he could find a menu on the device listing the licenses. In all other cases where GPL Open Source has been used you can download it from the corporate website: normally they play by the rules.
We concluded that it is likely that the programmers on this particular project used the GPL Open Source software, as well as other software components with other licenses, because it was in the corporate tool-box. However, it is likely that the GPL stuff may not have been part of the original design and when it was used no one properly communicated back up the chain to obtain clearance.
The stalling might be because, to the embarrassment of the company, it now has software, for a current product, it technically should release but does not want to - at least for this year or maybe even next year! And since with other products with GPL software it does make the code available, stalling on giving out modified GPL Open Source may be the result of a genuine mistake. This, together with the fact that my friend is still in discussions with them, is why I am not going to name the company, or the device.
The underlying point here is you must read and understand the licenses for all third party software you use, including the development tools. Compilers usually come with standard libraries that you link into your product and there will be a license regarding those libraries. On the whole, most commercial software has practical commercial licenses, although even there you have restrictions. For example some things cannot be sold to certain countries etc. (Cryptographic software is a prime example though I am not sure why.) At the very least, in some countries all software is automatically covered by copyright.
If the management decide what external components to use, then it is they who are responsible. Likewise if the development team decides to use third party software, without raising all the licensing issues with the appropriate parts of the company, then it is they who are responsible: hence my comment that the team working on a project for the MoD should have been fired for gross misconduct. They had put the company in an impossible position: there was, for a while, a military system out there that, in theory, should have had most of its software available to the enemy. I don’t see this as the joke that the programmers thought. It is not an intellectual discussion: people’s lives could have been put at risk.
So you, or rather your legal department, or whom every will ultimately carry the can, does need to read and understand the implications of the licenses for the software you plan to use.
I had one customer look at some software components we sell, but decided it was less expensive to use some “free” software. However a month later they returned and said it was less expensive to use the software we could sell them with a simple, one page, commercial license than have the legal department wade through the multiple long and complex licenses with the free software! Time costs money. Also all licenses have conditions and restrictions even GPL. In the case of Open Source there are some times multiple versions of the GPL, LGPL and related licenses in a single package. How many GCC users have actually read the relevant GPL licenses? There are many variations.
Incidentally has anyone actually read the full license that comes with Microsoft Windows? No? You are not alone! However that is not usually a problem for most of us, unless you are embedding MS Windows in a product. One company was doing a root and branch re-appraisal of a current project that was deployed in the field for a re qualification to a new version of a standard. They discovered that the embedded MS Windows license specifically excluded the use they were putting it to. I am sure, in fact I know, that they are not alone in this.
While MS Windows has a single, if long and complex, license, Linux distributions have a large number of different licenses, from as many sources as the thousands of packages in them. A long while ago, I knew a company that tried to build a licence manger for Linux to try and tame this problem, but they found that the problem was growing faster than they could tame it.
Some licenses may have strange or interesting clauses. I know one license that forbids using the software it covers in weapons. However, the way the license is worded means that the software cannot be used by the National Health Service or the Fire and Rescue Services! This means people developing medical systems for saving lives won’t use it as it limits their markets to a small subset of possible users. This is completely the opposite of the intention of the authors of the license.
Thinking of the laws of unintended consequences, a couple of unrelated things came together last week. A Dilbert cartoon (clearly they have our office bugged) that was basically saying “The Company” had put their data centre into the cloud but that the cloud had floated away. They had lost the entire contents of their company data centre but, like the truth, the data was “out there”.
I have talked about the dangers of using the cloud for sensitive data before. One major problem is that you may not know where the data physically resides. Now, following recent newspaper coverage, it appears that there is an outfit that can do disaster recovery for you: not only can they recover all your cloud based data but probably find all your emails too. Just call +1(443) 479 9572 for their head office or 020 7499-9000 for their London branch office and ask for PRISM.
Someone tried it… http://boingboing.net/2013/09/01/hello-nsa-i-have-lost-an-e.html
Foot note: The Video has since been removed for copyright reasons... Having seen the video I could not see any copyright infringements at all. Then again You Tube is a large US Corporation that tracks a lot of data. As I don't have the resources of the NSA I can't tell you if there was a phone call to You Tube asking them to remove a video that embarrassed the NSA.
On a more serious note, for those of you on LinkedIn there is now a MISRA-C & C++ group. This group is for informal discussion and sharing things, and many of the MISRA-C team, along with a lot of others, regularly hang out there. For official MISRA answers to MISRA questions you will still have to go to the MISRA forum on www.misra-c.com/forum
Author Details and contact
Eur Ing Chris Hills BSc CEng MIET MBCS MIEEE FRGS FRSA is a Technical Specialist and can be reached at This Contact
Copyright Chris A Hills 2003 -2013
The right of Chris A Hills to be identified as the author of this work has been asserted by him in accordance with the Copyright, Designs and Patents Act 1988