Latest Trends in Mobile Technology

Lavenya Dilip

Subscribe to Lavenya Dilip: eMailAlertsEmail Alerts
Get Lavenya Dilip: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Sun Developer Journal, SOA Best Practices Digest, SOA & WOA Magazine, Microsoft Developer

Article

Microsoft Revamps Controversial Windows 7USB/DVD Tool

Blackduck gives pointers to prevent Microsoftesque mishaps mishaps

Microsoft Developer

Microsoft has redone the Windows 7 USB/DVD tool that it pulled down sometime back after it was widely discussed that the tool contained code which violated the GNU General Public License. The source code in question came from ImageMaster, a tool that is used for reading and writing disk images. Microsoft called the violation an unintentional mistake, and took full responsibility for the infringement even though the code had been supplied by a third party. Now Microsoft has finally released the tool again under version 2 of the GNU General Public License (GPLv2). The tool allows users to transfer downloaded Windows 7 images to a USB drive or burn them to DVD media.

In a post on the company's blog, Peter Galli, Microsoft's Open Source Community Manager, said "the testing and localisation took longer than we expected". Galli notes that, while the user experience will be the same as before, installation now requires additional steps, including installing Microsoft's .NET Framework and to burn DVDs. Previously the files were launched via a command line, but were separated "for clarity as they are separate programs under different licensing terms". The tool is now available on Microsoft's CodePlex open source software project hosting repository at.

Even though Microsoft has conducted admirably in this case of accidental infringement, it has been at loggerheads with the open source community for years. In 2007 the company had accused Red Hat and other Linux vendors of violating 235 Microsoft patents. Off late though it has made several attempts to embrace opensource and has even launched a new foundation called Codeplex to enable code exchange and support open source communities.

This recent code violation issue by even a huge enterprise of Microsoft’s stature has brought into focus the vulnerability of opensource code to copyright and licensing oversights. Having clearcut Opensource usage policies and guidelines for a more efficient management of opensource adoption is crucial for all companies that want to prevent unnecessary developmental delays or judicial interventions.

Black Duck Software, a company that helps with precisely these kinds of issues has releaseda five point checklist that can be used by software companies concerned about intellectual property and licensing risks :

Have a written, explicit “Know what you are trying to do with open source, and develop a disciplined policy and set of practices”, advises Jeff Durand, VP of Professional Services at Black Duck Software. Automation through tools that identify code and any license dependencies is a critical first step. "Automation makes development organizations more efficient and builds quality into the process," he observes. "Manual processes are not fast enough to aid in the discovery of hidden or potentially encumbered code. The more automation is in place, the better able a developer will be to take advantage of code." Automation also minimizes the impact of compliance on developers, who can stay focused on developing rather than tracking code provenance.

2. Integrate with other systems, especially build and change management tools -- Integrating with a company's build system is a natural and convenient place to check compliance, scan for third-party and OSS code and identify conflicts. Finding issues early in the development cycle will save effort later.

3. Check all possible sources for incoming OSS -- A single-source application or code base is the exception, not the rule, in today's global development infrastructure, says Durand. Code can come from many sources -- OSS forges, community projects, third-party developers. Pointing to Microsoft's recent brush with undetected OSS code, Durand notes that outsourcing software development has become a best practice -- leaving software companies and enterprise IT departments with doubts about code provenance. "Your developers, external developers and contractors are part of your software supply chain," he says. "You need a best practice that describes how to manage inbound code, an institutionalized policy for managing third-party and OSS code, and a documented process that the entire organization can understand and support."

4. Drive efficiency by identifying and standardizing on OSS components -- A lack of control in the development process can leave a company with 10 different XML parsers, multiple libraries with similar functionality, or logging and bug-tracking systems that offer largely the same features. Standardizing on an approved set of OSS components (e.g., Tomcat, log4j, zlib, etc.) by establishing a process and system for bringing in and evaluating components eliminates the need to test and get approval for the same components over and over. "We recommend creating an approved set of components that is accessible and usable by the entire development organization," says Durand. "For example, the Black Duck Suite includes a platform and workflow to create a catalog of approved components. Developers can check the approved list first before spending the effort to find a component on their own, getting it approved, etc." The key, adds Durand, is to standardize on proven OSS components as a best practice using appropriate process, rigor and review of incoming code.

5. Contribute back to avoid forking code -- A big part of the OSS experience is giving back to the community. Some licenses explicitly state how code must be returned to the community. If your development plans include using OSS, it's a good idea to think from the start about contributing code back including bug fixes. Not only will this help your organization eliminate the need to maintain your code as a separate fork, points out Durand, it's a good example of cooperative development at work and you maintain a good working relationship with the community.

More Stories By Lavenya Dilip

Lavenya Dilip was responsible for Marketing at Green Rack Systems.