Ideology is great until people need to eat. That’s what revenue is for.
High level, times have changed. Source should be (my two cents, ymmv) about a mutually beneficial partnership between builders and users, not “give it all away for free or you’re not legit.” Users get to understand and extend what they’re running (via source), while the project steward/maintainer/owner can continue to do so.
It is a balance to be maintained in tension, not an equilibrium to be reached.
> Ideology is great until people need to eat. That’s what revenue is for
That sounds like what the GP comment is saying. If someone said "turns out open source doesn't work for our business model" it's hard to argue with. If instead they talk about "evolving open source models" and whatnot, it feels like they want the best of both worlds. It's been happening a lot recently that companies pretend they are "open sourcing" something for the PR but really use a much more restrictive license.
I argue the window is moving as to what “open source” means out of survival. Source available is the new open source, and what young technologists will grow up grinding on. You’ll have folks complain about it during the transition (as happens with any Overton window sort of event), but they’ll move on eventually and a new crop of tech industry will grow up with this as the new normal. Change is inevitable, broadly speaking.
> I argue the window is moving as to what “open source” means
Only if we let it, and stop shouting about it and finding alternatives every time a company does this.
This isn't a new thing; companies have been trying to play "almost open source" games for decades, and they'll continue playing those games as long as it either works or doesn't have sufficiently large penalties for trying. (Much as companies will continue violating copyleft licenses as long as they either get away with it or the penalties for trying are simply an expected part of the risk.)
The best possible response to a company doing this is that someone forks the code, starts or expands a competitor, and the original company's revenue drops massively as a deterrent.
> The best possible response to a company doing this is that someone forks the code, starts or expands a competitor, and the original company's revenue drops massively as a deterrent.
but still manages to suck the air out of the room when you want Elasticsearch because AWS already has the company's billing details and no one wants to figure out paying another provider.
> I argue the window is moving as to what “open source” means out of survival.
I don't think this is happening at all. Open source means the same thing it's always meant. Some people are just retreating from open source. Which is fine, they should be writing Free Software anyway if they want the world to have it, or use proprietary licenses if they don't. Otherwise very wealthy people will live on your back.
I agree. But there are an awful lot of younger devs who really do seem to confuse "open source" with "source available". It's worth educating people about this.
So, I don't think this is a generational thing. I think most people of all ages and generations have mostly just not thought about this. But the reason more people are thinking about it now is that the distribution model has changed on a way that has highlighted an existential weakness with this model.
I lack data, so I cannot say anything broadly. But in the devs that I know, this is 100% a generational thing. It may be different in different circles.
The OSI Open Source Definition and the FSF Free Software Definition are for most practical purposes identical (and most licenses meet both or neither); historically, the Open Source and Free Software communities have somewhat different reasons for preferring the same thing, but the things are the same.
That distinction is what makes copyleft licenses. Free software is just as overarching as open source, see e.g. the FSF's list of free software licenses: https://www.gnu.org/licenses/license-list.html
MIT, BSD, and GPL are all on both OSI’s list of Open Source licenses and the FSF’s list of Free Software licenses.
Yes, the FSF has a general preference that people use copyleft licenses like the GPL, but they recognize that permissive licenses meet the Free Software Definition.
GPL is an open-source license, and MIT-licensed software is free software.
The difference between free software and open-source is a matter of marketing. Open-source is a way of presenting free software to businesses and investors. Free software is an unabashedly political movement, openly concerned first and foremost with the public good. But the licenses themselves and the software itself, those things are identical.
My perspective is more like the parent's. As someone who has grown up along with open source, I've found it surprising recently how up in arms people are about how critical the ability for anyone to commercialize a project is for the definition of open source. To me, I care a lot about whether I can see how software is implemented, and modify it for my own use, but it has never really occurred to me that I need to have the right to commercialize any arbitrary project.
But :shrug: I guess different people care about different things, is what I've realized watching these discussions unfold.
But I do think this purist perspective on open source is just going to result in more Snowflakes and fewer Hashicorps, because why bother with this fight?
> But I do think this purist perspective on open source is just going to result in more Snowflakes and fewer Hashicorps, because why bother with this fight?
Orgs like Hashicorp clearly think they benefit by pretending to be open source.
They could simply stop being disingenuous about their source available proprietary software, and nobody would stop them.
First of all, as is probably clear if you read my comments on this, I personally think it would be better if the definition of "open source" did not exclude this kind of re-sale limitation. I don't think it's intuitive at all that this is required to fit the definition of "open source". It seems to me like a tacked on ideological stance from the gatekeeper of the definition, that isn't present in or implied by the words themselves.
But while that's what I think, it isn't at all the view espoused here by Hashicorp. They aren't claiming this is open source. They are accepting the OSI definition and not claiming their new license falls within it.
They aren't being disingenuous. You're putting words in their mouth, and then getting mad at them about those words they didn't say.
> They aren't being disingenuous. You're putting words in their mouth, and then getting mad at them about those words they didn't say.
No, they say open source needs to evolve, the implication this is an evolution (not devolution) of open source.
Their announcement talks about how they spoke to OSS experts. That's not relevant: the experts would simply have said: that's not open source.
Hashicorp several times say the BSL is permissive. Permissive is a well established term in software licensing. No, the BSL is not. The BSD and MIT and Apache licenses are permissive.
Finally there is this claptrap from their FAQ:
> 17. Does HashiCorp still believe in open source?
>
> Yes. [...]
No, companies keep making services with code I can read and modify for my own use, and people in the community keep bringing this fight to them because they're peeved that other companies can't commercialize that software that they didn't build.
Companies will naturally conclude they should just make proprietary software, which doesn't require a big fight. And I think that's a shame.
The problem is these companies almost universally could not exist without open source software that allowed them to commercialize things. It is impossible for the vast majority of companies to ever "give back" as much to open source as they profit off of it - from the Linux kernel, all the GNU stuff, the nginx or apache webservers hosting webpages and API access, the haproxy load balancers, the corosync/pacemaker they're using to keep things online, etc. etc. etc.
How many of these companies could exist if all these projects underpinning their own swapped to the SSPL, BSL, etc? And I don't mean now - once you reach a certain size, if you have to replace a bunch of dependencies, you have the resources to do it. But when these companies were smaller, would they have been able to create their own implementation of all these dependencies and still get their product to market? Would they have had the resources to commit to all of it? Would they have had the money to pay for non-FOSS options?
How many of these projects would still exist if the community couldn't commercialize them? We're not even talking about whether or not they ultimately end up contributing code back, etc., because it's not like these licenses give you some threshold of code contribution after which you can commercialize it. Sure, the possibility exists of some special private licensing agreement being struck, but that's possible with proprietary code, too.
Source available might sound fine from a personal use perspective, but it ignores the fact that the environment that made all of this possible would not have been possible under that model.
To me, the difference is that these are all building blocks rather than standalone products. I think of these commercial products as making sense for standalone services, rather than libraries and other building blocks.
But also: I think the business model that built all those open source building blocks has always been pretty shitty, relying on a lot of altruistic un- or poorly- compensated work from people. And I think that's bad. But I don't think demanding that companies making useful services also be subjected to a shitty business model is a good solution.
You're welcome! Thanks for continuing the civil discourse :)
But, let's take just apache and nginx as an example: Lots of people offer just webhosting as a service. It's gotten less and less common now, with things like Squarespace, Shopify, Medium, etc. etc. etc., but once upon a time there were tens of thousands of companies that were making all their money by providing storage/compute/networking and a place to upload your HTML files, and then later adding in additional services like PHP and other scripting languages, MySQL for database hosting, etc.
Now, the context here is a bit different here, of course, particularly for Apache httpd. But Nginx has Nginx Plus, MySQL AB would license you a closed-source version or do the usual support/consulting/etc. stuff. But it's not hard to imagine a world where they could have easily said "Hey you know we're experts in running this stuff, we should just run it for people and charge them" - just like we see with a lot of these "open source" companies today.
There was never a general outcry about tons of businesses making money just hosting these open source services, even though the vast majority never contributed financially or otherwise to these open source projects. The only real difference I can see between then and now is simply what path the companies behind the projects, where applicable, have taken to monetize. Would the internet be a better place if MySQL AB moved to offering hosting as a service and put MySQL on the BSL, preventing all of these webhosting companies from having existed? If F5 had done it after acquiring Nginx? Cheap and plentiful webhosting is a big part of what grew the internet so quickly, particularly before the 'Web 2.0' days of social media sites centralizing so much of the traffic on the internet into a handful of places.
> But I don't think demanding that companies making useful services also be subjected to a shitty business model is a good solution.
Well, I'm not demanding a company do anything. I'm just saying that the internet as it exists today, including all of these companies we're talking about, would not exist if earlier on people had made the same choices they are. Open source is not about guaranteeing a viable business model to companies - it doesn't care about your business - it's about ensuring certain freedoms in software. And the internet we're discussing this on exists because of those freedoms it guaranteed.
If you can't build a viable business when abiding by those freedoms for whatever reason, then sure - go build proprietary software. I'm not going to call it or you evil. But I do take issue with a company using open source as a method to gain adoption, additional contributions, mindshare, etc. and then no longer being open source while talking about how they are an "evolution" of it. You're not an evolution of open source if you're removing freedoms.
The window can't move, as there is an official version of what "open source" means, the Open Source Definition, which does not restrict you from reselling stuff.
We've had "source available" for a long time, which means something else.
I don't disagree that people may still use SA software more as time goes by, but I would argue that when possible people will prefer open source controlled by entities that keep it such.
This is not how language works. The phrase "open source" will mean what people think it means. An organization with a lot of credibility and mindshare can affect that meaningfully by maintaining and explaining the official definition from their perspective, but they can never be guaranteed success in convincing people that their definition is what those words will mean forever.
> "open core" has always been a euphemism for "proprietary."
Yes. And in some ways, source available licensing is a nicer model for proprietary software than open core. At least with the former you can actually see all of the code to inspect how it works when something is broken.
Bleh. Every business wants to build on software freedom but they don't really want to see others freely build on their own software.
I agree except I think it's our of short term greed plus arrogance rather than survival. Maybe in some cases that's not true, but when companies like Meta are championing pretend open source, it's not existential for them, it's trying to push for a world where they have more control. Like I said, I don't have a problem with closed source business models, it's the deliberate conflation that's troubling, especially when it's leveraged to get community contributions.
On the other hand, if popular software becomes faux-pen source (I read that somewhere recently) and community members stop contributing, it's a loss too because it means we all become takers on whatever company's terms.
Your almost certainly right about the window shifting, I'm going to keep complaining anyway.
This is what these companies want you to believe, that it's a fait accompli and you just have to accept it. That's not actually reality, and giving up words and communities to people who want to corrupt them is not the right reaction.
That's not true. As the copyright holder they are not bound by the licence that they release it to others under.
The reason AGPL isn't being adopted in these situations is that it doesn't sufficiently protect against someone doing what e.g. AWS repeatedly does - turning open-source projects into services and then dominating the market while continuing to benefit from the upstream project. See the ElasticSearch licence change for a prominent example.
Projects can have a Contributor License Agreement (CLA). It gives the owner of the project a right to republish (or copyright) the contributions. You can't contribute to the project without signing it.
And this is why I think people who love Software Freedom should think twice about signing a CLA for their copyleft licensed contributions. [1]
inbound=outbound license terms is a good norm for FOSS. Why should a software vendor play by different rules than everyone else when it comes to things like copyleft compliance?
This is true. The question to me is: does the party to whom you give the rights and authority subscribe to community-oriented FOSS license compliance principles? [1]
You're free to decide open source isn't working for you. (Well, assuming you're not using any open source software that has decided on viral licenses because that's the payment _they_ expect)
You're not free to decide your source available model is open source and reap the marketing benefits of open source without the costs.
I think these projects should just dual license as AGPL and BPL/EPL.
That way all the "it's not really technically open source" complainers couldn't day that its not technically open source.
It wouldnt substantively change anything of course, but that's somewhat the point. BPL/EPL/SSPL was always fully within the spirit of open source, it just pissed off the same large corporations who also can't stand the AGPL.
One day someone untrustworthy will be in charge of the FSF, and ‘or later’ is suddenly going to be #awkward. Linus made the right call there, for sure.
The FSF is not an autocratic kingdom with a despotic ruler on top. It is a 501(c)(3) foundation, with bylaws and regulations to cover this eventuality.
This was all hashed out years ago in numerous flame wars on Usenet, as I’m sure you know.
I'm not sure if we're agreeing or not to be honest. I'm not sure if you're implying it's a bad thing that people won't contribute to AGPL+CLA (and thereby justifies these more restrictive licenses), or agreeing that people shouldn't contribute to AGPL+CLA (and thereby volunteer their time to the benefit of one specific vendor).
Whether or not someone contributes to something and under what terms is a personal choice. I dont think there is anything wrong with not contributing for any reason at all. Or if you dont like the cla, forking it and not using a cla in your fork.
I view that as a very different question from whether its ethical to advertize something agpl+cla as being open source.
They exist so that you can continue to use hashicorp tools in your business for free and look at/change their source code like you would any other software.
The one restriction is that you can't compete with their hosted services using their software. Which 99% of people who use their software have zero interest in.
The "it's not fair! it's not real open source!" narrative is pumped up by companies like Amazon that feel entitled to use their monopoly power to leech value from these companies by selling paid versions of their products.
No, Open Source has always required that usage be unrestricted (Either Freedom 0 or OSD/DFSG points 5 and 6). Allowing any restrictions on usage tends to get political, as people use the license to push their specific issue, making it much harder to share and use code without issues.
So requiring that anyone that runs your code and tries to publish a paper can only do with your approval (which is a real license that exist) is fine also? Saying "anyone can use this however they want" is much easier to check for that coming up with rules (and licenses) that allow for the BSL but not for the above academic licenses.
Looking at the public data [1], Hashicorp looses money every quarter. At some point they need to stop burning cash because they have yet to figure out how to run a sustainable business.
I don't know enough about their operations to have good suggestions on how to become sustainable. But, I don't like this move. There are many sustainable open source companies. Moving to source available from open source will likely never be a move I like.
Why do you think "open core", which most of those are, is somehow better than BSL?
> pretty much every crypto company in the blockchain/web3 space
The entire "space" has yet to prove to be sustainable. Most of these are hype-driven borderline scams, I would not list them in a _sustainable open source business_ context :)
> Why do you think "open core", which most of those are, is somehow better than BSL?
Firstly, I don't have a problem with BSL. I do think in general it's a bit of a slap in the face to build a business on the backs of volunteer contributors, and then close-source all your codebases which are comprised of their work.
Sure, when people contributed, they signed a CLA which gives Hashicorp the right to relicense the work (which has legitimate uses outside of killing open source, such as giving them the ability to make that software available under other terms in addition to their open source offering)
it gives whiplash to the people who contributed based on that promise.
Actually, I don't even know if this is legal, but even if it is, it's a huge violation of the trust of outside contributors to their software products.
> The entire "space" has yet to prove to be sustainable.
I agree that it's unproven, but this downturn has made apparent that so are the majority of software companies which have not IPOed and shown a sustained profit for 5+ years.
I'd give Uniswap pretty good odds of outliving the majority of YC startups.
> I'd give Uniswap pretty good odds of outliving the majority of YC startups.
The majority of YC startups are definitely not sustainable.
Probably even most of the successful ones are not sustainable, they make empty sustainability promises hoping to get bought by <BIGCORP> and end up on "our amazing journey" lists.
Sorry for veering off-topic there. I agree that re-licensing and BSL/AGPL are muddy-territory and I'm also not sure how to feel about them.
But a surviving project moving to BSL is still clearly better then the company going under and the project ending in limbo.
Even with BSL you can still access the code, audit it, learn from it, fork it to keep your own patches on top and keep up with upstream, etc. Huge value compared to closed source.
> Ideology is great until people need to eat. That’s what revenue is for.
It isn't just the need to eat. There's also the issue of keeping investors happy and their continual drive to maintain growth or earnings at stratospheric levels.
Strict IP laws are the only safe way to do that, and that is why so much software has leveraged them over the years. The internet era felt like an aberration for a while, but things seem to be shifting back to high double digit margins as the only desirable goal.
High level, times have changed. Source should be (my two cents, ymmv) about a mutually beneficial partnership between builders and users, not “give it all away for free or you’re not legit.” Users get to understand and extend what they’re running (via source), while the project steward/maintainer/owner can continue to do so.
It is a balance to be maintained in tension, not an equilibrium to be reached.