
Corporate Open Source Anti-patterns (2012) - cpeterso
http://www.slideshare.net/bcantrill/corporate-open-source-antipatterns
======
JoshTriplett
This presentation has an absurd amount of spin.

It extensively discusses OpenSolaris, without raising the most important issue
there: taking an unwanted and unloved project and making it open will not
suddenly turn it into a good project everyone wants to use. Sun seemed to
think that people would flock to Solaris, without realizing the exceptionally
high bar for any non-Linux POSIX OS to take any mindshare from Linux;
OpenSolaris didn't even manage to match the success of BSD, let alone Linux.

The anti-copyleft discussion comes out of the same bitterness. Sun
intentionally made OpenSolaris non-GPL-compatible, almost certainly _because_
they didn't want Linux to adopt code from it; who would want to run
OpenSolaris if all the interesting bits of it run on Linux instead? Copyleft
is not obsolete; it'd be fair to say that some substantial communities exist
around non-copyleft software (for instance, Android, or Ruby modules), but
that's not the same thing. In any case, the lesson is "don't use a license
incompatible with the GPL".

Counting lines of code under various licenses is not a particularly useful
metric, unless you take usage and mindshare into account. And counting code
under GPL-compatible licenses will still show that the vast majority of FOSS
code retains compatibility with the GPL. (Apart from an island of Apache code,
compatible with GPLv3 but not GPLv2.)

MPL is not a particularly good recommendation: it's GPLv3 compatible, but not
GPLv2 compatible. If you want a weaker copyleft than the GPL, use the LGPL.

Advocating a contributor agreement is a bad idea. Anything more heavyweight
than "Signed-off-by", especially something requiring a signed contract, adds a
significant barrier to contribution. At least this presentation doesn't
recommend copyright assignemnt, though.

Dual-licensing is a completely reasonable business model, and it doesn't
require spreading FUD. The dual-licensing model just boils down to "free for
FOSS software, pay us for proprietary software"; simple as that, unless you
consider copyleft _itself_ a problem as this presentation seems to.

The bits about competitive paranoia and about forking/control do make sense,
and provide useful advice that more projects need to follow.

~~~
bcantrill
Ignoring the ad hominem attacks, I didn't actually advocate a contributor
agreement -- to the contrary, I cautioned against them. And indeed, the reason
that this two-year-old presentation is on HN today is because today we did
away with the node.js CLA[1]; we're walking the talk here.

As for your misunderstanding of history with respect to OpenSolaris licensing:
the decision to use a modified MPL (i.e., the CDDL) and not the GPLv2 had
nothing to do with Linux (indeed, none of us predicted that the GPL would be
so ardently perceived to be incompatible with the CDDL) and everything to do
with the fact that (due to various covenants and agreements), we couldn't
actually open source everything. That is, we needed to allow for proprietary
in-kernel code from both ourselves and from third parties -- and we didn't
want to end up in the legal no-mans land of "tainted" kernels. Simon Phipps
has been very clear about this[2]:

 _The difficulty with using the GPL was that it became clear as we did the
licensing archaeology that there were going to be places in the software where
we couldn 't negotiate a free license for the source code. And, there were
going to be some quite important places in the code, and there were going to
be quite a lot of them for a long time. And, that was probably the deciding
factor not to use GPL but to use the Mozilla license._

Finally, I stand by my assertion that the GPL is in decline relative to
MIT/BSD/Apache -- a trend that I elaborated on after my FISL talk[3] and has
only accelerated in the two years since, declining from 36% to now 27% of
projects.[4]

[1] [http://www.joyent.com/blog/broadening-node-js-
contributions](http://www.joyent.com/blog/broadening-node-js-contributions)

[2]
[http://www.linuxjournal.com/article/9624](http://www.linuxjournal.com/article/9624)

[3] [http://dtrace.org/blogs/bmc/2012/08/01/post-revolutionary-
op...](http://dtrace.org/blogs/bmc/2012/08/01/post-revolutionary-open-source/)

[4]
[http://www.blackducksoftware.com/resources/data/top-20-open-...](http://www.blackducksoftware.com/resources/data/top-20-open-
source-licenses)

~~~
gillianseed
>As for your misunderstanding of history with respect to OpenSolaris
licensing: the decision to use a modified MPL (i.e., the CDDL) and not the
GPLv2 had nothing to do with Linux

The actual creator of the CDDL licence, Daneese Cooper claims that it was
indeed crafted to be GPLv2 incompatible, and of course from a business
standpoint that also makes perfect sense as Linux was eating Solaris in the
market and handing over their technical advantages (ZFS, Dtrace) for inclusion
in to Linux would have made no sense to Sun's management.

So both the word of the person responsible for the licence, aswell as pure
business logic says that it was indeed created to be incompatible with GPLv2.

It's also hilarious when you say something like this:

>For example, GPLv2 has prevented the integration of open source technologies
like DTrace and ZFS in Linux • Was it the intent of those who licensed their
work under GPLv2 to erect walls within open source software?

Linux was already GPLv2 licence when Sun decided to licence Dtrace and ZFS
under CDDL a new licence they created, when they (Sun) instead could have
chosen a number of GPLv2 compatible licences under which they could have
licenced their code had they so wished, or even made sure that the one they
ended up creating would be GPLv2 compatible.

Of course that was never the intent, for VERY logical reasons, this is just as
JoshTriplett said, 'an absurd amount of spin' on your part.

~~~
bcantrill
Danese Cooper was not the "actual creator" of the CDDL; she was one person
among several who advised the efforts internally, and Simon Phipps played a
much larger role in the drafting and selection of the CDDL -- and (again) he
is very explicit as to why a modified MPL was selected.[1] Of course, I
appreciate that the facts don't fit with your chosen narrative here and that
you are much more likely to discard the facts than change your narrative...

[1]
[http://www.linuxjournal.com/article/9624](http://www.linuxjournal.com/article/9624)

~~~
gillianseed
Simon Phipps himself introduced Danese Cooper as -"the one who actually wrote
the CDDL", at the 6th annual Debian conference where Danese Cooper said that
it CDDL was indeed drafted to be incompatible with GPLv2.

I realize this does not fit 'your chosen narrative', but hey.

~~~
mattl
So, I found this which is interesting.

[https://web.archive.org/web/20110605051830/http://www.openso...](https://web.archive.org/web/20110605051830/http://www.opensolaris.org/jive/message.jspa?messageID=55013)

Search for 'webmink' in there (Phipps username)

~~~
gillianseed
Yes it is interesting, the post states both Danese and many engineers,
promoted GPL.

But the Sun management was not going to use GPLv2, despite it being available,
and according Danese they management was hoping for GPLv3 to be released which
would be GPLv2 incompatible (since Linux is GPLv2 ONLY) but it was taking too
much time.

And in the very post you linked, he (Phipps) lists GPLv3, not GPLv2 as an
alternative for licencing, gee.

This ties in with what he said in the Debconf video where Danese spoke about
the deliberate GPLv2 incompability, he says later in the video (after Danese
has spoken) that "I actually disagree with Danese to some degree", where he
states that Sun's management wanted something copyleft, while stating that the
engineers had a strong BSD preference (somewhat at odds with what he wrote in
what you linked), and that waiting for GPLv3 to be finalized or be allowed by
Sun legal to release under the unfinished GPLv3 licence would have taken years
and probably involved mass resignations.

Again, GPLv2 was available at this point, along with a lot of other GPLv2
compatible licences, yet GPLv2 or any compatible licence was never on the
table, instead the question was to either wait for GPLv3 (which would not be
compatible with Linux GPLv2 ONLY) or draft a new licence, one which as it
turns out was GPLv2 incompatible and thus Linux incompatible, go figure!

Now from a business standpoint I can't blame Sun for this choice, they were
fighting an uphill battle against Linux as it was, and letting their crown-
jewels such as ZFS, DTrace be incorporated in to the Linux kernel would hardly
have made it easier for them to compete.

As for Phipps statements, at this time he was Sun's 'open source chief
officer', a job which obviously included mending bridges with the FOSS
community which had been burned by Sun CEO Jonathan Schwartz who was attacking
GPL as something which allowed the US to 'pillage developing countries of
intellectual property' amongst other things.

Of course that was just desperation on his part as the attack was not actually
leveraged at GPL itself but rather the GPL licenced Linux kernel against which
Solaris was losing market, further illustrated by Sun later releasing Java
under GPL.

------
tbirdz
I take issue with some of the points regarding the GPL license. The author
says that "GPLv2 has prevented the integration of of open source technologies
like DTrace and ZFS in Linux." However, surely this is also the fault of the
CDDL rather than the GPL alone. The CDDL license was written after the GPL,
and according to some sources was specifically designed to be GPL
incompatible.

~~~
mattl
Yes, I've heard that was explicitly designed to be incompatible with the GPL.

------
phkahler
The number one ant-pattern is DON"T CREATE YOUR OWN LICENSE. To me there is
GPL, BSD, MIT - and I'd have to read to discern the later two. MPL and Apache
are there if you want a variation on the main ones. Everyone else creating a
new license has some kind of agenda. This was apparent to a lot of us when SUN
put out their license AND required assignment. Let me say that again. If
you're not using one of the top 5 licenses you've got an agenda and may as
well go home.

~~~
bcantrill
Absolutely agreed. (After all, the presentation is everything we got wrong,
not everything we got right -- and I definitely agree that the world
emphatically does not any more open source licenses.) I don't agree that this
is the "number one" anti-pattern because we don't see it much anymore: the
five licenses that are out there cover a wide range of philosophies and
objectives, and one of them should suffice for just about any project.

------
Groxx
"The companies that adopt your technology are nearly tautologically not your
competitors..."

I don't follow. If they're using your tech (which you developed to do
business) to do business, why are they clearly not competing with you?

~~~
sokoloff
Watch the video:
[http://www.youtube.com/watch?v=NhgXQFk9noI](http://www.youtube.com/watch?v=NhgXQFk9noI)

The slides don't exactly stand fully alone. I love watching the "bcantrill
show". This video's audio is horrendous, but he explains what he means on that
slide pretty well, starting at about 38m20s.

~~~
Groxx
Excellent, thanks for that link!

The argument seems to rest entirely on the shoulders of "NIH prevents them
from ever touching your source". I very very very much don't believe this,
especially if they know they're competing with you. Even if they don't use it
_directly_ (because, lets face it, it's probably crap for their precise
needs), they can learn a _lot_ from looking at it, for a _lot_ lower cost than
what you paid to discover it.

It's the same thing as arguing copyrights / patents are _entirely useless_ for
the holder because nobody who competes with you would ever even consider
looking at what you're doing. How is this not nonsense? The main (loud)
complaints about e.g. patents revolve around them _working too well_ for this
purpose, giving _too much_ of an advantage to the first mover, and suppressing
others from using what is otherwise valuable to them.

------
api
Slide 16 is absolute genius. If you're doing any kind of business with OSS,
tattoo it on your forehead.

