As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
I'd like to see some recognition from this crowd of the "free-ride competition" problem as this author puts it. What Herman is doing is a service to us all, and we should find a term (better than 'source-available', which is cold and doesn't capture community projects accurately) that people can promote themselves under without much weeping and gnashing of teeth.
EDIT from a comment in a thread way down, that summarises my point:
I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software. In fact, having no safeguard against large organisations making money this way is actually hugely detrimental to the mission by enabling these companies to ensnare unsuspecting users in a web of both their own proprietary software as well as all that free and open source software has to offer.
> the stance of the 'Open Source' crowd
The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
The proliferation of "give everything away for free" MIT/BSD/Apache licenses seems to me to have been an intentional campaign by corporate interests to undermine free software ideals
> The proliferation of "give everything away for free" MIT/BSD/Apache licenses seems to me to have been an intentional campaign by corporate interests to undermine free software ideals
As a counterpoint, when I make something open source, I really mean "freedom", which includes the freedom to build a commercial service using the software. I use the MIT license not because of "corporate interests to undermine free software ideals", but because I really want the software to be free as in freedom.
GPL, GPLv3, AGPL and similar license actually restrict the freedom to do anything you want with the software. I'm not saying there is anything wrong with it, just that "free software ideals" could mean different things to different people, and there might not be any "corporate interests".
The GPL is meant to be viral... it infects other projects so as to open up software ecosystems. The open source movement came out of a time when nearly everything was proprietary and locked up.
Tivo-ization really woke up a lot of people to the dangers of proprietary lock in and abuse. https://en.wikipedia.org/wiki/Tivoization
> The GPL is meant to be viral
But that also makes people not wanna bother with it. People in the middle who doesn't care either way will be very apprehensive of putting in a license virus in their project.
But the point others make is, this type of libertarian free is wide open to the Embrace, Extend, Extinguish strategy. A very successful, repeatable business strategy to own supposedly "open" domains. There's a reason people have debated freedom to and freedom from for centuries. This is the core conundrum/challenge of freedom.
GPL style licenses provide some guarantee you're investing in an ecosystem that is resistant to EEE. Freedom from takeover in exchange for freedom to make any arbitrary business venture. It's a choice, but to conflate libertarian freedom as the only form of freedom is narrow and ignores this centuries old unsettled debate.
Corporate interests != GPL is not on the cards
Amazon offers lots of AGPL software, and they fully respect the license in all cases. Ultimately the GPL is about protecting users' rights at the expense of developers' rights. So as long as AWS can offer a better/cheaper managed version of a software service, while still giving the users all details on how to run the same service if they chose to, then the AGPL is completely achieving its aims, even if the original company goes out of business.
Agreed. The AGPL does not care at all about those writing the code. It is all about users.
The AGPL makes it so those users can be the same ones as the ones writing code.
> protecting users' rights at the expense of developers' rights.
Protecting the user's right to compete with the developer is not sustainable.
Protecting the user's right to run the software for free on their own or in their company so long as they don't resell it is perfectly salient and should be enough for anyone. That's really all the freedom a user needs.
If you're asking for more, it's because you want to take the developer's business. That's 100% unfair.
The hyperscalers aren't giving back 1/1,000,000th of what they've taken. Yet we go after "source available" or "fair source" like it's some grave evil.
Where is there opportunity left for software outside of the major trillion dollar companies if we don't start giving developers the benefit of profiting on their work?
I make a point to cheer on every fair source, source available, or open core project I see. It's the sustainable path forward. We shouldn't be taking from each other - we should be finding out how to take back from the hyperscalers.
This is a very business-centric viewpoint. I publish a small number of open-source libraries. They are not a business. I have no interest in making them a business. In fact, the idea of making them a business is repellent. They're just code for doing some tasks more easily than starting from scratch.
I made some of them because I needed them, and had no reason to own them. I made some because I thought another library was poorly designed and I could demonstrate a better way. I didn't make any because I wanted money or recognition. I don't care who uses them, or how. It is literally impossible for a user to do anything with any of them that harms me.
I am deeply suspicious of any world view that declares it bad when people use code I have released for free. I released it so people would use it. Good for them!
To be clear: I am not talking this kind of open source.
Rather, full-time commitment to software of scale. Software that does have business use cases. Software where outages can cost money.
All software meets this criteria to someone
> Protecting the user's right to compete with the developer is not sustainable.
It's only unsustainable when you are interested in keeping "user" and "developer" as distinct sets.
> The hyperscalers aren't giving back 1/1,000,000th of what they've taken. Yet we go after "source available" or "fair source" like it's some grave evil.
No we are going after it when people try to pass it off as open source when it really isn't.
I like open source because it means I'm not beholden to the original developer in any way as long as I pay it forward. I'm OK if this means you can't find a profitable business model.
I can't comprehend this view at all.
I hate open source purism. It's not pragmatic and it's enabled us to be resold a world with ever disappearing rights.
This view is okay with hyperscalers. But it attacks the small developer.
The hyperscalers are removing our freedoms and privacy. Not small developers.
We need leverage against this.
Strongly agree with the view you're responding to. So maybe I can talk about it.
There's just tons of software that you expect people to re-host. Yunohost has a massive catalog of free and open source software that is specifically designed to be spun up in a matter of minutes on open source VMs. To do what you're suggesting for those pieces of software would destroy the ecosystem entirely. The goal is to have multiple providers that are interchangeable that can host the software you need. So if one provider goes down, you can switch.
Meanwhile, MBAs that wanted to make money on their open source software decided that a good way to do that was to host services in charge for them. I agree, but the challenge here is what do you do when Amazon decides to take your software and also make it available to host?
And that's the moment where people abandon free software because it's inconvenient for that particular business model. The bug is not in free software. The bug is in the business model of the companies wanting to claim that they're peddling open source software, while not actually doing so: they want to have a monopoly on providing that software as a service. I understand why, but it's not good for the customer.
A real example that's getting a little long in the tooth, but back in the mid-2010s, I wanted to buy elasticsearch for a geographic search for my startup, and turns out that elasticsearch hosting, which I preferred, didn't actually offer CPU intensive instances suitable for geo-hashing. And I ended up having to switch over to Amazon to get the kinds of memory and CPU allocations that were best for our use case.
I get that you're concerned about the sustainability of these businesses, but introducing a monopoly on hosting has other downsides.
> Protecting the user's right to run the software for free on their own or in their company so long as they don't resell it
One company uses the software internally to create more value for a customer of theirs.
A second company uses the software internally to provide a paid service to a customer.
A third company resells software they bought to their customer.
The end result is the same: Company makes money, customer exhanges money for value. Somehow only one or two of those use cases would be legal.
Open source means surrendering your monopoly over commercial exploitation:
https://drewdevault.com/2021/01/20/FOSS-is-to-surrender-your...
The hyperscalers are contributors to FOSS, both in code contributions and funding. They could easily far better though.
> Protecting the user's right to compete with the developer is not sustainable.
I agree with you, actually - but Richard Stallman and the Free Software movement more generally really don't. They exactly and explicitly believe this right exists and should ideally be a legal right, and the AGPL quite explicitly maintains this right.
Ultimately the Free Software movement is predicated on the concept that ideas can't be owned. They generally oppose both copyright and patents, and not just for software. Their licenses are meant as a stop gap solution. Ideally to them, or at least to some of the more die-hard members, laws would be changed such that what the GPL grants would not be a license predicated on copyright, but instead a legal requirement for all software, while copyright would be entirely abolished.
In addition to their general opposition to copyright and patents, Free Software people also view software as having a special role in terms of privacy and control - that, even more so than books and other copyrightable works, you have a right to know what the software in your house and business is doing, and to modify and fix it if it's doing something you don't like. This is related to privacy rights on one hand, and also anti-monopoly, right to repair concepts on the other hand.
This is all very different from the Open Source movement, even though they basically use the same kinds of licenses. The OpenSource movement is more of an industry group that believes competing on building much foundational software is a waste of resources. Instead, they believe the best way to build this foundational software is in collaboration with other commercial or non-commercial entities, building it in the open such that all may benefit from contributions and add their own contributions. However, the Open Source movement is completely fine with, and even expects, then making a proprietary product on top of this open source base.
To them copyleft licenses are a tool to make sure others don't keep their improvements for themselves, but have the downside of making it harder to build your proprietary stuff on top. Conversely, software that takes your contributions but then doesn't allow you to use it in commercial offerings is completely unacceptable, since the whole goal of the movement is for different companies to build a common infra on which they can then build their own commercial products.
Ultimately, both the Free Software and the Open Source movements will agree that a core part of open source is that anyone should be able to compete on delivering the original software, even if for entirely different ideological reasons.
As I recall, Open Source was about developers collaborating to make better software. It was a pro-developer philosophy vs the Free Software movement which was all about the rights of users (and developer hostile in my view). GPL and its children are from the Free Software Tradition.
Open Source provides the same “4 freedoms” as Free Software so most Open Source licenses qualify as Free Software as well.
If the goal is developer collaboration, permissive licenses are often the best choice. If you want maximum user entitlement, copyleft licenses limit developer freedom in exchange for a guarantee that future code will also be released as free software.
Cloud hosting was a challenge that did not exist when either philosophy first emerged.
With hosting, you are able to become the preferred source for software without adding much value to the code itself. This is what the author is complaining about.
The AGPL tries to address this in the GPL family but I don’t think it quite gets there. For permissive licenses, we see these “no hosting” exceptions.
If you read the early writings from the Free Software Foundation, they do not care if devs can make a living. The goal is user freedom. I think it is this philosophy that objects to the hosting exceptions.
Perhaps a better solution will be found in the future.
I often think the solution is to move away from crafting a perfect ideology to encapsulate in your license, and just throw out some numbers. If you make more than N* the median income of this or that place, you can't use this software for free (whether that means licensing fees, code contribution, etc can vary). Let the smaller fish grow. If they get big enough, they can give back.
How would that ever be enforced? Do you not run into WinRAR/Sublime problem of "ey you've been using this, pay us, please"?
>The original stance of the open source crowd.....
>The proliferation of "give everything away for free" MIT/BSD/Apache licenses...
Interesting how the world have changed. The so called GPL preference, or GPL > GPLv3 > AGPL among Open source crowd is a recent thing. Arguably in the last 15 to 20 years. Both BSD and MIT dates back before GPL. And you will see far more people prefer BSD and MIT in the 90s and 00s.
I have also long argued that the license preference among generation has somewhat a linkage to political shift in spectrum. Likely to do with Tech, now known as Big tech taking advantage. And it used to be very cool if your OSS project get used by a big company, until it is not.
> And it used to be very cool if your OSS project get used by a big company, until it is not.
Working for big companies used to cool, but now they are just all EvilCorps.
I think the companies themselves changed. Google used to be much less evil.
> Interesting how the world have changed. The so called GPL preference, or GPL > GPLv3 > AGPL among Open source crowd is a recent thing. Arguably in the last 15 to 20 years. Both BSD and MIT dates back before GPL. And you will see far more people prefer BSD and MIT in the 90s and 00s.
Back when I was getting started in the mid-90s, GPL and LGPL were kind of the default. BSD and MIT were used for certain projects, like the BSDs and X11 of course, but the goal back then was to build up a large library of open source (then, "free software") as viable alternatives to proprietary software, and the GPL was the easiest way to do that and ensure it remained free.
It was the rise of Rails, and the attracting of commercial programmers and startup bros to open source in the '00s, that motivated the historical preference for BSD and MIT licenses.
As a BSD developer from the 90s, that does not reflect my experience.
We wanted our code to be as widely used as possible. It’s really not any more complicated than that.
There was always tension between the folks that shipped GPL software and folks that shipped BSD/MIT software, but the dividing line was not whether or not we were “commercial programmers and startup bros”.
It has always come down to questions of what we believe freedom to mean, how we wanted to contribute utility to the world, and whether we saw the use of our software in commercial projects as a loss to ourselves in a zero sum game.
The rise of “software as a service” has changed that calculus for some, and disadvantaged those that sought to build commercial service entities around their open source software. In the areas that I work, it’s made no material difference.
As for Ruby on Rails, I think it’s outsized presence on hacker news might have given you an inaccurate picture of its influence on the broader open source ecosystem.
> There was always tension between the folks that shipped GPL software and folks that shipped BSD/MIT software, but the dividing line was not whether or not we were “commercial programmers and startup bros”.
> It has always come down to questions of what we believe freedom to mean, how we wanted to contribute utility to the world, and whether we saw the use of our software in commercial projects as a loss to ourselves in a zero sum game.
I remember the shitstorm Zed Shaw caused when he built something on top of MIT/BSD-licensed libraries and released it under GPL. "B-but that's against the spirit of the license!" people said.
> It has always come down to questions of what we believe freedom to mean, how we wanted to contribute utility to the world, and whether we saw the use of our software in commercial projects as a loss to ourselves in a zero sum game.
Very well put! I personally believe that "freedom" must include the freedom to do anything you want with the software, even close off your fork if you choose. And I do not believe that a commercial project using my software harms anyone at all, as my project is still there, still available for all. Accordingly, I have always believed in and used permissive licenses. It has nothing to do with corporate profits, and I find it vexing that people make that bad faith assumption in discussions such as this.
Yep. This tinfoil conspiracy theory about these licenses being a scheme by VC backed startups is insane. Only a relative newbie to the scene could fall for that narrative. If you've been on the scene for 15-20 years, you know this is just the ethos, and these various licenses arose out of specific needs, but not opposing ideologies.
> And it used to be very cool if your OSS project get used by a big company, until it is not.
Yup. Open source advocates would brag about adoption in enterprise. They would incessantly argue about how safe open source is compared to close source and would constantly complain about stupid managers not allowing open source.
Not all of them, but that stance was predominant when I was younger.
> The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
Not wanting to further widen the schism but wasn't that the free software people rather than the open source people? cf [0], particularly the "not as strict" part.
> In the late 1990's Eric Raymond and others developed the term "open source" as a more business friendly term than "free software", with a more inclusive meaning where licenses that were not as strict about the passing on of modifications would also quality for the term.
[0] https://www.freeopensourcesoftware.org/index.php?title=Eric_...
No, open source was definitely more leaning toward the GPLv2 than the BSD-style licenses.
…until businesses decided that the GPLv2 was legally risky and businesses started to avoid it.
Software businesses. Other businesses do not care.
This is FUD. Some businesses may have a policy of not using GPL software, but all the major enterprises, including Microsoft and Apple, use GPL software.
My comment wasn’t written with enough precision.
Using GPL software: yes. Totally fine. The rise of Linux and all that jazz.
Incorporating any part of GPL software _into_ other products? Pretty much doesn’t happen. Every company I’ve ever worked for has said “do not bring LGPL or GPL software into the codebase.” When it comes to commercial software, be it cloud based, or downloadable, you’re not going to find much that tries to incorporate GPL stuff. You just won’t.
As someone in the MIT/BSD/Apache camp, no, for me it has nothing to do with corporate interests. When I release code for free I'm doing it altruistically, and to me MIT/BSD/Apache has the most impact as it can be used in the most places now and into the future.
> The proliferation of "give everything away for free" MIT/BSD/Apache licenses seems to me to have been an intentional campaign by corporate interests to undermine free software ideals
Is it not because corporations started funding open source projects in a big way (multiple billions of dollars a year big), and they fund projects that have licenses that they can use in their commercial projects.
To me that's a sign of the success of Open Source rather than the opposite.
> The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
Expanding on this, the Free Software movement always focused on freedom for users - which, in a world where copyright applies to computer programs, ultimately leads to the licenses you listed to repurpose it.
The Open Source movement usually tries to advocate for open-source as the best development model. As in, writing it in the open and contributing with other people will result in objectively better software in the long term. Others treated it (when the term was coined) as a marketing term for Free Software, making it more palatable to businesses whose people running it don't want to talk about ethics too much.
https://www.gnu.org/philosophy/open-source-misses-the-point....
The original stance of open source is to cater to "free-riding" businesses. That's like, why the term "open source" even exists. You're thinking of the "free software" crowd.
The MIT and BSD licenses predated the GPL. People have a choice as to which ethic to follow ... it's not the result of a corporate conspiracy. (And I'm a social democrat, not a corporate simp.)
I'm not so clear the choice was made consciously. There's a big swing away from the GPL and towards MIT/BSD around the time that Apple starts adopting a bunch of open-source projects for inclusion in MacOS X, and it accelerates when various big companies announced that they would be forbidding GPLv3 adoption. Fast forward to the cloud provider era, and basically no new software is being placed under the GPL (at least in part because Amazon/Google/Facebook/etc are predicating contributions on being GPL-free)
The problem with GPL was "tainting." It was never clear in what cases you could use GPL without it dragging all your code into being freely available. LGPL was supposed to help with that; AGPL made it even worse. The lawyers were terribly confused and recommended you just not use anything with "GPL" in the license.
The reason why MIT/BSD licenses flourished is that they were easy to understand. As long as you didn't sue the original author or try to claim the code was written by you, you were free to do almost anything with it, including mixing it in with other for-profit code.
Whether that's an abomination or a blessing depends on your corporate vs. free software politics.
GPL also gets incredibly ambiguous when it's applied to anything that isn't software written in a language like C for a personal computer. (What does "linking" even mean with respect to a Javascript library, for instance?)
It's only unclear if you are trying to skirt the spirit of the GPL.
People who aren't trying to get freebies from he commons without paying back never had a problem with the GPL.
Just think about the goals of the GPL (software freedom for users), and its easy to see what you should do. Make it practical for a user to obtain and modify the source form (non-minified, non-transpiled, non-concatenated TypeScript/JavaScript/etc) of the library, build the version ran by the web browser, and replace the original with their modified version. Source maps can make part of that easier too. Progressive enhancement helps. Clean frontend/backend separation helps.
The "goals" of the license are irrelevant. What matters from a legal perspective is the text of the license, and every time that text sets legal conditions which reference specific technologies like "linking", "object code", or "interface definition files" which don't apply to all programming languages, a lawyer's blood pressure rises.
Intent is relevant in law, especially when text is insufficient to determine a clear meaning.
> For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work.
So I think it would cover pretty much any JS library usage, except maybe if you just drop in a widget and don’t interact with it in any way.
Exactly. I was building a WASM lib using Emscripten and this was the exact question I could not answer
(All personal opinion, etc.)
I'm not actually sure what a better way to square the circle of not making the large entities that have developed a weird patronage relationship with open source projects run away while also avoiding the kinds of problem that the GPLv3 and AGPL are hoping to deal with, would be. Limiting the virality scope might be beneficial there, but I'm not sure how you would word that in a way that's not gameable.
It feels like we've wound up in a weird position where because so many GPLv2 projects moved to GPLv3, companies were startled into paying attention to the risks involved in a new license with open questions about how it would shake out in actual courts, as well as being jolted to the very real possibility it could happen again, and took the path of risk reduction by moving toward platforms where that couldn't happen.
You might compare it to everyone pointing to Solaris's source closing as a reason to not trust Oracle about MySQL's license remaining GPLv2. (As it turned out, so far, they haven't changed the license, but there was certainly a lot of fearmongering about that at the time.)
So I think I agree that it's not so much a coordinated effort to steer anything as the direct effects of companies avoiding funding that space, as well as the knock-on effect that anyone whose goals involve large companies using their product and leveraging that avoids picking a license that precludes that in turn.
The creation of those licenses, maybe. Their mass popularization, and the pooh-poohing of GPL licenses that often goes with it in related discussions, is much more recent.
> The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
s/open source/free software/
None of those licenses prevent Amazon-style freeloading though.
Amazon isn't freeloading anymore than users hosting the software themselves. They are providing a service and getting paid for that. This is only a problem for the original creator because they would rather get paid for the service himself but that desired vendor lock in was never something compatible with an open source license that ensures user freedom.
Most people have no problem with non-open source software. The gnashing of teeth comes in when projects like Terraform become successful specifically because they're open source, and then the maintainer changes to a closed source license that would have prevented the project from being successful in the first place.
Doubly so when they relicense outside contributors' work with a closed source license because those contributors signed a CLA.
Quite a few people commenting here are having problems with it in the case of Bearblog though, including some pretty wild accusations.
And lets be real here: https://github.com/HermanMartinus/bearblog/graphs/contributo...
Looking at the details of that, the only two (small) substantial code changes from other people are "User can delete their own account" from 2020, and "Use cloudflare online dns api to perform domain check" from 2021.
If we are real, it's also quite clear that contributions are not accepted at least from 2023. And the Readme talked about the project not meant to be self-hosted in the past.
I have no horse in the race, just think that maybe this project is not a good measure of contributions.
> Quite a few people commenting here are having problems with it in the case of Bearblog though, including some pretty wild accusations.
That's why I said "most people" (of which I think HN commenters are not a representative sample) rather than "nobody" :)
The trick is not to get attached to a project name. `Terraform` is a trademark of IBM (previously Hashicorp). Terraform used to refer to an open-source IaC project, but now it doesn't. OpenTofu, https://opentofu.org, is probably the most accurate name for the continuation of that open-source project.
This is of course the correct way to proceed as an affected user but does not mean the bait and switch cannot be criticized.
Sounds like we need a "forever open source" license.
A commitment that any significant derivative retain the original (or some later version) of the original license.
"Free to do whatever as long as it retains this license. A commitment that this license will not change, even by the original author".
No special cases, just a blanket license for all derivatives.
If it exists, what are the barriers to adoption? Why don't we all use it?
> A commitment that this license will not change, even by the original author
Unless you’re entering into a contract with the project maintainer (which you’re not, if you’re just downloading or using it) then such a commitment means nothing.
Applying an open source license to your work means you’ve licensed other people to use it under those terms.
You can make all the commitments you want in the license, but it doesn’t actually commit you to keeping all future work open source as well under the law.
So you could write this license and make the commitment, but if you changed your mind later and decided not to open source future commits to the project that you made then nobody could stop you. Not unless you had entered into a contractual agreement with them and exchanged some consideration (money).
I’d suggest the GPL family without a CLA as an approximation of that intent.
> If it exists, what are the barriers to adoption? Why don't we all use it?
My theory is that people in general don’t care that much, or (particularly in the case of corporations) consider permissive licenses to be ”freer” than copyleft.
I'm really not a lawyer, but I'm skeptical that such a thing is even possible; is it legally possible to say that you as the copyright owner will never relicense something?
(What I'm given to understand does work is using a copyleft license and taking code from multiple parties without a CLA, because then relicensing requires all the copyright owners to agree, which for a large enough project is impractical.)
> I'm really not a lawyer, but I'm skeptical that such a thing is even possible; is it legally possible to say that you as the copyright owner will never relicense something?
It’s possible to say anything. Without something like a contract with reciprocal commitments to make it binding, the legal effect of saying it is limited (though not necessarily zero, because legal concepts like promissory estoppel exist.)
How about a standard entity "OSI perhaps?!", that commits a file to an early stage of the repository (could this be automated), who then cannot / will not give approval for a relicense?
Relicensing still can be done, just keeping that file out. (and reimplementing it the same but with new code, if it was really needed for something important)
Maybe this makes more sense as a change to trademark law than a license thing. If a name OpenSourceProject has gotten popular due to being open source then I would say it's in the interest of the public to ensure that OpenSourceProject keeps referring to an open source project an isn't misappropriated for something else. It's a kind of bait and switch fraud that I think should be generally illegal. On the other hand I don't see why we should care about the creator not being allowed to re-license his own work as long as no one has been mislead about what they are getting.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
If you aren't interested in open source, that's your option, but open source has had a clear meaning for decades. You can use/write your software and people that believe in open source can use/write open source. What's the problem?
> If you aren't interested in open source, that's your option, but open source has had a clear meaning for decades.
If I’ve learned anything from reading HN comments, it’s that “open source” means different things to different people, including those who believe themselves to have specific knowledge of the history of the topic.
There are half a dozen different claims about the original meaning of “open source” in this comment section alone. They’re coming from people citing history and notable figures from open source past.
Yeah, and all but one of those claims is incorrect.
"Open source" is not just a turn of phrase which became common over time. The phrase was coined by the founders of the Open Source Initiative, and it has always had a very specific meaning: https://en.m.wikipedia.org/wiki/Open_Source_Initiative
People who seem to think that "open source" has a variety of meanings, are probably confusing it for "free software" which does indeed have a variety of meanings (which was the whole reason the phrase "open source" was created - because "free software" was too vague, and they wanted to create a term with a single, specific definition!)
Not at all. There are some people who want open source to mean something else than it does because they want the positive publicity that comes with the term without the commitments to user freedom. Those people should not be given any weight.
Whether they contribute back their changes to their users.
Then you want free software (a subcategory of open source).
Free Software and Open Source have definitions that are both on their face and in practical application by the bodies responsible for each almost entirely identical. Neither is a subset of the other.
If you are concerned about mandating users provide modifications by a similar license to the one they received material under, what you want is copyleft.
That's copyleft, something OSI was basically created to not imply.
People can license their software however they want, but it is worth reflecting on why almost all open source authors go with a permissive license like MIT: because it is basically a "buyer's market." When choosing a database, distributed queue, blogging platform, or whatever, companies usually have a choice of at least several high quality open source options.
If one of those options places restrictions on the users, then those users are probably going to choose one of the other options.
As a result, licensing your project GPL or the like usually means relegating it to obscurity. There are very notable exceptions, including Linux and WordPress, but they are outliers. It's hard to monetize an MIT project, but it is even harder to monetize a project without users.
Whether this is "good" or "bad" is a separate debate (err, usually flame war), but I think many people gloss over that this is a coordination problem and that everyone is acting rationally. For better or worse, software does not seem to be scarce.
> People can license their software however they want, but it is worth reflecting on why almost all open source authors go with a permissive license like MIT: because it is basically a "buyer's market." When choosing a database, distributed queue, blogging platform, or whatever, companies usually have a choice of at least several high quality open source options.
> If one of those options places restrictions on the users, then those users are probably going to choose one of the other options.
First, if someone isn’t paying, he’s not buying. ‘Paying’ should be understood broadly, e.g. code as well as money counts. A company paying dollars really doesn’t care that much about the license — plenty of companies pay for proprietarily-licensed products (even ridiculously limited ones, with dongles and high seat prices). OTOH, a company ‘paying’ with code contributions should prefer the GPL, because it knows that its contributions will never be taken away from it.
Second, the GPL does not restrict users; it restricts developers from restricting users.
The GPL family is the right way for individuals and companies to form a software commons in which all can benefit.
I disagree. It will be harder to monetize MIT licensed projects, because any competitor can just grab and run. With AGPLv3, at least legally the competitor needs to publish their modifications as well. This in turn makes it more likely the competitor will not use your code, or if they do, in accordance with the license, which would be fine, and users of the product you build will mostly not care, because they don't even know what the licenses are about.
Sure, but you're skipping the first part where if you make your project AGPLv3 most users will just choose a different project doing the same thing but with an MIT license.
I agree that if you can somehow achieve widespread adoption with a copy left license (like Linux or Wordpress), then that will be better for you. But IME copyleft licenses are a major hurdle to widespread adoption, so such projects remain obscure.
I'm not saying it is a good thing, but I've never worked at a company where we were allowed to bring in copyleft dependencies (even though everything invariably runs on Linux, which is GPLv2).
If it stays obscure, that isn't necessarily too bad. You respect your users and grant them the freedoms, if they seek them, but if not then that's their choice. It is merely geared against competitors taking and running, making a "better" (moaaar features) closed source version.
None of the limitations of open-source licenses apply to the authors themselves. (author = the person or organization whose name appears in the copyright notice). I.e., you can have a MIT/GPL/AGPL licensed project, but have a "premium" fork/derivation/later-version of it that's completely closed source.
I actually see this as a valuable incentive to open-sourcing under MIT -- if a commercial provider of your software emerges, it will help you test/prove that a commercial market for your software exists, after which point you can completely close-source it and pivot to purely commercial competition.
Open-sourcing, then, is basically baiting the waters to see if anyone sees commercial potential in your work. And the minute that's validated, you get funding and start your company.
Close-sourcing a previously open source project is like a deathwish for that project. Will meet much aversion, and if the project is important, people will fork whatever the last open source version was. Then you usually lost all cards and don't have a business at all.
> It will be harder to monetize MIT licensed projects, because any competitor can just grab and run.
Importantly - any competitor can grab it and modify it to make it easier for them to run at scale and keep those changes closed-source.
Understand your point, but I wouldn't be so sure. People also want to ensure that the software is being supported, the inevitable bugs being worked on, and not abandoned. It is more likely that a commercial project will be supported than a MIT licensed one. So there might not be as many github stars for such project, but on the other hand, as long as it feeds people, it will not disappear.
A MIT licensed project on the other hand, I personally consider like a potential liability more often than not. Not different from any piece of code I could find on stackoverflow. Not something that is serious. Even if it were tied to a big corpo, that would probably become fast unsupported.
Well, many developers publish their code not because they want to specifically make a successful open source project, but because they made something that was useful to themselves, and like the idea behind open source. In that case it makes more sense to do a copyleft license because it will legally require all derivatives to also follow that open source idea.
Yea I think stuff like this is great and will have some impact around the edges. Perhaps particularly in the realm of end-user software, like a window tiling manager.
But once we start talking about the kind of software large corporations (like AWS) will have an interest in, projects have to be successful to be useful. Software requires maintenance so the maintainers need to be able to devote their time to maintaining and improving the project. So this will select for projects that are successful enough that the maintainers can focus on it fully (either because some company hires them to work on their own project, they can charge high consulting fees because of their association with the project, or whatever).
I think "the code" (the thing covered by copyright) in most cases is not as valuable as "the project:" the leadership, the contributors, the users, the norms and practices, the commitment to ongoing maintenance, and so on. So just lots of individuals all putting pieces of their code out there with GPL probably doesn't make a lot of impact (though there is nothing wrong with it), because most users don't want "code" they want a "project" they can rely on.
> once we start talking about the kind of software large corporations (like AWS) will have an interest in
I'm not sure why someone who is spending their limited free time building software to give away for free would want Amazon as a downstream consumer
Do you enjoy spending your nights and weekends dealing with CVE reports, while a high-6-figure BigTech engineer nags you that they need it fixed?
We definitely agree on this point. Different licenses select for different things.
It is an annoying problem to have, but if your goal is to be able to support yourself by working on your open source project full time (not saying this has to be or should be everyone’s goal), then having big tech engineers nagging you is probably a good problem to have.
Honestly haven't seen many open-source maintainers convert a BigTech downstream into recurring revenue. I'm sure it does happen, but its far from the norm
If your project gets adopted by Big Tech then your market rate as an engineer just went way up.
It’s a huge badge of honor and a rare accomplishment. You’re thinking too directly if you can’t imagine how having your OSS project adopted by Big Tech isn’t a career boost.
Maybe in specific fields this is true, but a lot of folks in Big Tech view open source as where developers who couldn't hack the interviews end up (they also hold a pretty similar view of startup engineers, unless they are ex-FAANG)
Maybe it can happen, but ask the people maintaining open source projects long term, how much it helped them pass silly leetcode interviews, which companies insist must be done, even if you have a golden track record.
I know people maintaining open source projects long term and getting FAANG adoption is a dream come true. That’s why I posted it.
I’ve also worked at companies where people who write OSS have been recruited with comp packages that would be hard to get even at FAANG because their OSS work was crucial to the company.
“Google: 90% of our engineers use the software you wrote (Homebrew), but you can’t invert a binary tree on a whiteboard so fuck off.”
https://twitter.com/mxcl/status/608682016205344768
Please see his follow up comments years later where he reflects on the situation and agrees that he should not have been hired at that time.
He posted that in the heat of the moment while angry, but they didn’t literally reject him for a single LeetCode problem. He admits that he was just not at a point where being hired into a FAANG job would have been a good move.
That one Tweet has fueled years of internet rage from people who didn’t get the whole story, though.
> I'm not sure why someone who is spending their limited free time building software to give away for free would want Amazon as a downstream consumer
Are you kidding? This is the dream scenario for many open source projects: Getting adopted by a major company is a claim to fame like none other.
> Do you enjoy spending your nights and weekends dealing with CVE reports, while a high-6-figure BigTech engineer nags you that they need it fixed?
Then don’t? You don’t have to do anything. It’s fine to ignore it you want.
Practically speaking, Amazon engineers aren’t going to sit around and hope the maintainer fixes the thing that unblocks them. If they actually need it, they’ll fix it. They might fork it. They might try to recruit the person.
But nothing obligates you to do anything. This hand-wringing about the idea that someone might find the project useful enough to identify issues and report them is rather ridiculous. Just ignore it if that’s prerogative.
Having been upstream of this problem (I was engineer at Amazon for ~5 years), they will typically not do any of those things.
The amount of paperwork they have to jump through just to send you a patch makes it not worthwhile. They might fork in extremis, but to do that they first have to justify to management that it's worth ongoing effort to support. Hiring a maintainer really only happens for truly foundational projects like the Xen hypervisor.
What they will do is use the public nature of the CVE process to pressure you to patch with the SLA - and that's generally pretty effective. Only a few open source groups (for example, the npm team) have enough public clout to reject CVEs without reputation damage.
AWS doesn't seem to have an issue with using copyleft software.
Which copyleft software does AWS use? Linux, certainly. And MariaDB/MySQL (but also the BSD-like PostgreSQL). I was under the impression that it typically avoids GPL software when there is a BSD- or MIT-licensed alternative.
> In that case it makes more sense to do a copyleft license because it will legally require all derivatives to also follow that open source idea.
That is a matter of opinion. I have put out some open source stuff under the form you mentioned, and it's always BSD or another permissive license. I view it as quite wrong to force my moral choices upon others, so I give others the freedom to use whatever license they like. In my case, that is what makes sense because of my own moral convictions.
> licensing your project GPL or the like usually means relegating it to obscurity
Subjective. Sure if you are talking about percent of market share, but it's a huge market, you don't need to capture even 1% of users to have a viable business.
The vast majority of the GNU ecosystem is GPL. Bash, git, Apache, Gimp, Blender, Libreoffice.
There are also a lot of projects that are dual licensed, allowing commercial software to be charged a fee and non-commercial software to use for free with GPL.
Neither Apache nor LibreOffice is GPL. Apache is permissive whereas LibreOffice is MPL (a sort of middle way between permissive and copyleft).
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source
Isn't this what the AGPL is for? That's an OSI approved "open source" license that places restrictions on people making the software accessible as a network service.
I think the problem that these folks have is that AGPL still allows other people to host the software.
They want to seem altruistic but want to also be the only provider.
GPL would have been a better initial license, and AGPL would have been the next logical step to ensure that changes that hosted services make can come back to the original version.
I'm not entirely sure what they were hoping to get by making an extremely permissive licensed piece of software, but competition doesn't appear to be it.
They care that other people can sell the software, not that other people can use the software, which is why the license they use makes that distinction.
This is a confusing claim. Are you saying the chosen license (<https://github.com/HermanMartinus/bearblog/blob/998e87263248...>) makes the software free to use to offer (e.g. gratis) "hosted or managed service[s]" so long as one does not sell the services? This is trivially confirmed not to be true. It prohibits all use of the software to provide services, not just a prohibition on selling them.
> They want to seem altruistic but want to also be the only provider.
Some people pick the AGPL because the license itself acts like garlic to commons destroying IP vampires and are disappointed that those vampires still found a way to drink their IP milkshake.
Has nothing to do with altruism and everything to do with not wanting to be taken advantage of for free labor and IP by powerful entities that would deny them a glass of water if they were dying from thirst.
Except AWS is not an IP vampire in this case, they are providing a hosting service. There is no conflict between AWS's use and the spirit of the open source license.
The conflict is entirely between the original developer wanting to be the sole service provider and the open source license that lets people host the software themselves. The software as a service business model is the problem here, not AWS hosting.
> They want to seem altruistic but want to also be the only provider.
This is an overly negative take. At the end of the day, they are still providing software and the source code free to use for practically every purpose except directly competing with them.
That's still altruistic while also being sensible in the real world rather than an ideal.
The license disallows use of the software for what it is intended: setting up a multi-user blogging system.
No, the license disallows use of the software for seeing up a multi-user blogging system as a paid service.
You might say, "well wouldn't that be most of what people might want to do with it?" And you might be right, but so what? No one is entitled to build their business on the back of someone else's work, not without their permission anyway.
That certainly makes software like this no longer Free Software. But I'm not religious about it, and maybe that's ok sometimes.
(It also runs afoul of several parts of the OSI Open Source Definition, but maybe that's ok too.)
> No, the license disallows use of the software for seeing up a multi-user blogging system as a paid service
This is incorrect.
https://github.com/HermanMartinus/bearblog/blob/master/LICEN...
> You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality.
It does not make the distinction around a financial transaction.
Not "as a paid service" just "as a service". The license does not allow me to stand up a Bear instance and let people blog on it for free.
Not for practically every purpose. It's a blog platform to be used by services that provide blog hosting, just like his own business does, so any use of it would be directly competing with him. From TFA, he never wanted people to actually use it, just to look at the source code.
I thought so, too, at first. But there's a crucial difference: With the AGPL, Bear's competition can offer the software as as service if they publish the source code they are deploying. With the Bear license, Bear's competition just cannot offer the software as a service. It feels mostly in the spirit of FOSS to me, but Stallman would disagree. He has made it clear that there should be no restrictions on use.
> It feels mostly in the spirit of FOSS to me
From the license at <https://github.com/HermanMartinus/bearblog/blob/998e87263248...>:
"You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality"
Given that the exclusive purpose of the Software in question is to implement a managed service for its users' hosting needs, I'm having trouble understanding how anyone could take the position that this is "mostly in the spirit of FOSS".
The license might as well say, "You just can't use this."
It’s saying that you can use Bear for your own blog, but you can’t launch a service that hosts other people’s blogs using it.
The readme has this to say about hosting your own blog on it:
"Bear Blog has been built as a platform and not as an individual blog generator. It is more like Substack than Hugo. Due to this it isn't possible to individually self-host a Bear Blog."
"It isn't possible" is obviously not true but a plain reading of both that combined with the license would suggest you can't use bear at all for anything.
> It’s saying that you can use Bear for your own blog
Where does it say that?
> Bear's competition just cannot offer the software as a service. It feels mostly in the spirit of FOSS
I don't see how, there is nothing in the spirit of FOSS by doing that.
> With the AGPL, Bear's competition can offer the software as as service if they publish the source code they are deploying.
Technically true, but in practice almost every tech company forbids GPL code. I bet if you re-read your employment contract closely you'll find that you agreed not to introduce any GPL code into the company's codebases.
(Edited for clarity).
This can't possibly be true, since the Linux kernel's code is GPL and approximately every tech company uses Linux.
By "use GPL code" I mean integrate it into a company codebase (which would require the codebase to be licensed as GPL). Edited my original comment to clarify.
Phones contain Linux, TVs contain Linux, cars contain Linux, clouds contain Linux. It is used everywhere.
Companies that follow the law will release their changes to the Linux kernel when they distribute their products to users.
Just using Linux is not enough to say anything built with it is a combined product in the eyes of the GPL, the license is pretty specific about what it considers a derivative work.
For example, you can ship closed source apps and OS on top of Linux so long as you respect the license.
> Companies that follow the law
Those are pretty rare when it comes to the GPL, a lot of hardware companies do not comply with it fully, in some way. Vizio is being made an example of at the moment:
https://sfconservancy.org/copyleft-compliance/vizio.html
Note that this is about source code, not binaries, or nobody would be working with docker (and more.)
Of course a company must forbid copy/paste of GPL code, because that would GPL the codebase and that's hardly what they want. But one should ask the Legal office (and/or other offices) about adding any MIT, BSD or proprietary library: credit must be given (how?), licenses must be available and compatible with the way the software is distributed. There are so many licenses out there, everything should be vetted.
Re: code vs. binaries, it depends on the license. Another commenter has been pointing out that Google forbids any use of AGPL projects, period [1] because its definition of "linking" includes communication over a network.
Of course everything should be vetted, but lawyers have canned advice about common licenses they see often — GPL, MIT, etc.
[1] https://opensource.google/documentation/reference/using/agpl...
I'm self-employed in Germany, and when I was employed, what was in the contract went more in the other direction: it was explicitly allowed to contribute to FOSS projects. Of course, it still would not have been OK to randomly add GPL software to a closed source customer project. If anyone had been stupid (uneducated, really) enough, somebody else on the same project would have noticed.
Yeah, the second sentence is what I meant. This is why I'm writing comments on Hacker News rather than legal contracts :)
I was at a FANG until 2022, and we were allowed to introduce GPL code into the monorepo. There were policies on how to do it correctly, but definitely not prohibited.
(AGPL, however, was nearly impossible to get permission to use)
Companies not wanting GPL code in code bases they want to keep proprietary should not be surprising to anyone. I fail to see how that is relevant to the comment you are replying though.
Some companies subscribe to FUD (aka lawyers covering their ass) and forbid use of AGPL, GPL and sometimes even LGPL software outright even though they allow proprietary sofware that has even more restrictions, but the big elephant in the room that is usually cited for these open source to "proprietary but we still want the publicity of open source" license changes (AWS) is not one of those companies that put fear over profit.
The comment I'm replying to says that the reason companies like Bear choose these licenses over the AGPL is that the AGPL allows other companies to offer competing hosting services. I'm saying that while that's true, in practice most companies will not touch AGPL code.
> With the AGPL, Bear's competition can offer the software as as service if they publish the source code they are deploying
Any examples when AGPL was used successfully by competitors? Typically every company prohibits using this licence.
Why am I silently downvoted?
AGPL doesn't really prevent Amazon from making it an AWS offering unless they want to modify the program and don't want to share the modifications.
Why would I want to stop them making it available as a network service except as a way of circumventing the copyleft by effectively distributing it without actually distributing it (which AIUI the AGPL fixes)? If you want to place restrictions on how people are allowed to use the software then A) I don't see the relevance of AWS as a special case, and B) go ahead but don't imply the "open source crowd" are being unreasonable by not considering it open source.
You'd want to stop them if like in TFA you don't actually want to provide open source software but rather want to sell your software as a service with free marketing from being "open source".
It doesn't in an indirect way. A friend that worked for Amazon about 5 years ago told me they were even allowed to look at AGPL codebases on the clock because the lawyers were so afraid of it.
Another reason is that copyleft licenses are kryptonite in large organizations.
Not a lawyer, but my understanding is there is a strong feeling that AGPL can be roughly ignored if a service provider provides some level of indirection (e.g. a proxy) between the user and the software. Then, the software is somehow not being accessed over a network and thus they are not required to release the source.
I have a strong feeling that speaking to a lawyer might reveal that to be untrue
I have a strong feeling you would be told "we don't know, it's never been tested in court, there's a chance you would win and a chance you would lose on that argument".
Yeah, but lawyers say that about just about everything
Not just a level of indirection. The "substantial features" of the code need to not be directly exposed.
So if you had some AGPL OCR tool you were using, you could use it, but not in a way the user sees that text. Generate audio from it and expose the sound? Probably fine.
My understanding of the theory that they're advocating is that the AGPL requires that when you modify AGPL software you modify it to provide an offer of its source.
And that you can comply with that completely, run the software, and then have a proxy in front that strips that offer without violating the letter of the license.
And if that theory works I think "substantial features" of the code could be directly (but for the indirection of that proxy) exposed.
> What Herman is doing is a service to us all, and we should find a term (better than 'source-available', which is cold and doesn't capture community projects accurately) that people can promote themselves under without much weeping and gnashing of teeth.
People are cold to source-available projects because of their experience of source-available projects. If you want to benefit from the warm reputation that open source has, you need to offer the things that open source offers. If you want to do some novel thing, that's fine, but your novel thing will have to earn its reputation.
Free software ought to not be discriminatory and arbitrarily exclude users. Full stop. Anyone means anyone.
Now, we can agree and talk about unfortunate consequences and possible mitigations.
The AGPL is one possible mitigation: Big corps are usually afraid of it. But they do themselves: the AGPL doesn't forbid them to use the thing.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't...
Freedom 0 is the freedom to run the software for any purpose. You can't deny users this freedom "for their own good", or to spite big corporations, and still be free software.
Subtler issues of power and dependency won't be resolved through licensing alone, and certainly not by compromising on basic software freedom for users.
My issue with "source available" as a term has always been that it basically sounds like a synonym to "open source". It's not clear to me why the place to draw the line for what level of restriction constitutes " would be between what's known as " source available" and "true" open source when the question of "can I read the source code for this or not" seems way more intuitive to me than "can I run a cloud-based software service for this without violating the terms of the license".
From what I can tell, the argument against including stuff that's called source available in the category of open source basically boils down to the OSI definition, but it doesn't seem reasonable to me for an organization to claim exclusive rights to a very generic-sounding term with an intuitive definition that clashes with how they want to define it. If there's a concern over the pollution of their brand, they should be trying to trademark it, and if there's not, the constant backlash against anyone using the term in a way that conflicts with their definition is pretty antisocial. I recognize that this battle is probably already lost, but I'm not sure I'll ever understand why as a community we seem to have been happy to police usage of an unintuitive definition through public pressure just to try to make a point that doesn't seem to have nearly as much consensus behind it as the expectation of uniformity would imply.
The history stems from the term “free” software not being very palatable for marketing. There are 4 tenants to free software. Bear is no longer free software.
All of those statements are reasonable, but they don't really change the point I'm making from what I can tell. Having trouble marketing "free software" doesn't justify anything about how an entirely separate term should be used.
I actually put this in the wrong thread. Disregard, I have no clue where the thread I meant to put that was.
Ah, okay, that makes sense. No worries!
I guess I'm in that crowd, and well, I definitely recognise that! Open source is an important term, and I don't want to see it degraded. I think I'd find it annoying if this blog post was trying to claim Bear was still free software, or open source.
That doesn't mean I think everything has to be open source. Bear is a blogging platform trying to make money and it seems fine to me for it not to be open source.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
You don't get to just redefine terms if you find them inconvenient and people are right to push back against such attempts. If you want something else, put in the work to get mind share for your model instead of trying to catch a free ride by taking over an established one.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source.
This statement is 100% correct. Open means open for everyone. There's a "but they are providing FOSS as a service on a proprietary platform", which seems like the next step on the LGPL-GPL-AGPL stairway of licenses, but SSPL failed to convince anyone it was a necessary freedom:
- MongoDB Inc obviously had no plans to release their own SaaS platform under SSPL
- AWS source code being released wouldn't have benefited anyone other than maybe other major cloud providers
Why use the MIT license when the AGPL is the better choice? I don’t understand why developers choose MIT and or Apache license and then figure out that they now have a competitor cloning their product .
A lot of people are scared of GPL and other copyleft licenses, mostly because of how most big corporations treat GPL.
Also, MIT license in particular is much shorter and easier to understand for a non-lawyer, than most other software licenses.
I suspect that any corporation that prohibit GPL will prohibit BearLicence as well. Those usually have a list of approved licenses.
The weird part is that these companies/individuals will use proprietary software with no qualms of the sort they express for these "source available" licenses.
Because the proprietary software never claimed to be anything but.
Well, Microsoft tried to muddy the waters with "Shared Source". Kind of like Office-Open- wait, Open-Office?-XML.
They also had (for governments) the ability to look at the (supposed) source code.
They couldn't do anything with it (alter or even build iirc), but they could look at it.
https://www.computerworld.com/article/1336859/microsoft-open...
Ha. How times have changed:
> But governments won’t get the ability to alter source code. “This isn’t about developing or supporting customized versions of Windows,” Mundie said. The GSP and other source-code access programs are about “helping build comfort and trust with our key customers on how Windows is deployed, how security is running and how other software is running on top of Windows,” he said.
> Russia’s Federal Agency for Governmental Communication and Information has signed a GSP agreement with Microsoft, and the company says it’s in discussions with about 20 other governments.
What's wrong with "source-available" ?
Open-source normally means there's no use restrictions, but there could be some requirements in order to do so (like attribution).
Free software normally means there's no use restrictions, but modifications can mandate maintaining the modifications also free to use, retaining the same freedoms.
And if you fray from those, you can call it source-available and the specifics of what usage restrictions exist are per-license.
> we should find a term (better than 'source-available' [...])
That term already exists: it's proprietary software.
If you're going to restrict what users can do with their copies of the program, please do not try to label the program as Free Software / open-source.
Maximalism and lack of nuance aren't going to fix the world. Though, neither is lack of thinking things through. I'm not sure how people, including myself, would feel about the situation if the company using a "Bear-like" license was, say, Oracle or Microsoft.
Using the well-established terms according to their intended definitions is surely not maximalism or lack of nuance.
(I have no objections against the “source available” though - it’s a pretty unambiguous and useful term, that isolates one specific property.)
If it's source available like this then it's clearly not a "community project"
If you look at the commit graph, it’s definitely not a community project.
I think it's more like "a project made for the community", not quite "project made by the community", though the former is definitely usually what's implied.
I don't know what the competing forks are, but it definitely doesn't seem like they are from a big megacorp like Amazon.
Agreed. There was similar discussion around "the free and open web" on this thread some days ago: https://news.ycombinator.com/item?id=45066258
I think some people lose sight of the difference between the theoretical possibility of competing forks/implementations/services and the practical possibility. If a big enough organization gets ahold of something and begins to drive it, the fact that it's nominally open source may not be enough to ensure that people have a practical ability to get out from under that organization. In other words you need not just openness of "information" but actual open space to maneuver in the real world of food and money and markets and so on.
In many cases for-profit companies have taken up (or created) open source tools and made use of them in ways that still benefited the community at large. But it's not clear to me that FOSS licenses as we know them actually guarantee that. It doesn't seem unreasonable to me to want to build safeguards against open source software being weaponized or co-opted for unfree purposes.
One thing that's not clear from the Bearblog dev's post is whether he would be open to small-scale "competitors" who share an ethos similar to his own. In theory such competitors could be granted special license exceptions. If I were in his position I could see myself wanting to exclude big companies (and companies that hope to become big) while allowing small operators. The challenge is to create an enforceable license that encodes that, rather than requiring the author to manually approve or deny each request.
The existence of a "winner-takes-all dynamic" suggests a market failure, not a marketplace.
That is exactly the stance. If there are strings attached that means some people can't use it, it's not really open. (GPL has strings attached if you use it, which is bad in a different way)
I don't think anyone has a problem with the non open source licenses themselves. If you start with a closed source license or whatever, that's fine. It is switching from an open source licenses to something that is not.
A lot of the projects that later switched out of open source would have never gotten any traction if they started with the license they ended up with.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
There are factions in open source advocacy, ranging from laissez faire views of freedom to views of freedom as something that needs some limitations to conserve it and prevent abuses/tragedy of the commons/etc.
Transparent Source?
Unfortunately, AWS has invented and legitimized this entirely new class of leeching off of open source work, where they capture the entire economic value of a project by owning the hosting infrastructure; contributing nothing back and forking when the original authors protest. OSS stewards should correct this - in my view disallow cloud vendors beyond a certain size to freeload.
I'd rather those "OSS vendors" would look for a better business model than software as a service.
Having the option for competing service providers (including yourself) is a big advantage of open source.
I've long thought there needs to be some sort of "cooperative source" license. With DAOs and whatnot, there's even the possibility of an automated global common fund for contributing and supporting. There's definitely a big opportunity to rethink things in this arena.
There’s no such thing as a “free ride” on software that is given away freely.
It’s a gift. Once you gift it, it is no longer yours, it belongs to the people to whom you have given it to, to do whatever they wish with.
Why the scare quotes, the first freedom of both Open Source and Free Software is the right to run the software for any purpose. It's not some little unimportant detail. It's arguably the most important property of Open Source.
I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software. In fact, having no safeguard against large organisations making money this way is actually hugely detrimental to the mission by enabling these companies to ensnare unsuspecting users in a web of both their own proprietary software as well as all that free and open source software has to offer.
> enabling these companies to ensnare unsuspecting users in a web of both their own proprietary software as well as all that free and open source software has to offer.
That’s why the AGPL exists.
The base-stealing that comes with the throwing out the term “winner-take-all” is astounding. People claim this all the time on HN without any shred of evidence that it is the case.
The history of technology and markets show this just isn’t true on any significant timescale.
Winner-take-all dynamics of the marketplace need to be regulated away with anti-trust law and funding for startups.
I mean in this specific case we're not talking about AWS or any other large company. We're talking about someone wanting to offer Bear.app hosting in the vein of managed Wordpress. This is good for Open Source. Having multiple commercial entities working off of and invested in the same codebase is exactly what Open Source envisions.
It does take some mental discipline to actually believe in the movement and not view someone using your software to start a business as them "stealing your work." Such a thing doesn't make sense in OSS, you gave it away freely. It's a good thing, the competition is healthy. You don't have to believe, closed-source proprietary software is much easier to run a business off of as evidenced by most businesses operating that way. There's no shame in it. The FOSS folks are the free love "we don't believe in intellectual property mann" hippies of the software world.
I'm not 100% convinced that these licenses actually work. How hard would it be for a BigCo to have an intern to modify the code enough so that it's not an easily detectable violation?
I mean this stuff isn't just theoretical, there have been video games where we only find out they violated the GPL after a major code breach. [1]
[1] https://news.ycombinator.com/item?id=20129285
> we should find a term (better than 'source-available', which is cold and doesn't capture community projects accurately)
it's not copyleft, it's a version of freeware license
> if Amazon can't make it one of their AWS offerings then it isn't true open source
That's because then it isn't. Sorry, but you can't just take terms with an accepted meaning and decide they mean something else, without any conversation or consensus from there people using that term.
The OSI has a specific definition of what "open source" means[0]. Restricting what users of the software can do in this way is in direct opposition to parts of that definition, so no, if you do that, then it is no longer open source.
I'm not saying you aren't entitled to set up your licensing that way. I think it's disgusting when the likes of Amazon decide to take someone's hard work and use their massive oligopolist position to trivially outcompete anything the original author might try to do to make some money.
But that doesn't mean it's open source. I think people need to stop being so afraid to call their software something else. They seem to be really attached to the idea of being an "open source developer", and don't want to drop that moniker even after changing their licensing away from open source.
People also need to stop licensing their software under true OSS licenses, building a community of regular, significant contributors around it, and then changing their licensing (which they can do because they've [IMO shadily] required contributors to reassign copyright). That's a huge bait-and-switch, and people are right to be upset when that happens.
In the case of Bearblog, it seems like the author is really the only significant contributor, so I think what he's doing is totally fine, for the record. Frankly I think he did this the right way: his announcement email is entirely reasonable and sympathetic, and he doesn't try to breathlessly claim that his software is still open source.
[0] https://opensource.org/osd [1]
[1] While I don't love how the OSI folks basically just decided they own the term "open source" and that they get to define it, I think they've been pretty good stewards over time, and having clear-cut definitions of things is a good thing.
> the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source
Exactly! As RMS famously put it[0]:
> It is essential, for the sake of true freedom, that every user - including the humble billionaire overlord who owns a rocket factory - has the unfettered right to run the software we, the noble proletariat of unpaid maintainers, lovingly craft in our basements at 3 a.m. Our highest ethical duty is to empower Jeff Bezos to instantiate yet another Kubernetes cluster that bills government agencies by the millisecond, for freedom means all users, especially those with yachts shaped like smaller yachts. Therefore, to deny Amazon the liberty to exploit our software without a cent of reciprocation would be to shackle the very essence of the Four Freedoms, for Freedom Zero is, and always has been, the sacred right of the richest man alive to squeeze the last drops of value from our volunteer patches while whispering “thank you for your contribution” into the abyss of a PR bot.
On a more serious note:
> I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software.
Now, if said software was intended to run on users machines to actually empower the user, we wouldn't be in this pickle, wouldn't we?
I don't see Amazon freeloading off of GNOME, KDE, LibreOffice, Blender or GIMP.
No, I would argue the root cause of the problems here is that bros want to own their users (saas to the moon) and think open source is the way to do it. I say, fork those people!
As the author of Bear put in this very article:
> I wanted the code to be available for people to learn from, and to make it easily auditable so users could validate claims I have made about the privacy and security of the platform.
>
> Unfortunately over the years there have been cases of people forking the project in the attempt to set up a competing service.
Nowhere here is the intent for users to host the blogs themselves. No, he wants uses to use his service, not his software.
Fair enough, but that shouldn't have been open source in the first place. The author is just rectifying a mistake he made previously.
If the author had actually wanted end users to use his software, he wouldn't care who runs it. Look at Hugo, they're doing alright.
> enabling these companies to ensnare unsuspecting users
Well, to me, as a user, Bear is the company that ensnares me unexpectedly, because it tells me it's running open source but the minute I want to run it myself, oh no, I'm freeloading.
Whenever I see a project that requires a Kubernetes cluster to do something people would have in the past done in 15 files of C, I know they don't care about me as an empowered user in the "free software" sense. They see me as "a user" in a drug-addict sense.
F that.
[0] he never said that, obviously
>What Herman is doing is a service to us all
I don't owe that guy s*it, what are you talking about.
He's actually doing a disservice to the OSS community, as there's now another story of OSS turning non-OSS out of greed, which damages (by a bit, but still) the whole aura that true OSS has built over the past 40 years.
edit: I thought this HN thread was about the Bear app never mind
Bear has no VC investors: https://herman.bearblog.dev/manifesto/
Are there any other maintainers? What happens when Herman Martinez is no longer able or willing to keep it going?
https://herman.bearblog.dev/manifesto/
> This is a morbid topic for me to write about: what happens to Bear if something happens to me? I've got that covered too. There's a detailed succession plan in place, including:
Full documentation of all systems and processes Multiple trusted developers with access to the codebase Clear instructions for maintaining the platform So if I were to be incapacitated in any way, the platform will live on.
https://github.com/HermanMartinus/bearblog/graphs/contributo... paints a different story. Looks more like bus factor 1 + hopium.
edit: I thought this HN thread was about the Bear app never mind
If you read the link you just posted you can see that this person invested in a different product called Bear:
> Its portfolio includes Bear, the Apple Design Award winner notes app, …
No one is, just finish reading the sentence (or start - the op)
> Bear, the Apple Design Award winner notes app
Different Bear. https://bear.app/
Which you could have known by spending five seconds on https://lambdalpha.com, or actually reading your own link which calls Bear an "Apple Design Award winner notes app", which doesn't really sound like the Bear blog.
Stop spreading rampant misinformation.
Rampant? Isn't that a pretty extreme response to a mistaken link?
Well, it's edited now, but previously it contained strong accusations, and doubled down even stronger after someone else pointed out they're wrong.
Wait, you’re saying open source shouldn’t exist just to be free labor for billion dollar companies and hustlers? Or to dump free product on the market to make it impossible to compete with said billion dollar companies?
Perhaps a better term would be “limited use open source”
The source is ajar.
That's not open source then.
closen source?
Peeping source
Let's not bring Meta's imaginary source license to violate privacy and Mark Zuckerberg into this.