The problem is not with open source as a concept and as a craft.
The problem is that people confuse it with making money.
If you are doing open source with the expectation that you will get rich,
then you are in the realm of cognitive dissonance.
There is nothing inherently wrong about donig it that way, but its not
in the spirit of open source.
A lot of "open source startup bros" just think open source is leet cool,
its trendy. But the idea that their hard work will go unpaid is an affront
for them.
Maybe you have a codebase and if it starts geting tractino you have a while
Where the community invests time and expands what the codebase can do.
Then there comes a juncture a semi open source "core" and then premium
(often partially created by the community) becomes closed source and
epxensive.
Yet the same people are happy to use open source platforms, databases,
operating sytems, etc etc ot create their new project yet they never
seem to feel the need to pass the money down the chain of programmers
who hve created everythig they use.
The term "open source" itself explains the problem.
It was originally called free software, which is admittedly confusing in English, but also inconvenient for corporations who wanted to exploit it. Because it's not a huge issue whether free software was libre or gratis, because practically all of it was both libre and gratis. But if you're a company, you like neither the libre nor the gratis.
So it was rebranded to "open source" precisely to market it to businesses.
Missing option: don't grant a license to use your code if you'll be upset that people will use your code. Use something like AGPL or don't grant any license at all. Granting no license means others using your code in any way is copyright infringement, which individuals don't need to care about, but makes it something no business of any significant size will touch.
If its FOSS you also have to convince other contributors to work your choice of license.
The first example in the article is Wordpress whose developers did not get to chose the license because they forked an existing GPL project.
> Granting no license means others using your code in any way is copyright infringement, which individuals don't need to care about, but makes it something no business of any significant size will touch.
How do individuals get your code? How do they install it? Copyright matters to most distribution mechanisms.
A good many small businesses (not just those of significant size) would be reluctant to breach copyright. I think if you want to do that use a license that allows non-commercial use or use by businesses below a certain size.
If you build a business on a fork of someone else's project, you can't really complain. Using GPL was the cost of starting from that base.
Individuals get your code from you or each other. I don't doubt that you'd have easy to use packaging if "Source available + All Rights Reserved + casual piracy" caught on as a copyleft "license"; the *arr software sort of demonstrates that already.
That it only allows people who are not reluctant to break copyright laws to use your software is exactly the point. It's a proper anarchist's copyleft license.
> If you build a business on a fork of someone else's project, you can't really complain. Using GPL was the cost of starting from that base.
I agree - but that is what people like the Wordpress developers are complaining of.
> Individuals get your code from you or each other. I don't doubt that you'd have easy to use packaging if "Source available + All Rights Reserved + casual piracy" caught on as a copyleft "license"; the *arr software sort of demonstrates that already.
I am very cautious about installing things not from either distro repos (on my desktop) or from a known app store (not necessarily the OS developers) on mobile. How would people know that was your intent? If they get the software from each other, how could they verify it did not have malware inserted.
One of the things I like about FOSS is that it can be forked. If the original developer stops working on it (especially if they stop applying security patches), or to take it in a different direction, or if the original developer changes licence for new versions (the equivalent with your idea would be to start enforcing the copyright).
> That it only allows people who are not reluctant to break copyright laws to use your software is exactly the point. It's a proper anarchist's copyleft license.
Its not copyleft. If people get software from each other how do you ensure that the source gets distributed? Or that people know they can get the source and from where?
> If they get the software from each other, how could they verify it did not have malware inserted.
Largely, they don't, just like today's sharing economy. If someone online is giving you something that you can't verify yourself (either because it's a binary or because you don't have the time/ability to understand the source), you rely on trust and reputation. Having a BSD license attached doesn't change this.
If you're cautious about installing software directly from its author or from a repository of unlicensed software, then don't do it.
My suggestion is to still release the source, so anyone can fork such a project under the same terms they had: any use is piracy.
If the author feels someone is abusing the system/trying to restrict user freedoms by distributing only a binary, and the abuser is large enough to warrant it, they can sue them, just like with GPL. But there are no possible loopholes (c.f. tivoization) because there was never a license to distribute the software under any conditions.
> If someone online is giving you something that you can't verify yourself (either because it's a binary or because you don't have the time/ability to understand the source), you rely on trust and reputation. Having a BSD license attached doesn't change this.
I only need to trust a few sources though. It is very different from getting lots of software from lots of different people.
> My suggestion is to still release the source, so anyone can fork such a project under the same terms they had: any use is piracy.
No they cannot. If someone forks the project the original author can sue them for breach of copyright. Forks can only exist at the whim of the original author. Of course you could give people permission to fork - this is called "giving them a license".
I also wonder whether the courts might hold you have implicitly given a license by making the software a free download, or if you have made it public that this is what you have lost your right to sue (maybe something like equitable estoppel would apply). I would say it is almost certain to happen at least in some jurisdictions.
> If the author feels someone is abusing the system/trying to restrict user freedoms by distributing only a binary, and the abuser is large enough to warrant it, they can sue them, just like with GPL.
The author can also sue anyone else who is redistributing. How do we know that the author will do so?
Essentially this gives the original author complete power over the project. You are to have complete trust in the author. You have to have this trust without them ever giving you any permission (because that would constitute a license).
What is the author waits until people are dependant on the software and then decides to demand license fees, or just gets greedy and sues for breach of copyright?
> I only need to trust a few sources though. It is very different from getting lots of software from lots of different people.
So then use a curated repository that contains or links (e.g. a source-based distro that uses content-addressed p2p distribution) such software, or don't. Just like today.
> If someone forks the project the original author can sue them for breach of copyright.
Assuming they know who the fork author is. Also, why is this a concern of the original author? They decided to share their work, you have it now, and you can decide what you're going to do with it. Everyone knows there's a large ecosystem of anonymous sharing of copyrighted material if you want to do that (or you can pseudonymously share by signing your fork and anonymously distributing it).
It seems incredibly unlikely that an organization could successfully argue they had an implicit license to use something however they want when there's an explicit notice that they do not. e.g. if the NY Times publishes an article on their site, you do not have the right to copy it. This is true in Berne Convention countries even if there is no copyright notice. Metallica can have the most pirated CD on the planet, but no court is going to say a TV show can use it now. Big orgs (the people the author doesn't want to freeload) know this, and they're not going to take such a stupid risk. Individuals, on the other hand, know that no one will ever find out that they copied it, so they can do whatever they want.
> What is the author waits until people are dependant on the software and then decides to demand license fees, or just gets greedy and sues for breach of copyright?
Not relevant to individuals. I could be "dependent" on a pirated copy of Photoshop and Adobe could never possibly know. This only matters for "freeloading" organizations, and the whole discussion is around preventing that, so mission accomplished.
Does it matter whether something adheres to OSI's definition if you just want to participate in a sharing economy, but don't like the idea of some large org "abusing" that sharing? Whether something is Open Source is primarily a concern of large organizations and lawyers. If the source is freely available, it is in practice usable and modifiable by any person regardless of what the law says.
You actually meant "in theory" since in practice you will get found out misusing the licensed software sooner or later, if you are exposed to any scrutiny.
Unless your thing isn't used at all, making the point moot.
In practice, people are not exposed to any scrutiny. Tons of people pirate operating systems, image/video editors, CAD software, games, etc. without any issue. It's only large organizations that have that exposure. This is doubly true if you publish the source code to a program you wrote with an "all rights reserved" notice (i.e. you're not really trying to prevent individuals from using your work). If an individual used your program, you'll never know. If a large organization is freeloading off of you, and you learn of it, and you don't like it, then you can go after them. They have no defense because you explicitly told them they may not use it.
- The anchoring principal. Once you have set the that the software is free, humans expect it to be free forever and all related things are judged off the initial impressions' price bucket. Humans will never want to pay for it later. It's judged worthless.
Open-core and closed-source addons and support models have misaligned principles. The community wants things to be easy to use and opinionated, while the OSS company wants to include as many customers as possible who need or want your help with their niche choices.
- Sustainability is awful. If you start an open source project you're either going to burn yourself and the community out, or require funding to do it as a day job. So, if you want the project not to stop early, you need money to pay for developers to make software better.
- Larger companies want something opinionated but rarely what's good for most of the community. So eventually when big tech/big industry is paying for developers to work on the project, there's a point where the large company will want their cake and the community is hostage. Do that enough times and the large company forks internally and the community fractures or withers out.
Source: I was at Cloudera while the Big Data craze took off. Then, I did open source for large tech.
Hey Elliott, long time .
I think the key issue is with the assumption that anything beyond the license will happen. Any assumption that there's another (moral?) contract is wrong. If the OSS is free, then the product can't be the OSS. Any unaligned incentives can put the community in conflict which is something that was common in the Apache ecosystem. So the problem is not with OSS itself, but the sustainability assumptions around some OSS efforts.
I agree the contract should be clear up front. Changing expectations later is a big problem. People want to give away the software for a while, using it as a loss leader to get attention while not being honest about their later need for money to fund the ongoing concern.
I was starting Batteries Included and had been writing it in Elixir. I want to give back to the community, show how to use Phoenix/Live view, and be transparent about what users are running, etc. However, I also know that if this will work long-term, I can not give it away to everyone forever. So it's better to be honest about things as early as possible.
We paid a very smart lawyer to draft the best compromise we could as early as possible.
This means we can develop in the open here: https://github.com/batteries-included/batteries-included while also giving it away long term and still being honest that this will require some long-term revenue stream. That revenue stream will come from the companies using it on larger installs.
> Humans will never want to pay for it later. It's judged worthless.
The latter sentence absolutely does not follow from the first. To illustrate with an example: Is Linux (the kernel, or any GNU/Linux distribution) worthless?
Plus, we should also remember that most people who use non-gratis software, don't pay for it; they just copy it. The most common examples are probably Microsoft Windows and Office.
Linux powers just about every major datacenter in there world. Every ML model was trained on Linux. However if you tried to make a company as powerful and successful as Microsoft you would fail.
Red Hat is the only company that has really made a living off of Linux. Even then, their contracts are orders of magnitudes less than the exact same customers will be paying Microsoft.
Linux is successful and remarkable and every company sees the value in having it around. So there's a shared mutual need. However, that doesn't mean that anyone can make it into more than barely scraping by as a going business.
When MS rolls up, they say we are charging for your usage of the MS database, Office, Outlook, Microsoft Windows 11, and the security promises. They are explicit that developing with and on Microsoft allows you access to the ecosystem. So the total bill is high, but part of that bill is a gateway into everyone else using Office, Outlook, Excel, Visual Studio, or SharePoint. The world runs on Excel and MS enterprise sales know that. They are negotiating a contract for one-of-a-kind software and access to the world of MS.
Redhat rolls up saying we want to charge you. They don't get to say that if you don't pay, the company will lose access to the software or the ecosystem. They don't get to say they are gatekeepers to other Linux users. Redhat can't claim to be giving the database or the development environment; everyone thinks they are free. If you stop paying Redhat, you probably can find an almost package for package compatible alternative in a rolling release (source: watched that happen multiple times CentOS, et al). So instead Redhat sells a contract for service, support, and indemnity. Those are great products and Red Hat will continue for a long time. They will just have very different staying power when contracts are renewed. They will have very different revenue growth.
It's not how I want it to be, just how I see it.
Source: Worked at MS and have friends who are former Redhat.
Unfortunate other fact is because RedHat is a bigger brand, its developers hold undue sway in the community and have a tendency to offload work onto others, while also resisting suggestions and particular contributions.
Happens every time they mess with a critical system and change a standard.
RedHat can be said to have foisted GNOME and systemd upon us. They don't have control, but their sway has been enough to put us in this pair of holes and we're far from getting out of them.
> Humans will never want to pay for it later. It's judged worthless.
I see classic business issue, people usually resistant to price grow and classic example to begin with free product, then ask to pay even small amount.
And unfortunately, world is constantly changing, and in large number of cases, inputs become more expensive (for example with inflation) and business have to somehow compensate costs and in many cases this just means raise price (or change something free to paid).
So most businesses constantly deal with this issue.
It's a bit confusing to see maintainers of software with permissive licensing getting upset about companies using their software. Does this happen because they didn't really think about the license and its implications when they chose it? The potential of "our software is extremely valuable and used by massive corporations who give nothing back" was too remote to properly consider?
Maybe most of the projects where this is occurring are a bit older, and new projects are thinking carefully about the license from the outset.
Licenses often are not respected by business. Businesses also tend to demand free support in perpetuity without ever once contributing anything be it money or code.
Viewed this way, businesses are just using open source as free labor.
I'm out over my skis a bit on this one, but out of curiosity (and having never experienced it), what sort of leverage does a business have demanding free support from contributors that are under no obligation to provide it? Those seem to be easy emails to ignore, personally.
That is true. Maintainers don't owe them anything, most of the licenses say this and express no-warranty or guarantees. But its more about, people feel obligated to provide support for their open sourced projects even though that technically isn't required. More of a human nature/psychology thing.
Furthermore, you are dealing with someone (maintainer) who is giving their time for free to further the project so corps can use it to build stuff. Who better for a corporation to make unrecompensed demands from? They already demonstrate willingness to work for free.
Not sure where you are trying to go with this, but pretty much everything with an embedded CPU runs some form of Linux, alongside nearly each and every cloud server in existence. Countless lines of code are compiled with GCC and linked to the GNU libc every second. The GPL is as inextricable from our modern information society as blood is from our bodies.
GPL libraries are for building GPL software. Where I work this is not really a concern since we won't sell the software. AGPL could be a deal breaker for some of our business cases. Neither is a concern for internal applications that are private to the organization.
Sigh. Obviously, you don't need to avoid it in cases where it doesn't apply in the first place... The point I was trying to make is that businesses do take the GPL seriously - where it applies - and don't just ignore it.
Open-Source is in Crisis because Open Source is the corporate spin on Free Software in order to make money, which as many have pointed out, isn't a great fit. It cpuld work, but as an exception.
On the other hand, actual Free Software as in GPL are in no crisis at all. I'll smirk everytime i see such news and it warms my heart. I know, i'm a bad person.
This is laughable. Like, yes, free software is better and open source is a capitalist spin.
But these problems still impact free software. AWS can still exploit the labor of free software engineers and profit while not giving those devs any support.
If you make your software freely available to everyone, it seems to follow you do not expect compensation for the software you offered freely to everyone.
I do a little - a couple Docker images (mostly someone else's software), a couple utilities, a font, small contributions to projects for solving problems I experienced. I don't expect compensation for any of that - it's a hobby. I have a day job and I use some of that software in it, and, at least until we arrive at a post-scarcity economy, that's what will pay my bills.
I don't think that follows are all, actually. I might give something away and say, "support my patreon" or "buy me a beer" or "contribute back" or "pay for support".
You might expect that any arbitrary person might not compensate you, but still expect compensation.
Giving away your work doesn't mean you don't value your labor.
Open source is a system of prefect logic built on the foundation of a few flawed assumptions.
- Money doesn't matter
- Contributors are benevolent and altruistic
- Commercial interests can't/won't game the process
- Support and security is someone else's responsibility
- Building useful and viable software is a fun hobby
- All software should and will eventually be Open Source
You'd have to ask though, if the whole premise is so flawed, how come it has been the dramatic success it has been? There is nothing like this anywhere else in society.
The only thing coming close might academic publishing (science) and this hints to what propels open source: openness, sharing knowledge is insanely productive, it creates enormous leverage to build on each others effort.
Clearly so far we have not found ways to fairly attribute that benefit to make the whole phenomenon easily self-financing. But its not clear it cannot be done.
I am a soccer coach for kids (my own included) in my free time. In a lot of ways it is the same as working on FOSS software. You don't get anything for it, but you get to work with other people and it is pretty fun interacting with the kids. And even if one of the kids becomes a pro you won't get any compensation for your work as well :)
> There is nothing like this anywhere else in society.
Though they are rare, they exist. The Osho cult comes to mind , Rajneeshpuram Commune became a self-sustained community that attracted thousands of followers and they worked for free. This is related to ideology when it aligns with what people want and it is sustainable, people have no problem offering their work for free. And of course someone comes along and takes advantage of it all.
The big difference is that open source is no longer an isolated community - the whole world is built on open source software.
I agree though that sharing and caring is not as uncommon as some people would like to pretend. Another example of it are all kinds of online communities sharing anything from memes to cat pictures to mods to instructions how to do all kinnds of things to direct help. Some of this is drifting more and more to being monetized (see most YouTube channels) but there is still a huge amount of people sharing with others without a profit motive.
It's not a matter of finding ways to reward people that positively contribute society, it's a matter of convincing those in power to implement them - and those people largely overlap with those benefitting from the current model.
You need to explain the billions of lines of open source code.
> It's not possible to prove that something can't be done.
This is just sophistry. Many "business models" are being tried, granted none seems to be failproof but it suggests there is a space to explore.
We are talking about a process that is barely two decades old. The familiarity and safety of paid work with fiat money, contracts, private investment and all that, its all based on inventions that came about to solve similar frictions in the past.
You could say that Free software is built on a different set of assumptions:
- Money is not all that matters
- People will write software for themselves and their friends, and will not deny it to the public out of spite/greed. Companies might, but licensing can mitigate this.
- Commercial interests might game some of the process, but not its core
- Support and security is my responsibilty, your responsibility, everyone's responsibility
- Building useful and viable software is sometimes fun, sometimes necessary, sometimes profitable
- Most software people use should and will eventually be Free - lire and gratis
> Building useful and viable software is a fun hobby
It is!
It's a lot like community theatre. A lot of people who maybe thought they'd be major movie star when they took drama in high school end up in reality working boring jobs but producing for the love the art and the dream stuff that is much better than it has any right to be.
Will it ever be as good the professional stuff with large budgets? Rarely. But it is good and remarkable how far it's come.
I have mountains of open source projects and over the years I have discovered mostly though accident that it is being used without attribution or any communication in numerous projects. It's also copied and stolen outright by other open source projects.
There's very little recognition for successful projects either: Interviewers still want ridiculous take home tests and other nonsense despite 100s of thousands of lines of code in numerous languages.
Open source is a psy op for companies and individuals that excel at marketing more than actual programming.
Someone creates a cool app, a fortune 500 company takes it, makes billions and gives nothing back. That is the issue, there are many examples.
Look at OpenSSL, the timezone database issues a few years ago. The developers were pretty much close to being homeless. An issue occurred and companies paniced, did the give, no. I do not know what happened to OpenSSL, but I think some "foundation" took it over and the original developer(s) still got nothing.
OpenSSH is another example, IBM gives 0 to it, but it is used in AIX and Red Hat. Of all companies, Microsoft does donates some $ to OpenSSH.
With Cloud Applications, this is getting worse fast.
The real issue is people selecting a license that says something while actually wanting something else.
You either develop open source because someone pays for it (in which case it's an ordinary business transaction) or because you find it inherently rewarding and you have another way of paying your bills. If any of these stops being true – if the business fails, if the hobby / volunteer project stops being rewarding, or if you need more time for a normal job – you abandon the project. Maybe someone else picks it up or maybe nobody does, but it doesn't matter.
The traditional permissive licenses are named after universities, and they are modeled after the reward structures of the academia. A big company taking what you created and making billions with it (without giving you anything) is exactly the outcome you hoped for. You'll have some real-world impact to show the next time your performance is evaluated.
If that's not what you wanted, you need to select a more appropriate license for your project.
Read the paper, and did not see evidence presented of there being a _crisis_. Certainly, commercial companies not contributing back is a _problem_, but what is it that's about to collapse?
PS - Writing this from the perspective a FOSS developer and maintainer who feels under-appreciated and is not compensated for maintenance work of (in my biased opinion) somewhat-important code.
We could easily support government grants to Open Source developers and companies without needing to increase taxes. It should already be part of the NSF grant process that funds a large number of universities, who's research is also given away for public use (most of the time). Sure, you'd have to fill out lots of forms and be at the mercy of the bureaucratic grant submission system, but that process already has mechanisms for managing IP and leaving ownership with the grantee. Despite its frustrations, it is already a much healthier way of developing IP compared to the VC-supported route.
Open source shouldn't be a complete free lunch for for-profit companies. It would be nice if there was some tithe that companies had to pay to open source that they used. Like, take N% of the revenue your project generated and distribute it equally among the open source projects your project depends on.
Licenses are a solution to this. You can stipulate that if your code is being used for profit by a company with more than 1000 employees, then you need to pay a certain amount into it.
I wouldn't frame it this way in a vacuum, but the organizing philosophy of open source is precisely to be a free lunch. Meta doesn't pay me when they use my projects, but they also don't charge me when I use React. Introducing mandatory monetary compensation would produce a lot of thorny coordination problems.
The free software movement makes it work with in-kind code contributions, of course, but that's a cost most commercial users are unwilling to pay.
And then the software would never be widely adopted.
FOSS is what it is and the dynamics around it haven't really changed.
What has changed is people wanting the rapid adoption rate possible from being FOSS without actually... being FOSS. I'm sorry, I have zero sympathy. If you want your product to be a paid product, just charge for it. What's that? No one would try it? Just give a free trial. What's that? Not enough people would use it for there to be this large community of people providing help, and tutorials, and addons/extensions/plugins, etc.?
The freeloaders are the people releasing their software as FOSS, using the community to get big, and then wanting to change their minds about it.
Ha! Best laugh of the day. You went out of your way to cater to bigcorps by avoiding free software licenses like the plague then complain that they're mistreating you by not paying you?
Soon they'll start wearing suits and spout buzzwords.
So many for-profit corporations depend utterly on non-profit open source. They'll feel the bite if open source is negatively affected in the coming years.
My goodness. Didn't we see the results of the "Code of Conduct" wars? There was a "crisis" of "toxicity" that had to be fixed. What resulted? Endless drama from meddling management types. They couldn't write a line of code to save their lives, but want to take over the projects to serve their social goals.
> Whitacre suggests “three levers to pull to solve the open-source sustainability crisis and quit burning out maintainers.” These three levers revolve around commercialization, taxation, and social validation.
Rofl. You want to know how to cause a real crisis in the open source world? Involve government, taxes, and "social validation" systems.
Edit: Oh, by the way. Once you start receiving tax money, you become dependent on it. And then the government effectively gains control over your project. "Develop this, or we cut off your funding."
I would say that "Codes of Conduct" _are_ a crisis, and exacerbated toxicity... as you put it, "endless drama".
As for involving government in FOSS - many of the universities and institutions where software was written, shared and exchanged in the 1960s and 1970s were "government" or government-funded. DARPA is government, UC Berkeley is a state university, etc. So government was very much involved.
Otherwise, I agree that the article does not establish a crisis.
But isn't the EU cyber resiliency act about requiring companies to provide guarantees on their software?
Open source projects alone cannot provide those, but it seems like something a secondary organization could provide ala a 'pay us a fee, and we will provide a legal guarantee' on software quality + liability insurance.
The only way that those liability organizations could provide those type of guarantees is by being associated with the project/updates, and ideally use the money they get from liability fees to cover developer pay?
The act was modified to ensure that it wouldn't kill non-commercial open source.
But if you try to monetize, you have a lot more responsibility. That is reasonable, but on the other hand, with burnout and other issues surrounding unpaid work... How sustainable is open source without any sort of monetization?
The author is missing the point. This is trademark battle, not a licensing one. OSS is not in more trouble than it ever was. Software is, but that's a different problem.
The assumption that you're going to make something open source and get all the benefits of open source distribution while assuming that you're going to make money on it because you deserve it, while others don't is wrong.
If you have any assumptions about how and to whom your software will make money. Put them in the license.
Unfortunately, inflation and the cost of living are killing the idea of free software. It's hard to program anything when your stomach is rumbling from hunger.
The problem is not with open source as a concept and as a craft.
The problem is that people confuse it with making money.
If you are doing open source with the expectation that you will get rich, then you are in the realm of cognitive dissonance.
There is nothing inherently wrong about donig it that way, but its not in the spirit of open source.
A lot of "open source startup bros" just think open source is leet cool, its trendy. But the idea that their hard work will go unpaid is an affront for them.
Maybe you have a codebase and if it starts geting tractino you have a while Where the community invests time and expands what the codebase can do. Then there comes a juncture a semi open source "core" and then premium (often partially created by the community) becomes closed source and epxensive.
Yet the same people are happy to use open source platforms, databases, operating sytems, etc etc ot create their new project yet they never seem to feel the need to pass the money down the chain of programmers who hve created everythig they use.
The term "open source" itself explains the problem.
It was originally called free software, which is admittedly confusing in English, but also inconvenient for corporations who wanted to exploit it. Because it's not a huge issue whether free software was libre or gratis, because practically all of it was both libre and gratis. But if you're a company, you like neither the libre nor the gratis.
So it was rebranded to "open source" precisely to market it to businesses.
https://producingoss.com/en/introduction.html#free-vs-open-s...
Missing option: don't grant a license to use your code if you'll be upset that people will use your code. Use something like AGPL or don't grant any license at all. Granting no license means others using your code in any way is copyright infringement, which individuals don't need to care about, but makes it something no business of any significant size will touch.
If its FOSS you also have to convince other contributors to work your choice of license.
The first example in the article is Wordpress whose developers did not get to chose the license because they forked an existing GPL project.
> Granting no license means others using your code in any way is copyright infringement, which individuals don't need to care about, but makes it something no business of any significant size will touch.
How do individuals get your code? How do they install it? Copyright matters to most distribution mechanisms.
A good many small businesses (not just those of significant size) would be reluctant to breach copyright. I think if you want to do that use a license that allows non-commercial use or use by businesses below a certain size.
If you build a business on a fork of someone else's project, you can't really complain. Using GPL was the cost of starting from that base.
Individuals get your code from you or each other. I don't doubt that you'd have easy to use packaging if "Source available + All Rights Reserved + casual piracy" caught on as a copyleft "license"; the *arr software sort of demonstrates that already.
That it only allows people who are not reluctant to break copyright laws to use your software is exactly the point. It's a proper anarchist's copyleft license.
> If you build a business on a fork of someone else's project, you can't really complain. Using GPL was the cost of starting from that base.
I agree - but that is what people like the Wordpress developers are complaining of.
> Individuals get your code from you or each other. I don't doubt that you'd have easy to use packaging if "Source available + All Rights Reserved + casual piracy" caught on as a copyleft "license"; the *arr software sort of demonstrates that already.
I am very cautious about installing things not from either distro repos (on my desktop) or from a known app store (not necessarily the OS developers) on mobile. How would people know that was your intent? If they get the software from each other, how could they verify it did not have malware inserted.
One of the things I like about FOSS is that it can be forked. If the original developer stops working on it (especially if they stop applying security patches), or to take it in a different direction, or if the original developer changes licence for new versions (the equivalent with your idea would be to start enforcing the copyright).
> That it only allows people who are not reluctant to break copyright laws to use your software is exactly the point. It's a proper anarchist's copyleft license.
Its not copyleft. If people get software from each other how do you ensure that the source gets distributed? Or that people know they can get the source and from where?
> If they get the software from each other, how could they verify it did not have malware inserted.
Largely, they don't, just like today's sharing economy. If someone online is giving you something that you can't verify yourself (either because it's a binary or because you don't have the time/ability to understand the source), you rely on trust and reputation. Having a BSD license attached doesn't change this.
If you're cautious about installing software directly from its author or from a repository of unlicensed software, then don't do it.
My suggestion is to still release the source, so anyone can fork such a project under the same terms they had: any use is piracy.
If the author feels someone is abusing the system/trying to restrict user freedoms by distributing only a binary, and the abuser is large enough to warrant it, they can sue them, just like with GPL. But there are no possible loopholes (c.f. tivoization) because there was never a license to distribute the software under any conditions.
> If someone online is giving you something that you can't verify yourself (either because it's a binary or because you don't have the time/ability to understand the source), you rely on trust and reputation. Having a BSD license attached doesn't change this.
I only need to trust a few sources though. It is very different from getting lots of software from lots of different people.
> My suggestion is to still release the source, so anyone can fork such a project under the same terms they had: any use is piracy.
No they cannot. If someone forks the project the original author can sue them for breach of copyright. Forks can only exist at the whim of the original author. Of course you could give people permission to fork - this is called "giving them a license".
I also wonder whether the courts might hold you have implicitly given a license by making the software a free download, or if you have made it public that this is what you have lost your right to sue (maybe something like equitable estoppel would apply). I would say it is almost certain to happen at least in some jurisdictions.
> If the author feels someone is abusing the system/trying to restrict user freedoms by distributing only a binary, and the abuser is large enough to warrant it, they can sue them, just like with GPL.
The author can also sue anyone else who is redistributing. How do we know that the author will do so?
Essentially this gives the original author complete power over the project. You are to have complete trust in the author. You have to have this trust without them ever giving you any permission (because that would constitute a license).
What is the author waits until people are dependant on the software and then decides to demand license fees, or just gets greedy and sues for breach of copyright?
> I only need to trust a few sources though. It is very different from getting lots of software from lots of different people.
So then use a curated repository that contains or links (e.g. a source-based distro that uses content-addressed p2p distribution) such software, or don't. Just like today.
> If someone forks the project the original author can sue them for breach of copyright.
Assuming they know who the fork author is. Also, why is this a concern of the original author? They decided to share their work, you have it now, and you can decide what you're going to do with it. Everyone knows there's a large ecosystem of anonymous sharing of copyrighted material if you want to do that (or you can pseudonymously share by signing your fork and anonymously distributing it).
It seems incredibly unlikely that an organization could successfully argue they had an implicit license to use something however they want when there's an explicit notice that they do not. e.g. if the NY Times publishes an article on their site, you do not have the right to copy it. This is true in Berne Convention countries even if there is no copyright notice. Metallica can have the most pirated CD on the planet, but no court is going to say a TV show can use it now. Big orgs (the people the author doesn't want to freeload) know this, and they're not going to take such a stupid risk. Individuals, on the other hand, know that no one will ever find out that they copied it, so they can do whatever they want.
> What is the author waits until people are dependant on the software and then decides to demand license fees, or just gets greedy and sues for breach of copyright?
Not relevant to individuals. I could be "dependent" on a pirated copy of Photoshop and Adobe could never possibly know. This only matters for "freeloading" organizations, and the whole discussion is around preventing that, so mission accomplished.
> or don't grant any license at all.
It wouldn't be open source then?
Does it matter whether something adheres to OSI's definition if you just want to participate in a sharing economy, but don't like the idea of some large org "abusing" that sharing? Whether something is Open Source is primarily a concern of large organizations and lawyers. If the source is freely available, it is in practice usable and modifiable by any person regardless of what the law says.
You actually meant "in theory" since in practice you will get found out misusing the licensed software sooner or later, if you are exposed to any scrutiny.
Unless your thing isn't used at all, making the point moot.
In practice, people are not exposed to any scrutiny. Tons of people pirate operating systems, image/video editors, CAD software, games, etc. without any issue. It's only large organizations that have that exposure. This is doubly true if you publish the source code to a program you wrote with an "all rights reserved" notice (i.e. you're not really trying to prevent individuals from using your work). If an individual used your program, you'll never know. If a large organization is freeloading off of you, and you learn of it, and you don't like it, then you can go after them. They have no defense because you explicitly told them they may not use it.
Open source has a lot of issues:
- The anchoring principal. Once you have set the that the software is free, humans expect it to be free forever and all related things are judged off the initial impressions' price bucket. Humans will never want to pay for it later. It's judged worthless.
Open-core and closed-source addons and support models have misaligned principles. The community wants things to be easy to use and opinionated, while the OSS company wants to include as many customers as possible who need or want your help with their niche choices.
- Sustainability is awful. If you start an open source project you're either going to burn yourself and the community out, or require funding to do it as a day job. So, if you want the project not to stop early, you need money to pay for developers to make software better.
- Larger companies want something opinionated but rarely what's good for most of the community. So eventually when big tech/big industry is paying for developers to work on the project, there's a point where the large company will want their cake and the community is hostage. Do that enough times and the large company forks internally and the community fractures or withers out.
Source: I was at Cloudera while the Big Data craze took off. Then, I did open source for large tech.
Hey Elliott, long time . I think the key issue is with the assumption that anything beyond the license will happen. Any assumption that there's another (moral?) contract is wrong. If the OSS is free, then the product can't be the OSS. Any unaligned incentives can put the community in conflict which is something that was common in the Apache ecosystem. So the problem is not with OSS itself, but the sustainability assumptions around some OSS efforts.
Hey Cosmin long time!
I agree the contract should be clear up front. Changing expectations later is a big problem. People want to give away the software for a while, using it as a loss leader to get attention while not being honest about their later need for money to fund the ongoing concern.
I tried to write a little bit about that in my post here: https://www.batteriesincl.com/posts/fairsource
I was starting Batteries Included and had been writing it in Elixir. I want to give back to the community, show how to use Phoenix/Live view, and be transparent about what users are running, etc. However, I also know that if this will work long-term, I can not give it away to everyone forever. So it's better to be honest about things as early as possible.
We paid a very smart lawyer to draft the best compromise we could as early as possible.
https://www.batteriesincl.com/LICENSE-1.0
This means we can develop in the open here: https://github.com/batteries-included/batteries-included while also giving it away long term and still being honest that this will require some long-term revenue stream. That revenue stream will come from the companies using it on larger installs.
> Humans will never want to pay for it later. It's judged worthless.
The latter sentence absolutely does not follow from the first. To illustrate with an example: Is Linux (the kernel, or any GNU/Linux distribution) worthless?
Plus, we should also remember that most people who use non-gratis software, don't pay for it; they just copy it. The most common examples are probably Microsoft Windows and Office.
Linux powers just about every major datacenter in there world. Every ML model was trained on Linux. However if you tried to make a company as powerful and successful as Microsoft you would fail.
Red Hat is the only company that has really made a living off of Linux. Even then, their contracts are orders of magnitudes less than the exact same customers will be paying Microsoft.
Linux is successful and remarkable and every company sees the value in having it around. So there's a shared mutual need. However, that doesn't mean that anyone can make it into more than barely scraping by as a going business.
To put this in terms of why.
When MS rolls up, they say we are charging for your usage of the MS database, Office, Outlook, Microsoft Windows 11, and the security promises. They are explicit that developing with and on Microsoft allows you access to the ecosystem. So the total bill is high, but part of that bill is a gateway into everyone else using Office, Outlook, Excel, Visual Studio, or SharePoint. The world runs on Excel and MS enterprise sales know that. They are negotiating a contract for one-of-a-kind software and access to the world of MS.
Redhat rolls up saying we want to charge you. They don't get to say that if you don't pay, the company will lose access to the software or the ecosystem. They don't get to say they are gatekeepers to other Linux users. Redhat can't claim to be giving the database or the development environment; everyone thinks they are free. If you stop paying Redhat, you probably can find an almost package for package compatible alternative in a rolling release (source: watched that happen multiple times CentOS, et al). So instead Redhat sells a contract for service, support, and indemnity. Those are great products and Red Hat will continue for a long time. They will just have very different staying power when contracts are renewed. They will have very different revenue growth.
It's not how I want it to be, just how I see it.
Source: Worked at MS and have friends who are former Redhat.
Unfortunate other fact is because RedHat is a bigger brand, its developers hold undue sway in the community and have a tendency to offload work onto others, while also resisting suggestions and particular contributions.
Happens every time they mess with a critical system and change a standard.
RedHat can be said to have foisted GNOME and systemd upon us. They don't have control, but their sway has been enough to put us in this pair of holes and we're far from getting out of them.
> Humans will never want to pay for it later. It's judged worthless.
I see classic business issue, people usually resistant to price grow and classic example to begin with free product, then ask to pay even small amount.
And unfortunately, world is constantly changing, and in large number of cases, inputs become more expensive (for example with inflation) and business have to somehow compensate costs and in many cases this just means raise price (or change something free to paid).
So most businesses constantly deal with this issue.
Have you talked about this with business analyst?
It's a bit confusing to see maintainers of software with permissive licensing getting upset about companies using their software. Does this happen because they didn't really think about the license and its implications when they chose it? The potential of "our software is extremely valuable and used by massive corporations who give nothing back" was too remote to properly consider?
Maybe most of the projects where this is occurring are a bit older, and new projects are thinking carefully about the license from the outset.
Licenses often are not respected by business. Businesses also tend to demand free support in perpetuity without ever once contributing anything be it money or code.
Viewed this way, businesses are just using open source as free labor.
I'm out over my skis a bit on this one, but out of curiosity (and having never experienced it), what sort of leverage does a business have demanding free support from contributors that are under no obligation to provide it? Those seem to be easy emails to ignore, personally.
That is true. Maintainers don't owe them anything, most of the licenses say this and express no-warranty or guarantees. But its more about, people feel obligated to provide support for their open sourced projects even though that technically isn't required. More of a human nature/psychology thing.
Furthermore, you are dealing with someone (maintainer) who is giving their time for free to further the project so corps can use it to build stuff. Who better for a corporation to make unrecompensed demands from? They already demonstrate willingness to work for free.
The GPL seems to be respected well enough that businesses avoid it like the plague.
Not sure where you are trying to go with this, but pretty much everything with an embedded CPU runs some form of Linux, alongside nearly each and every cloud server in existence. Countless lines of code are compiled with GCC and linked to the GNU libc every second. The GPL is as inextricable from our modern information society as blood is from our bodies.
Sorry, I should have been more clear: I was thinking of GPL libraries.
GPL libraries are for building GPL software. Where I work this is not really a concern since we won't sell the software. AGPL could be a deal breaker for some of our business cases. Neither is a concern for internal applications that are private to the organization.
Sigh. Obviously, you don't need to avoid it in cases where it doesn't apply in the first place... The point I was trying to make is that businesses do take the GPL seriously - where it applies - and don't just ignore it.
Open-Source is in Crisis because Open Source is the corporate spin on Free Software in order to make money, which as many have pointed out, isn't a great fit. It cpuld work, but as an exception.
On the other hand, actual Free Software as in GPL are in no crisis at all. I'll smirk everytime i see such news and it warms my heart. I know, i'm a bad person.
This is laughable. Like, yes, free software is better and open source is a capitalist spin.
But these problems still impact free software. AWS can still exploit the labor of free software engineers and profit while not giving those devs any support.
If you make your software freely available to everyone, it seems to follow you do not expect compensation for the software you offered freely to everyone.
I do a little - a couple Docker images (mostly someone else's software), a couple utilities, a font, small contributions to projects for solving problems I experienced. I don't expect compensation for any of that - it's a hobby. I have a day job and I use some of that software in it, and, at least until we arrive at a post-scarcity economy, that's what will pay my bills.
I don't think that follows are all, actually. I might give something away and say, "support my patreon" or "buy me a beer" or "contribute back" or "pay for support".
You might expect that any arbitrary person might not compensate you, but still expect compensation.
Giving away your work doesn't mean you don't value your labor.
Starting a Patreon might be a good idea.
There is no crisis, only slow learners finally realizing why the (A)GPL exists.
Open source is a system of prefect logic built on the foundation of a few flawed assumptions.
You'd have to ask though, if the whole premise is so flawed, how come it has been the dramatic success it has been? There is nothing like this anywhere else in society.
The only thing coming close might academic publishing (science) and this hints to what propels open source: openness, sharing knowledge is insanely productive, it creates enormous leverage to build on each others effort.
Clearly so far we have not found ways to fairly attribute that benefit to make the whole phenomenon easily self-financing. But its not clear it cannot be done.
I am a soccer coach for kids (my own included) in my free time. In a lot of ways it is the same as working on FOSS software. You don't get anything for it, but you get to work with other people and it is pretty fun interacting with the kids. And even if one of the kids becomes a pro you won't get any compensation for your work as well :)
> There is nothing like this anywhere else in society.
Though they are rare, they exist. The Osho cult comes to mind , Rajneeshpuram Commune became a self-sustained community that attracted thousands of followers and they worked for free. This is related to ideology when it aligns with what people want and it is sustainable, people have no problem offering their work for free. And of course someone comes along and takes advantage of it all.
The big difference is that open source is no longer an isolated community - the whole world is built on open source software.
I agree though that sharing and caring is not as uncommon as some people would like to pretend. Another example of it are all kinds of online communities sharing anything from memes to cat pictures to mods to instructions how to do all kinnds of things to direct help. Some of this is drifting more and more to being monetized (see most YouTube channels) but there is still a huge amount of people sharing with others without a profit motive.
I'm not sure you can call a group most noted for its "Role in 1984 bioterror attack" a success.
But they weren't really working for free, they were working for food and housing, right?
It's not a matter of finding ways to reward people that positively contribute society, it's a matter of convincing those in power to implement them - and those people largely overlap with those benefitting from the current model.
It's anarchism, my friend. Not the purge style anarchism, but the academic Kropotkin "Conquest of Bread" style of anarchism.
And it's existed many times in human history, it just is fairly antagonistic with capitalism, so anarchism is a lot less popular these days.
But it absolutely exists elsewhere in society!
There is nothing like this anywhere else in society.
I wonder why others don't work for free too? Even my 13 year old neighbor expects to get paid for mowing my lawn.
But its not clear it cannot be done.
It's not possible to prove that something can't be done.
> I wonder why others don't work for free too?
You need to explain the billions of lines of open source code.
> It's not possible to prove that something can't be done.
This is just sophistry. Many "business models" are being tried, granted none seems to be failproof but it suggests there is a space to explore.
We are talking about a process that is barely two decades old. The familiarity and safety of paid work with fiat money, contracts, private investment and all that, its all based on inventions that came about to solve similar frictions in the past.
Most of it is building portfolio, or university students projects, thesis.
That is how those millions came to be, outside paying jobs.
Most by volume perhaps but not the projects actually being used.
Those belong into "....outside paying jobs", given that they are powered by big corp money with strings attached.
coders are both artists and artisans, sometimes it’s just beautiful, sometimes it can generate money
You could say that Free software is built on a different set of assumptions:
> Building useful and viable software is a fun hobby
It is!
It's a lot like community theatre. A lot of people who maybe thought they'd be major movie star when they took drama in high school end up in reality working boring jobs but producing for the love the art and the dream stuff that is much better than it has any right to be.
Will it ever be as good the professional stuff with large budgets? Rarely. But it is good and remarkable how far it's come.
I have mountains of open source projects and over the years I have discovered mostly though accident that it is being used without attribution or any communication in numerous projects. It's also copied and stolen outright by other open source projects.
There's very little recognition for successful projects either: Interviewers still want ridiculous take home tests and other nonsense despite 100s of thousands of lines of code in numerous languages.
Open source is a psy op for companies and individuals that excel at marketing more than actual programming.
Someone creates a cool app, a fortune 500 company takes it, makes billions and gives nothing back. That is the issue, there are many examples.
Look at OpenSSL, the timezone database issues a few years ago. The developers were pretty much close to being homeless. An issue occurred and companies paniced, did the give, no. I do not know what happened to OpenSSL, but I think some "foundation" took it over and the original developer(s) still got nothing.
OpenSSH is another example, IBM gives 0 to it, but it is used in AIX and Red Hat. Of all companies, Microsoft does donates some $ to OpenSSH.
With Cloud Applications, this is getting worse fast.
The real issue is people selecting a license that says something while actually wanting something else.
You either develop open source because someone pays for it (in which case it's an ordinary business transaction) or because you find it inherently rewarding and you have another way of paying your bills. If any of these stops being true – if the business fails, if the hobby / volunteer project stops being rewarding, or if you need more time for a normal job – you abandon the project. Maybe someone else picks it up or maybe nobody does, but it doesn't matter.
The traditional permissive licenses are named after universities, and they are modeled after the reward structures of the academia. A big company taking what you created and making billions with it (without giving you anything) is exactly the outcome you hoped for. You'll have some real-world impact to show the next time your performance is evaluated.
If that's not what you wanted, you need to select a more appropriate license for your project.
[dead]
Read the paper, and did not see evidence presented of there being a _crisis_. Certainly, commercial companies not contributing back is a _problem_, but what is it that's about to collapse?
PS - Writing this from the perspective a FOSS developer and maintainer who feels under-appreciated and is not compensated for maintenance work of (in my biased opinion) somewhat-important code.
We could easily support government grants to Open Source developers and companies without needing to increase taxes. It should already be part of the NSF grant process that funds a large number of universities, who's research is also given away for public use (most of the time). Sure, you'd have to fill out lots of forms and be at the mercy of the bureaucratic grant submission system, but that process already has mechanisms for managing IP and leaving ownership with the grantee. Despite its frustrations, it is already a much healthier way of developing IP compared to the VC-supported route.
Open source shouldn't be a complete free lunch for for-profit companies. It would be nice if there was some tithe that companies had to pay to open source that they used. Like, take N% of the revenue your project generated and distribute it equally among the open source projects your project depends on.
Licenses are a solution to this. You can stipulate that if your code is being used for profit by a company with more than 1000 employees, then you need to pay a certain amount into it.
Or just start by offering it under the (A)GPL with the option of dual licensing.
I wouldn't frame it this way in a vacuum, but the organizing philosophy of open source is precisely to be a free lunch. Meta doesn't pay me when they use my projects, but they also don't charge me when I use React. Introducing mandatory monetary compensation would produce a lot of thorny coordination problems.
The free software movement makes it work with in-kind code contributions, of course, but that's a cost most commercial users are unwilling to pay.
And then the software would never be widely adopted.
FOSS is what it is and the dynamics around it haven't really changed.
What has changed is people wanting the rapid adoption rate possible from being FOSS without actually... being FOSS. I'm sorry, I have zero sympathy. If you want your product to be a paid product, just charge for it. What's that? No one would try it? Just give a free trial. What's that? Not enough people would use it for there to be this large community of people providing help, and tutorials, and addons/extensions/plugins, etc.?
The freeloaders are the people releasing their software as FOSS, using the community to get big, and then wanting to change their minds about it.
How are they freeloaders if they haven’t received anything? Indecisive or regretful? Yes, but freloaders?
> Companies can pledge to help out
Ha! Best laugh of the day. You went out of your way to cater to bigcorps by avoiding free software licenses like the plague then complain that they're mistreating you by not paying you?
Soon they'll start wearing suits and spout buzzwords.
So many for-profit corporations depend utterly on non-profit open source. They'll feel the bite if open source is negatively affected in the coming years.
Step 1. Assert there is a crisis.
Step 2. Insert yourself as the solution.
My goodness. Didn't we see the results of the "Code of Conduct" wars? There was a "crisis" of "toxicity" that had to be fixed. What resulted? Endless drama from meddling management types. They couldn't write a line of code to save their lives, but want to take over the projects to serve their social goals.
> Whitacre suggests “three levers to pull to solve the open-source sustainability crisis and quit burning out maintainers.” These three levers revolve around commercialization, taxation, and social validation.
Rofl. You want to know how to cause a real crisis in the open source world? Involve government, taxes, and "social validation" systems.
Edit: Oh, by the way. Once you start receiving tax money, you become dependent on it. And then the government effectively gains control over your project. "Develop this, or we cut off your funding."
I would say that "Codes of Conduct" _are_ a crisis, and exacerbated toxicity... as you put it, "endless drama".
As for involving government in FOSS - many of the universities and institutions where software was written, shared and exchanged in the 1960s and 1970s were "government" or government-funded. DARPA is government, UC Berkeley is a state university, etc. So government was very much involved.
Otherwise, I agree that the article does not establish a crisis.
So I don't really know what I'm talking about...
But isn't the EU cyber resiliency act about requiring companies to provide guarantees on their software?
Open source projects alone cannot provide those, but it seems like something a secondary organization could provide ala a 'pay us a fee, and we will provide a legal guarantee' on software quality + liability insurance.
The only way that those liability organizations could provide those type of guarantees is by being associated with the project/updates, and ideally use the money they get from liability fees to cover developer pay?
The act was modified to ensure that it wouldn't kill non-commercial open source.
But if you try to monetize, you have a lot more responsibility. That is reasonable, but on the other hand, with burnout and other issues surrounding unpaid work... How sustainable is open source without any sort of monetization?
The author is missing the point. This is trademark battle, not a licensing one. OSS is not in more trouble than it ever was. Software is, but that's a different problem.
The assumption that you're going to make something open source and get all the benefits of open source distribution while assuming that you're going to make money on it because you deserve it, while others don't is wrong.
If you have any assumptions about how and to whom your software will make money. Put them in the license.
Unfortunately, inflation and the cost of living are killing the idea of free software. It's hard to program anything when your stomach is rumbling from hunger.
Maybe it can go back to the domain of students and residents of humane societies that provide a safety net. Little of value will be lost.
Typical OSS is a luxury belief.
If it's not supporting a business it typically fails and is being supported by businesses as a proxy.
The core issue is that maintainers have a luxury belief counter to this. OSS is a strategy/tool for companies.
The only exception to that is fundamental software that creates entirely new markets that can sustain it like bitcoin.
That being said there is no crisis, sustainably supported OSS will continue to thrive.