 I probably should get going, but I can start with the problem. We'll make sure I don't have the output. I doubt it, but I think we'll just. I think we know what we're doing. Sorry. OK. Let me just start off real quick. Thank you for coming. That's a really session. How many here have had some exposure to SPX? Let me repeat this. How many people here is relatively new to SPX? I'll be referencing SPX, but I won't be explicitly going to any overview of SPX. However, there's a lot of good resources for you guys to start. I'd be more than happy to address any questions you might have about trying to understand it after. This is very relevant to a lot of people who work with SPX files, but believe me, if you're in licensing, you're going to identify with the content. For those, whether you are really plugged into SPX or not, there's a survey. This card is available, but I guess you know the spdx.org site slash survey. And provide some, just fill out the survey to provide feedback about what you know or don't know about it. And also, what's also worth noting is this is a session today of SPX Tools. And following this presentation is two sessions on talking about the neat tools that are available to us to leverage SPX data. And Gary will be using that. So for that to do, everybody can hear me. Right? I'm not sure if you can hear me. So today, I'm going to present what I often call my presentation on Licensing to Kill. And this is work that's done by a team I participate with, Samir Ahmed, Alisa Seneva, who's over here. And two other people, Mirella and E. Hyde. And very fortunate to have worked with them because they've come up with a lot of good stuff today. Standard disclaimer here. Basically, this does represent the opinions of the presenter and not the organization, organizations previously worked for or currently work for. OK? And of course, this is not legal advice. So I'm going to start off like any good movie with a really great scene. But seriously, this is for people 17 or older. So anybody who's on this, anything for you to do with it. This comes off of Twitter. And this actually tweet has gotten a lot of attention. It even has the Wikipedia page that it did. And this is a viewpoint that is not necessarily held by a huge number of people in the world. But there's quite a few people who feel strongly that licensing is a real annoyance, so it's in the way. OK? And so he's even gone so far as to talk about some new movement called the post-overpost software, which actually there's nothing wrong with that notion. I just think that there's a lot of confusion in the world that we're going to get to that. Now, this is a follow-up tweet, which I think he brought some grounded, clean, cut response to it saying, hey, you're making stuff unusable for our suit. Now, I personally think that it's not just the suits. It's all the open source projects. If you don't do licensing, it's all about share and share alike. That's at the core of the open source movement. And so I mean, it's not just the companies that are getting hurt by this. Now, he had another follow-up tweet, which I thought was very succinct. And really captured the essence of what the potential problem is. You're basically going to create a situation where you have licensing that's going to spread like a disease. And so I usually start my presentation off here, but I thought it was really important to set the stage about some of the thinking that's going on. There are a lot of people who don't quite understand licensing. There's a whole spectrum of misunderstanding. But what's really key for anybody to understand is this. And I know most of the people here in the room are very familiar with licensing and open source. But I want to put together a sequence of ideas to make a point at the end. And what we know is the most important. The only thing that makes a piece of software open source is the license. You can have a piece of software, and I can give it to Jack under a proprietary license and it's proprietary to him. And I can give the same software to Sameer under an open source license and it's open source to him. That's it. That's the only thing that makes a piece of software open source. It's the license. Now, I want to make it clear that I'm very well aware that the open source movement is much much bigger than that. It's a development model. It's a community. It's pure recognition. Many eyeballs affect us. But at the end of the day, the license enables the sharing and it's the core pillar of the movement. And simply put, no license, no movement. Now, licenses, they represent developers wishes. They don't ask much in return. They don't get money for their code. But what they do is they ask cost me for some attribution or share my code with others. And to us, or to many others, maybe open source developers as well, but to many of us, we're users of it. And these just represent our requirements for distribution. And we're all familiar with the types of requirements that we've seen in licenses. Even the famous find me a beer condition. Now, I thought it was just appropriate. I'm not trying to define open source. I just want to use this as an opportunity to define for the sake of this presentation. So open source software really is basically freely available stuff, free of charge. It gives you pretty good easy rights to use, modify, and distribute. And we can debate that all day about exactly the great definition of open sources. But I'm hoping that captures the basic assets. However, for miscrease source, is source code that's out there and there's plenty out there where you're granted no rights to use it. And if you're a company or an open source project and you bring it into your project or your company, you actually are putting yourself at risk, right? And so I'm obviously leveraging the term promiscuous from one of the tweets. And I think it's just a stir to bring people more aware actually for those BG parties. I thought I'd just bring up a simple example just to ground this a little. Now this is GitHub. This is a very innocent project. The person actually wrote some pretty good code. It's without going, you can read about it if you want. It's in the presentation. It's basically looking at a jQuery for animated functions. And basically there's no license information at the top. And if I drill down, there's some really good source code here but no license at all to be found. Okay, now I think you can look at all the files. This is not the, I would guess the intent was not to give it sharing. In fact, they probably really want their code to be used by a lot of people. But unfortunately they didn't choose a license. So technically at least in this discussion on claiming it's not open source. All right, now the GPAR. All right, those who are under 17 can come back in. This is a simple game. Some of you may have seen it once before. I've done it once before. But essentially it's a game where you see a figure and you come up and you tell me what you see, right? So a common, when you look at something one person might say, I see a gift wrap hat for the bow. You didn't see it, but some people claim that they see a man's bow tie being caught in the elevator. Now also you had an ah-ha moment, right? I like that. All right. Now this is a very, another famous one. This is, you wanna take some guesses here? It's could be anything. It says no clear, some people claim they see knots in a rope. Right, some claim they see beads on a necklace. And some even claim they see a bear climbing a tree. Now if you don't see it right away, it's okay. These are the paws and you're shimming off and you can't see what's behind the tree. If you wanna get a little help here, there he is. All right, but you had an ah-ha moment, right? You know, suddenly you saw something that you didn't see before because someone helped you see it. Okay, you know that. So that's my final doodle. The license of busy box. Finer, not packing, finer. And we have, we have, some people see GPL2, right? Some people see something a little bit more involved. And it just depends, it could be just GPL2. It depends how you configure it. But more often it looks like this or this because busy box, you can build it with many different configurations including some files but not others. Now I'll give you an example why that is true. Because traditionally we think of busy box on the GPL2 because that's what we all think of, we're told, right? So busy box, by the way, is a fantastic open source project in terms of the richness of the sharing that went on in its history. And that's why it has so many licenses in there. It's a good thing, more licenses, it's fine. But, and so that's gonna happen to any open source project that is out there and very popular. So we have to be mindful of the fact that there's a lot of sharing going on and licensing is also very relevant to them. So for those who are not as familiar with licensing, this is probably helpful at all. So in busy box, you'll see lots of files. For example, there's Sender.c, it's under GPL. You'll have Runshell.c, it's under MIT, okay? And you even have files with more than one licensing, okay? And this is a little odd to some, but after you've looked at a lot of code, you see this all the time. So here's the VST notice in the file. There's purples in GPLV2 and then there's, here's the MIT, okay? Just to give you an example. So these are real files out of busy box. So if you're gonna build a library, you have to look at all the licensing that goes into that library or from which that library's derived from. And then you end up with this and then you end up with that expression. That's how we got the busy box binary. Give you a little bit more detail on that. So now you have several libraries to get built. You each have a set of libraries, right? And then naturally you can then deduce the licensing. Busy box, which looks something like this, okay? All right, so we've already discussed how these boxes can be licensed like this or this or this. Now, it's a point I make all the time and it's not always received well, but the package license is far less relevant, particularly in the embedded world, for this reason. What you really care about is what programs you put on your device, what files go into, or to building that binary, and that tells you your obligations. Conversely, files that you just seen, the files that are for which it's derived from are highly relevant. And that basically this is determining your obligations and not the happiness. So I often draw this analogy because sometimes it's fun. Files I call they're the atomic unit of licensing. I know we have discussions yesterday and very valid discussions around snippets and this doesn't negate that. There are times when snippets are relevant such as in reporting as Gary was pointing out to me. But ultimately at the end of the day you're gonna ship a binary, a program on your device ultimately comes down to the files. Okay, you have to know the licensing of individual files. If you happen to patch that file, that patch file would be file prime, right? You have to know the licensing of that patch file. But nonetheless, it always comes down to understanding this is the smallest unit of licensing and we have to understand the licensing of our program, okay? So I always draw this out. A son's taking a standard science example. He's pretty aware of these terms. So then basically you'd have files would be the added and the programs would be the molecules, okay? And so that's the analogy that I want people to think about when they think about licensing, okay? Well, those are the most advanced of us, I understand. So one thing I also wanna draw out is there's a little myth that SPXSV is very unwieldy list of files and licenses. And that's often the case when you have a package. But if you're gonna ship a single binary, you just need a single line with a single expression to tell you your license. And in some ways this captures sometimes the complexity around the bill of material, right? In fact, you bypass that whole complexity and you put out a file and this, and by the way, for those who are unfamiliar with SPDX, though the license reps are custom licenses found in the file and in the SPX file, you can go here and define this custom license. Don't worry about most of them. They're all pre straightforward licenses and they're all compatible. So, yes, we often do wanna think about SPDX in terms of a larger package. And if you wanted to, you can see the package SPDX file, I don't wanna go through it at any length, but this is what every single file, there's a license reference to the file. Here's some, you can see the file right here. But the main point is that it doesn't have to be as complicated. All right, that would be fun. I'm sorry. So this is a series that I revived and I actually had some fun experience working with Sven Doomer back he's now at Yahoo, director of Linux. And we had a lot of fun a couple of years ago, two years ago, we presented a very similar set of slides. And back then it was like, the noise is made in the woods and no one hears it, you know, is it really meaningful? I think today there's a lot of people to be hearing the noise now. So I decided to repeat that. You brought back the episodes. So in each one, we're gonna go look at a specific example. So here we have the case of the shameless stolen code. So again, if you've been through a lot of files, you totally relate to this, this is not new to you. I'm trying to make a basic point, right? So this is a file obviously hasn't been noticing that that's very easy to deal with. We know what to do. It also has this additional notice that shamelessly stolen it from. Now, believe me, we tracked these things down. And what it turned out in this package, this file is nowhere to be found in the package. And it's nowhere to be found even on the net by that name at least, okay? So you kind of left hanging a little and I would think that this might actually kill their code, potentially, potentially. That's a subject to the lawyer, but killing meaning preventing it from being used by men. Okay, the next one is the next episode of the case of the shamelessly missing one. Okay, there's no notice at all other than this in the file. What makes it even more interesting is that when you actually look, there's this file called g711.c. Again, nowhere to be found in the package. However, if you go searching on the net, you find one file and it has this notice in it, okay? And you go into this one and also we have the ITU general public license. I don't believe that made the SPDX license list. And I couldn't even find it because I wouldn't even try to offer it up. And then one of my favorite, which I'm sure will come across as well is the famous, you know, I like GPL but I'm gonna give this to the public domain and just line you people. But what's more interesting about it is the contradiction that's being made here, right? Exactly. You can't say something in the public domain and have a copyright. So what is the licensing here? Is this open source? I mean, yeah, you probably get a lawyer maybe go one way or the other and it's up to you to find that lawyer. But nonetheless, you're kind of stuck. And again, this is a person probably, you know, meant well enough to have their code be used by a large group of people, but yet license it to the GPL, close the, okay. All right, case of missing link again. These are things all you auditors have seen before. You know, the thing is go to this link and you'll find the license. Well, we know that that link changed over time from GPL 2 to GPL 3 when the GPL 3 came out. Yeah, this file has 1998 in it. So if you click on the link, you see GPL 3, you click on, but if you make the deduction you're probably thinking GPL 2. Unfortunately, if you're using this in the GPL 2 project, I mean, GPL 3 is not compatible. Where do you come down on this? Again, this is, I'm not here to solve the mysteries. It's just to say there's so many mysteries out there that sometimes, you know, they're just not licensed to be used. And you know, there's obviously things they could have done. You could have done something very simple as, you know, is on the GPL version 2. Don't put links in the box. All right, it's very, this is enough. We all know what to do with this. And then the next episode we have the who done it. I love this one. Modified by many people. Distributed on the GPL. Now, who do we go talk to to find out exactly which version of the GPL they met? Now, the good news is that, you know, at least my interpretation is GPL all three, GPL 1, 2, and 3 say, if they don't specify the version, you get the GPL. So it's not terrible. But they could have done a little better job. Maybe we could have found out exactly what they intended. Yeah. Well, then you might be forced, no, then you, if they don't give you a version, then, and you get to choose, you'd be fine because you get to pick GPL 2. I agree with you. That's correct. It would allow you to pick version 1 as well. In a different context, you can take that file out of that project and put it into a different project where GPL 1 is all of you, you know. All right, another one. I love this comment, you know, they really probably have strong intentions for share. Okay, really distributable. So I probably can assume I can distribute this file. No problem. I probably can assume I can copy this file. But can I assume that I can modify this file? No. So it's not compatible with GPL. We're doing very well sitting in GPL project. All right. So again, they've licensed their code in a way that makes it unusable. So there were very simple things they could have did to, you know, to alleviate that problem. And they could have chose any one of these. This is the double mystery murder. So this is the read me file, the license.text file, or whatever you want to call it. This is trying to give you instructions on how to interpret the license of the package. Which again, is a really dangerous thing to do. Because what we're looking at, first of all, they're telling us fine, great, they're telling us, you should be aware of these are licenses that you'll find files under these licenses in this package. And we have to be careful because we know some of them are not compatible, but that's not a big deal, we can do that. Now then they tell you, then we find out after doing our own analysis that there are many more in the package, fine, we're gonna be mindful of that. And then they tell us, you know, any file that doesn't have a license, you should assume you feel too. But what happens if they borrowed a file from somewhere else and stuck it in there? And also, does this trigger? Do I have a lot of confidence in them that they did that in a very disciplined way? No, I don't. So I'm not feeling very good about that read me file. Or any file that I find in the package without a license. And then you have this classic situation where you see the copyright file or the license.txt file. And guess what? Not found in the project. And this is not surprising because in open source it's all about sharing and somebody probably saw a really cool file in another project, took that file, brought it into their project and said, great, but they didn't pull along the copyright file. So, you know, this is another, we're gonna come back to this, you know, any references to anything outside the file is a very dangerous thing. Or really inhibit share. Okay. Finally, the final mystery is the question and let mystery. And the classic situation is no license information in the file at all. Okay. So naturally you wanna look, people wanna look at top level directory. I generally view copy files as just providing you a copy of the license as required by non-license. However, some people make a different interpretation. I think that rule is generally followed by the Feesawker Foundation and others because they generally do put licenses in every single file as well. But then again, the question is, which license do I use? Am I allowed to, probably the safest thing to assume all of that? Okay. And how do I know they didn't borrow this file from another project? And never even gave consideration for these being at the top level. It's really not information I can really bank on. So there's some simple things that could easily have done that could have put in a notice. And what happens if one of these licenses copying the files was a think compatible license, right? We don't even know which one to choose. All right, but there's some very simple things you can do to a file. It's not a huge effort to make it clear. And we all know what to do here. All right. So I think we've seen a lot of examples. Here's another classic example of a project done well. All right. Now there are groups like the Apache Foundation, Feesawker Foundation, Eclipse, Linux Foundation where they do a lot of great work around putting the right licenses in here. You have a GitHub project. And at the top level, you have a license, a text file. All it does is provide you a copy of the Apache file. No instructions there. That's a good thing. They're probably just trying to satisfy part of their license obligation by providing you a copy. And if I drill down, I'm gonna find that here's one file. And all the files have this. They have a notice in every single file. This is a good thing. This is open source software. This is clear. We know what to do. This is what we should be doing. So I'm not against having a copying file. Just what purpose it serves. And I can go, this is just another example where you have a license file at the top. And then if I go down, there's no information. There's no information there to do the files. How do I know? They put that at the top and they didn't pull a file in from somewhere else. This is real stuff, right? And this is happening in a big way. I'm pretty, I'm gonna guess. I would gamble on it that their intention was not to make this difficult to use. And what happens if one of your developers grabbed the file on this project? They probably wouldn't have grabbed the license. And it probably would have been a legitimate license for you guys. So it's a little bit of, it's a real gnarly situation. Has anybody ever been down to the Braya tarp hits down in LA? Raise the hand. Sorry, I get a sense. Okay. It's a great place to visit. It's where there's these tarp hits that's still there where, I think so much, tens of thousands of years ago, prehistoric animals, I like to save a few tiger and mammoths will be mammoths. When you walk into this tarp, it gets stuck. And then the more you struggle, the more difficult to guess. Now, I don't know if you know about Fred Brooks' book, Mythical Manmoth. Now he talks about a number of things. One thing was about, if you're not really careful about certain disciplines, the software development process gets really gnarly. It's really manageable. And I think what we're are, we're heading towards the tarp hit, and what can we do to prevent enough of us from walking into the tarp hit, the licensing tarp hit? And that's what I'm gonna talk about next slide. So these are just basic common sense rules. And I believe if you follow these rules, these are not gonna be shocking to you guys, but I believe you're gonna, hopefully we'll come to an agreement that these are probably legal rules that if we follow them, we're all gonna be in a much better situation when it comes to determining licenses. And the first one is that each, you should have a notice for each set of licenses. It's not a bad thing to have multiple licenses cover a file. If you haven't read the code from somewhere else, go along the license notice. Second, and this is a very, very important one, which I know is gonna be at odds with a lot of the developers because they think it's annoying to have to make, you know, have a notice in every single file, but you don't wanna make a reference to anything outside the file. It just creates a lot of nightmares when it comes to sharing. If you're not gonna share your code, if you're gonna use it within a single organization, that's fine, you know? But if you have a link or another file, it's high like, likeliness, if you have a very popular project, that your stuff is gonna be used and torn apart and tossed around. Again, so this is just a good rule of thumb. Try to keep the copyright holders to close together so you might know who to contact, if you need to get a different license, right? All right, this one's, we're back to R. Now, there's a certain movement out there, and I understand it, it's nothing, I don't disagree, there's something that just can't stand the whole bureaucracy of licensing and the machine behind it, okay? And that's fine. I think there are licenses for them. Creative Commons Zero, if you just don't care, put Creative Commons Zero license on it and your stuff will be used once, very widely. It's very clear what you have to do. If you really wanna make a statement, you could always use the WFPL license. Who knows what that license is? He doesn't, okay. This is on the net, this is rated R, so anybody on the team please leave. This is the, and basically it's a pretty simple license, which, you know what, it's up to your attorneys. They may want to have a different interpretation. If I get this, I'm pretty okay with it. I'm thinking I'm not gonna have a problem, but that's subject to an interpretation, an R1. Well, this doesn't require you to pass this on. You don't have to, you can build a binary. I ain't saying, no, I know, I'm getting tactical on you. Yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah. You, whenever possible, let's give them credit. This doesn't help, yeah, I agree with you. Okay. Okay, that is fine, because you can do that. It says you can do that. Yeah, so, you know, the copying file has a role of providing you a copy of the license, and we should all consistently try to do that. Use it for that purpose, not as some guy that even moves a county, instead of licensing in a package. Okay. Avoid the license to that text file. I, adamantly, you know, I'm against the use of this. I understand perfectly why it's so great to put it in one place, and it covers everything, but we know that that sometimes goes wrong because, you know, you're pulling something that doesn't apply to it. It's just too dangerous to be for the benefit. By the way, it's just a good discipline to be able to know every single file, so I haven't noticed it in a while. And finally, you know, just be careful, you grab code, you pull over the license information. These are really guidelines that I'm trying to offer to developers in the community, and I'm gonna take a second pass at that, but this is also open for discussion. This is not, I'm not saying this is the absolute set. Yes. What's that? He provided a six file. All right, we're gonna put number eight down. Thank you. Well, I will say one thing. If you do all these, generating an SPX file will be much easier with the automation field that you have in the world. You don't even have to create one. We can create one too, which is gonna lead me to the other point. But, you know, then it comes down to that whole question about, we've already looked at a bunch of files, and we're starting to wondering, how can we get good quality? You know, what are the techniques? Obviously you can have a human being or you can use computer analysis, and we're gonna talk a lot more about that in the tools sessions, okay? And I don't even begin to address those questions because in Samir's presentation, he's also gonna talk a lot, quality and how he's found ways to measure it. But, you know, the other thing to be mindful of is there's producers, there's consumers in the world, right? And they're different groups, and most of us in the tools group are probably producers, but also some of us, but there's jack is both producer and consumer. But there are many more consumers in the world than there are producers. So I think that, you know, we have to be mindful of the fact that we have to make it really easy. Think about having the Wikipedia database, but no web browser, right? It's a huge, amazing amount of content, right? For a lot of, a few people produce that relative to them or people view it. If you have really good viewing tools, you're gonna just open that huge repository up. Okay, quality matters to consumers, quality presents a challenge to you. I'm not gonna go into it, great. Like what I do want to have is our start, is in conversation around how do we talk about quality? Because there are gonna be tools that generate SBDX and there are gonna be people that generate SBDX. And when we give SBDX to our customers, we need to set expectations, okay? I can't let them think that it's, you know, it's a high quality file when I know it's generated from a process that's not able to do that. So these are just some definitions and these are the ones we're using today. These will probably evolve. Maybe as a group, we'll evolve it further, but we're just trying to start the process, okay? So we kind of come up with these definitions and even, you might have seen these definitions change. On our website, we started talking about if it's machine generated with low depth, if human generated was high depth, you kind of threw that out because obviously the tools will get better like I think a tool can generate high depth. All right. So this is the basic framework to discuss this stuff. Naturally, we've seen today with our experiences, we are able to do very quickly using some automation tools that are SBDX, but the quality is very high. We have humans doing it and the quality is really high, but it does take a lot more time. And naturally when you have a curve like this, as you move along, you want better quality, you have to either go spend more time or innovate and shift the curve through innovation so that for the same amount of time, you're getting a higher quality. And Samir Hamed is gonna talk about that in the tool track that's led by Gary, okay? And then obviously you can keep going and try to strive for this goal. Now, what we know, even if you have a perfect model, the classic statement in the computer science world is, I'm talking about whether it's a human or a computer, garbage in, garbage out. No matter how good your tool is, if our files aren't very good, there's not much our tools or our humans can do to come up with a good SBDX data, right? So it doesn't matter whether it's a computer or human. And I think that's one of the things that we're gonna talk about in a few slides. How do we get to address that for the benefit of SBDX? So what we're saying here is simply this. Look, computer automation, I believe can only go so far. There's an upper bound, it's a wall. Because computers can't make certain, it's very hard. It takes a lot more effort to get them to deduce things, humans can do very easily. And humans can do a little better, but it takes a lot more time. And we're gonna discuss that with you, pick it, it's here, and pick it. And then, but we do see a way of getting here, right? And this is not new, this is kind of a talk about, this is something we're doing at Wind River. We're starting to explore this idea of doing a special kind of tagging to make generation, SBDX really easy, particularly with our proprietary and open source solution. Okay, so there is a silver bullet. Now, does everybody know what that phrase comes from, silver bullet? One definition or understanding is it's used to kill vampires, the one thing that will kill the vampire, right? And, well, okay. And in other realms, it's sometimes talked about, there is a solution that can actually solve the major problem, right? And as we talked about earlier, we have these files. And by simply doing something, which I know that it's been talked about at some level, by simply tagging every file with a standard syntax. This is not SBDX. This is something that will enable SBDX to take it to the highest quality in a very fast way. It's simply tagging every single file with a certain syntax, leveraging the SBDX license list, right? So in this case, you can leave the notice in the file. This is nothing more, what we are doing is we're trying to develop a syntax at Wind River for our own internal use, right? Not rocket science, it's just a matter of coming up with the right format that's productive. But you can imagine, if every single file followed a common standard syntax, Gary, he can automate that like in a snap, right? And then if you look at Math.C, all you have to do is have this at the top, right? It doesn't take much, because in some ways we're already doing this, right? And we're storing it. Now, the beauty of storing inside the files every time that file is forked or pulled out of a project into another project, it gets dropped right in, all that information is self-contained. It doesn't take a lot of effort, it takes a little bit of discipline. That's, well, we're gonna talk a little bit about more in Samir's talk, but what we're starting to do, we're gonna take the busy box example, we're gonna do that, because we have high depth data. And we can go and write a script, inject it, just as a demo. We have to start demo and talking and communicating and educating. But anyway, so then, we can get here with something like that. It's a simple solution, but it's never technological in an organization, it's always, it's organizational. It's like getting people and their minds around understanding, first of all, that they're not properly licensing their code. The licensing it in a way that really hurts their intent to have wide acceptance. And then understanding that all you have to do is a simple discipline thing, and you can actually have that be leveraged, your code to be leveraged in a big way. So in summary, we saw that file sharing and hence licensing is at the core of the open source movement, okay? And no license only. There's a vast repository of promiscuous source out there. It's not necessarily a bad thing. If someone wants to put their code out there with no license in terms of that, they're prerogative, I'm not saying that's wrong, I'm just saying it hurts the open source movement and it actually probably for a lot of people like Monk Chips, the guy between, not sure he's doing himself justice. And maybe if he understood that, he would have a different perspective. Most developers or authors want their code to be used widely. That's probably, I think the gentleman said this yesterday. That's something you're interested in. Give me credit, but I wanna know my code is in all these great products. Many unintentionally licensed their code in ways that kill their chances to buy adoption. It's unintentional, right? And it's just a matter of education and coming up with a simple coding standard, really, and communicating that effect. Finally, everybody wants to see the open source movement thrive. I don't think people worry about post open source error or movement. And file license expressions can go a long way. I think everybody here gets it. I've heard conversations around this before. That file tagging plus as projects is a very helpful for the success of the future of the open source movement. And then, all right, we have one more final episode. This is a, this, thanks to Amisa Seneva who from ZQ through a lot of code found it. This is just a notice in the code that Ian Fleming is a UNIX fan. Because it's nice to be executing. Actually, I think someone pointed out that Ian Fleming died before UNIX was. But anyway, it was in the code. I thought I'd share that with you. And of course, the last rule, of course you see bears, but probably some people here see pucks. And this one's a little bit r rated, not terribly, but my last rule here is, this is a code hanger for a nudist or it's also the question and answer session. All right. So, I know most of you guys here, you totally get this stuff. It's not like I'm teaching or presenting anything that's gonna be new. It's a matter of putting a sequence of ideas together. You get us to think about it in a certain way. And I think the tool talk is gonna really touch on a lot of this stuff as well. Any questions? Let's see what a good thing about that. I think I'm our incrementalist. And I think even in WinRiver, we have the same kind of challenge even internally. You have small projects and you can start to pilot this and it's large projects, I'm not gonna mess with it. But I even think on the large ones, even any new files that are generated moving forward is a big step forward. And a lot of people probably scramble when they're modifying or updating files. If they believe in this, they're gonna go back and put them in there. It's not nothing that you can't do now and retrofit that back in the file because the licensing information sometimes often is there. But I think that the idea is just for us to understand the problem and just start doing it because it does be cool everybody who does it. And I think even if you start with one project and you got to do it and then you went to another project and they said, well, we're not the best plus file. We haven't touched those in 10 years but all new files will do it. I think it's very legit. I don't, let's not assume a perfect world immediately. But as long as it's moving forward, we start doing that. And that's exactly how the approach we're taking. And as far as projects, what we're gonna do is we'll talk a little bit more but we're gonna kind of annotate. The reason why business box is not just because it lit again but it's a wonderful project. It represents the history of sharing and it's got all this rich licensing information and they've done a lot of work cleaning it up. And we're gonna use that as an example and people see examples, it goes a long way. We'll start. It's a process, it's just the beginning. Yes, Daniel. No, no. Okay, that's right. But you as an open source project, you as an open source project you're probably gonna borrow someone else's code so you can put your stuff in there and the guy who does use your project who cares about licensing will find your project not very desirable. I actually think of the, look. By the way, Daniel, I'm all for it. If the project doesn't wanna do it, that's all that's in their business. It's a preference, that's okay. It's just, it's not gonna be usable by us and if they don't want it to use it, that's the name of it they should do. But I'm not against that. I'm not even representing River when I say this. I'll say any entity or corporate or open source, if you care about usability and the wide adoption of your software, this is important. That's it, that's it. And if someone doesn't buy that, they don't buy it and your stuff is just not gonna have the same comfort. And that's fine. There's nothing wrong with that. It's just that there will be some organization whether they're corporate or non-profit or resource that will say we're not gonna accept that. Debbie is one. When River might be another one. So it's a choice. Every author has a choice. What we're trying to do is educate them to say, if you really want your stuff used widely, take follow these simple rules. If you don't want to put that effort in, my son is gonna brush his teeth, he's gonna get cavities. That's just the reality. And he may be okay with that. So we do have some kind of minimal efforts that we do because it's a very highly intense resource, intense because we have millions of files. So from time to time, we do reach out and when we need a really important file, we really want it and we'll try to get that clarification. But it's not feasible for many of them. I think some of that is very much in the spirit of SPDX that I think of SPX as an effort got to this point where they have this universal repository and that information was brought into that kind of project. SPX is a great way to solve that problem. But yeah, it sounds like a really pragmatic and useful thing to do. That's a different, well, that's a common situation where it's something goes and it moves along with the supply chain and it gets added to and then you have to update licensing and things along the way, yes. But I think what you're saying is, well, when we come across this core atoms and we find that someone learns something, I call it travel knowledge. And we do kind of have a limited effort to collect up travel knowledge around information on a given file and record that and share that. So I have to file that, something like that. Any other questions? Okay, well, thank you for coming on the session. And next we're gonna have the tool track. Looks like some new demos are coming up and I'll turn it over to Gary. Actually, you have a few minutes to get ready but you have 10 minutes.