
Open source confronts its midlife crisis - mpweiher
http://dtrace.org/blogs/bmc/2018/12/14/open-source-confronts-its-midlife-crisis/
======
softwaredoug
There’s an assumption that an open source project should “belong” to a single
company (Mongo, Elastic, Confluent, etc). I think that model may be more
dangerous to OSS than large cloud providers.

If it’s truly open source, one business shouldn’t dominate the project’s
development. That’s tantamount to the project becoming shared source that
accepts community contributions, not community driven open source backed by
many orgs. It reinforces a monopoly in that community. And these companies
themselves are not tiny victims (many IPOd at multi billions). They also tend
to compete with their customers and community in the same way as AWS, so I’m
not sure they can cry foul when AWS does the same.

~~~
jfim
It's hard to drive non-incremental innovation without a benevolent dictator
model.

For example, the Hadoop ecosystem moves very slowly, and most of the
innovation happens in new projects that are added, not in core infrastructure.
An example of moving slowly is the fact that even to this day, the HDFS high
availability story for NameNodes is pretty wonky.

In a community model, if someone wants to do a large scale refactoring or
rework parts of the architecture, these projects die of a thousand cuts with
objections or change requests from many stakeholders. The decision-making then
becomes "design by committee," instead of pushing towards a long term vision.

With a single benevolent dictator, since decision making is more centralized,
it's significantly easier to do large reworks of the architecture to improve
the product in non-incremental ways.

~~~
jacobian
> It's hard to drive non-incremental innovation without a benevolent dictator
> model.

Hmm, dunno that this is a universal truth. Most of the biggest improvements to
Django came after Adrian and I stepped down and we moved to a more democratic
leadership structure.

~~~
zapita
The key word is “improvement”, which implies that there was something already
there to improve.

So, a democratic structure can improve Django once it’s already well-defined
and widely used. But could it have created Django and made it successful in
the first place? I think the answer is no, and that’s what the gp meant by
“non-incremental innovation”.

~~~
softwaredoug
Most of these projects reached that stage before or early in the life of these
companies. So by that logic the companies were not necessary to support the
projects.

~~~
zapita
I think “bdfl” and “exclusive corporate sponsor” are 2 distinct issues. I was
addressing “bdfl vs. democratic leadership”. I personally don’t think it
matters where the bdfl is employed in the early days of a project, there are
examples of wildly successful projects with and without an exclusive corporate
sponsor.

~~~
jfim
Good point, they are probably indeed distinct. In some cases the BDFL is
employed by the corporate sponsor (eg. Confluent) which makes it hard to
separate the influence of each.

------
xte
There is NO midlife crisis, only we have two things together:

\- for first we do not have decent universities anymore, they substantially
evolve from the center of our collective knowledge to companies or servant of
companies aiming to deliver various kind of Ford-model workers; => we do not
have enough developer, mostly only code monkeys unable to think autonomously,
tied to proprietary devs model, even when the code is open (see below).

\- for second we miss hardware. In the past hw was a bit various (different
architectures nearly on-par, in concurrence) and reasonably open, now we have
essentially arm for low power/mobile and x86 for the rest and they are more
and more closed. On software side is even worse since we restore ancient
mainframe model with the "mainframe" "outsourced to the cloud".

On "proprietary mental tie" in young people: simply new technicians do not
think at scale because "the cloud" do that business and do not think in terms
of local, desktop/user-centric computing. The "web" seems to be something like
a local resource, always available. That's led to bad design for freedom.
That's led to webUI instead of ml/news, dependency on someone's else services
etc without thinking.

All the above crisis are not FOSS nor OpenSource, are social. They can be
solved ONLY at social level.

------
lifeisstillgood
This seems to boil down to FAANG is taking your open source code and using it
and no license jiggery pokery will stop them. The author seems to think that
dual licenses are there to try and persuade Google to pay for your add-on
extras.

I don't think that's right - the dual license is there to get Google to use
the oss version and then snaggle the second tier of the Fortune 5000 into
paying.

And it might, maybe, be working. (data needed, all i have is anecdata)

> business models like “support”, “services” and “training” are entirely
> viable

But that's the problem. They aren't really - at some point the effort in
approvals and purchase orders gets so great that anything that is not "you
can't use it" is not worth the candle

The thing is a license is a subscription - and subscriptions seem to be the
only way to make money.

Everything else just pales.

~~~
kklimonda
When you say "everything else just pales" do you mean that
licenses/subscriptions are the only viable options to make sure you don't go
out of business, or are they the only option to justify multi-billion
evaluations and multi-million investment rounds?

~~~
lifeisstillgood
you can do good lifestyle businesses with just being an OSS developer and
reasonable businesses doing support services. But at some point scale matters
- stack it high and sell it cheap is the usual scale model IRL.

But support services almost always falls down on the first client that means
every other client gets the solution for free and you lose the profit making
side of selling the same thing multiple times.

OSS really does break most business assumptions.

I think it is good for society as a whole - i think for example Linux has
added billions or maybe trillions to the world economy - but capturing that
might reduce the benefits to society as a whole.

So long answer short - Inwoukdmlike to see evidence that long term OSS can
support businesses of > 100 people > 50 million pa

I am hardly seeing it. i could be wrong

------
zokier
> There are many business models that are complementary with respect to open
> source, and some of the best open source software (and certainly the least
> complicated from a licensing drama perspective!) comes from companies that
> simply needed the software and open sourced it because they wanted to build
> a community around it.

I've come to the conclusion that this is pretty much the only long term
sustainable ethical way of developing (foss) software. That is to say that I
don't believe anymore in pure software businesses.

~~~
kemitchell
> That is to say that I don't believe anymore in pure software businesses.

Does that mean you don't believe in company specialization?

Very few companies can afford to develop and maintain a cutting-edge database.
Google, for example, can. But one rung down, and the answer is "no". For
example, Kafka began at LinkedIn. The team that developed Kafka at LinkedIn
ended up leaving to form Confluent, in order to build it out.

------
zizee
> Of these, the laughably named commons clause is the worst offender (it is
> plainly designed to be confused with the purely virtuous creative commons)

Creative Commons has a "NonCommercial" variant[0], which is much more
restrictive than the Commons Clause. To suggest the commons clause is
piggybacking off the goodwill of the name of a more restrictive license is
silly.

> they are almost certainly asserting rights that the copyright holder doesn’t
> in fact have

The author doesn't seem to understand how copyright works.

~~~
antt
Having been around for the GPLv3 debate this sounds exactly like it. A lot of
gut feelings with very little in the way of factual knowledge of what
copyright law is, or what the current problems we are trying to deal with are.

------
platform
Opensource, seems to be now defining how the overall professional programming
develops, and how overall computing technology develops.

It is a very powerful phenomena that, may be more akin to development of a
writing system(s).

There is simply no way to stop it, or reduce it to a 'island' of some sort.

So active creators of OSS value, definitely need to keep in mind how wide and
long term the influence of their decisions might be. As the societies will
continue to use their constructs not just in software but in other areas as
well, for a long time.

\---

Just the other day, I was thinking how many programmers are there in the world
(and i my definition -- these are people who had written software for 2+
years, and were paid for it).

Older estimates (eg
[https://news.ycombinator.com/item?id=3555251](https://news.ycombinator.com/item?id=3555251)
)

are off.

I think the number is closer to 50-70 mln.

But I also caught myself thinking, that programming in some scripting language
to perform some task that by itself is _not creating a new program_ \-- is
really a modern type of literacy (such as reading, writing, math).

~~~
woah
Frankly, it's not real programming unless you made the chip

~~~
webmaven
Chips? Hah!

It's not real programming unless you flip the bits in core memory by hand with
a magnet.

------
microcolonel
I wouldn't call this a midlife crisis. We have known and continue to know that
this is a potential outcome when you sign a CLA.

If your company operates an open source project, you should know that if/when
you are purchased, the centralized license on that project will inevitably be
considered an asset.

------
boredandroid
I can address some of the critiques that seemed aimed at the blog post I wrote
announcing the Confluent license change:

1\. We aren't trying to get cloud providers to license our proprietary
features. We run a cloud service of our software.

2\. The book analogy is not very accurate. We have an FAQ here the helps
clarify interpretation. The limitations it places are extraordinarily small,
99.9999% of users are completely unimpacted, it really only impacts companies
wanting to offer, say, KSQL-as-a-service. [https://www.confluent.io/confluent-
community-license-faq](https://www.confluent.io/confluent-community-license-
faq)

3\. We aren't trying to "co-opt" the community or open terminology. We
actually tried super hard both in the license and in the blog post to be
honest and upfront. Whatever else you think you have to agree that Confluent's
license is _exceptionally_ permissive and the software has a pretty great
community of users. How do you describe a license that let's you run, modify,
fork, and redistribute the code and do virtually anything other than offer a
competing SaaS offering of the product?

4\. Bryan Cantrill is an amazing engineer, but, well, as a lawyer, I think
ours are probably better. We're quite confident in the enforceability, but
it's a bit ironic because I remember this being the FUD around GPL that it was
"totally unenforceable".

5\. The "open source companies are all failing"-meme isn't factually correct.
Many open source companies are actually doing quite well. MongoDB has gone up
in value about 3x over the last year, Elastic was the breakout IPO of the
year. There are a handful of other really strong businesses a year or so
behind, including Confluent. An open source project is not in-and-of-itself a
business model, but it is, just empirically, a big part of some of the recent
successes in the infrastructure space. Probably worth noting that the reverse
is true too: if you look at some of the really cool up-and-coming open source
platform data technologies, a lot of them have the support of a company behind
them. Of course there are plenty of sucky open source companies, but that is
true of every category of startup.

6\. I agree that it is silly to moralize about the behavior of the cloud
providers. They are following their economic interest. The point is that this
behavior does undermine the cycle of investment in some of the more promising
hard tech open source projects and to try to change this dynamic.

7\. This article has a bit of a tone of "Son, new things aren't possible,
trust me, I tried them and have the scars to prove it". I have huge respect
for Bryan, and I know that to some extent that is his schtick as a public
personality, but I'm not sure that attitude is most likely to lead to
improvement. I don't think the current crop of licenses was handed down from
the mountain on Stone Tablets by our elders to be revered and not questioned.
I think CockroachDB, Elastic, MongoDB, and Confluent are building really
innovating technology platforms and building pretty cool companies to help
fund that. I don't think we need dogma. And I still don't say "GNU/Linux".

~~~
cyphar
> How do you describe a license that let's you run, modify, fork, and
> redistribute the code and do virtually anything other than offer a competing
> SaaS offering of the product?

A proprietary software license. Let's not forget the infamous "don't be evil"
clause.

> The "open source companies are all failing"-meme isn't factually correct.

Several of the companies you have mentioned (including yourselves) are no
longer "open source companies" since you now develop proprietary software. You
might not consider this a failure (maybe a "pivot"), but you are no longer an
"open source company".

Don't get me wrong, I completely believe that there is a financial problem
caused by cloud providers not paying you for your development work. And I
understand the frustration and lack of fairness in such a dynamic. But that
doesn't change that you now develop proprietary software.

> I don't think the current crop of licenses was handed down from the mountain
> on Stone Tablets by our elders to be revered and not questioned.

Nobody is claiming that, and those licenses have changed over the years. But
the changes have always come from the community. MPLv2 was written so that it
could be integrated with GPL code. The GPLv3 was written to deal with concerns
about locked-down hardware. The AGPLv3 was based on a community fork of GPLv2.

The new proprietary licenses are coming from companies that wish to protect
their businesses. This is clearly a different dynamic, and I think it's quite
unfair to paint your critics with the brush of being unquestioningly reverent
of our elders -- when in fact we are seeing that the existing, gradual
evolution of licenses by the community has been co-opted by companies wishing
to protect their own interests.

~~~
nqzero
you're creating a false dichotomy

neither open source nor proprietary represents a single thing and there's a
continuum between the two extremes

this license is clearly somewhere near the middle

~~~
cyphar
It would be more accurate to describe it as proprietary than it would be to
describe it as free software or open source. Proprietary software is software
which restricts your freedoms when it comes to the usage, modification, or
distribution of said software. If you prefer, you can also use the term
source-available to distinguish the degree of restrictions -- but the point is
the same. There are restrictions on your freedom in the software and thus it
is proprietary.

Not everything has a middle ground. Software is either proprietary (restricts
your freedom) or it isn't -- and discussions about _how_ proprietary it is
(how many restrictions it imposes on users) are secondary.

~~~
sparkie
I could argue a completely different case. The only "restriction" it is
placing on you is that you may not restrict anyone else from exercising the
same rights that you yourself were granted by the license, which I believe is
the original spirit of the 4 freedoms and the GPL family of licenses.

The software is "effectively free," because for every user who simply uses it
for personal use, research, or even many forms of commercial use, they have
all of the same abilities that they would have with any other free software
license.

The restriction only comes in when you make a derived work of the software and
do not pay forward that derived work under equivalent licensing terms as the
work on which it was based.

And this is where the real disagreement is. What exactly is a "derived work",
and where do you draw the line in the sand?

If I'm essentially selling access to somebody else's software, I have little
doubt that access software constitutes as a derived work. I think it's fair
that a license like the SSPL asks me to release the code which provides access
to the free software as free software itself.

Suggesting that "My freedoms are being restricted" because a licensing term
prevents you from restricting the freedom of others is the same argument that
"permissive" license proponents argue against strong copyleft licenses.

If I release something as SSPL, it isn't because I'm trying to "restrict your
freedoms". It's that I'm trying to prevent you from restricting other's
freedoms by selling them proprietary work based on it.

~~~
cyphar
The license being discussed here is not the SSPL. It's the Confluent Community
License, which does not have any of the GPL-like aspects you refer to. Instead
it simply denies the use of the software (freedom #0) for an "Excluded
Purpose" (creating a competing product to Confluent). I'm sure you'll agree
this is not in any way in the original spirit of the four freedoms.

> What exactly is a "derived work", and where do you draw the line in the
> sand?

This is mostly determined by copyright law, since "derived work" is a legal
term of art.

> If I release something as SSPL, it isn't because I'm trying to "restrict
> your freedoms". It's that I'm trying to prevent you from restricting other's
> freedoms by selling them proprietary work based on it.

This is the justification, but due to the design of the license it is de-facto
impossible to actually comply with its requirements. Therefore it acts as a
de-facto proprietary license. Many copyleft lawyers have stated that the
license would likely require you to re-license Linux under the SSPL if you run
SSPL code on a Linux server. This is not possible to do, and thus you are
forced to pay MongoDB to get a business license.

Maybe there is a place for a license like the SSPL, but given how there would
be effectively no company that could comply with it (even if it didn't require
relicensing to SSPL, many companies have contracted code that they cannot
relicense to a free software license) I fear it would have the same effect.

~~~
kemitchell
> Many copyleft lawyers have stated that the license would likely require you
> to re-license Linux under the SSPL if you run SSPL code on a Linux server.

There's no such thing as a "copyleft lawyer". Even if there were, there
wouldn't be many of us, even if you counted every one, worldwide.

I personally don't agree with the reading you referred to. But if Mongo's
SSPLv2, which they've submitted to OSI, is any indication, it won't be tenable
much longer.

------
chubot
I agree that the naming of the non-open-source licenses is confusing, e.g.
"commons clause" is not a great name.

However, I wonder if there is in fact a fundamental difference between some
kinds of reuse and others (thinking aloud here).

If I want to use Debian to power my corporate desktops, that's one thing. Or
if I want run Debian on cloud machines that provide a Redis service.

But if I actually expose the Redis API and protocol through a service to
customers, and charge them for it, can that be considered another form of
reuse that requires licensing?

This is in contrast to running Redis as a backend for say a for-profit Twitter
clone.

Using Debian, the analogy would be providing a remote-desktop-as-a-service
using Debian, as opposed to merely using Debian in a cloud service.

\-----

Although, I may have missed it -- why not make Redis AGPL? That would prevent
proprietary forks, as I understand it. But they want something even stronger
than that? They don't want just a level playing field, but an advantage?

I suppose I can understand that when you are faced with big cloud providers
with tons of locked-in customers.

I'm surprised that Cantrill isn't more sympathetic to the business model
problems and the lock-in effects of big cloud providers. He seems to take a
pretty hard line that the "community" comes first. But what if there's no real
community? Is there a community around CockroachDB? It seems to be mainly for
for-profit companies to run cloud services.

\-----

In other words I think there could be another name for software where you have
rights to view, modify, and distribute the source, but not to directly sell it
as a service.

He is saying that nobody is ever going to license this software -- they will
just reimplement it or use something else. But I think that is besides the
point, which is that there are customers who WOULD pay for a hosted version of
Redis or CockroachDB.

I guess where this falls down is that it only works for projects in which
there have been essentially no external contributors. Although a few people
may have contributed the lion's share of the code, it's not clear that you
should reserve rights for author A's company but not author B's company, even
author B only contributed 10 lines of code. It is hard to draw that line.

~~~
mnutt
For me, it's hard to separate "Cloud provider selling a service" and "Cloud
provider selling compute, and giving away the free service". On a scale of
things that are ok to things that are not ok to open source companies: 1) end-
user rents an ec2 server, installs redis themselves, 2) end-user rents an ec2
server, runs a redis AMI that a third party created, 3) same, except amazon
created the AMI, 4) Amazon runs an ec2 instance on the user's behalf, puts a
nice UI on top for "spin up a redis server", 5) Amazon runs an opaque multi-
tenant redis system.

Where do you draw the line? Most steps are just Amazon streamlining letting
the user run the service, except for the last one which decreases the cost for
the end-user.

~~~
chubot
Yeah, that's a good way of putting it.

I agree there is no hard line. I would put it somewhere between #3 and #5.

On the other hand, there are plenty of legal/licensing issues that rely on
fine distinctions. Just in the domain of software: is it OK to copy 1 line of
code, 10 lines of code, or 100 lines of code? What about if you transliterate
the code to a different language?

It's possible that the fuzzy distinctions are OK and they still roughly
preserve the intent and business model.

------
nqzero
open source can certainly be profitable for some personalities and some
projects, but there seems to be a large portion of the space that's hard to
monetize

i've taken a cut at making a license that attempts to bridge the divide -
capturing many of the freedoms of open source while still requiring a
subscription

[https://github.com/db4j/pupl](https://github.com/db4j/pupl)

------
snaky
> I cannot, however, tell you that you can’t put the book on the same
> bookshelf as that of my rival, or that you can’t read the book while flying
> a particular airline I dislike, or that you aren’t allowed to read the book
> and also work for a company that competes with mine.

Really?

~~~
Arnt
Really.

Copyright is just that, _copy_ right. It's not _read_ right, _use_ right,
_fly_ right or _workfor_ right.

The license for foo can say "by copying foo, you affirm your acceptance of the
following conditions: …" and if you do copy foo and nothing else gives you the
right to copy it, then those conditions are what you must've accepted, right?
Of course you may argue the point, but that's the theory.

However, if what you do is use foo or fly with KLM, not copy foo, and don't
affirm your acceptance by other means (such as signing a document), then
_copy_ right doesn't apply.

EDIT: And even if it does apply, it's not clear to me that what it applies to
is the non-copying bit. If copying and flying with KLM are incompatible, then
it's not clear to me that copyright can ban the latter.

~~~
snaky
That's not about copyright actually. The license is a contract, and you decide
to sign it or not - by deciding to use the software or not. The contract in
theory may include any restrictions you can imagine. There are in practice
some restrictions on that restrictions by some laws in some countries in some
aspects, but rarely about KLM.

~~~
fulafel
Copyright license and contract are not (necessary) the same thing. An
important related fact is that contract breach is generally less penalised
than copyright infringement.

See eg [https://perens.com/2017/05/28/understanding-the-gpl-is-a-
con...](https://perens.com/2017/05/28/understanding-the-gpl-is-a-contract-
court-case/) &
[https://www.youtube.com/watch?v=6i9sngsv8G0](https://www.youtube.com/watch?v=6i9sngsv8G0)

(And keep in mind that per-license US case law doesn't have standing globally)

~~~
antt
If you are using IP without a contract you are engaging in copyright
infringement.

People we've been through this. This fud was deal with when the GPL was ruled
valid a decade ago.

------
nickpsecurity
All this talk about ethics, open, and free brings another angle to mind folks
like Cantrill seem to be ignoring and therefore misrepresenting what they are
achieving in at least U.S.. I used to push for OSS/FOSS in the past. Now I’m
switching to hybrids. The reason is that encouraging people to play “give it
all away” or “use low-revenue models” in a capitalist country where opponents
of freedom make billions of dollars for their software shifted all the money
(and therefore power) to the latter. They then paid off politicians and used
pricey lawyers to win more power against OSS/FOSS in ways they couldn’t fight
against without piles of money. This includes ability to patent/copyright
troll users of open/free software and especially Oracle’s API ruling which
jeopardizes OSS/FOSS, backwards-compatible implementations of anything that
had a proprietary API.

From what I see, OSS/FOSS have done great things but are a fundamentally-
flawed model in a capitalist country where money wins. As many as possible
need to be charging by default both to support contributors and send
money/power the other way. They and FOSS-using companies that don’t depend on
patent/copyright money need to pool money together to fight legal advances of
patent/copyright-trolling companies that want lock-in. Otherwise, in a game
where only one side is playing for keeps, the OSS/FOSS groups keep losing by
default software freedoms and ability to enforce their licenses while
preaching that they’re maintaining them. Seems dishonest. Also, strange I
almost never read about these issues in FOSS writers articles about business
model and licensing recommendations.

Far as hybrids, I can’t give you the answer yet since it’s too soon. For FOSS,
I’m looking at Open Core and Dual-Licensing with strongest copyleft available.
For non-FOSS, Source-available from public-benefit companies and nonprofits
chartered to implement most software freedoms for customers on top of free for
non-commercial or under certain use. These freedoms and justifications would
also be in licenses and contracts with huge penalties for non-compliance for
extra layers of defense. Maybe expire into FOSS after certain time passes or
revenue threshold. We need more experimentation that lets companies currently
supplying or later releasing as FOSS to get millions to hundreds of millions
in revenue collectively to fight this battle. Again, it’s not optional: the
other side is actively fighting to remove software freedom inch by inch. And
mostly winning despite FOSS organizations’ little victories.

Edit: Added a few specifics for hybrid model in this follow-up:

[https://lobste.rs/s/kbcjnx/open_source_confronts_its_midlife...](https://lobste.rs/s/kbcjnx/open_source_confronts_its_midlife_crisis#c_yokqtn)

------
dman
Very well written and timely.

------
carapace
The answer lies in your context for programming. The bigger picture.

The invention of the microprocessor was a watershed moment in human history,
more than that of fire, or even splitting the atom. Mechanical intelligence
provides for a realistic Utopia. It's not guaranteed, but it's _unarguably
possible._ "Let the robots do the work and we'll take their pay."

From this point of view, anything that restricts the free flow and use of
software is regressive. (I'm not going to address the subtle point of whether
"Free" or "Open" better foster free flow. On the ten-thousand-foot level that
I'm dressing it just doesn't matter.)

Trying to make a living from charging for (copies of) software is foolish
_compared to_ bringing about a techno-utopia as quickly and directly as
possible.

The important question is, how do we marshal our resources to achieve a
peaceful, ecologically harmonious, high-tech, post-historical world as quickly
and painlessly as possible?

~~~
antt
By charging for the software we produce and using the economic resources we
gather to get the outcome we want through the acceptable channels in our
society, e.g. the courts and the legislature.

~~~
carapace
Sell [copies of] software to make money and then lobby politicians. Is that
what you're saying?

------
xiphias2
Open source is booming by any metrics. My favourite example is Bitcoin, which
is just getting started, but even its haters usually agree that it has a huge
impact (even if they don't like the impact itself).

~~~
bdcravens
I would say Bitcoin is lagging compared to where many other open source
projects were after 10 years.

~~~
sparkie
Well, you can expect it might take some time to gain adoption for an idea
which has such a profound and extensive impact on many areas of life, and not
just software.

Bitcoin has changed the way the world thinks about money in just 10 years. I
wouldn't call that lagging. It seems to me that it is _leading_.

~~~
bdcravens
> Bitcoin has changed the way the world thinks about money in just 10 years.

That's mostly limited to "true believers". For the 99%, Bitcoin the technology
doesn't really mean anything, but they rather think of the speculative
investment.

(for reference, I was mining BTC in 2011, and have made more than a few
dollars in it over the years, I just like meat with my Koolaid)

~~~
sparkie
It might only be a small minority of people who are true believers in Bitcoin,
but many of them have taken it upon themselves to continue building new
financial instruments and technologies around it.

The internet changed the way the world thought about communication in the 70s.
This was a minority opinion all the way up to the naughties when it became
impossible to continue ignoring reality.

Banks will need to innovate or they'll end up like the record labels and
newspapers who failed to keep up with the geeks and entrepreneurs. The banks
which embrace technology might survive.

