Hacker News new | past | comments | ask | show | jobs | submit login
Open source confronts its midlife crisis (dtrace.org)
144 points by mpweiher 4 months ago | hide | past | web | favorite | 89 comments



There’s an assumption that an open source project should “belong” to a single company (Mongo, Elastic, Confluent, etc). I think that model may be more dangerous to OSS than large cloud providers.

If it’s truly open source, one business shouldn’t dominate the project’s development. That’s tantamount to the project becoming shared source that accepts community contributions, not community driven open source backed by many orgs. It reinforces a monopoly in that community. And these companies themselves are not tiny victims (many IPOd at multi billions). They also tend to compete with their customers and community in the same way as AWS, so I’m not sure they can cry foul when AWS does the same.


It's hard to drive non-incremental innovation without a benevolent dictator model.

For example, the Hadoop ecosystem moves very slowly, and most of the innovation happens in new projects that are added, not in core infrastructure. An example of moving slowly is the fact that even to this day, the HDFS high availability story for NameNodes is pretty wonky.

In a community model, if someone wants to do a large scale refactoring or rework parts of the architecture, these projects die of a thousand cuts with objections or change requests from many stakeholders. The decision-making then becomes "design by committee," instead of pushing towards a long term vision.

With a single benevolent dictator, since decision making is more centralized, it's significantly easier to do large reworks of the architecture to improve the product in non-incremental ways.


> It's hard to drive non-incremental innovation without a benevolent dictator model.

Hmm, dunno that this is a universal truth. Most of the biggest improvements to Django came after Adrian and I stepped down and we moved to a more democratic leadership structure.


The key word is “improvement”, which implies that there was something already there to improve.

So, a democratic structure can improve Django once it’s already well-defined and widely used. But could it have created Django and made it successful in the first place? I think the answer is no, and that’s what the gp meant by “non-incremental innovation”.


Most of these projects reached that stage before or early in the life of these companies. So by that logic the companies were not necessary to support the projects.


I think “bdfl” and “exclusive corporate sponsor” are 2 distinct issues. I was addressing “bdfl vs. democratic leadership”. I personally don’t think it matters where the bdfl is employed in the early days of a project, there are examples of wildly successful projects with and without an exclusive corporate sponsor.


Good point, they are probably indeed distinct. In some cases the BDFL is employed by the corporate sponsor (eg. Confluent) which makes it hard to separate the influence of each.


I don’t disagree. But many projects have a benevolent dictator but are still run by a foundation not a company (like Python, Ruby, etc).


Good point, hadn't thought about foundations.

I wonder if programming languages are different from infrastructure components, though. Programming languages tend to be harder to sell, while infrastructure components can be resold by providing them as a service. Think of Python as a service vs Jupyter as a service.


I was wondering this too. Though it used to be you could monetize programming languages more readily. I wonder as databases approach a commoditization point if the DB market becomes more like the programming language market.

Right now turnkey hosting is the main way of making money. But if open source push button distributed database in an arbitrary cloud happened (via easier containerized orchestration than currently exists) we wouldn’t really have much of a hosted database market. Then database open source might start to look more like programming languages and less like money making entities unto themselves. Honestly this is probably the bigger threat to the Mongos, Confluents etc than anything else. And why AWS pushed proprietary tech like lambda.


Distributed databases will always require some kind of specialist knowledge to maintain. The physical deployment of code is actually the easiest part, the big problem is how to keep things running and fix issues once things invariably start breaking.

The value proposition for hosted services is "we'll take care of everything, you don't have to worry about operations" while the value proposition for the development companies is "we'll help you run things and we'll reinvest the proceeds in maintaining the platform."

The incentive for AWS is to extract maximum profit from open source projects (with no real regards for sustainability), while the incentive for the development companies are more aligned with having a sustainable long term community and product.


You should check out hopsfs. It solves the namenode problem using distributed metadata and stateless namenodes. Kind of validates your point. It's a fork.


> If it’s truly open source, one business shouldn’t dominate the project’s development. That’s tantamount to the project becoming shared source that accepts community contributions.

Open Source has never meant anything of the sort. You always have a tyranny of the maintainer. Whether that's because it's one guy's hobby project and he's not interested in your patch because he doesn't personally need it, or because it's some giant corporation and it doesn't align with their interest, or anything in between.

In either case, Open Source has never been about other people being obligated to do work for you, which is what accepting a patch amounts to. Most contributors don't stick around, so integrating something means carrying technical debt going forward.

It's about you being able to say the maintainer is wrong, and invest your own time in maintaining a fork or a local patch. Anything beyond that (like upstream accepting your patch) is just gravy.


You’re right, I was overzealous with that statement.

I think my opinion would be the “free” in FOSS is not supported when a business monopolizes a community. That building a company to effectively control the project is at odds with a healthy open source community.

I hate defending Amazon. But if we think of Amazon as “in the Mongo community” then what Mongo, etc are doing is picking winners and losers in their community. That gets ugly, and creates a lot of incentives in that community for everyone to say “all hail Mongo Inc”. Effectively the community around the project becomes indistinguishable from the user community around a proprietary software. Everyone takes from the mothership, few give back, nobody questions or debates centralized decisions made, learned helplessness ensues...

I personally feel this is very counter to what FOSS is and should be. And I dont think it’s in the long term interests of the project, community and user base around the project


I don't necessarily agree with Rich Hickey, but he put a contrary view very clearly and elegantly in a recent post:

> Open source is a licensing and delivery mechanism, period. It means you get the source for software and the right to use and modify it. All social impositions associated with it, including the idea of 'community-driven-development' are part of a recently-invented mythology with little basis in how things actually work, a mythology that embodies, cult-like, both a lack of support for diversity in the ways things can work and a pervasive sense of communal entitlement.

https://gist.github.com/richhickey/1563cddea1002958f96e7ba95...


> If it’s truly open source, one business shouldn’t dominate the project’s development.

I don't see why - this has never been part of any open source definition I've ever seen. I think you're loading the term with other unrelated ideals.


That's because all of the open source definitions you've seen have attempted to be prescriptive rather than descriptive or idealist. OP is simply using a different kind of ontology regarding what open source is.


There is NO midlife crisis, only we have two things together:

- for first we do not have decent universities anymore, they substantially evolve from the center of our collective knowledge to companies or servant of companies aiming to deliver various kind of Ford-model workers; => we do not have enough developer, mostly only code monkeys unable to think autonomously, tied to proprietary devs model, even when the code is open (see below).

- for second we miss hardware. In the past hw was a bit various (different architectures nearly on-par, in concurrence) and reasonably open, now we have essentially arm for low power/mobile and x86 for the rest and they are more and more closed. On software side is even worse since we restore ancient mainframe model with the "mainframe" "outsourced to the cloud".

On "proprietary mental tie" in young people: simply new technicians do not think at scale because "the cloud" do that business and do not think in terms of local, desktop/user-centric computing. The "web" seems to be something like a local resource, always available. That's led to bad design for freedom. That's led to webUI instead of ml/news, dependency on someone's else services etc without thinking.

All the above crisis are not FOSS nor OpenSource, are social. They can be solved ONLY at social level.


> There are many business models that are complementary with respect to open source, and some of the best open source software (and certainly the least complicated from a licensing drama perspective!) comes from companies that simply needed the software and open sourced it because they wanted to build a community around it.

I've come to the conclusion that this is pretty much the only long term sustainable ethical way of developing (foss) software. That is to say that I don't believe anymore in pure software businesses.


> That is to say that I don't believe anymore in pure software businesses.

Does that mean you don't believe in company specialization?

Very few companies can afford to develop and maintain a cutting-edge database. Google, for example, can. But one rung down, and the answer is "no". For example, Kafka began at LinkedIn. The team that developed Kafka at LinkedIn ended up leaving to form Confluent, in order to build it out.


This seems to boil down to FAANG is taking your open source code and using it and no license jiggery pokery will stop them. The author seems to think that dual licenses are there to try and persuade Google to pay for your add-on extras.

I don't think that's right - the dual license is there to get Google to use the oss version and then snaggle the second tier of the Fortune 5000 into paying.

And it might, maybe, be working. (data needed, all i have is anecdata)

> business models like “support”, “services” and “training” are entirely viable

But that's the problem. They aren't really - at some point the effort in approvals and purchase orders gets so great that anything that is not "you can't use it" is not worth the candle

The thing is a license is a subscription - and subscriptions seem to be the only way to make money.

Everything else just pales.


When you say "everything else just pales" do you mean that licenses/subscriptions are the only viable options to make sure you don't go out of business, or are they the only option to justify multi-billion evaluations and multi-million investment rounds?


you can do good lifestyle businesses with just being an OSS developer and reasonable businesses doing support services. But at some point scale matters - stack it high and sell it cheap is the usual scale model IRL.

But support services almost always falls down on the first client that means every other client gets the solution for free and you lose the profit making side of selling the same thing multiple times.

OSS really does break most business assumptions.

I think it is good for society as a whole - i think for example Linux has added billions or maybe trillions to the world economy - but capturing that might reduce the benefits to society as a whole.

So long answer short - Inwoukdmlike to see evidence that long term OSS can support businesses of > 100 people > 50 million pa

I am hardly seeing it. i could be wrong


> Of these, the laughably named commons clause is the worst offender (it is plainly designed to be confused with the purely virtuous creative commons)

Creative Commons has a "NonCommercial" variant[0], which is much more restrictive than the Commons Clause. To suggest the commons clause is piggybacking off the goodwill of the name of a more restrictive license is silly.

> they are almost certainly asserting rights that the copyright holder doesn’t in fact have

The author doesn't seem to understand how copyright works.


Having been around for the GPLv3 debate this sounds exactly like it. A lot of gut feelings with very little in the way of factual knowledge of what copyright law is, or what the current problems we are trying to deal with are.


Opensource, seems to be now defining how the overall professional programming develops, and how overall computing technology develops.

It is a very powerful phenomena that, may be more akin to development of a writing system(s).

There is simply no way to stop it, or reduce it to a 'island' of some sort.

So active creators of OSS value, definitely need to keep in mind how wide and long term the influence of their decisions might be. As the societies will continue to use their constructs not just in software but in other areas as well, for a long time.

---

Just the other day, I was thinking how many programmers are there in the world (and i my definition -- these are people who had written software for 2+ years, and were paid for it).

Older estimates (eg https://news.ycombinator.com/item?id=3555251 )

are off.

I think the number is closer to 50-70 mln.

But I also caught myself thinking, that programming in some scripting language to perform some task that by itself is not creating a new program -- is really a modern type of literacy (such as reading, writing, math).


Frankly, it's not real programming unless you made the chip


Chips? Hah!

It's not real programming unless you flip the bits in core memory by hand with a magnet.


I wouldn't call this a midlife crisis. We have known and continue to know that this is a potential outcome when you sign a CLA.

If your company operates an open source project, you should know that if/when you are purchased, the centralized license on that project will inevitably be considered an asset.


I can address some of the critiques that seemed aimed at the blog post I wrote announcing the Confluent license change:

1. We aren't trying to get cloud providers to license our proprietary features. We run a cloud service of our software.

2. The book analogy is not very accurate. We have an FAQ here the helps clarify interpretation. The limitations it places are extraordinarily small, 99.9999% of users are completely unimpacted, it really only impacts companies wanting to offer, say, KSQL-as-a-service. https://www.confluent.io/confluent-community-license-faq

3. We aren't trying to "co-opt" the community or open terminology. We actually tried super hard both in the license and in the blog post to be honest and upfront. Whatever else you think you have to agree that Confluent's license is _exceptionally_ permissive and the software has a pretty great community of users. How do you describe a license that let's you run, modify, fork, and redistribute the code and do virtually anything other than offer a competing SaaS offering of the product?

4. Bryan Cantrill is an amazing engineer, but, well, as a lawyer, I think ours are probably better. We're quite confident in the enforceability, but it's a bit ironic because I remember this being the FUD around GPL that it was "totally unenforceable".

5. The "open source companies are all failing"-meme isn't factually correct. Many open source companies are actually doing quite well. MongoDB has gone up in value about 3x over the last year, Elastic was the breakout IPO of the year. There are a handful of other really strong businesses a year or so behind, including Confluent. An open source project is not in-and-of-itself a business model, but it is, just empirically, a big part of some of the recent successes in the infrastructure space. Probably worth noting that the reverse is true too: if you look at some of the really cool up-and-coming open source platform data technologies, a lot of them have the support of a company behind them. Of course there are plenty of sucky open source companies, but that is true of every category of startup.

6. I agree that it is silly to moralize about the behavior of the cloud providers. They are following their economic interest. The point is that this behavior does undermine the cycle of investment in some of the more promising hard tech open source projects and to try to change this dynamic.

7. This article has a bit of a tone of "Son, new things aren't possible, trust me, I tried them and have the scars to prove it". I have huge respect for Bryan, and I know that to some extent that is his schtick as a public personality, but I'm not sure that attitude is most likely to lead to improvement. I don't think the current crop of licenses was handed down from the mountain on Stone Tablets by our elders to be revered and not questioned. I think CockroachDB, Elastic, MongoDB, and Confluent are building really innovating technology platforms and building pretty cool companies to help fund that. I don't think we need dogma. And I still don't say "GNU/Linux".


> How do you describe a license that let's you run, modify, fork, and redistribute the code and do virtually anything other than offer a competing SaaS offering of the product?

A proprietary software license. Let's not forget the infamous "don't be evil" clause.

> The "open source companies are all failing"-meme isn't factually correct.

Several of the companies you have mentioned (including yourselves) are no longer "open source companies" since you now develop proprietary software. You might not consider this a failure (maybe a "pivot"), but you are no longer an "open source company".

Don't get me wrong, I completely believe that there is a financial problem caused by cloud providers not paying you for your development work. And I understand the frustration and lack of fairness in such a dynamic. But that doesn't change that you now develop proprietary software.

> I don't think the current crop of licenses was handed down from the mountain on Stone Tablets by our elders to be revered and not questioned.

Nobody is claiming that, and those licenses have changed over the years. But the changes have always come from the community. MPLv2 was written so that it could be integrated with GPL code. The GPLv3 was written to deal with concerns about locked-down hardware. The AGPLv3 was based on a community fork of GPLv2.

The new proprietary licenses are coming from companies that wish to protect their businesses. This is clearly a different dynamic, and I think it's quite unfair to paint your critics with the brush of being unquestioningly reverent of our elders -- when in fact we are seeing that the existing, gradual evolution of licenses by the community has been co-opted by companies wishing to protect their own interests.


you're creating a false dichotomy

neither open source nor proprietary represents a single thing and there's a continuum between the two extremes

this license is clearly somewhere near the middle


It would be more accurate to describe it as proprietary than it would be to describe it as free software or open source. Proprietary software is software which restricts your freedoms when it comes to the usage, modification, or distribution of said software. If you prefer, you can also use the term source-available to distinguish the degree of restrictions -- but the point is the same. There are restrictions on your freedom in the software and thus it is proprietary.

Not everything has a middle ground. Software is either proprietary (restricts your freedom) or it isn't -- and discussions about how proprietary it is (how many restrictions it imposes on users) are secondary.


I could argue a completely different case. The only "restriction" it is placing on you is that you may not restrict anyone else from exercising the same rights that you yourself were granted by the license, which I believe is the original spirit of the 4 freedoms and the GPL family of licenses.

The software is "effectively free," because for every user who simply uses it for personal use, research, or even many forms of commercial use, they have all of the same abilities that they would have with any other free software license.

The restriction only comes in when you make a derived work of the software and do not pay forward that derived work under equivalent licensing terms as the work on which it was based.

And this is where the real disagreement is. What exactly is a "derived work", and where do you draw the line in the sand?

If I'm essentially selling access to somebody else's software, I have little doubt that access software constitutes as a derived work. I think it's fair that a license like the SSPL asks me to release the code which provides access to the free software as free software itself.

Suggesting that "My freedoms are being restricted" because a licensing term prevents you from restricting the freedom of others is the same argument that "permissive" license proponents argue against strong copyleft licenses.

If I release something as SSPL, it isn't because I'm trying to "restrict your freedoms". It's that I'm trying to prevent you from restricting other's freedoms by selling them proprietary work based on it.


The license being discussed here is not the SSPL. It's the Confluent Community License, which does not have any of the GPL-like aspects you refer to. Instead it simply denies the use of the software (freedom #0) for an "Excluded Purpose" (creating a competing product to Confluent). I'm sure you'll agree this is not in any way in the original spirit of the four freedoms.

> What exactly is a "derived work", and where do you draw the line in the sand?

This is mostly determined by copyright law, since "derived work" is a legal term of art.

> If I release something as SSPL, it isn't because I'm trying to "restrict your freedoms". It's that I'm trying to prevent you from restricting other's freedoms by selling them proprietary work based on it.

This is the justification, but due to the design of the license it is de-facto impossible to actually comply with its requirements. Therefore it acts as a de-facto proprietary license. Many copyleft lawyers have stated that the license would likely require you to re-license Linux under the SSPL if you run SSPL code on a Linux server. This is not possible to do, and thus you are forced to pay MongoDB to get a business license.

Maybe there is a place for a license like the SSPL, but given how there would be effectively no company that could comply with it (even if it didn't require relicensing to SSPL, many companies have contracted code that they cannot relicense to a free software license) I fear it would have the same effect.


> Many copyleft lawyers have stated that the license would likely require you to re-license Linux under the SSPL if you run SSPL code on a Linux server.

There's no such thing as a "copyleft lawyer". Even if there were, there wouldn't be many of us, even if you counted every one, worldwide.

I personally don't agree with the reading you referred to. But if Mongo's SSPLv2, which they've submitted to OSI, is any indication, it won't be tenable much longer.


I'm free to modify the source code.

That's a lot different to never seeing it.

Calling these licenses proprietary strains the word past its breaking point.


A licence is proprietary if it restricts any if your four freedoms. The Confluent licence restricts freedom 0, the freedom to use it for any purpose. It is therefore proprietary. JSON's license (with the "The Software shall be used for Good, not Evil." clause) is proprietary too.

Now, we can have a discussion over the degree of proprietary-ness, but I disagree with the statement that it isn't proprietary. Of course it is different to some other proprietary licenses, but I believe that discussion is secondary to the discussion over whether it is proprietary.


No, I'm sorry, that's not how things work.

You can say the license isn't "open source." The term has a well-defined meaning provided by the OSI, and they arguably have the right to define what it means and which licenses meet the definition, being the ones who pretty much invented the term.

You DO NOT, however, get to also define the meaning of the word "proprietary." The English language is not your plaything, and you have not been given dictatorial rights to re-define words as you wish. "Proprietary" does not suddenly mean "restricts any of the four freedoms" just because you said so. When antt calls this instance a misuse of the word, [s]he is relying on the common English meaning of the term, which very much supports their point. Your rebuttal is pretty much "nuh-uh because we're now using a different definition."


> The term has a well-defined meaning provided by the OSI, and they arguably have the right to define what it means and which licenses meet the definition, being the ones who pretty much invented the term.

Funnily enough, many people would argue the exact opposite -- that "open source" has a common meaning that is separate from the "Open Source" which the OSI defines. I don't really have a strong opinion either way.

> "Proprietary" does not suddenly mean "restricts any of the four freedoms" just because you said so.

I am using the term in the same manner as the FSF. Maybe you disagree with their definition, but it's hardly something I've just come up with in this argument -- this definition in the context of software licenses has been in use since the 80s. If you disagree with that definition, complain to the FSF about their subversion of language instead of me.


> If you disagree with that definition, complain to the FSF about their subversion of language instead of me.

Whether you follow the FSF's lead is up to you!

The FSF itself changed the way it talks about these issues. Its "philosophical" writing used to distinguish "semi-free" or "source-available" and "proprietary". They even had a nice diagram showing semi-free as a middle ground.

At some point, they made a rhetorical decision to lump everything east of "free software" together in one "proprietary" pile. I wish I knew why. But the reason couldn't have been precision.


> Whether you follow the FSF's lead is up to you!

Sure, but my response was to the statement:

> You DO NOT, however, get to also define the meaning of the word "proprietary."

And to clarify that I am not defining the meaning of proprietary, I'm using the definition the FSF uses (and has used for significantly longer than the span of this comment thread). Whether you think that's a reasonable definition is a different point, but I was being accused of (effectively) moving the goal-posts.


On the other hand, you _are_, possibly intentionally, mixing the concept of open-source as defined by the OSI, and proprietary software as defined by the FSF. You're acting as if proprietary software is the antonym of OSS, and citing the FSF definition to support it. Except, the FSF doesn't talk about open-source (except to say that it "misses the point"), it talks about Free Software. And the OSI doesn't provide a definition of proprietary software.


The GPL/AGPL restricts freedom zero too.

You can't run your code on a users computer without respecting the other three freedoms, and the AGPL goes even further and says you can't even run it on your own computers.

This was an argument I used to hear being made loudly and unironically by the MIT/BSD crowd in the 90s/00s.

To quote Stalman, free software isn't about having the source available any more than a library is about making books with movable type. It is about giving people the power to be programmers without selling their souls to Big Evil.

That essentially all the code that makes Amazon Amazon is DevOps code on how production code and hardware is managed is something no one could have seen in 2007.

Pretending that orchestration is not the most important part of the stack today is as ignorant as saying that source code doesn't matter because you have the binary version was in 1995, again something I've heard said unironically.

The AGPL, the most radical of the free software licenses, does not deal with the supporting code on how to deploy the software. The prosperity license does, because it's written by people who are in the trenches today. And it's completely free when you open source your full stack.


> You can't run your code on a users computer without respecting the other three freedoms, and the AGPL goes even further and says you can't even run it on your own computers

Absolutely wrong for the gpl, which is a distribution license, not a usage license. This is a well established fact.


>which is a distribution license, not a usage license. This is a well established fact.

That's what I said.


However those unproven license are toxic.

I've cancelled the mongodb standardization in the big company I work for specifically to avoid them.

The only sane way for a cautious company to use those vaguely licensed software is the proprietary one. That's the intent of this artificial grey area.

And as a consumer I try to avoid proprietary software whenever possible. License management is a huge pain.


Why are you assuming there is a middle ground?

Many things in life have no real middle ground.

These "middle ground" licenses have yet to show a useful non-toxic instance that actually served their communities.

You have the burden of proof here.


Middle ground exists because it is ultimately for a court to decide whether or not something is a copyright violation. These things aren't black and white. A license is a piece of legal advice which suggests the decision a court might make if it were to be taken to one, based on past judicial decisions. When it comes to new technologies and new distribution methods (or distribution loopholes), there's not much precedent to go off. The uncertainty here is the middle ground.


You are focused on enforcement which (might be interesting in an internet lawyering way) is irrelevant if noone uses the codebases in the first place because of the license makes it unuseful for users and coders.

Almost all of these "middle ground" license cannot be combined with the normal licenses that have huge functioning communities.


> You have the burden of proof here.

even transistors, the basic underpinning of our digital worlds, have middle ground - it's the norm, not the exception, and dichotomies are almost entirely a human fiction to make things more computationally tractable

the burden is yours


So we can go down rabbit holes like this I guess? I mean whats the middle ground between believing the earth is flat and the center of the universe vs a modern scientific view?

Metaphors aren't really a good thinking tool here.

Instead maybe asking (as I suggested you do) if EVEN ONE of these LICENSE schemes is actually working for the community its supposed to serve vs the pr blahblah we see in their announcements?


Confluent continues to fund the development of quite a lot of Apache 2.0 code and that is a huge part of our business and strategy. Perhaps your point is that if a company produces any non-open source code they are not an open source company?


Microsoft and Oracle also fund the development of a lot of open source code, but I think it'd be a bit of a stretch to call them open source companies.


I’ll never understand why we collectively wag our fingers at individuals or companies that try to keep the likes of Amazon from building a profitable service off of their hard work then contribute back little-to-nothing. Would redis, mongodb and dgraph have even considered alternate licensing if companies like Amazon had thrown them a minuscule amount of funding and patches? We can’t know because they didn’t. And then we sneer at them for having the audacity to try to stay open but stop these giants from using them and throwing them away.

This kind of aggressive behavior toward these people trying to stop their own destruction at the hands of the biggest and most profitable companies in the world makes me wonder what the hell is wrong with our industry. This could easily be any of us. It might be any of us in the future. What do we gain by consolidating control in 3-4 different giants? What are we achieving with such a black and white view of what constitutes open source or not?


This is nothing new. The loudest people in the software industry are the ones with the most time, which by definition is the ones who are least employed or most activist.

Back in the real world that reddis wants to charge a license fee would just mean an email to your boss and accounting with a short message saying "This is a better alternative since we can change the source code as needed for a pittance". Then it will go to the CEO and he will sign off with "Done" after reading the first 20 words of the report.


Mongodb are not trying to stop their destruction.

They want to bring millions to their investors.

If they were less cash hungry they would move slower, of course, but without selling proprietary software.


I agree that the naming of the non-open-source licenses is confusing, e.g. "commons clause" is not a great name.

However, I wonder if there is in fact a fundamental difference between some kinds of reuse and others (thinking aloud here).

If I want to use Debian to power my corporate desktops, that's one thing. Or if I want run Debian on cloud machines that provide a Redis service.

But if I actually expose the Redis API and protocol through a service to customers, and charge them for it, can that be considered another form of reuse that requires licensing?

This is in contrast to running Redis as a backend for say a for-profit Twitter clone.

Using Debian, the analogy would be providing a remote-desktop-as-a-service using Debian, as opposed to merely using Debian in a cloud service.

-----

Although, I may have missed it -- why not make Redis AGPL? That would prevent proprietary forks, as I understand it. But they want something even stronger than that? They don't want just a level playing field, but an advantage?

I suppose I can understand that when you are faced with big cloud providers with tons of locked-in customers.

I'm surprised that Cantrill isn't more sympathetic to the business model problems and the lock-in effects of big cloud providers. He seems to take a pretty hard line that the "community" comes first. But what if there's no real community? Is there a community around CockroachDB? It seems to be mainly for for-profit companies to run cloud services.

-----

In other words I think there could be another name for software where you have rights to view, modify, and distribute the source, but not to directly sell it as a service.

He is saying that nobody is ever going to license this software -- they will just reimplement it or use something else. But I think that is besides the point, which is that there are customers who WOULD pay for a hosted version of Redis or CockroachDB.

I guess where this falls down is that it only works for projects in which there have been essentially no external contributors. Although a few people may have contributed the lion's share of the code, it's not clear that you should reserve rights for author A's company but not author B's company, even author B only contributed 10 lines of code. It is hard to draw that line.


For me, it's hard to separate "Cloud provider selling a service" and "Cloud provider selling compute, and giving away the free service". On a scale of things that are ok to things that are not ok to open source companies: 1) end-user rents an ec2 server, installs redis themselves, 2) end-user rents an ec2 server, runs a redis AMI that a third party created, 3) same, except amazon created the AMI, 4) Amazon runs an ec2 instance on the user's behalf, puts a nice UI on top for "spin up a redis server", 5) Amazon runs an opaque multi-tenant redis system.

Where do you draw the line? Most steps are just Amazon streamlining letting the user run the service, except for the last one which decreases the cost for the end-user.


Yeah, that's a good way of putting it.

I agree there is no hard line. I would put it somewhere between #3 and #5.

On the other hand, there are plenty of legal/licensing issues that rely on fine distinctions. Just in the domain of software: is it OK to copy 1 line of code, 10 lines of code, or 100 lines of code? What about if you transliterate the code to a different language?

It's possible that the fuzzy distinctions are OK and they still roughly preserve the intent and business model.


open source can certainly be profitable for some personalities and some projects, but there seems to be a large portion of the space that's hard to monetize

i've taken a cut at making a license that attempts to bridge the divide - capturing many of the freedoms of open source while still requiring a subscription

https://github.com/db4j/pupl


> I cannot, however, tell you that you can’t put the book on the same bookshelf as that of my rival, or that you can’t read the book while flying a particular airline I dislike, or that you aren’t allowed to read the book and also work for a company that competes with mine.

Really?


Really.

Copyright is just that, copyright. It's not readright, useright, flyright or workforright.

The license for foo can say "by copying foo, you affirm your acceptance of the following conditions: …" and if you do copy foo and nothing else gives you the right to copy it, then those conditions are what you must've accepted, right? Of course you may argue the point, but that's the theory.

However, if what you do is use foo or fly with KLM, not copy foo, and don't affirm your acceptance by other means (such as signing a document), then copyright doesn't apply.

EDIT: And even if it does apply, it's not clear to me that what it applies to is the non-copying bit. If copying and flying with KLM are incompatible, then it's not clear to me that copyright can ban the latter.


That's not about copyright actually. The license is a contract, and you decide to sign it or not - by deciding to use the software or not. The contract in theory may include any restrictions you can imagine. There are in practice some restrictions on that restrictions by some laws in some countries in some aspects, but rarely about KLM.


Copyright license and contract are not (necessary) the same thing. An important related fact is that contract breach is generally less penalised than copyright infringement.

See eg https://perens.com/2017/05/28/understanding-the-gpl-is-a-con... & https://www.youtube.com/watch?v=6i9sngsv8G0

(And keep in mind that per-license US case law doesn't have standing globally)


If you are using IP without a contract you are engaging in copyright infringement.

People we've been through this. This fud was deal with when the GPL was ruled valid a decade ago.


>Copyright is just that, copyright. It's not readright, useright, flyright or workforright.

It is that. There is a reason why IBM got an exception from the JSON license to do evil: https://www.youtube.com/watch?v=-C-JoyNuQJs&feature=youtu.be...


Nope, copyright also covers public performance of the copyrighted work. And that's exactly the part of IaaS or SaaS services that's so controversial lately.


I'm unaware of any case law establishing that using software to provide a service constitutes "public performance" as defined in copyright law. Got a citation?


I've heard that the drafters of AGPL wanted to "synthesize" a nonexistent public performance right. But I'm not aware of any US case law interpreting 17 USC 106(4) that way.


> using software to provide a service

This is not what I said, so could you please not put words in my mouth? It's about statutory provision, not just case law. And it's not about "using" a copyrighted work to provide a service, but when the core of what's being "provided" consists in the copyrighted work being 'acted' or 'played', to paying customers (the statute itself exempts performance that does not occur for pay, nor for commercial purposes), in a way that these customers can readily perceive (but that need not in any way result in a 'copy' of the work being conveyed - copy and public performance are distinct rights under the law!)


I misunderstood you in the same way as hlandau. Perhaps you could explain what you meant in different words? A concrete example might help.


Maybe. However it's the wrong analogy. Open source licenses are just that--licenses that specify conditions for use of the software including running it, building on it, adapting it, etc.

As such open source licenses can impose a wide range of conditions for use. Patent detente is a common term in OSS licenses, which demonstrates that such licenses are not just another form of copyright. [0] If you violate the term(s) you lose the right to run the software and may be liable for fees under a different license structure. Companies end up paying for this sort of thing all the time.

There's no particular legal reason why you cannot impose the sort of conditions that MongoDB or Confluent have added to their licenses. We can argue whether they are good for particular communities, or whether they are wise for the companies involved. But my guess is that the terms will largely stand up in a court of law as long as the companies involved can demonstrate the terms are reasonable and they have copyrights on the code involved.

[0] See for example article 3 of the Apache 2.0 license at https://www.apache.org/licenses/LICENSE-2.0.


I suggested making them copyright licenses and contracts simultaneously. Anything copyright doesnt cover goes into the contract. More, cheaper lawyers should be able to understand it.

I think I read here one court already ruled the software licenses are both types of law in action. That's a start. :)


IANAL, but lets try to figure this out.

The wikipedia article of the Berne Convention says this, regarding what is required to be protected by copyright

https://en.wikipedia.org/wiki/Berne_Convention#The_minimum_s...

The first one:

  you can’t put the book on the same bookshelf as that of my rival
seems part of

  the right to communicate to the public the performance of such works,
so it seems an author can forbid a shop to do this. I assume the performance of the work is the reading of the book here.

This would imply a user may put the books on the same shelf at home, unless that user takes a picture of it and put that picture on the Internet for everyone to see. This would be insane, but in my experience a strict reading of copyright law gets insane quickly, so in practice you'll need to convince a judge of the merit of the case.

The second one:

  you can’t read the book while flying a particular airline
seems to be a right of the reader that can't be blocked . Unless you start to read it aloud for everyone of the plane. Translating, etc... is a protected right, so a copyright holder might forbid reading the book on a plane if you are doing the reading as preparation for a translation etc...

And that's only the Berne convention. Isn't copyright nice.


Folks from the US might be interested to read up on the case of Vernor v. Autodesk.


All this talk about ethics, open, and free brings another angle to mind folks like Cantrill seem to be ignoring and therefore misrepresenting what they are achieving in at least U.S.. I used to push for OSS/FOSS in the past. Now I’m switching to hybrids. The reason is that encouraging people to play “give it all away” or “use low-revenue models” in a capitalist country where opponents of freedom make billions of dollars for their software shifted all the money (and therefore power) to the latter. They then paid off politicians and used pricey lawyers to win more power against OSS/FOSS in ways they couldn’t fight against without piles of money. This includes ability to patent/copyright troll users of open/free software and especially Oracle’s API ruling which jeopardizes OSS/FOSS, backwards-compatible implementations of anything that had a proprietary API.

From what I see, OSS/FOSS have done great things but are a fundamentally-flawed model in a capitalist country where money wins. As many as possible need to be charging by default both to support contributors and send money/power the other way. They and FOSS-using companies that don’t depend on patent/copyright money need to pool money together to fight legal advances of patent/copyright-trolling companies that want lock-in. Otherwise, in a game where only one side is playing for keeps, the OSS/FOSS groups keep losing by default software freedoms and ability to enforce their licenses while preaching that they’re maintaining them. Seems dishonest. Also, strange I almost never read about these issues in FOSS writers articles about business model and licensing recommendations.

Far as hybrids, I can’t give you the answer yet since it’s too soon. For FOSS, I’m looking at Open Core and Dual-Licensing with strongest copyleft available. For non-FOSS, Source-available from public-benefit companies and nonprofits chartered to implement most software freedoms for customers on top of free for non-commercial or under certain use. These freedoms and justifications would also be in licenses and contracts with huge penalties for non-compliance for extra layers of defense. Maybe expire into FOSS after certain time passes or revenue threshold. We need more experimentation that lets companies currently supplying or later releasing as FOSS to get millions to hundreds of millions in revenue collectively to fight this battle. Again, it’s not optional: the other side is actively fighting to remove software freedom inch by inch. And mostly winning despite FOSS organizations’ little victories.

Edit: Added a few specifics for hybrid model in this follow-up:

https://lobste.rs/s/kbcjnx/open_source_confronts_its_midlife...


Very well written and timely.


The answer lies in your context for programming. The bigger picture.

The invention of the microprocessor was a watershed moment in human history, more than that of fire, or even splitting the atom. Mechanical intelligence provides for a realistic Utopia. It's not guaranteed, but it's unarguably possible. "Let the robots do the work and we'll take their pay."

From this point of view, anything that restricts the free flow and use of software is regressive. (I'm not going to address the subtle point of whether "Free" or "Open" better foster free flow. On the ten-thousand-foot level that I'm dressing it just doesn't matter.)

Trying to make a living from charging for (copies of) software is foolish compared to bringing about a techno-utopia as quickly and directly as possible.

The important question is, how do we marshal our resources to achieve a peaceful, ecologically harmonious, high-tech, post-historical world as quickly and painlessly as possible?


By charging for the software we produce and using the economic resources we gather to get the outcome we want through the acceptable channels in our society, e.g. the courts and the legislature.


Sell [copies of] software to make money and then lobby politicians. Is that what you're saying?


Open source is booming by any metrics. My favourite example is Bitcoin, which is just getting started, but even its haters usually agree that it has a huge impact (even if they don't like the impact itself).


I would say Bitcoin is lagging compared to where many other open source projects were after 10 years.


Well, you can expect it might take some time to gain adoption for an idea which has such a profound and extensive impact on many areas of life, and not just software.

Bitcoin has changed the way the world thinks about money in just 10 years. I wouldn't call that lagging. It seems to me that it is leading.


> Bitcoin has changed the way the world thinks about money in just 10 years.

Has it really? I've not seen any evidence that mainstream economists have changed their views on money and monetary policy. Even among the lay public, it doesn't seem that it's really changed anyone's minds, just given some people with minority views on the matter a loud platform to shout them from.


> Bitcoin has changed the way the world thinks about money in just 10 years.

That's mostly limited to "true believers". For the 99%, Bitcoin the technology doesn't really mean anything, but they rather think of the speculative investment.

(for reference, I was mining BTC in 2011, and have made more than a few dollars in it over the years, I just like meat with my Koolaid)


It might only be a small minority of people who are true believers in Bitcoin, but many of them have taken it upon themselves to continue building new financial instruments and technologies around it.

The internet changed the way the world thought about communication in the 70s. This was a minority opinion all the way up to the naughties when it became impossible to continue ignoring reality.

Banks will need to innovate or they'll end up like the record labels and newspapers who failed to keep up with the geeks and entrepreneurs. The banks which embrace technology might survive.


The amount of hate is quite interesting... usually I get about 4 points for what I write (if it doesn't stay at 1), but any time it's about Bitcoin, it's -4.

Still, adoption is exponental, so I'm quite confident it just takes 10 more years to get to wide adoption.


I can't speak to your posts, and there is definitely some hate against Bitcoin, but in general, HN downvotes anything that's more evangelical fervor than in-depth discussion. Compared to many other topics, a lot of the Bitcoin posts I see I here are probably better fit for Reddit than HN. (I participate a lot in cryptocurrency subreddits)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: