PokittoLib minor licensing issues

EDIT – READ FIRST:

After a discussion we’ve had it turns out the issues are more or less minor, easily fixable, so new readers, please don’t freak out!

Original text follows.

I’ve found that PokittoLib has some licensing issues – many small ones, but also some that I think may be critical and not allowing to use PokittoLib commercially due to terms of non-FOSS licenses in third party source files and not advertising it as open-source. I would like to bring this up so that it can be resolved.

Missing licenses

So firstly there are the missing licenses for files, which happens mistakingly, but still. It’s no big deal, provided it’s fixed soon.

However, this shows the error-proneness and also confusing nature of the way the files are currently licensed – that is separately, in each file’s header. Could we please consider for example creating a LICENSE file for each folder, OR putting a License section in README where there would be clearly stated what license applies to what.

Where absence of licenses currently hurts the most is the examples. The reason is that many programs, and most of these written by beginners, are a derivative work of some example. These programs when published are all copyright infringements.

Here are some files I found that have a license missing:

PokittoLib/Pokitto/mbed-pokitto/api/InterrputManager.h
PokittoLib/Pokitto/mbed-pokitto/common/InterrputManager.cpp
PokittoLib/Pokitto/mbed-pokitto/common/CallChain.cpp
PokittoLib/Pokitto/mbed-pokitto/targets/cmsis/TARGET_NXP/TARGET_LPC11U6X/cmsis_nvic.h
PokittoLib/Pokitto/mbed-pokitto/targets/cmsis/TARGET_NXP/TARGET_LPC11U6X/TOOLCHAIN_GCC_ARM/TARGET_LPC11U68/LPC11U68.ld
PokittoLib/Pokitto/mbed-pokitto/targets/cmsis/TARGET_NXP/TARGET_LPC11U6X/TOOLCHAIN_GCC_ARM/TARGET_LPC11U68/startup_LPC11U68.cpp
PokittoLib/Pokitto/POKITTO_CORE/binary.h
PokittoLib/Pokitto/POKITTO_CORE/PokittoPalettes.h
PokittoLib/Pokitto/POKITTO_CORE/FONTS/dragon6x8.cpp
PokittoLib/Pokitto/POKITTO_CORE/FONTS/fontC64.cpp
PokittoLib/Pokitto/POKITTO_CORE/FONTS/fontC64UIGfx.cpp
PokittoLib/Pokitto/POKITTO_CORE/FONTS/fontMonkey.cpp
PokittoLib/Pokitto/POKITTO_CORE/FONTS/karateka8x11
PokittoLib/Pokitto/POKITTO_CORE/FONTS/koubit7x7.cpp
PokittoLib/Pokitto/POKITTO_CORE/FONTS/mini4x6.cpp
PokittoLib/Pokitto/POKITTO_CORE/FONTS/runes6x8.cpp
PokittoLib/Pokitto/POKITTO_CORE/FONTS/TIC806x6.cpp
PokittoLib/Pokitto/POKITTO_CORE/FONTS/tight4x7.cpp
PokittoLib/Pokitto/POKITTO_CORE/FONTS/tiny5x7.cpp
PokittoLib/Pokitto/POKITTO_CORE/FONTS/ZXSpec.cpp
PokittoLib/Pokitto/POKITTO_CORE/PALETTES/palAction.cpp
PokittoLib/Pokitto/POKITTO_CORE/PALETTES/palCGA.cpp
PokittoLib/Pokitto/POKITTO_CORE/PALETTES/palDB16.cpp
PokittoLib/Pokitto/POKITTO_CORE/PALETTES/palDefault.cpp
PokittoLib/Pokitto/POKITTO_CORE/PALETTES/palGameboy.cpp
PokittoLib/Pokitto/POKITTO_CORE/PALETTES/palMagma.cpp
PokittoLib/Pokitto/POKITTO_CORE/PALETTES/palMono.cpp
PokittoLib/Pokitto/POKITTO_CORE/PALETTES/palPico.cpp
PokittoLib/Pokitto/POKITTO_CORE/PALETTES/palRainbow.cpp
PokittoLib/Pokitto/POKITTO_CORE/PALETTES/palZXSpec.cpp
PokittoLib/Pokitto/POKITTO_HW/clock_11u6x.c
PokittoLib/Pokitto/POKITTO_HW/loader.h
PokittoLib/Pokitto/POKITTO_HW/lpc_defs.h
PokittoLib/Pokitto/POKITTO_HW/Pokitto_extport.h
PokittoLib/Pokitto/POKITTO_HW/Pokitto_extport.cpp
PokittoLib/Pokitto/POKITTO_LIBS/FileIO/FileIO.h
PokittoLib/Pokitto/POKITTO_LIBS/FixMath/fix16.c
PokittoLib/Pokitto/POKITTO_LIBS/FixMath/fix16.h
PokittoLib/Pokitto/POKITTO_LIBS/FixMath/fix16_sqrt.c
PokittoLib/Pokitto/POKITTO_LIBS/FixMath/fix16_trig_sin_lut.h
PokittoLib/Pokitto/POKITTO_LIBS/FixMath/fixmath.h
PokittoLib/Pokitto/POKITTO_LIBS/FixMath/fract32.h
PokittoLib/Pokitto/POKITTO_LIBS/FixMath/uint32.h
PokittoLib/Pokitto/POKITTO_LIBS/FixMath/fix16_exp.c
PokittoLib/Pokitto/POKITTO_LIBS/FixMath/fix16.hpp
PokittoLib/Pokitto/POKITTO_LIBS/FixMath/fix16_trig.c
PokittoLib/Pokitto/POKITTO_LIBS/FixMath/fract32.c
PokittoLib/Pokitto/POKITTO_LIBS/FixMath/int64.h
PokittoLib/Pokitto/POKITTO_LIBS/FixMath/uint32.c
PokittoLib/Pokitto/POKITTO_LIBS/ImageFormat/defines_linux_SIM.h
PokittoLib/Pokitto/POKITTO_LIBS/ImageFormat/defines_win_SIM.h
PokittoLib/Pokitto/POKITTO_LIBS/JoyHat/JoyHat.cpp
PokittoLib/Pokitto/POKITTO_LIBS/MicroPython/mpconfigport.h
PokittoLib/Pokitto/POKITTO_LIBS/MicroPython/My_settings.h
PokittoLib/Pokitto/POKITTO_LIBS/MicroPython/genhdr/qstrdefs.generated.h
PokittoLib/Pokitto/POKITTO_LIBS/MicroPython/genhdr/qstrdefs.preprocessed.h
PokittoLib/Pokitto/POKITTO_LIBS/MicroPython/other/frogitto_data.py
PokittoLib/Pokitto/POKITTO_LIBS/MicroPython/other/frogitto_main.py
PokittoLib/Pokitto/POKITTO_LIBS/MicroPython/other/marsattack_data.py
PokittoLib/Pokitto/POKITTO_LIBS/MicroPython/other/marsattack_main.py
PokittoLib/Pokitto/POKITTO_LIBS/MicroPython/other/oscmain.py
PokittoLib/Pokitto/POKITTO_LIBS/MicroPython/other/perf_test.py
PokittoLib/Pokitto/POKITTO_LIBS/MicroPython/src_py/example_data.py
PokittoLib/Pokitto/POKITTO_LIBS/MicroPython/src_py/example_main.py
PokittoLib/Pokitto/POKITTO_LIBS/MicroPython/tools/makeqstrdata.py
PokittoLib/Pokitto/POKITTO_LIBS/Physics/Physics.h
PokittoLib/Pokitto/POKITTO_LIBS/SDFileSystem/FATFileSystem/MemFileSystem.h
PokittoLib/Pokitto/POKITTO_LIBS/USBDevice/USBDevice/USBEndpoints_EFM32.h

Non-FOSS licenses

This may be a bigger issue – there are files, some as I understand essential to any build, and some from third parties, that have licenses that forbid some uses, which may clash with Pokitto’s commercial nature. E.g.:

• Pokitto/POKITTO_HW/clock_11u6x.h:

Copyright© NXP Semiconductors, 2013
All rights reserved.

Software that is described herein is for illustrative purposes only
which provides customers with programming information regarding the
LPC products. This software is supplied "AS IS" without any warranties of
any kind, and NXP Semiconductors and its licensor disclaim any and
all warranties, express or implied, including all implied warranties of
merchantability, fitness for a particular purpose and non-infringement of
intellectual property rights. NXP Semiconductors assumes no responsibility
or liability for the use of the software, conveys no license or rights under any
patent, copyright, mask work right, or any other intellectual property rights in
or to any products. NXP Semiconductors reserves the right to make changes
in the software without notification. NXP Semiconductors also makes no
representation or warranty that such application will be suitable for the
specified use without further testing or modification.

Permission to use, copy, modify, and distribute this software and its documentation is hereby granted, under NXP Semiconductors’ and its licensor’s relevant copyrights in the software, without fee, provided that it is used in conjunction with NXP Semiconductors microcontrollers. This copyright, permission, and disclaimer notice must appear in all copies of this code.

• Pokitto/POKITTO_HW/iap.h:

Copyright© 2010, NXP Semiconductor
All rights reserved.

Software that is described herein is for illustrative purposes only
which provides customers with programming information regarding the
products. This software is supplied "AS IS" without any warranties.
NXP Semiconductors assumes no responsibility or liability for the
use of the software, conveys no license or title under any patent,
copyright, or mask work right to the product. NXP Semiconductors
reserves the right to make changes in the software without
notification. NXP Semiconductors also make no representation or
warranty that such application will be suitable for the specified
use without further testing or modification.

• Pokitto/POKITTO_LIBS/USBDevice/USBDevice/USBRegs_STM32.h:

Licensed under MCD-ST Liberty SW License Agreement V2.

This software or any part thereof, including modifications and/or derivative works of this software, must be used and execute solely and exclusively on or in combination with a microcontroller or microprocessor device manufactured by or for STMicroelectronics.

No use, reproduction or redistribution of this software partially or totally may be done in any manner that would subject this software to any Open Source Terms.

Redistribution and use of this software or any part thereof other than as permitted under this license is void and will automatically terminate your rights under this license.

Here’s the list of files I found that have non-FOSS licenses:

PokittoLib/Pokitto/POKITTO_CORE/PokittoDisk.cpp
PokittoLib/Pokitto/POKITTO_HW/clock_11u6x.h
PokittoLib/Pokitto/POKITTO_HW/iap.h
PokittoLib/Pokitto/POKITTO_HW/iap.h
PokittoLib/Pokitto/POKITTO_HW/lpc_types.h
PokittoLib/Pokitto/POKITTO_HW/sct_11u6x.h
PokittoLib/Pokitto/POKITTO_HW/sys_config.h
PokittoLib/Pokitto/POKITTO_LIBS/ImageFormat/ImageFormat.h
PokittoLib/Pokitto/POKITTO_LIBS/Synth/Synth.h
PokittoLib/Pokitto/POKITTO_LIBS/Synth/Synth_helpers.cpp
PokittoLib/Pokitto/POKITTO_LIBS/Synth/Synth_osc.h
PokittoLib/Pokitto/POKITTO_LIBS/Synth/Synth_song.h
PokittoLib/Pokitto/POKITTO_LIBS/USBDevice/USBDevice/USBRegs_STM32.h

I personally don’t know how important the most problematic files are and whether they can be replaced easily. Could anyone knowledgeable analyze this and offer possible solutions?

I don’t doubt the best intentions and that effort will be made to fixing the issues, but because there are many priorities for Pokitto this may take some time, and so I created a personal fork of PokittoLib here, where I’ll try to fix the files, even for the price of potentially dropping some functionality. I’ll be trying to:

• identify licenses and problematic files
• make these more clear
• drop, replace or rewrite the problematic files

This will only include the basic library, not the examples and external stuff. I’ll share any info I’ll gather during this project to help fix the official version as well.

The way I read it, this isn’t saying people can’t use it for other purposes,
this is just a way of saying “we don’t consider this code to be production quality”.

The whole paragraph is a long, redudant way of saying:
“if you use this code and it breaks, don’t say we didn’t warn you”.

I think they’re saying that the permission is provided without fee,
not banning people from charging a fee for the code.

Look at the bigger picture: “Permission to … is hereby granted … without fee, provided …”

The Pokitto code is running on an NXP microcontroller - the Pokitto’s MCU is made by NXP Semiconductor.
So there is no problem here.

This one depends on whether STMicroelectronics are the manufacturer of any of the Pokitto’s components.
I’m assuming they manufacture the USB controller.
It would be a bit odd for the Pokitto library to be using code meant for a different USB controller to the one it actually uses.

This one is a bit difficult.
The code itself is dated 2012, and the licence on the linked to site is dated 2018.

Looking elsewhere at a 2011 version of the licence the ‘open source terms’ clause is absent.
So the issue is which version of the licence is the code licenced under?

That said, even if this applies, I’m not sure whether it would be in breach or not.

Technically that file should be able to be released under that licence and it should not be affected by the terms of the BSD-3 licence that the rest of the code is under, in which case the code in that file would not be ‘subjected to’ the terms of the BSD-3 licence.

That one’s clearly a remnant from the PokittoLib’s in-dev days.
It was probably supposed to be removed but never was.

Also, whilst looking for proprietary stuff you missed an issue with something open source:

These are from application notes provided by manufacturer which generally are intended as an example of how to code something. Everybody uses them and thats what they’re for. I don’t see NXP going after anybody for using code provided as examples.

As for the other points, I will come back to them, but for the NXP licences, you can ease your mind.

This file is a genuine mistake and will be removed

EDIT: its not even needed

Thanks for the comments!

I can read these this way as well, but the problem with law is that there should only be one clear way to read it – that’s what I’m afraid of. Someone else can turn it around.

I’ve been thinking about it as well and I think it’s the intended meaning, but the same as above applies – it’s linguistically ambiguous, right? If it was some standard license I wouldn’t be so nit picky, but since it’s some custom, non-FOSS text, I need to pay a close attention to the meaning, or possible double meanings.

True. Here I would only be glad if the files that do not provide all the usual rights and/or are tied to the HW would be clearly separated so that no mistakes happen (you know, copy pasting a part of code from there into a file that you then use somewhere else for example).

Thanks, this is of course an issue as well, though easily fixable.

Okay, thanks for comforting me a bit, but still I’m a bit nervous about the lack of some explicit statement. I’ll take a look at how they handle this in other products etc.

@drummyfish : we will put this stuff in order. The library has been growing so much I’ve lost track. Thanks for going over it with a fine comb, as soon as I have the opportunity, I’ll start fixing the issues you have listed.

Sure, thanks for hearing me out @jonne I know there are many things to be done, let’s just put this one in the queue as well. I’ve put it on the TODO list.

In lawyerese these might be less ambiguous than they are in plain English.
“illustrative purposes” might well have a specific legal definition in some juristiction(s).

While laws, contracts and licences should all ideally be humanly readable,
they often aren’t because that would lessen the importance of lawyers,
and the lawyers don’t want to be put out of business.

If regular humans could read licences and make sense of them without a lawyer then licence lawyers wouldn’t be needed anymore, and they don’t want that.

I’m not sure the “Permission to … is hereby granted … without fee, provided …” case is ambiguous even as plain English.
What makes it hard to read is that it’s a long sentence to wade through, so by the time you’re halfway through you’ve forgotten which verb applies to what noun.
But if you contract it like I have done then ‘permission is hereby granted without fee’ looks a lot more likely.

If in doubt, build a parse tree.

Even some of the ‘standard’ licences have nasty things like this.
Not the really common ones like MIT and Apache 2.0, but some of the slightly more obscure ones.

For example, this particularly length sentence from the GPL v3:

If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information.

I kid you not, that is a single sentence.

If it were up to me licences would be written like cppreference - lots of bullet points and definitions, and relatively short sentences.

Agreed. This is what I try to stick to when writing my own code:

• Each piece of licenced code should be in a separate file with a licence header.
• Code under different licences should not be mixed in the same file.
• If code has been modified from the original, it should state that it has been modified (unless you hold the copyright or are working alongside the person who does).

Ultimately unless someone’s prepared to hire a lawyer our only options (apart from making sure everything is clearly partitioned into a one-licence-per-file system) are to scrap those parts of the code or live with it and hope the nicer interpretation is the correct one.

Even if it wasn’t, I doubt either of these companies would bother to protest because the Pokitto brings them business.

Definitely! But they’re more tested and established and there works this kind of chain of trust – I just trust them, because I trust the people and groups I know are using them. When I’m unable to identify something as one of the well-known licenses, I simply have to be suspicious by default and carefully read before using it. Because avoiding using one of the standard licenses typically means you want to insert some “catch” in there. So I’m just saying let’s double check and be extra careful here.

Ultimately hoping for the best is a good thing… for the mental health at least But if we can let’s rather aim for not having to resort to betting on luck and friendliness – even if not completely possible, at least as much as we can.

I love Pokitto and do wish it becomes a big commercial success, and that’s why I want it to be clear on the legal matters by then. I’m only doing this nitpicking so that no one with bad intention can do it later.

Many companies are still reluctant to use the ‘standard’ licences for various reasons.

Sometimes it’s as simple as them already having a set of company-approved licences and a company policy saying which licence is appropriate for what, and/or being reluctant to try anything new.
For some companies, changing their policies is difficult because they have a very rigid structure.

And of course, companies are always going to be reluctant about giving something away for free because at the end of the day they want to make a profit and/or pay their workers.
The big companies (like Google) don’t have to worry as much because they have their fingers in so many pies, or because they make their money through advertising (or mining people’s data and selling it on).

It’s more a case of “it wouldn’t make financial sense for them to make a copyright claim”.

Taking someone to court costs a lot of money,
for a business to take someone to court over a breach of licence the payout would have to be quite substantial, and I’m doubtful they could claim damages/loss of earnings.

In the case of NXP, taking Pokitto Oy to court could potentially result in a loss of sales.
Every Pokitto board has an NXP chip, and as long as that stays the case, it’s in their (financial) interest for the Pokitto to do well.

As I said before, ultimately the best course of action would be to shell out for a lawyer to interpret the licence, but I’m doubtful anyone is going to do that.

The only other alternatves are to scrap those parts of the code,
or to assume that the most likely outcome is that everything will be fine.

If engineers would hear about a chip manufacturer suing customers for using code from application notes and examples (provided as a service to customers), their reputation would be gone. Its not-gonna-happen regardless of copyright text

Turns out a lot of files have just been copied from somewhere without the licenses or notices about modification as @Pharap pointed out, or even had the license header/file stripped. It’s a violation but only a mild one that can be fixed with a single ctrl-c + ctrl-v.

For example, the fixmath library pasted from here to POKITTO_LIBS without retaining the copyright notice.

Okay, I’ve now been working on this for a few days and have most of the files clear! I think I have to finish this before I can peacefully program anything for Pokitto again. But it shouldn’t take that long hopefully. I’m also thinking about including other things like an SD card with FOSS games only, compiled with my version of the library. The name of this all would be PokittoLibre. Is that okay @jonne? It’s no commercial competition, quite the opposite – I keep recommending Pokitto to my friends who put similar emphasis on software freedom, and with this project around they’ll be more likely to buy it. It would be what Linux-libre is to Linux.

I understand your concern over the license issues.

Let me say something though. I have first hand experience of how big organizations with legal departments(not just lawyers, but departments) are unable to draft a contract - in mutual understanding - that is unambiguous should a case be taken to court.

This is because the law is a totally different concern than license agreements. If there is a contradiction between law and contract, the law overrules the contract.Or not.

What I want to say is this: a contract has no value as a safeguard against anything. A contract does not stop you from being sued. There is no document you can write that can not be challenged in court, and if something goes to court, it’s usually the bigger party with more resources that wins the case.

For this reason, for example owning a patent is nearly worthless, unless you also have an army of lawyers that will defend your patent in court.

I see a lot of people putting a lot of emphasis on licenses in the discussions on these forums. These are important things and must be addressed. But I’m just warning you (from a professional point of view) against thinking in a simplistic way, that because something has a license file attached to it, you are either safe from being sued / in danger of being sued. Suing for IP is a whole different ballgame, I have been party to several patents and patent challenges and some day I will tell you how it actually works.

For example, in US the magic number is 200. When your company reaches 200 employees, the automatic bots of patent troll companies will flag you as a potential target and patent trolls will start scanning for any areas where you might be liable to being sued. I am not kidding. This is how it works. It does not take away the importance of adhering to licenses, but IP protection is a business and you will get sued only if someone sees you have money to lose. Nobody sues over ethics.

In any case, the only clear breach (not oversight that can be fixed) the Microchip driver (that ended up there by accident of the TTBasic example I was working on) has now been removed.

There is no legal conflict now, only clarification from this point on.

And again I want to stress that I will fix these issues.

And just as a side note, there are companies in breach of GPL on the board of the Linux foundation.

What I am saying yes, we need to take care of these things. But no, doing stuff in context of Pokitto will not get anyone sued because nobody is interested in going after people with no money.

This is true, I am not naive to think having some text in code is a bulletproof legal defense, or think anyone here is going to get sued anytime soon – I agree with all this. However I have set this as rule for myself to only deal with FOSS-licensed software, and to try as much as I can to help create such software, and here is an opportunity I see I should take, so this is basically just me and possibly a few other individuals. I don’t want to cause drama or anything! All I want is to make sure that you, the community and my friends here, are okay with this and don’t see it as an unfriendly move or something, and I want to do this all transparently, not behind anyone’s back.

Yes I understand.

Microchip driver is removed, and I checked the NXP files. The NXP language is not the standard template but all of the files used (from NXP side) have a variation of the text below.

These are application notes / examples and to me its clear that the intent is, that the code can be used in conjunction of NXP processors (which the Pokitto is).

And really, I do understand your point.

But I also want to state that this thread may give someone an impression that there is something badly wrong with the license issues. I haven’t been so foolish that I would have taken any significant parts of code from a closed source. There may be a few places where we need to attach the license text but that’s it.

/*
 * @brief LPC11U6X Clock control functions
 *
 * @note
 * Copyright(C) NXP Semiconductors, 2013
 * All rights reserved.
 *
 * @par
 * Software that is described herein is for illustrative purposes only
 * which provides customers with programming information regarding the
 * LPC products.  This software is supplied "AS IS" without any warranties of
 * any kind, and NXP Semiconductors and its licensor disclaim any and
 * all warranties, express or implied, including all implied warranties of
 * merchantability, fitness for a particular purpose and non-infringement of
 * intellectual property rights.  NXP Semiconductors assumes no responsibility
 * or liability for the use of the software, conveys no license or rights under any
 * patent, copyright, mask work right, or any other intellectual property rights in
 * or to any products. NXP Semiconductors reserves the right to make changes
 * in the software without notification. NXP Semiconductors also makes no
 * representation or warranty that such application will be suitable for the
 * specified use without further testing or modification.
 *
 * @par
 * Permission to use, copy, modify, and distribute this software and its
 * documentation is hereby granted, under NXP Semiconductors' and its
 * licensor's relevant copyrights in the software, without fee, provided that it
 * is used in conjunction with NXP Semiconductors microcontrollers.  This
 * copyright, permission, and disclaimer notice must appear in all copies of
 * this code.
 */

The NXP files I’ll either rewrite, or – if it would be too difficult – just clearly separate as non-free, until an alternative is found.

I see, sorry for that. I will try to edit the post to not give this impression.

No do not edit anything. I like to handle things in the open as well. I want everyone to see this dialog.

I am just making a counterpoint, and that is normal discussion. I am very happy with everything.