For most venture-backed open source projects, "open source" is and will always be a marketing tactic. It's a way to appeal to developers and beat out close-source competitors in procurement.
Users of these projects should expect something like the Skiff sell to happen -- especially if the project is open core or does not use a truly permissive license.
I think it's possible to run a VC funded company that builds open source products using the open core model in ways that respect user freedoms, is successful for investors, and is not a fly-by-night venture.
The execution needs to be carefully balanced on all fronts, which many companies don't do correctly giving this business model a bad reputation, but I wouldn't refer to it as "always a marketing tactic", or as something inherently wrong with the open core model.
I'd go as far as to say that open core is possibly the best way to monetize open source projects.
I agree but that's beside the concern I'm raising. How do you ensure freedom on the non-free part? The answer is in the question, I'm afraid.
The thing you sell also don't need to be proprietary. I work for an open source company that sells free software [1], support, hosting and consultancy. It specifically rejects doing open core in our business decisions. I'm glad it has worked so far (and has been for 20 years this year).
(coincidentally, CryptPad is one thing the company makes :-))
Volume. Open source is a tactic. Developers will like support and open source stuff they're familiar with. Expressif does this with esp8266 and esp32. Facebook does this with llama.
Sure, but I don't think that taking an absolutist stance on free software is helpful. Not for the company that's able to sustain development on free software because of its proprietary products, nor for the free software itself, which likely wouldn't exist otherwise, nor for the users that ultimately benefit from that software.
When the open core model is implemented correctly, the "core" part of the product should be an entirely standalone piece of software, that aims to be best in its class of products. This is already a win for users. The proprietary components around it should be value-added features that are not critical for the core functionality. E.g. optional plugins, enterprise features and services, etc.
When this is done correctly, commercial users effectively subsidize the free software for everyone else. This is a good thing.
Trying to force companies to be fully open source, and shaming them otherwise, hurts the adoption and spread of free software in the long run. Running a successful company is difficult enough, and running a successful company that builds OSS even more so, so companies that do this right deserve to be praised. Those that don't should obviously be shamed, but the fact that some don't doesn't make this business model wrong. They're just shitty companies.
> When this is done correctly, commercial users effectively subsidize the free software for everyone else. This is a good thing.
I agree. Read my other comments. My company achieves this without open core.
When you believe that free software is the right thing to do, it's only logical to think that commercial users should also be able to enjoy the freedoms of free software.
Free software or not, companies will pay for enterprise features if done right.
Open core is better than nothing but it incentivizes putting interesting / killer features outside the core. And you live from selling proprietary software, that sends a mixed message. "We believe in open source, but [you can't live from it|we don't believe you need your freedoms]"
When you are able to sell free software, any feature you provide is open source, you can sleep on both your ears and the message is strong: "we believe in free software and we respect your rights. We live from it and if you do business with you, that's what you get". There's no tension between the open core and the outside. Other people can contribute to your paid part too and that's amazing (yes, we have this).
Open core is not the only / best way to implement commercial features.
The general public doesn't care about "open source" so marketing a product as "open source" is pointless unless you're marketing it to a purely technical audience. The ability to modify the source code of Linux or to run your own Mastodon server isn't appealing to most people. Most people don't even care that iOS has an App Store monopoly where Apple decides what apps they can and can't put on their iPhone and iPad, at least until Apple bans an app they want.
With venture backed startups, the goal is to sell the company either to a large incumbent or to the public stock market. An IPO is a de-facto sale to large pension funds like Vanguard and Blackrock. Ultimately, their long term goal is going to be maximizing shareholder value not some kind of open source idealism.
In fact, open source often stands in the way of profit so market processes will encourage companies owned by the stock market to go with closed source whenever possible. The most reliable way to keep software open source in the long term is to license it under AGPL or GPL and accept contributions from as many contributors as possible under as many different copyrights as possible. Permissive licenses like MIT and BSD allow companies to use open source for proprietary software without sharing their changes. Even GPL licenses, if the copyrights are all assigned to a single entity, permit that entity to re-license it as proprietary. The more copyright holders, the harder it is to get the necessary permissions or replacement code to re-license.
I'd liken it to car repair. I don't work on my car or fabricate replacement parts, but I can take it to any repair shop I want and the manufacturer can't stop me. And if my car was designed in such a way that I had to take it to the dealer for routine service and repairs, I wouldn't have bought it. None of that is because me, the consumer, knows the ins and outs of car part supply, regulations, or car maintenance. I just take it for granted that I can buy something and expect it to work for awhile and get it fixed when it breaks.
The analog for that in software is open source. The public doesn't need to care. If it's open, anyone can go fix it when the developer stops. Those people aren't average consumers, they're the 3rd party car mechanics.
But it also fits the op's pov that most people don't care. Most people don't care that you have to take Apple device to an Apple authorized service center. We had to get governments to pass laws to deal with that. I suspect we'll have to do it with lots more things as it gets easier and easier to cryptographically lock them down.
As an example, I recently bought some smart light bulbs. They were "Matter compatible" so I thought they'd just work. Turns out, AFAICT, the manufacture ships them in a barely working state, this is so they can force you to download their app, register, and then they'll update something in the bulb that makes it work at full brightness.
I've had an iphone for nearly 15 years, I've never had to take it to a service centre. Local shops are dotted around towns that would replace screens if I broke one, which I guess is the most common problem.
I daresay that's the norm. People don't care that they would theoretically have to take their phone to the apple store because they don't have to.
A car however does need servicing and generally fixing -- you can get a puncture 5 miles after leaving the lot if nothing else, so people are more aware.
Plus, society takes all kinds. If everyone is required to have the expertise of a software developer in order to enjoy the "right" not to be screwed over by closed-source software, other areas will suffer lack of personnel. Healthcare definitely comes to mind.
This is a very similar analogy I use for boomers and it sticks. They are often complaining about how no one fixes things anymore and so when you relate the abstracted software to hardware they actually understand. When they get it, they care too.
> Skiff was presented as open-source, the back-end never was so it was not possible to self-host it. In addition, the type of license used (CC-BY-NC-SA) is meant for artworks and more geared towards showing the code than making the service operable by others.
That’s not open-source, it’s open core. Calling it open-source is a straight-up lie.
True open-source is useful even if a company gets acquired or changes their business model, because 1) the old version stays open-source so you never lose access, and 2) it can be forked and remain updated to compete with the now-proprietary version. Like when Terraform got forked into OpenTofu.
1) should be enough on its own to make nobody care if the company changes the license, but we live in a world where people expect all types of software to have continuous improvements. Still, 2) means there’s a group can ensure the open fork has everything the closed original does, by putting in as much effort as the company. In practice the forks often fall behind and sometimes they die, but it’s for the same reason the companies move away from open-source: it’s harder to make progress without funding, and it’s harder to get funding with open-source.
EDIT: I also get that the term “open-source” is diluted. But my understanding is that it means all of the source (i.e. code) is open (i.e. public). Otherwise, why even call it open-source in the first place? Non-code data like assets, training data, and keys can be private (provided the key isn’t encrypting any code), which lets people sell open-source products; a server can use a key to ensure that clients purchased the product (and a checksum to establish that the client’s source hasn’t been modified), but the server’s code should be open-source (so people can run modified versions locally but must buy the official game to play on the official servers).
I suppose there’s some loophole a group can use to create something under this definition of “open-source” and revoke access to prior versions later (at a minimum they can exclude you from the official servers). But at least I don’t know any occurrence of this ever happening, and it’s certainly a lot harder
and less likely than revoking access to “open core” (which is just, not publicizing the majority of your code, so that even calling it “open” is debatable).
I'd argue its not even open core. Normally open core means a useful product that you can run/host end to end in an open manner, but where some features (normally enterprise features) are closed-source.
Not being able to run the back end at all?! I don't even know what I'd call that...
It does have a place. For example, a password manager browser extension should be open source regardless if the server/platform is. It's nice to be able to audit something that is running on every website you ever visit.
I'm not sure it could even be called open core, that usually implies at least something is open source, but CC-NC violates the open source definition.
(Also technically no CC licence is an open source licence, since they don't require works to release the source code, because they aren't intended for source code)
> (Also technically no CC licence is an open source licence, since they don't require works to release the source code, because they aren't intended for source code)
The MIT and BSD licenses also do not necessarily require the release of source code. It is just that if you license code under those terms and pass it to someone else, then they receive the rights to do a lot of things with the code, including releasing it. I don't think that is much different with the CC licenses (the non-commercial variant is definitely not open source though).
My point is CC licenses don't even require the original author to release the source code, you can technically release software using that license as binaries. So as a license it can be used for both open and closed source software.
It would be rather pointless, other than giving people the right to binary patch and redistribute the file. I'm mostly just splitting hairs because seeing CC licenses used for code annoys me.
The MIT license doesn’t mention source code, just “Software”. I don’t see any reason you couldn’t release a binary under MIT and not release the source code. It seems basically equivalent to CC-BY.
> My point is CC licenses don't even require the original author to release the source code, you can technically release software using that license as binaries.
The same applies to MIT and BSD licenses. That was my point.
> It would be rather pointless
Agreed, but nothing in the license text prohibits it in any way. Even if it did, as the sole author of some code you are not bound by whatever license you pick, even if it was a copyleft license that would require other people to share their modifications.
> Also technically no CC licence is an open source licence, since they don't require works to release the source code, because they aren't intended for source code
I think you're confusing open source with copyleft; ex. BSD style licenses are open source while still allowing proprietary derivatives.
FLOSS wasnt just about "free shit" in the form of programs. It was all about user ownership of their data and how they wish to do things.
These days, closed source is also closed formats. And with cloudshit tie-ins, sometimes even means you never even see your data. It's just <hands waving> in the cloud.
For example, the sooner you migrated from Eagle after the Autodesk acquisition to KiCAD, the better. Sure, KiCAD was less polished, but your data and way you work was completely open. If you stayed with Eagle, well, you bent over and took it.
"In spring 1991 the dongle protection scheme of EAGLE 2.0 had been cracked causing a decline of 30% in sales, while sales for a reduced demo version with a printed manual saw a significant increase.[4] As a consequence in 1992 CadSoft sent thousands of floppy disks containing a new demo of EAGLE 2.6 to potential users, in particular those who had ordered the former demo but had not subsequently bought the full product.[4] The new demo, however, also contained spy code scanning the user's hard disk for illegal copies of EAGLE.[4] If the program found traces of such, it would show a message indicating that the user was entitled to order a free printed manual using the displayed special order code, which, however, was actually a number encoding the evidence found on the user's machine.[4] Users sending in the filled out form would receive a reply from CadSoft's attorneys.[4][33] The act of spying, however, was illegal as well by German law.[4][33]"
Sheesh. I just remember later versions having a pretty astute anti-piracy scheme where newer versions had some kind of blacklist of pirated keys, with the key stored in the binary save file - files produced by a pirated copy couldn't be loaded by a newer version. There were pretty great tools for textual import/export though, so it was relatively easy to work around.
In January 2020, EAGLE 9.5.2 was discontinued as a standalone product and is only licensed to users as a bundled component with an Autodesk Fusion 360 subscription.
In 2023, Autodesk announced that they will no longer sell nor support EAGLE after 7 June 2026.
Sometimes I wonder if there should be some systematic punishment for acquisitions. I can only imagine when company X gets bought by Google, Competitor Y ought to have a big meeting with all its salespeople the next morning on the theme that that they are all going to get rich on commissions.
In general there should be a broad movement that operates on several fronts that sends the message that you can buy the employees, you can buy the code, but you can’t buy the customers, at least not yet.
I've rediscovered cryptpad last year. I thought it was (and was looking for) a client-side encrypted etherpad, but was surprised to see they had added spreadsheets, folders, forms, and everything. It's working towards a full office suite
I wouldn't say it's quite there yet, my mom probably should wait a little to try it out, but if you're a bit geeky and looking for open source, live multiplayer spreadsheets or documents to use with other tech-savvy people, this would be the first thing to check out. With Nextcloud or LibreOffice cloud or whatnot, the server can always access your things. That's almost always fine, but if this exists, why not the privacy by default? I love the idea
> I wouldn't say it's quite there yet, my mom probably should wait a little to try it out
Curious about what features you feel non-technical users might be missing. I've been most successful getting casual, non-technical users to adopt Cryptpad.
It's the power users that use add-ons or need more than what WordPad might offer that begin to grumble in my experience.
It's not so much about features as UX and polish. When I wanted to use the forms for registering for a game event, I sent it to a friend to try out and it crashed the browser on their phone (mobile game, so most users are on phones). Apparently the cryptpad owners couldn't reproduce with the same browser but one crash among n=2 didn't bode well enough to use it for hundreds of players
We did use it for keeping organisational notes, but finding out how to use the sharing folders system took a little trial and error
It's this sort of thing that I want to set the expectations for when sharing it with others. When people go in with a mindset of it being a cool thing with rough edges, and it turns out not to be so rough, that's only more reason to be impressed and stick around. If you go there expecting a fully-fledged Google Docs clone, I think that'll be disappointing and give a feeling of "it's nearly good enough" (and then they leave and forget about it)
Anyway that's my expectation on expectations, I'm happy to hear it's currently already in a state so good that you've converted non-techies :D
To be noted CryptPad comes with its own fork of OnlyOffice, a complete Office suite. Maybe not as complete as MS Office or LibreOffice though. It's not only simple pads (anymore?).
Computers without escape hatches seem destined to become infernal machines. Someday you'll find yourself misaligned with what's happening and you'll be very sad.
This is the same thread we see with iot. It's either a system in your power, that you can work with, or it's a huge risk.
When it started, Mastodon had an existing userbase to communicate with on OStatus, in the existing GNU Social communities, so it could skip the "Who wants to talk to a ghost town?" era of a social media's growth.
Though this prompts us to wonder why GNU Social took off (modestly) but Diaspora didn't.
A different era. Mastodon had plenty of problems of closed networks to show (before it was Twitter, there was the failings of e.g. tumblr and Google+ to point to)
Users of these projects should expect something like the Skiff sell to happen -- especially if the project is open core or does not use a truly permissive license.