Basically, there is no such thing as an "Open Source API". APIs are not software, and we've already seen the damage that treating APIs as software (for copyright purposes) can do.
The proper abstraction for APIs (and protocols, and file-formats, etc.) is the standard, which ideally admits the possibility of multiple interoperable implementations, both proprietary and open source (patents being the joker in the deck, unfortunately).
I hate that this stuff hits HN front page. It worries me that we're developing a culture where I as an individual must adhere to some moral framework when writing code, lest I violate some social open source norms. To me, this is deeply poisonous to the spirit of open source.
This is not 100% correct. A large part of the format is standardized in ECMA-376 and ISO/IEC 29500, but many details are implementation-dependent. Many of those details are covered under other specifications like [MS-DOCX] that are covered by a covenant not to sue, but other details are not covered and are therefore in murky legal territory.
Every culture or community has norms, and many of those norms generalize to universal moral principles, like: participate fairly in a community, not exploit it.
"Spirit of Open Source" isn't something defined entirely in the phrase of "open source". It's an idea that gets defeated by actions of some larger players today, hence the outrage (and an opportunity to remind people yet again, that RMS was right about this).
I don't care if Amazon or Facebook gets rich off of it. I don't care if Donald Trump or Hillary Clinton get elected based on it. I don't care if the Russians use it. It's a tool, and like a hammer can be used for good or ill, and I disclaim all responsibility for what stupid people do with it. I don't care if somebody forks it and 99% of people start using the fork instead of my original. All I care is that I got what I wanted out of it, I hope perhaps that some other people use it so that they can help contribute and maintain it, and perhaps I'm hoping for a tiny bit of respect and recognition. My expectations are grounded and realistic: very few people will likely use it; I don't have a hope in hell of either making money off of it or of changing the world because of it. And I'm completely satisfied with that. In fact I'm more than satisfied, I feel wonderful because millions of other people are doing the same things with their software and just about anything I could possibly want is out there somewhere. Hence a sense of community and of good will.
Others folks (such as the author of the article) have different "spirits" most of which I find distasteful, including those who have a stick up their arse about big orporations and want to add restrictions about commercial use or about derivative works, those who think their software is God's gift to the world and they thus deserve something for it, those who want to control what others are allowed to do, those who want to change the basic ways that the world works, and those who come from a place of greed and regret. I don't share in any of that outrage, not even a little bit, and so this article (to me at least) is complete rubbish.
People do often do open source to build a reputation, or to be able to push their vision, and both of those motivations should be encouraged. Furthermore, the attitude of "I built the technology and it's not my problem if people use it maliciously" is dangerous.
Why can’t or shouldn’t the “Spirit of Open Source” be able to include exactly the things that you complain about? I would love to hear your grounding for your position :)
We can maximize user freedom by having developers put code into a commons, reject the freedom-to-restrict-users, and deny other developers the ability to enclose that commons in those sort of restrictions (ala copyleft).
This has an even more broadly applicable analogy, Popper's "tolerating intolerance" and related paradoxes.
Another way of looking at this is through the frame of positive and negative freedoms (often described as "freedom to" vs. "freedom from"). It is often not possible to maximize both. For example, when the goal is maximizing human freedoms for the most people, it is not unreasonable to disallow making any people un-free, which includes denying people the freedom to sell themselves into indentured servitude.
But I think in practice both open source and free software are hard to monitise. Often the open source software is a marketing platform for a managed service ala “we made it were the experts let us host it for you”
Btw. I'm not comparing open- vs. closed-source but open-source-software vs. free-software.
I agree Open Source & Non-Free (as per R.M.S.) would be much more commercially useful than Free in a lot of circumstances, because if I pay $1000 for some Free as in Speech software I can then go and sell it to your competitors for $10.
The only way I can think that this is not business-destroying if said software is so tricky to set up that it only makes sense to buy it from the original vendor who will set it up for you in the price - in which case that probably breaks the spirit of free software.
The Free Software movement on the other hand created licenses which try to prevent the kind of behavior and thus are protecting the open software going forward.
People want to have their cake and eat it too. They started with an MIT license because it gets more uptake then whine when the license terms are being followed.
But then it wouldn't be widely used. The solution to that is for everyone to use AGPL then the open-source playing field is level again.
That would be much like paying for support, getting the latest and greatest earlier than those who don't pay for it.
That gets complicated managing all the payments, but I can see a single company using this model for their own benefit. Build momentum with the (two) OS licenses and get some income from the commercial license.
What could make this an attractive simple-to-manage model is that there would still be just one product, with different time-based releases of it, provided with a different license.
No need to fix bugs in the older releases, they are fixed in later versions. And everybody gets the fixes eventually but those who pay (or agree to AGPL) get them sooner.
Previous major release would not have the latest features but it would have the latest bug-fixes. That would be enterprise friendly.
- you want to make your software as open as possible
- while still making money from it
It would require the manufacturer of the software to have some momentum but it sounds doable for some.
This is the challenge, and it doesn't have an easy answer. Without optionality, open source offers little to corporate users.
Is this really true or just perceived? How often is that optionality actually exercised? And I don't believe that most of the value is in it. The benefits to using good software that continues to be maintained by those using or supporting it is immediate.
EDIT: honestly not sure why this is so heavily downvoted (-7 as of the edit), the whole point of SSPL and other licenses is to address the "workarounds" that Amazon and others have discovered in AGPL
What is your project? I'd like to know, if you're willing to tell.
As far as I'm concerned, SSPL is superior to AGPL in that it catches all the bits that make your software actually work, forcing you to include them as part of the offering. I honestly don't understand the apparent objection to referring to a license with such a clause as open source - all it does is close a (major imo) loophole.
SSPL v2 appears to be an attempt to correct this, by explicitly excluding system components and allowing other FSF/OSI approved licenses if you're unable to release something under the SSPL yourself. But note that not even MongoDB, the project that the SSPL came from, is using v2 at the moment.
The GPL and AGPL have been around longer and have much more of a community behind them, and both versions of the SSPL are incompatible with them. At least for the time being, I'm inclined to stick with the AGPL for network services, because I like having access to all the GPL/AGPL code out there. Maybe someday I'll take a look at SSPL v2; I wouldn't touch SSPL v1 with a 10-foot pole.
 "all programs that you use to make the Program or modified version available as a service, including, without limitation, management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software"
> “storage software and hosting software” changed to “host orchestration software”
seems to be fairly reasonable though, unless I've misunderstood things once again?
> But note that not even MongoDB, the project that the SSPL came from, is using v2 at the moment.
From the page you linked,
> If this version is approved by OSI, we plan to apply it to the next release of our MongoDB software, which is currently available under version 1.0.
so it seems they really do just want to address the current loophole in the AGPL.
>seems to be fairly reasonable though, unless I've misunderstood things once again?
It's better, though note that the terms in the list referenced there aren't strictly defined.
>> If this version is approved by OSI, we plan to apply it to the next release of our MongoDB software, which is currently available under version 1.0.
>so it seems they really do just want to address the current loophole in the AGPL.
Sure, I'll give them the benefit of the doubt on that. But the fact that they haven't switched over by now signals to me that they're not yet confident in the newer version of the license; if they're not, I can't say I am either.
And it's worth noting that SSPL v2 was withdrawn from the OSI review process back in March: https://opensource.org/LicenseReview032019
> the fact that they haven't switched over by now signals to me that they're not yet confident in the newer version of the license; if they're not, I can't say I am either.
Agreed; I wouldn't want to make use of it either until the dust is well settled.
Specifically overreach ambiguity and as mentioned compatibility with other popular copyleft licenses are valid reasons for me.
It seems reasonable for anyone that cares to switch to AGPL now and to an compatible stronger successor, perhaps SSPLv2 but it will take a bit of time. It's great that some are starting to test this.
Remember when there was a ban on any type of open source? We now have to take another step to the left together. The only ones that would truly miss out are the ones serving proprietized and not just using community software.
So I can't run a service for it on VPS at a hosting provider, because I can not share the source to the backup system, hypervisor and load-balancer they use? Are firmware-blobs in my kernel-drivers ok? That seems extremely open and far-reaching, to the point that one could argue that it clearly is intended to forbid offerings as a service, even if it pretends not to.
EDIT: after looking up details about the "comical debate" (quote article), that indeed appears to have been one of the arguments. Not surprising the article badmouths the OSI, but doesn't actually engage with or even dare mention their arguments.
Edit: From the sibling comment, it seems that SSPLv2 tries to address this.
For instance, does non-commercial mean (1) you cannot use [the output of] the program for any commercial purposes, or does it mean (2) you cannot sell the program itself (and its derivatives).
The difference is subtle but AGPL permits (1) whilst practically forbidding (2) by enforcing copyleft; hence it fits the OSS criteria whereas CC NC wouldn’t if both (1) and (2) are true.
The whole agenda of the guy writing this is to move open source projects to being no longer open source, because he doesn't like what that entails (as it also means "amazon enjoys the same freedoms as everyone else"). But they like to confuse it as much as they can.
This would be much less of an issue if these people were upfront: "We don't like Open Source, so we try something else". But they don't want to do that because they know Open Source has a good reputation, so they try confusion and deception.
The situation seems to be much more complex than what you portray (ie "we don't like open source"). Take the SSPL for example - OSI may not recognize it, but as far as I'm concerned it is an open source license. Commons Clause I'm not certain about - is explicitly disallowing sale really inconsistent with open source ideals? I've yet to make my mind up on that one. Then there's the RSAL. That one definitely doesn't seem to be entirely consistent with open source ideals:
> The only restriction is that the application cannot be a database, a caching engine, a stream processing engine, a search engine, an indexing engine or an ML/DL/AI serving engine.
The Fair Source License (Sourcegraph, https://fair.io/) explicitly does restrict those things.
The RSAL (Redis, https://redislabs.com/blog/redis-labs-modules-license-change...) kind of does, but only under some circumstances.
The Confluent Community License (https://www.confluent.io/blog/license-changes-confluent-plat...) only says you can't run it directly as a SaaS offering, which is better but I'm a bit uncertain where the line would be drawn in terms of product functionality.
The Commons Clause (https://commonsclause.com/) explicitly prevents you from selling the software, including hosting, consulting, support, etc. As with the Confluent license it isn't entirely clear where the line is drawn in terms of product functionality.
The SSPL (mongoDB, https://www.mongodb.com/licensing/server-side-public-license...) is in fact an open source license as far as I'm concerned, but OSI hasn't (won't?) recognize it.
We all benefit greatly from Linux, and I think most people have not contributed back to it in any meaningful way, monetary or otherwise. A lot of these projects only exist because they were built on top of other Open Source solutions with no expectation to give them any sort of "cut". Had Linus decided he actually wanted to start a hardware business and then got angry that IBM was better at putting Linux on metal than he was, it would be similar to this situation and I think most of us would be unhappy about a bunch of turmoil resulting from that. But when it's someone else's ideas that are being used for free, they always seem obvious and fundamental, when its your own, it's unique and unfair.
As others have said here, it is OK to say "wait a minute, I want something different", and then do something different. What is not OK is wanting to water down the definition of the term open source so that whatever thing you want to do still gets to use it. The OSI's position here is perfectly reasonable -- that doesn't mean you can't invent some new kind of license or relationship. People forget that OSI had to work to get into industry in the first place, it wasn't automatically accepted. It is somewhat funny and ironic that others now want to benefit from this work while doing something completely different.
Dangerous ground telling people what their goals should be. There is no reason a person shouldn't try to maximise their profits from open source strategies. The Linux example is not a strong one - lots of the kernel devs are for-profit and Linus Torvalds made a fortune  - likely linked to his involvement in Linux. With benefit of hindsight it is hard to see how he could have better optimised for profit.
The key insight for commercial OSS is that maximising profit does not necessarily mean maximising your paying userbase size. 10 users paying $10,000 a month easily trumps 1000 users paying $10. And going OSS as a commercial strategy (eg, Red Hat's classic model) gives competitive advantages if you can lever it - no risk of being undercut by a cheaper software package, ability be very selective in who you offer support to and an obvious strategy for wheedling in to new markets.
In the initial rush where computers were being changed out every 5 years (pre 2003 era), having software to sell was where the advantage was. Now the industries are starting to mature and that is no longer as obvious it once was. The money seems to be in support and ongoing relationship fees, which are very amenable to OSS.
So basically, if someone's goal is to maximise profits they should consider making their software open source. Especially if they are breaking in to an incumbent's market.
It is fine to try to leverage the properties of open source to make profits, just don’t be surprised when it doesn’t, on its own, do so. That is what is meant by my first statement: “open source will absolutely help you gain traction, it will not necessarily help you capture value”. As such, if you use open source, the goal best served is gaining users. Don’t be surprised when it doesn’t make you a ton of money.
Then it has failed miserably at it. For almost each open source project, there is a closed source that has more users. Windows, iPhone, Photoshop, etc.
Making money is a great way to invest in marketing, and reach a broader audience.
Remark that I'm typing this on my Linux desktop, so I'm definitely not opposed to OS.
In my opinion, the biggest benefit is that you have more ownership, because you're able to make modifications and improvements without being blocked by 1 company. I for one, will always avoid closed sourced libraries. I had way too many blocking issues in the past, so I prefer libraries where I can fix things as fast as I want to.
This must be one of the most arrogant things I've read on HN.
Also, this is meant more as a “if you do X, expect Y” statement. If you open source, expect high uptake not profit. The same way someone might say “If you’re using a hammer, your project should have nails.” I would be surprised to have someone retort “who are you to dictate whether my project should have nails?!”. Similarly, if someone complained in an Ogre forum that the framework wasn’t helpful in making a spreadsheet app, I might say “if you’re using a physics game engine, you should be writing a game not a utility app”.
You can set whatever goal you want, but as the author of this very article agrees with, open source is not going to be good when one of those goals is maximizing profit. Unless of course, if we change the definition of open source.
And he has not complained that I know of.
If you don't want others to have that right, then choose a different license.
But don't grant the right and then complain when people exercise it.
The hard reality, that someone like myself believes, is that open source works because most actors try to be considerate of others. It falls apart when everyone acts selfishly. I personally believe the world is better off because we have open source software(as generally defined by the OSI and other groups). So my concern, and I'm guessing the concern of others like the author of this article, is about losing open source as we know it today. The fear is that as actors like Amazon behave in a very anti-social and self interested way, other actors in the ecosystem will be drawn into behaving similarly. Eventually we'll return to the era when software was almost always closed.
Of course, you may not find any real value in the spread of open source software. If that is the case, then I would imagine this situation seems strange to you.
Good on these guys, I hope they build a licensing model or some other thing that can stand up to Amazon. I still consider SSPL to be "free software" very much within the ideals that movement, regardless of what the OSI says.
Yeah, I think the issue is that these days there's a lot of open source developers, who zealously believe in open source, but are working for corporations. They have a natural incentive to maximize the usefulness of open source for corporations, whether they explicitly acknowledge that or not. On a social level, I think that's having many effects, one of which is the backlash against SSPL, which is obviously hard for mostly-proprietary corporations to comply with.
Many open source programmers have built a mental model around the notion that the scripts that operate and deploy an application (service) aren't part of the application (service), and therefore don't need to be open source. But that doesn't make any sense from a software-freedom perspective! The fundamental tenets of open source are that users should be able to use, modify, and redistribute the application. If the users don't have access to the scripts that are required to actually deploy a modified version of the service, then it's not meaningfully open source. That's a new perspective, it's true, but I think the old perspective (the scripts to deploy a service don't need to be open sourced) was just wrong, it came from a long period of biased, commercial-centric thinking.
SSPL is less free than most of propertiary EULAs. It is literally impossible to comply with the section 13 of the license.
SSPL requires the user to release the source code of everything they are using to host their service and license it under the terms of SSPL. Everything, that even includes operating system and firmware of the server used to host the user's service. No one is able to do that.
I don't understand how can anyone defend that awful license.
IMHO all use cases can probably be covered by MIT/BSD, GPL, LGPL, and AGPL. Everything else is license proliferation and adds confusion and problems sharing code between projects.
Hence, the need for a new license.
However, they seem to have kept the deployment infrastructure as a trade secret, and since that didn't interact directly with MongoDB's interfaces, it șes that it really didn't come under the scope of the AGPL.
I think another commenter got it right: this is a fuss created by commercial entities that wanted to have their cake and eat it too.
Because they were already using the AGPL, and it did precisely Nothing to stop Amazon from turning into a massive free-rider who undermined the very ability of the project to fund continued development of the project Amazon was free-riding on.
We can attempt to solve this free rider problem, or we can shrug our shoulders and decide we’re just comfortable with a world with a lot of dead Open Source projects and a lot more proprietary software. But “the current situation is fine and sustainable” is head-in-sand thinking. This Bad Citizen behaviour is an existential threat to the long term prospects of Open Source.
There is no "free rider" problem. There are companies competing and one of them out competing the other. Are you as vocal about every company who failed because they didn't have a good business plan?
Now, should companies (or anyone) who use f/oss contribute back in kind or monetarily? Yes, of course they should; no one is arguing that.
Open source was born out of a closed source world. It couldn't possibly have been a "gift culture" at that time, and yet it birthed and blossomed and amazingly so. To seriously believe open source would go away requires a belief that the forces that birthed it in the first place no longer exist or have significantly diminished. I'd be interesed to hear you expound on that.
This state of affairs continued through the initial phases of the workstation/PC era. It was when IBM PC clone hardware (with their narrower profit margins) started to dominate that proprietary software gained more attractive margins, and the ISV era really took off.
It was this growth of proprietary software cutting into and threatening the existing gift-culture during the 80s that prompted the formation of Free Software and Open Source philosophies (the latter named in the 90s but existing all along).
What you say ("The whole point of choosing a permissive license is that you want others to have the right to profit off of your work and give you nothing in return.") is obvious in hindsight, and should go without saying if you start a project with the express intent of commercializing it. However, in many cases, it's not the obvious decision for reasons related to the project's genesis (e.g. Spark or Mesos being student projects), and in others, it's not the route taken because of an idealistic impulse that I think would be really unfortunate to see squashed.
It was also widely known for many years before Redis was a thing, i remember Slashdot comments from early 2000s about how BSD proponents are taken advantage of and they seem to like that whereas GPL proponents are taken advantage of as much as they take advantage those who take advantage of them (weird phrasing because the original quote i remember was a bit more explicit).
So it isn't really something you only knew in hindsight, it is also something that comes by ignoring people who were warning you about the consequences of your choice (royal you here).
> What you say ("The whole point of choosing a permissive license is that you want others to have the right to profit off of your work and give you nothing in return.") is obvious in hindsight, and should go without saying if you start a project with the express intent of commercializing it.
Even if you do thoughtfully choose a license with the express intent of commercializing the work, some competing project elsewhere - student projects, in your example - will eat your market. It is about time players entering our industry be warned of the effects of such "pissing-in-the-pool" activities.
If a student somewhere is willing to do the same thing as your company for free and release their work under MIT, why is that a problem?
This smacks to me of Microsoft complaining that projects like Linux shouldn't be allowed to exist, because its unreasonable to expect them to compete with free.
If eventually we get into a state where Open Source development really isn't viable, then people will stop doing it, fewer people will be eating your market, and then Source Available projects will become commercially viable.
There isn't a problem with that. The problem is when such projects aspire to commercialize their work, find it hard, and then complain when other commercial entities exploit their work.
The hypocrisy I am pointing out is that to get a software adopted initially projects choose overly permissible licenses; then when they try to monetize the project, they run into issues and cry foul.
Yes, choosing overly permissible licenses (non-GPL OSS ones, in particular) contaminates the market for other software projects operating in that market.
Reciprocal licenses work like herd immunity: you need a large enough ecosystem to effectively keep freeloaders at bay while rewarding those who cooperate often.
MongoDB had a "We gave others freedoms we didn't like" problem, so they rescinded those freedoms. Freedoms that they'd given in the first place to profit off of the reputation of Open Source Software. If they'd never given those freedoms out, they'd never have had any problems.
No, Linux is GPL licensed, it's not a naive permissive license.
Conversely the LGPL and family exists in some sense because the free software community tried to apply copyleft to project that can really only be successful with a permissive license.
For example, my country has freedom of speech and assembly and so forth, and it's easy to see cases where someone exercises their legal rights in ways that are supremely annoying to others, and not in any way productive for society. When we see people abusing the system, we speak out about it. The nail that sticks up gets hammered down.
What's the alternative? Disallow freedom of speech? Sometimes we might feel tempted, but it turns out that that has all kinds of terrible problems. As they say: this is the worst form of government, except for all the others that have been tried.
There are many cases where doing the minimum that the law allows is fine and accepted. (Most people don't intentionally overpay their income tax.) There are other cases where doing something that's merely not technically illegal is frowned upon by social convention. What we're seeing is the corporate world (legal minimum) and the individual world (social contract) colliding. Who wins? So far, the corporations are.
It's easy to say "You should have picked a different license, then!" after the fact, but maybe there isn't a license which would have worked better. Maybe this is the best of several bad options. (Maybe using a more restrictive license would have caused the company to ignore the software entirely and write their own completely proprietary alternative, for example.) Maybe using the internet soapbox to plead for leadership is actually the optimal strategy.
The GNU GPL was an amazingly clever hack to use the legal system to assist enforcing a social contract, but I don't think we can expect to find solutions like that in every case.
I really hate people who don't understand what open source really means and get offended when someone uses their work in a way that doesn't violate the license, but doesn't give back.
I don't understand this. If the old version was licensed permissively what argument does he have to take down a copy of it with DMCA?
And the original companies using it wouldn't care - of course they'd have their own vendored copy internally - they don't need GitHub to keep using it.
The real issue with OS today is that it is too difficult to reward authors and contributors with actual cash money. Until this is fixed, “open source” is doomed to be a bunfight between well funded companies and self appointed governing bodies.
Let’s find a way to pay hackers!
I think the problem with Elastic is they have lots of VC investment pushing for a big payout, so it’s not a “pay the hackers” it’s a “make a big payout for founders and investors.” Which I’m not against and think is cool, but I don’t really care about it that much.
The “indoctrinated” industry has created a massive community and even more massive ecosystem of interoperability which almost certainly wouldn’t exist under the walled off from everything else and “fuck everyone” nightmare of the 1990s.
Those 90s walled off isolated companies were significantly more cult like and significantly less effective than the system which won out in the open market—the “GNU propaganda” as you refer to it.
I'm not exactly sure what you mean by "extend existing open source projects". Elastic the company was founded by the creators of Elasticsearch and is the way that its authors and most of its contributors are rewarded with actual cash money.
I think s/he means Elastic's use of Lucene - https://lucene.apache.org/.
> Amazon’s behavior toward open source is self-interested and rational. Amazon is playing by the rules of what software licenses allow.
The stronger part of the argument is that Amazon is being anticompetitive by using their privileged role as AWS' hardware operator to compete with app providers in on higher layers. Maybe in a few years we will have a lawsuit related to the one Apple is facing now about ios apps.
The free-rider problem occurs when those who benefit from resources, public goods, or services do not pay for them, which results in an underprovision of those goods or services.
It’s like complaining because Seattle sets up a free subway that supports infinite riders at $0 marginal cost and Amazon has all their employees ride it instead of making google buses.
There’s also an issue that Elastic’s district was actually worse than Amazon’s new distro due to license confusion.
On the contrary, permissive licenses has been quietly pushed by companies, together with replacing Free Software with Open Source, in order to exploit it.
For example, is it that far fetched that at some point someone will come up with the abstract argument that your blogging service is really actually just a fancy interface to your MongoDB instance -- and thus you should pay up since you are a MongoDB provider.
Just to be clear, if you are referring to Commons Clause, you can freely use the software for real estate or whatever, you just can't sell the router itself, software itself, or offer paid consulting / support / hosting for the software (well you can, but you need to obtain a commercial license - which is fair enough, since you are making money off the software, not off you real estate business).
This is a common misconception about Commons Clause. You can use it for commercial purposes. Exception is when you are selling the software itself, or the services that base on it.
As for blogging example, the concern is imho not justified. Hybrid licenses need support of community as much as open source ones and such behaviour would be suicide. It would help if the projects were clearly stating the allowed (and disallowed) usages in advance, but it's a bit early... There aren't many projects using Commons Clause yet for example.
I think we're agreeing here: no one actually knows the boundaries of this. I'm simply not interested in being the guinea pig of where the line is of "the services that base on it". In my experience the actual deciding factor for this is when you become successful enough and worthwhile to sue. Then it's up to some judge in Texas to decide whether my service is "based on" this technology? I mean, I can't run my services at all without Linux -- I think they'd have a really good argument that my entire business is "based on it". You and I may see how this is silly, that's not sufficient for making me feel safe in a legal environment that currently rewards patent trolls for example.
> It would help if the projects were clearly stating the allowed (and disallowed) usages in advance, but it's a bit early...
If we're in "warrant territory" of explicitly stating up front every possible "OK use case" to make the user feel safe, then its either going to have so many allowable use cases as to be self-defeating, or not possibly able to predict really exciting unexpected uses and rule itself out from those domains. At the absolute minimum, I'm going to start to actually have to read over the license with a lawyer now (as opposed to one common understanding of something like MIT), since I can't imagine a "one size fits all" of acceptable explicitly spelled out use cases when the whole point of these licenses is to carve out meaningful profit areas for the project itself - something that in my opinion is going to vary greatly project to project depending on the unique features it provides.
I just think a solution that better aligns incentives of users, businesses and developers is needed, because opensource doesn't do its job good enough. But time will tell which licenwe will get enough backing to succeed in dethroning it.
But the problem for me is that if developers don't have incentives aligned with their users', then we get low quality software. I am a FOSS user and have been for many years, but while I appreciate the freedoms it grants me, the whole experience is... Let's say "inconsistent". I would prefer limiting some of the freedoms in exchange for better software, and especially in exchange for having it at all on mobile.
I think the somewhat extreme view FOSS movement holds about freedoms actually hurts opensource adoption, because it hurts its quality and availability.
Note that I don't mind Amazon (ab)using FOSS so much as I mind not having any freedom on mobile.
I want you to have the right to be an asshole, but I'd prefer it if you were not an asshole. I don't want to enforce my preferences through contracts, licenses, and law. I might still call you out if you're an asshole.
How hard is it to understand this worldview? A world of freedom, where people do the right thing because it's the right thing to do, and not because they are given no other choice.
Now they are starting to realize they were naive.
E.g. smartphones (the most used end-user computer nowadays) being walled gardens. So walled, that not even a giant like Huawei can easily continue to use Google's OS.
E.g. Trade war makes every side being less open towards all other sides.
E.g. at least one huge Open Source proponent being sold to a company that is known for not handling open source too well.
E.g. big corps like Google having found a way to misuse stuff that is seemingly open source as marketing tools to spread there proprietary actual products.
E.g. with at least many big corps believing that the cloud has beaten on-prem, and who knows what is behind these APIs. Maybe they don't even use Linux and TCP/IP anymore.
E.g. with the rise of AI and machine learning software itself maybe(!) not being the most important tech development factor anymore.
E.g. with Valve not having won the gaming platform war against Microsoft.
E.g. with Microsoft claiming to integrate more and more with open source (but then how much control are they starting to wield, having a shitload of coders, money and users to field for their personal cause).
DocumentDB much like Amazon Aurora has pivoted much of the database internals to depend on the AWS ecosystem. The whole concept of replica-sets on MongoDB are very rigid and inflexible compared to the elegance made possible by EBS and Amazon engineers.
MongoDB replication is measured in seconds meanwhile DocumentDB replication is "usually less than 100 milliseconds". This makes read replicas in DocumentDB more relevant for all kinds of real-time tasks vs MongoDB.
It's as if they are trying to say that only the creators of an open source project can build a SaaS for it. Tell that to mySQL, Postgres, redis, everything apache (Hadoop, Cassandra(which is based on amazon's DynamoDB whitepaper), Kafka, Zookeeper), every programming language ever (Except maybe C#). It has always been the case that open source infrastructure was built by one group and another completely unrelated group, who are much better at cloud anything, built the SaaS offering for it.
If this is Mongo again, it's probably a PR stunt by them to get their failing business model's latest failing hail marry to not completely destroy developer trust (which it will, of course, fail to do).
There is really just one thing to complain about Amazon's use of open source, they aren't supporting back enough for projects they are using. That's it. They should be shunned for it, but that's not earthshattering, and it's definitely not a condemnation of other cloud vendors (Microsoft and Google) who support open source massively.
That was the author's point, was it not?
Open Source, a set of licenses that allow users to run and modify software for personal or commercial purposes without your permission.
and Source Available, a set of licenses that allow users to see and modify your source code provided they meet some kind of criteria you set up, such as not using the code for commercial purposes or not doing things you don't like with it.
These two terms already perfectly encapsulate the entire range of new licenses that are being proposed for databases like Mongo.
But a nontrivial number of proponents for SSPL dislike this distinction because they want the goodwill and reputation that comes from being able to say, "we're Open Source." They want to be categorized the same way as MIT or GPL licenses, even though they fundamentally disagree with the worldview behind them.
> The OSI believes it owns the definition of open source and refuses to update the definition of open source, which is short-sighted and dangerous.
No. The OSI believes that Open Source has a widely agreed-upon definition, and that definition shouldn't be hijacked just because it's inconvenient for some company's software monetization strategy. The level of condescension in this article is really infuriating. Literally nothing is preventing any developer or company from using the SSPL right now: nobody will judge you, nobody will call you evil, the only thing the Open Source community is requesting is that you do not call it Open Source.
Open Source was not invented so you could use it as a PR strategy. We don't need your help.
Ironically, "open source" was explicitly invented as a PR strategy by ESR and friends because the free software ideology was scaring aware rich companies:
... And do not prohibit redistribution of the work or source-form derivatives.
I don't think this is true. Lots of people will call anything other than their preferred licenses evil.
But the developer community as a whole, which has already shown themselves to be basically fine with proprietary software existing, is not going to be thrown off because you call yourself Source Available.
And the people who would judge you for choosing a Source Available license are not going to suddenly be OK with you using SSPL just because Mongo says to call it Open Source.
GPL is source available, then?
Source available licenses would be appropriate if you want to restrict use. (For example by Amazon.)
AGPL does stretch the definition though, and people have argued indeed that it is not open source.
The short justification given is that even though the GPL doesn't let you do everything, it still doesn't interfere with the 4 essential freedoms that Open Source guarantees. You may or may not agree with that justification.
But the people arguing in favor of SSPL as an Open Source license are moving in the wrong direction. If TechCrunch wanted to make the argument that the GPL wasn't free enough for inclusion into Open Source, they could do so. Instead, they're arguing that because the GPL might stretch the definition, we should just go whole hog and introduce straight-up end-user usage restrictions as well.
Techcrunch is taking the, "your thing isn't perfect, so we should all make it worse" position.
Wait, what? "Four essential freedoms" are part of FSF philosophy, not Open Source, and GPL is literally the canonical example of a license that guarantees and safeguards them. Many Open Source (not Free Software) licenses do not, in fact, guarantee these freedoms.
"No Discrimination Against Fields of Endeavor
"The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research."
The point I was trying to get at is that regardless of existing debates over the merits of permissive vs. copyleft licenses, neither side of that debate would say that SSPL belongs here.
Permissive license advocates would say that while they dislike GPL's restrictions, adding more restrictions is a bad idea. GPL advocates would say that the point of the GPL is to safeguard the 4 essential freedoms, and SSPL doesn't safeguard them.
Techcrunch is arguing that because there isn't perfect consensus within FOSS, FLOSS, and Open Source communities, that we might as well just turn this whole thing into a free-for-all.
Honestly, I think this editorial could have done with toning down the rhetoric a bit - calling people / groups names ("wonk tank") and generally implying those with the opposing view are irredeemably "short-sighted" isn't particularly persuasive and just detracts from the author's points.
The competition is how great things are born. Some Open Source is being pushed towards proprietary model (Open Core, Shared Source etc) while others will find a way to have sustainable business in the new reality with Cloud Vendors.
IMHO, the maximalist position of the RMS camp, while rightfully paranoid about the dangers of fully proprietary software, isn't the optimal solution. Yes, certain kinds of open source projects have been extremely successful, but a lot of this has been driven by corporate interests (i.e., people working on open source projects as a part of their work) and the software that gets built reflects and reinforces these interests.
I'd be happy to pay to have the latest version of some really useful software that respects my rights in lots of other ways (e.g., more control over and access to my data in the app, and be able to tinker/adapt it as I see fit, with full source), particularly if the alternative is that this software doesn't exist. If feels like, at least in some software domains, that the alternative are either (1) user hostile proprietary software or (2) nowhere close to the proprietary alternative in terms of features and robustness.
Obviously that's not the case for stuff like databases and operating system kernels, but that's what it often feels like out of these back-end type packages.
Ok now that I've established my OSS cred: I'd be really interested in a license that is effectively MIT, _except_ for the 20 largest software companies, for whom there is no license and any use is restricted (you'd need to clearly define what makes a company a software company, and what it means to be the largest, but that's what lawyers are for). They could pay for a commerical license if the customer demand was high enough.
This seems like it would address the main issue as I see it, that is, I want almost everyone to be able to use my software to build cool shit and make money... But if you're FAANG or some shit, come on. The rules are different.
One of the reasons the standard open-sources licenses such as the GPL and the permissive licenses are as popular as they are is the lowness of the probability that lawyers will ever be involved.
There was widespread use of GPL software in the 1980s and early 1990s for about 15 years IIRC before the first lawsuit involving GPLed software. Stallman and his legal advisor Eben Moglen did a great job in reducing ambiguity when writing the text of version 2 of the GPL and in explaining the ramifications of the license to developers and prospective users.
These proposed licenses neither are open-source nor free software and are very poor ideas. The SSPL clearly breached the boundaries of open source and the OSI's opinion was only "premediated" in the sense that that was the agreed-upon definition.
When RMS introduced GPL the idea was to make everyone share their code, and make the world a happy place full of free Software. Dual licensing abuses this sincere intent to induce fear in commercial users and make them pay.
So using a dual-licensing scheme prevents people from considering authors of SSPL the new leaders of the open-source community.
> I consider selling exceptions an acceptable thing for a company to do, and I will suggest it where appropriate as a way to get programs freed.
To a venture capitalist, Open-Source is a marketing strategy. VCs would like to profit from the popularity of Open-Source by inserting themselves in the cash flow. But the cash flows in Open-Source are periphery. And the periphery is a humble position for a VC.
Amazon is accused of using sales data belonging to companies selling products on their platform to help them select 10,000s of products to clone and sell in direct competition to their vendors.
They have copied software hosted on AWS in the past too, whatever proprietary software you're hosting on AWS is hemorrhaging privileged usage data they will happily use against you.
Why does this sales data belong to the companies and not Amazon, if they are using the platform? Is it unethical to copy a product or software in a non-infringing way?
There may be an antitrust argument here, but this data ownership thing seems like a non starter.
it is totally absurd to suggest they're looking through customers S3 data.
I think Americans often ignore the reason behind the EU's deep concerns around privacy and regulation is simply because EU lawmakers have no other power over American corporations. Simply none. The most they can do is excessive financial penalties. They cannot jail Bezos. But what they can do, is impose an absurd financial penalty. Amazon will appeal. It will go to court, and the US State Department will try to help Amazon (an American corporation after all, representing American jobs and American workers) and the penalty will be reduced. The EU public is happy, the EU stuck it to Amazon! But they didn't face any significant consequence for their action, and never will.
If however, this happened in the US, it can get thorny for Amazon. A "lowly" judge in Texas can compel Bezos, the richest man in the world, to appear in court. The implicit threat being that, being in non-compliance would escalate the case until it reached the highest courts, which can compel the Federal Govt. to take action to compel Bezos.
A US judge has that power. No judge in any other country has it. Every other country has no reason to believe Amazon will do as it says. Only some have the power to impose the kind of regulations like GDPR, EU being America's close trading and diplomatic partner.
Amazon did not get where it is by being nice (in fact, this HN post is about that aspect of their behavior). They're rational, they will abide by all laws _where they need to_, including regulations (you can't call in favors all the time). Without regulations, this behavior is incentivized. Even with regulations, there is an ultimate get out of free card if the regulation is non-American.
amazon themselves. risking the entire AWS business to figure out that their retailers are selling lots of shower curtains and they could be undercut by $0.05 is idiocy.
> I think Americans...
i stopped reading there, as it couldn't possibly have anything to do with what i was talking about. hope getting it off your chest made you feel better.
Ironically, if you had actually read the post you might have understood that it does.
They could do the same through widely sold advertising metrics.
At the risk of being accused of whataboutism, _everyone_ does this.
The big-box stores go direct to China, often to the same factories that their intermediates were using. Walmart doubled-down on a direct-to-factory approach starting in 2010, moving from 20% to 80% direct with cost savings of 5-15%.
Your grocery store sells private-labelled goods. This market is expected to reach $220 billion by 2020.
The weakening of established brands has enabled large merchants to leverage sales data to drive product lines that provide good/better/best options to the consumer. The fact that Amazon started to sell their own products shouldn't have been a surprise to anyone in the industry. Ten years ago the complaint from brands was "big box stores are killing us", now it's "Amazon is killing us".
Pointing out that Bezos is the world's richest man and claiming he's exploiting people is a tired ad hominem attack.
If you want to make an argument of Amazon revenue and growth, fine. If you think their shares are not as divided as other companies and that makes them exploitative, I am not sure what your argument is.
It takes open-source code produced by others, runs it as a commercial service and gives nothing back to the commercial entity that produces and maintains the open source, thereby intercepting the monetization of the open source.
It forks projects and forcibly wrestles control away from the commercial entity that produces and maintains the open-source projects, as it did in the case of Elasticsearch.
It hijacks open-source APIs and places them on top of its own proprietary solutions, thereby siphoning off customers from the open-source project to its own proprietary solution, as it did with the MongoDB APIs.
Check, check, check. Remember RMS' screed? "Only the writing of software should be paid for, the using of it is an inherent right of everyone and should not make any remuneration requirements on the user."
Back when he wrote that he was mad because companiies wrote code and charged big fees just to use it. He felt that was unfair. But now the shoe is on the other foot, and big companies are just "users" they aren't writing the software, so why should they pay for it? And while RMS was happy to have an architect use CAD software that someone else paid to have written, to design the houses that they sold for big bucks to their own clients, I don't think he thought it all the way through.
The missing bit here is that the "using of software" has a value. Whether you are using a better C compiler than your competitors so your compiled code runs faster than theirs, or you are using a distributed database to offer a scaled up database service that is impractical for an individual to equip and maintain. The whole reason people paid for software in the first place is because it accelerated the value they could create. And when that delta in value, that was worth significant money to them. Still is. That is why electronic CAD software still gets big bucks from its users, the same with packages like Adobe studio.
And guess what? When you use someone's software, and you are getting additional value that is accruing to you, if you didn't pay anything to the person who created it and maintains it, they feel cheated. Surprised? I am not.
When the software manufacturers of old found people that used their software without paying for it, they called them Pirates, and Crooks, and all manner of ill names. They turned to technology, and licensing legalize, to create ways they could pursue those people to make them pay. Not unlike the folks at Redis changing their licenses to make it harder for people like Amazon to "pirate" their software. It would be funny if it wasn't so sad.
There is nothing "free" about Free Software as RMS envisions it, it is just a structural way for the users of the software to rip off the people who wrote it by capturing all of the value gained by using that software to develop or provide a product or service.
It has always been true that software vendors were often extortionate in their pricing while escaping all liability by disclaiming the software did anything. If you fixed that problem, then we will be in a much better place.
[EDIT] The same goes for WINE and the various Windows APIs.
Is it generally good to forbid making compatible implementations of APIs?