[HN Gopher] What's up with these new not-open source licenses? ___________________________________________________________________ What's up with these new not-open source licenses? Author : todsacerdoti Score : 121 points Date : 2021-03-18 15:59 UTC (7 hours ago) (HTM) web link (github.blog) (TXT) w3m dump (github.blog) | donmcronald wrote: | What's up is that large companies started abusing the open source | licenses to benefit themselves at the expense of open source | communities. All it took was one jerk ignoring the spirit of open | source and exploiting open source projects to the maximum extent | that was legal under the old licenses. It's not hard to guess who | it was either. | | It's a good lesson. As soon as one person cheats or violates the | spirit of a system, everyone else has to too or they'll fall | behind. Unethical people ruin everything. | pessimizer wrote: | > the spirit of open source | | This is not a thing that exists. What we have are licenses, not | ghosts. | donmcronald wrote: | The spirit of collaboration and working for a common good | absolutely used to exist. Many of the internet's core | protocols were built with the spirit of cooperation weren't | they? | | Think about email and the value it adds to the world. Would | we ever get the protocols needed to create email if we | started right now today? Not a chance. | | IMO the previous generation(s) of tech people were way better | than what we have today. They were interested in and | enthusiastic about building awesome tech / products. Today | the only thing anyone with influence is interested in | building is a company that can IPO and make them a | billionaire. | pessimizer wrote: | > The spirit of collaboration and working for a common good | absolutely used to exist. | | That currently still exists. It has nothing in particular | to do with software, though. People collaborate, academics | collaborate. Are you telling me that massive corporations | were part of this back in the _good old days,_ just helping | people for the fun of it? | stonesweep wrote: | >> the spirit of open source | | > This is not a thing that exists. What we have are licenses, | not ghosts. | | Before we had open source, we released software as public | domain. The _spirit_ existed before the trademark phrase was | even invented and long after people were already giving away | their software for free because of the _spirit_ of the | community. We used to go to computer swap meets in | fairgrounds buildings and buy boxes of floppy disks with | random software on them just to see what was around, people | uploaded it to BBSes and shared the work they did - we had | Donationware, Shareware, Postcardware (a personal favorite), | Beerware and everything in between which was 100% based on | the _spirit_ of the community. We just called most of it | Freeware. | | We have _licenses_ because the _spirit_ was abused. | pessimizer wrote: | You're projecting your good feelings about collaborating | with other computer hobbyists onto a set of software | licenses applied to extremely corporate, not-hobbyist | software. And additionally complaining that the "abuse" of | these licenses by massive corporations are _keeping the | authors of this software from getting rich._ | | If you're doing this for the pure joy of programming, | you're already rich in spirit - Amazon taking your software | and using it is actually a tribute. | SAI_Peregrinus wrote: | There are two broad spirits of open-source license: copyleft | and corporate charity. | | Copyleft licenses like the GPL encourage those using the code | to contribute back to the open-source community. | | Charity licenses like the BSD or Apache license are used by | developers who want to work for exposure. They only encourage | giving credit to the original developers, and implicitly allow | closing the source. Letting people do that is the whole spirit | of these licenses. People who don't want to be making | charitable donations to megacorps shouldn't use charity | licenses. | kps wrote: | Not necessarily. The project I'm currently working on was | initiated by a group of mostly-mega corps, staffed with | dozens of full-time developers, and Apache licensed -- all | out of rational self-interest. | mrob wrote: | Following the terms of the license is not abuse. The whole | point of permissive licenses is to allow anybody to exploit the | software as they wish. If that's not what you want then don't | use a permissive license. AGPL is a good alternative choice. | esperent wrote: | > Unethical people ruin everything. | | In this case, let's be clear: it was unethical companies. | bluefirebrand wrote: | Companies don't have ethics. It's unethical people running | and working at those companies. | | And it's really far past time we stopped giving those people | a pass because "it's the company, not me" | jacques_chester wrote: | Companies are made of people. | remus wrote: | While it would be nice if we could get away with people abiding | by an unwritten 'spirit of the agreement' the reality is that | if you don't want someone to do something with your code then | it needs to be written down in a license. I think it is | somewhat naive to expect it work any other way, as when you | potentially have millions of devs using some code it is | unrealistic to expect them all to grasp an unwritten set of | rules from a culture they potentially know nothing about. | jrochkind1 wrote: | Plus as a consumer I always thought the "spirit" of the open | source agreement included avoiding vendor lock-in, in the | first place. Now the argument is that the "spirit" all along | was intended to require vendor lock-in, that consumers | wanting the software hosted for them as a service should have | only one option (Or authorized licencees of that one monopoly | option), and that was always the "spirit" of open source? | | I don't think so. I thought the "spirit" was the opposite of | that, that open source would let consumers of software avoid | vendor lock-in or monopoly control of the software. | wongarsu wrote: | You can have quite relaxed rules as long as everyone abides | by the spirit of the agreement. As soon as one party violates | that spirit you are forced to make everything much more | explicit, which inflicts collateral damage on use cases | nobody would have objected to previously. | growse wrote: | > You can have quite relaxed rules as long as everyone | abides by the spirit of the agreement. As soon as one party | violates that spirit you are forced to make everything much | more explicit, which inflicts collateral damage on use | cases nobody would have objected to previously. | | How are newcomers to know what the mystical "spirit of the | agreement" is if it's not written down? | | How do you detect that there isn't, in fact, a precise | consensus over the "spirit of the agreement" if it's not | written down? | wongarsu wrote: | Newcomers can just look at what others are doing, and if | what they want to do goes beyond standard practice should | ask themselves "do I do undue harm to others?". | | That's how society generally runs on all scales, whether | we are talking about the office fridge or about national | law. Things generally start with very few explicit rules, | and new rules get made when they are proven necessary. | growse wrote: | Eh? The national law is _literally_ written down. | | "Guesswork" doesn't seem like a good way to do anything | without stumbling into a lot of confusion and | miscommunication. | wongarsu wrote: | If law was as simple as reading what's written down, then | what are all the lawyers and courts for. There is a lot | of interpretation going on. | | But really I was referring to the process of how the laws | are formed in the first place. A lot of the time they | start out under-specified, and as abuses emerge we make | more concrete laws using our new understanding. Of course | the latter part usually leads to a lot of discussion and | resistance because of the collateral damage any new law | causes by being slightly broader than necessary. Which is | a major reason many industries self-regulate in the | attempt to make explicit laws unnecessary. | endisneigh wrote: | Is there a single case of someone misusing an open source license | and being assigned significant damages as a result in a court? | | I know Google v Oracle is still ongoing but other than that? | | Unless there's a whistleblower in your organization or your | product itself is open source it seems impossible to identify, | let alone litigate. | wongarsu wrote: | Cisco/Linksys had to make available the source code that became | the basis for a whole ecosystem of open router software that | offers enterprise features on much cheaper devices. Cisco also | paid an undisclosed amount to FSF. Similar things have also | happened to other router manufacturers. | | Westinghouse had to pay the SFC $90k for shipping BusyBox | without observing the license. | | Most cases that are pursued are settled out of court though. | speeder wrote: | I don't remember if any damages were awarded, but I do remember | that the infringing software were all removed from the market | when SCUMMVM sued Atari for releasing Nintendo Wii games using | their game engine without sharing anything at all. | | Atari of course got stuck in a bad situation then, if they | complied with GPL they would breach Nintendo NDA, so their | choice was just stop selling the products in question entirely, | so I must assume the lost sales were smaller than the potential | damage if they were found guilty of copyright infringement. | makk wrote: | In an acquisition, the acquirer will have full access to source | code and may look for open source violations during technical | due diligence. They may then use any violations to squeeze the | valuation and/or demand remediation, either of which is a real | cost to the company being acquired. It's not in court, but is | is a routine situation that does not require a whistleblower, | where the violations are relatively easy to identify. | sneak wrote: | A reminder: | | Projects aren't able to do this (relicense a whole code base | unilaterally) if you don't sign the CLA that assigns them your | copyrights in the project. | | Never sign a CLA to contribute to an open source project. | geofft wrote: | Over a decade ago, I remember that we were debating the merits | of CLAs that got all of OpenOffice.org owned by Oracle (cf. | https://lwn.net/Articles/443989/ as a random starting point). | | I really think this was the FSF's fault - they insisted on | copyright assignment for any contributions to GNU, because if | the FSF held the entire copyright, they'd be in a better place | to pursue legal action against violators. But history has shown | that this clearly hasn't been required: Linux doesn't have this | policy, and no Linux enforcement case has ever failed because | the Linux Foundation wasn't able to demonstrate clear standing. | And the FSF basically legitimized everyone else asking for | CLAs. Had they stood firm and said that giving up ownership of | your code to a central entity is antithetical to the spirit of | free software, and the license is all that people can rely on, | I think we would have been in a much better place today. | pessimizer wrote: | Unlike MIT/Apache/BSD-style Open Source licenses, Free | Software can't be relicensed by anyone but the copyright | owner. It's a completely different situation. | | The current problems stem from pretending that Open Source | has any more of a relationship with Free Software than it | does to proprietary software - an expectation that reifies | (and honestly necessitates) things like "the Spirit of Open | Source" in the minds of developers. The Spirit of Open Source | is that you're working for massive companies who can ignore | you. | | The only relationship between Open Source and Free Software | is the fact that Open Source code _can be arbitrarily | relicensed_ and therefore can be relicensed as Free Software | as easily as it can be as proprietary software. | geofft wrote: | MIT, Apache, and BSD are "GPL-Compatible Free Software | Licenses" according to the FSF: | https://www.gnu.org/licenses/license- | list.html#GPLCompatible... | | I gather you have some meaning of Free Software that is | different from what the FSF means by it, and also different | from what groups like Debian and Fedora mean by it. Can you | expand on what you mean by "Free Software" and what | relationship it has with the "Free Software" movement as | defined by the FSF, Debian, Fedora, etc.? | | Do you think that the FSF, therefore, works within "the | Spirit of Open Source", that contributors to glibc are | working for the FSF, which can ignore them? | pessimizer wrote: | > "GPL-Compatible" | | Of course they are. They can be placed into GPL software. | They can be placed into any software. | | > Do you think that [...] contributors to glibc are | working for the FSF, which can ignore them? | | Yes. | athms wrote: | Please stop spreading incorrect information. Re-licensing | is an exclusive right granted to the copyright holder; it | has a specific meaning under copyright law. There is | nothing in the Apache, BSD, or MIT license that grants re- | licensing. Using source code that has been licensed under a | permissive license in a larger work that is licensed | differently (including more restrictions) isn't re- | licensing. | geofft wrote: | Absolutely true. There's a consequence of this that | people tend to ignore: You cannot remove the (e.g.) MIT | license text from an MIT-licensed work if you | redistribute it as GPL. | | The MIT license gives you "Permission ... subject to the | following conditions: The above copyright notice and this | permission notice shall be included in all copies or | substantial portions of the Software." | | You can abide by that condition by distributing your | software under the GPL _and retaining the MIT license | text_ for portions. You cannot abide by that condition by | "relicensing" the software and removing the MIT license: | you are in violation of the license. | pessimizer wrote: | Fair distinction in MIT's case, and other attribution- | ware. | pessimizer wrote: | > Using source code that has been licensed under a | permissive license in a larger work that is licensed | differently (including more restrictions) isn't re- | licensing. | | Whatever you want to call it is fine. I prefer to think | that GPL'd software that incorporates Open Source takes a | copy and makes it GPL (especially because if I modify the | Open Source at all, my changes are not available under an | Open Source license.) Other people who are using that | piece of Open Source are not using my copy, which is GPL. | string wrote: | I recently chose to sign a CLA for an MR I wanted to make to a | commercial entity's SDK. The feature I added will enable me to | build a product and potential revenue stream. I could have | forked the project and maintained my own version, but I'd | rather do the work for free and have someone else maintain the | library going forward. I don't care about who owns or has | access to the the work I did in this instance, so I was | comfortable with signing it. | chubot wrote: | I think they can effectively do the same thing if they own the | copyright to a significant portion of the work. | | Here's a thought experiment: Suppose that Mongo or Cockroach | consists of 80% code for which they own the copyright (written | by employees). And it's 20% written by contributors who have | NOT signed the CLA. | | Now can they relicence the whole codebase? No, but I think they | can do something with thes same effect by relicensing their | parts. | | I think it's easier to see if they start a new project. Say | Mongo starts a new project called "Dumbo". | | Dumbo consists of 80% Mongo code relicensed. And they simply | reuse the contributors' code under the existing open source | license. So you distribute both licenses with the code. | | But now it is still impossible (*) for Amazon or whoever to | stand up a cloud service according to the license -- unless | they want to rewrite 80% of the code. | | I'm not a lawyer but that's my understanding of how it works. | Interested in contrary (informed) opinions. | | (*) edit: better to say that it's harder, not impossible. They | can fork the old code under the old license. It really depends | if the they "understand" the code. | ghaff wrote: | A CLA certainly makes things clearer. But, as is common with | legal questions, the answer is some combination of it's not | 100% clear and it depends on the particulars. For example, | around the time of GPLv3, there was some discussion of | whether Linux _could_ be relicensed to GPLv3 if Linus wanted | to. (He didn 't.) Eben Moglen for one was of the opinion that | it probably could be. [1] | | [1] https://www.cnet.com/news/linux-to-gplv3-a-practical- | matter-... | PeterisP wrote: | If the initial license was GPL or the like, then it would | prevent that, as long as they want to include any of the | contributors' GPL code, they have to offer the whole package | under GPL. MIT-style licenses would generally permit what you | describe. | | Also, they can't "unlicense" previously distributed code - if | the system was previously distributed with an open source | license, Amazon can use that version as the basis for a | "Dumbo-compatible" cloud service without rewriting the 80% of | the code as long as they're basing it on the last open | release; they would only have to reimplement the new things | that "Dumbo" added if they want; Amazon does not have to | accept the new license if they don't need the new code and | the old code with the old license fits their needs better. | athms wrote: | >Also, they can't "unlicense" previously distributed code | | The United States allows authors (and heirs), except work- | for-hires, to clawback copyright transfers and terminate | licenses after 35 years on works made after 1977. This is | an inalienable statutory right, which means it cannot be | waived even with a contract. | | That said, it may be difficult to terminate licenses in | practice because open source licensing is done informally | in most cases and courts haven't ruled whether this impacts | the right of termination. However, copyright assignment and | contributor license agreements are subject to termination. | PeterisP wrote: | Okay, the consequences of this paragraph | (https://www.copyright.gov/title17/92chap2.html#203) are | potentially devastating if triggered, but 35 years is | quite a long time in the tech world. It would be very | interesting on how such a fork could proceed once the 35 | year term (measured from the grant of that licence, | essentially the last day the original open source version | was distributed) happens if the copyright owner issues | the termination letters, but for all the recent licence | switches this won't be an issue until 2050s, and in any | case the users would have at least two years of warning | to switch to something else or possibly make the product | compliant by rewriting whatever of the original 35 year | old parts are still needed. | chubot wrote: | Yes that matches my understanding. | | And IMO it's fair for Amazon to continue the development | based off an old version. Forking is an important right in | open source. Nobody who releases code as open source should | expect that their code isn't forked. | wrs wrote: | And indeed, Amazon forked Elasticsearch from the last open- | source version and is continuing independent development. | x1798DE wrote: | They can still do this if the old code base is under a | permissive license, since permissive licenses like BSD, Apache | and MIT are compatible with proprietary licenses. | athms wrote: | I think you are confusing re-licensing with sub-licensing, | which are not the same. Under copyright law, the copyright | holder is granted certain exclusive rights over their work | and re-licensing is one of the rights. If the license grants | sub-licensing, a licensee can pass on some or all of the | rights in the license to a third party. Of the three licenses | you mentioned, only the MIT license allows sub-licensing. | | The license terms for a sub-license must be consistent with | the original license terms, although not necessarily the | same. The sub-licensor can use different words as in the | original license, but they cannot override the terms and | conditions that are required by that license. The sub- | licensor cannot sub-license more rights than have been | granted by the original license. | | Works released under the Apache, BSD, and MIT license can be | included in a larger work with a more restrictive license or | modifications can be put under such a restrictive license, | but the original license must remain intact. | | If you are getting your information on re-licensing from the | Wikipedia page below, it is wrong. | | https://en.wikipedia.org/wiki/Permissive_software_license | pwdisswordfish0 wrote: | Mostly true, but only up to an extent: without a CLA, they | can't just update LICENSE.txt to replace the contents with | the text of the new license and be on their merry way without | any trace of the old one. | | They can't hide the fact that it was once MIT/BSD/Apache | licensed, and they still have to include copies of that | original license (and any notices) even after the switch, as | that is one of the conditions that contributors make their | work available under, and failure to do so would mean the org | is in violation if they haven't otherwise received approval. | pritambarhate wrote: | Even if one has to include the original license and notices | with the new version, the original license and notices | apply to the portions which were present in the older | versions. The new portions added to the software after the | license change must be used only as per the new license. | MIT, BSD and Apache licenses don't forbid you to use a new | license to your own derivative work. | chrisseaton wrote: | As long as the licence wasn't copyleft, they can still | incorporate your code in their closed project without a CLA. | tpush wrote: | A bit off topic, but is there some consensus about what the best | way to license software so that non-commercial use = MIT, | commercial use = 'proprietary, please negotiate a license' is? | | Like, some standardized legalese or something. | wmf wrote: | There isn't any consensus. Right now there's a whole variety of | licenses like BSL, SSPL, etc. | geofft wrote: | The problem is this is kind of ill-defined. | | If I, an open-source hobbyist, am thinking about incorporating | some code from your software into my project which _I_ want to | allow unrestricted commercial use of (i.e., which I want to put | under a standard F /OSS license), even though I am not making | any money from it, are you okay with that? | | If you're not okay with that, then the open-source-like | properties of allowing derivatives / incorporation into other | works probably just aren't appealing to you at all, and what | you probably want is a simple "Non-commercial use is permitted" | statement. But it won't actually be the MIT license, which | permits unrestricted use, modification, and redistribution. | | If you are okay with me incorporating your code, then how do | you define how much of your code I can use? If I build a GUI | around your program and I tell AWS that they can freely build a | GUI, is that still okay with you? That's going to have to be a | case-by-case thing, probably. | | Another question is what you expect to do about contributions. | If I, an open-source hobbyist, contribute some useful feature | to your code, am I entitled to get paid a portion of what | commercial users pay you? The simplest answer here might be to | not accept contributions. | | Some practical options, depending on what you're really trying | to do, might be: | | - licensing under the AGPL, on the assumption that many | companies are scared by it even though it isn't a restriction | on use (just a compliance headache for potential external use), | and maybe clearly advertising a less restrictive commercial | license (which could be MIT, or could be a super long | contract/EULA) for money | | - licensing a previous version of your code under the MIT | license, but keeping the current version as just source- | available | | - marking commercial features as proprietary and source- | available (what GitLab does, and what Elasticsearch used to do) | | - capitalizing on the fact that you know the software really | well, and selling consulting / support but using a free | software license (what Red Hat, Canonical, etc. do) | | - capitalizing on the fact that you know the software really | well, and running it as SaaS (what Google does with Kubernetes, | for instance) | | - giving your software a simple "Non-commercial use permitted" | statement, but saying that open source developers who are | interested in parts of your code are free to contact you and | you're willing to relicense limited parts of the code as MIT on | request | | Finally, what's your goal? Is it to prevent commercial use? Is | it to make money from commercial users? Commercial software | houses are, sort of by definition, good at writing software in- | house - if your software is a really good idea as opposed to a | really good implementation of an old idea, chances are that a | motivated commercial developer will just make their own version | of it. | tpush wrote: | Thanks for the very informative post! | | Really, the licensing I envision would be: | | 1) Any entity that does/wants to derive commercial value from | the software should compensate the copyright holder. Example | entities here are both "I want to sell software that | includes/is derived from your software" and "I'm a | company/freelancer using your product as part of my business | operations". | | 2) Any other entity can use the software in any way they see | fit (like e.g. MIT) _except_ that 1) applies transitively to | any derived software. | | The situation here is less "This is an open source thing | where I take all your contributions and profit off it" but | more "This is a commercial for-profit thing that would | normally be proprietary closed-source, but everyone can | copy/inspect/modify the source as long as they do not profit | from it". | | Contributions would either be disallowed, or under a CLA if | for some reason someone wants to contribute to it (with the | clear expectation that someone else is going to profit from | it). | wongarsu wrote: | If you're just sharing binaries then CC-BY-NC-SA (or some other | variant of the creative commons licenses). For open source | projects there isn't really an agreed upon equivalent. The most | popular version is probably "AGPL, or talk to us for a more | permissive licence". Most companies would rather pay you than | use something under AGPL license terms, but for hobby use AGPL | works just fine. | luhn wrote: | > In response to this pressure, many open-core or dual-license | companies, including Confluent, MongoDB, Cockroach Labs, Redis | Labs, Timescale, and Graylog moved away from OSI-approved | licenses to licenses that are not 'open source.' | | Redis Labs gets undeserved flack for their licensing changes. | Redis remains fully open source under the BSD 3-Clause License. | The relicensing only applied to the modules that are part of | Redis Labs' paid offerings. So it's the open core model, but even | better because the non-core offerings are source-available. | [deleted] | scottrogowski wrote: | This article takes a purist stance driven by a rigid adherence to | ideology. Let's look at this another way... | | Open-source and proprietary licenses are at two ends of the | software development spectrum. The open-source model maximizes | ease-of-adoption but doesn't provide much incentive for the | developers. Proprietary software provides a lot of incentive but | adoption can be slow and burdensome. | | Let's assume that a good goal for society is to maximize the rate | of innovation in software. To do that, you need a mix of BOTH | ease of adoption and suitable development incentives. Source- | available licenses are an attempt to accomplish this. | | Is this a perfect solution? Probably not. I think better | licensing models are still waiting to be discovered. | | However, my sense is that these new licenses will accelerate the | development of software with limited downside for the user. After | all, they are designed only to impact companies attempting to | sell a SaaS. | | In addition, they have the potential to weaken the tech | monopolies which, in my mind, is a Very Good Thing. | pullmn wrote: | I disagree. I personally would prefer to license the code I | write myself with a GPL copyleft or a 'no commercial use' type | of license. However, I license it instead under MIT, | specifically to make sure that your average corporate user will | be ok using it because: | | 1. I would prefer that it be widely used. Not because I am | seeking clout or advancement, but because that's why I share | it. 2. Sharing benefits everyone, including me. Fragmentation | and bureaucracy harms everyone, including me. 3. I don't | support monopolistic practices by large tech, but this is not | the way to stop them. What we had before widespread free | software was worse than it is now, arguably held back human | progress for years, and didn't stop Microsoft one bit. | dragonwriter wrote: | > After all, they are designed only to impact companies | attempting to sell a SaaS. | | Well, that's the PR message associated with the new wave of | source-available licenses (source-available licensing is not, | itself, new; its long been an established form of proprietary | licensing.) But it doesn't hold up: you can't harm competing | services providers without harming end users. There is a reason | why the very different ideologies of the Free Software Movement | and the Open Source Community nevertheless have stably settled | on definitions which are virtually identical in practical | applications (and even though those communities have very | different preferences for licenses _within_ the scope meeting | their similar definitions.) It is because the space is _not_ a | continuum, and there is a minimum needed in each of a number of | axes of liberty for the whole structure not to collapse into | something which either community prefers free /open licensing. | Particularly, without robust freedom that protects what other | people can do with it (including there ability to sell you | services built around the software that the original maker | might also want to sell), you are not insulated against future | actions of the copyright owner restricting the software or its | or others services around it. | | And this isn't opaque to the people issuing these licenses; the | overt motive is to enhance monetization by preventing licensees | from competing with them to sell services: it is to create a | moat enabling monopolization and monopoly rents. That's the | explicit idea: to create lock-in that free/open licenses would | not support. | | The benefit that the licensors seek directly depends on the | harms that extend beyond competitors to end users. | dantheman wrote: | The problem with these licenses is that they're not open source | and they're pretending to be. I doubt you could start a new | project and get adoption if you start with these licenses. | | There were problems with some OS projects keeping security / auth | stuff out of the main project so that it could be used to drive | commercial sales. | | You can compete on hosting (very hard), support, customization, | advanced / narrow features. But it needs to be in alignment with | the users / contributors. | move-on-by wrote: | Would you say that GNU GPL is not open source? Maybe I don't | understand the nuances, but I really don't see how these | licenses are not much different then a more modern GNU GPL | license? | cardanome wrote: | So open source means only licenses that are most favourable to | the big tech monopolists now? | | As a user, I can use Elasticsearch just fine with the new | license. I can read the code, modify it and use in my own | projects. | | So it is more difficult for Amazon to use their monopolistic | power to build a competing service to the one that is financing | Elasticsearch development? Yeah, good stuff. | | If the big tech monopolists need something under a permissive | license they should pay for its development. | pydry wrote: | I genuinely wonder what all the people defending infringements | on Bezos's "right" to profit from elastic (for instance) are | thinking. | | If it's open for you but not for him what's your problem? | yellowapple wrote: | > If it's open for you but not for him what's your problem? | | How do I know it'll _stay_ open for me? How am I supposed to | make that determination on whether or not it even _is_ open | for me in the first place? | | With a standard OSI or FSF approved license, I don't have to | be a lawyer to have at least some idea of what the license | entails, because their lawyers - and plenty of others - have | already combed through them and put together layman- | accessible descriptions of their stipulations - and further, | by the very nature of their approval as "open source" or | "free software" licenses, I know with reasonable certainty | that even something as restrictive as the AGPLv3 will always | permit me to use, modify, and redistribute that software, no | matter what. | | Contrast with these bespoke "source available" licenses, | which are specific to certain products/companies and can | change at any time. One might call it "FUD" to be skeptical | of 'em, but they certainly seem to leave a lot of room for | fear, uncertainty, and doubt given the legal pitfalls around, | say, maintaining an independent fork. | | Still, at least the software itself is transparent (i.e. it | can be independently audited at any time, by anyone with the | requisite knowledge, for any reason), so for most cases I | would certainly pick such software over anything opaque / | closed source any day. The lack of contingencies should the | developers inevitably go out of business (whether from buyout | or bankruptcy) still pushes me to prefer, you know, _actual_ | free and open source software. | | Transparency is a dependency of trust, but it ain't the only | one. | geofft wrote: | We're thinking the exact same thing we've been thinking since | the Debian Free Software Guidelines were written a quarter | century ago: | | > _The license must not restrict anyone from making use of | the program in a specific field of endeavor. For example, it | may not restrict the program from being used in a business, | or from being used for genetic research._ | | > _The license must not discriminate against any person or | group of persons._ | | Was the DFSG misguided when it was written, or has something | changed since then such that it's a good idea to restrict | certain people from making use of the program? | ThrowawayR2 wrote: | > " _If it 's open for you but not for him what's your | problem?_" | | Now we have to deal with examining and getting approval for | umpteen oddball custom software licenses instead of just the | standard FOSS ones and, yeah, that _is_ a problem. The pain | of dealing with licenses was part of what drove adoption of | FOSS in the first place. | | The original spirit of open source was scratching an itch and | sharing your code in hopes others found it useful. The | current squabbles are about large for-profit corporations | trying to extract money from other large for-profit | corporations, so let's call these new licenses what they are: | proprietary licenses with source availability. | rightbyte wrote: | Teaser license? | 838812052807016 wrote: | It's not open for me to set it up and sell as a service | either. | | I'm trying to think of a good analogy. Does anyone have a | good one? | | How about, the software is analogous to a floor plan. I come | up with a great floor plan, and allow anyone to use it for | their buildings. But I add a restriction that no one is | allowed to sell buildings using this floor plan except me. | scj wrote: | Rational self-interest of wanting commodity software for | infrastructure / tooling. | | A clear winner means more companies use it, increasing demand | for it. Which makes it more valuable to master. | | If the commodity software is open source, I can learn it at | home for a low cost. Then use it at work, again for a low | cost. Employers have an interest in using it, as do I. | | So I want to encourage Amazon, and other tech companies, to | use as much open source as possible! Please increase demand | for my skillset! | | Of course, the eternal problem is how the software gets | developed in the first place. But I really don't want | software that bifurcates organizations vs. individuals to | become a cultural norm. Even if the impact of any single case | is minimal. | sparrc wrote: | Because ultimately you are drawing a line between two for- | profit corporations and asserting that one of them is | exploitative and selfish (Amazon) and one of them is not | (Elastic). | | In my opinion, Elastic is being just as selfish and | exploitative as Amazon is, which is just as much as any other | private for-profit company is. | | What I don't like is Elastic putting out PR and pretending as | if they are some sort of divine for-profit corporation that | doesn't do things out of their own self-interest, but is | somehow only interested in open software. | | In other words, Elastic is clearly not the same thing as the | Apache Foundation, but they seem to want everyone to think | that they are. | cardanome wrote: | > Because ultimately you are drawing a line between two | for-profit corporations and asserting that one of them is | exploitative and selfish (Amazon) and one of them is not | (Elastic). | | There is obviously a difference between a monopolistic | corporations like Amazon that is actively crushing any | competition with its control of the market and a bigger | tech company like Elastic that is mostly driven by | technological innovation (for now). | | Does not mean that one is more morally evil than the other. | In fact monopolistic corporations can offer their workers | much better working conditions because of the extra profits | they make from abusing their position. Well Amazon is not | exactly known for that but in general they do. I guess | Developer are treated pretty well at least. | | So again, the point is not a moral failure but the economic | position and the system that creates such a situation. | While the creation of big monopolies is more or less | inevitable it is still a good idea to be critical of the | social and economic dangers. | cycloptic wrote: | To the contrary, if Amazon is providing a good hiring funnel | for the developers/maintainers, regularly contributing | patches back upstream, providing funding to the project's | non-profit, and generally respecting the license, then what's | the problem? I'm no fan of Amazon but how can I complain | about them having a right to profit in cases where they | actually are being good open source citizens? Are they really | any different from any other cloud provider in that respect? | eeZah7Ux wrote: | Amazon is well known for having a very restrictive policy | for contributing to FOSS | phd514 wrote: | Case in point -- an AWS enhancement to PostgreSQL's | connection pooler that could have been released as OSS | with essentially no impact on RDS Postgres and yet: | https://github.com/awslabs/pgbouncer-rr-patch/issues/3 | autarch wrote: | > So open source means only licenses that are most favourable | to the big tech monopolists now? | | No, open source means the same thing it's always meant since | the term was first coined. See the Open Source Initiative's | Open Source Definition: https://opensource.org/osd. | | Now someone will respond "why does OSI get to decide the | meaning of the term?" Well, they don't have any _legal_ right | to do so, but if you don't accept their definition, does that | mean every person gets to come up with their own definition? | And if they do, what's the point of using the term? | | So it makes sense to take OSI's definition as canonical, the | same way the Free Software Foundation's definition of Free | Software is generally considered canonical | (https://www.gnu.org/philosophy/free-sw.html). | | Also, to forestall another common reply, I'm not defending | Amazon or attacking Elastic. I'm simply trying to define a term | that's at the center of this discussion. If we can't agree on | the definition, then any discussion of whether a license is | open source is moot. The same goes for discussing the impact | and value of open source vs non-open licenses. | amelius wrote: | > "why does OSI get to decide the meaning of the term?" | | They don't. "Open source" is, foremost, a word and not a | definition. Just as in any language, the people get to decide | how language is used. | | If you want to be specific about the meaning of open source, | just say "OSI open source" or something. | anoncake wrote: | The people have decided that "open source" means OSI open | source. Therefore that is its effective definition. Which | means | | > If you want to be specific about the meaning of open | source, just say "OSI open source" or something. | | is wrong. "OSI open source" and "open source" are synonyms. | mindcrime wrote: | _The people have decided that "open source" means OSI | open source. Therefore that is its effective definition. | Which means_ | | Exactly. In common, everyday usage, when people talk | about "Open Source" this is what the majority mean. It's | not a "de jure" definition, but it is a "de facto" | definition. Open Source means compliance with the OSD. | There are terms for those other licenses - "shared | source", "source available", etc. Use them if that's what | you mean. | kube-system wrote: | Are you sure the FSF's definition of Free Software is a good | example of your point here? That definition is almost | entirely only respected by western software developers who | support the FSF's cause. Just type "free software" into your | favorite search engine and see how commonly that definition | is followed in practice. | | Honestly, I think we should just say OSI-licensed if we mean | OSI-licensed. Words are only as good as they can be used to | communicate with others. If people misunderstand me, it's my | fault. | Symbiote wrote: | Many other languages have an unambiguous word for "libre", | and can translate "libre software" directly. | kube-system wrote: | I think this is a good solution. English is not a | prescriptive language; loanwords are perfectly valid. | | Of course, 'OSI-license' is more accurate still, as they | don't have a monopoly on 'libre' either. Many would say | the WTFPL is accurately described as libre, even if OSI | doesn't. | chrisseaton wrote: | The OSI should have picked their own term that they could | have trademarked, not an existing simply descriptive term, | then we wouldn't have this problem. | kube-system wrote: | They did. "OSI" and "Open Source Initiative" are their | trademarks. Which is why people should use these words | instead. These _do_ only have one clear meaning. | autarch wrote: | As far as I know, the term "open source" was coined by | the same people who were involved in founding OSI (though | the OSI founders were a subset of the people who first | used the term). I'd be very curious to see examples of | widespread use before 1997 or so. | | See the Wikipedia entry: | https://en.wikipedia.org/wiki/Open_source | chrisseaton wrote: | > As far as I know, the term "open source" was coined by | the same people who were involved in founding OSI | | I think this has been shown to be a bit of a myth. | | They claim to have coined it in 1998 but there's evidence | of it in use in context without even needing to explain | the idea by other people as far back as 1993. | | https://groups.google.com/forum/#!msg/comp.os.ms- | windows.pro... | | Also, the fact is the USPTO wouldn't allow them to | trademark it because it has a simple existing descriptive | term. | kube-system wrote: | It was a descriptive term used for intelligence (i.e. | OSINT) well before 1998. Here's a book from 1976 using | the term several times: | | https://www.google.com/books/edition/Human_intelligence/V | E9s... | EarlKing wrote: | You are misinformed. The term "open source" has a history | that predates the OSI by at least eight years, possibly | longer (but I can only provide cites going back eight | years). Please see my full reply here: | https://news.ycombinator.com/item?id=26507460 | kube-system wrote: | For example, read the last line of this: | | http://www.catb.org/~esr/open-source.html | cmeacham98 wrote: | Unfortunately the word "free" has a dual meaning between | "with no/few limitations" and "zero cost". Sometimes, | people use the latter definition - using context clues to | determine which version of the word is in use is needed | similar to other English words with dual meanings. | kube-system wrote: | So does "open" and "open-source" which both predate their | use for software. | pessimizer wrote: | So does "Windows," "Apple" or "Facebook." | kube-system wrote: | Yes, and those are all proper nouns as far as the English | language is concerned and registered trademarks as far as | their use in trade is concerned. | autarch wrote: | If we're talking about "free software" in the context of | licensing the FSF's definition is the only one that | matters. | | Obviously there is free (no cost) software as well, at | least in English where we have one word for both meanings. | This can be easily disambiguated in a discussion by the | "free as in speech, not free as in beer" phrase, or if | people are familiar with the term, using "libre software" | to clarify. | sjwright wrote: | Actually English does have a perfectly serviceable word, | but for some reason no one is interested in calling at | _freedom software._ yes it is grammatically awkward, but | that's a less worse problem than being semantically | awkward, IMHO. | chc wrote: | "Freedom software" sounds like word salad to my American | ear, so I'm not sure how you see that as serviceable. If | you showed me the phrase and put a gun to my head to | guess what it meant, I'd probably guess it was a jokey | way of talking about software written in France. | m463 wrote: | from "Words to Avoid (or Use with Care) Because They Are | Loaded or Confusing" | | _"Open" | | Please avoid using the term "open" or "open source" as a | substitute for "free software." Those terms refer to a | different set of views[1] based on different values. The free | software movement campaigns for your freedom in your | computing, as a matter of justice. The open source non- | movement does not campaign for anything in this way. | | When referring to the open source views, it's correct to use | that name, but please do not use that term when talking about | us, our software, or our views--that leads people to suppose | our views are similar to theirs. | | Instead of open source, we say, free software or free (libre) | software._ | | https://www.gnu.org/philosophy/words-to-avoid.html#Open | | [1] "Why Open Source misses the point of Free Software" | | https://www.gnu.org/philosophy/open-source-misses-the- | point.... | wizzwizz4 wrote: | I don't see how this is relevant. | ForHackernews wrote: | The OSI was always an attempt to rebrand free software, get | it away from its hippie roots, and make it palatable to big | corporations. | | As far as I'm concerned, if they can play these language | games, so can Elastic. | EarlKing wrote: | > No, open source means the same thing it's always meant | since the term was first coined. See the Open Source | Initiative's Open Source Definition: | https://opensource.org/osd. | | Problem: The OSI did not coin the term 'open source'. OSI | partisans claim that Christine Peterson coined the term at a | strategy meeting in Palo Alto on 3 February 1998. However, | the term and the concept was well known prior to that. Martin | Tournoij does a decent enough job of collecting prior | citations [1] that go all the way back to 1990. All the OSI | did was take an existing philosophy, scribble some new | restrictions in crayon, and called it Open Source(tm)(c)(pat. | pending). | | Honestly, though, I do love it when this comes up. It gives | me the opportunity to irk new guys telling them that Lyle | Ball, head of public relations at Caldera, has an earlier | citation than the OSI in the form of a press-release | announcing Caldera OpenDOS[2][3]. :D | | [1] https://www.arp242.net/open-source.html | | [2] http://www.xent.com/FoRK-archive/fall96/0269.html | | [3] http://ftp.uni- | bayreuth.de/pc/caldera/OpenDOS.701/license.tx... | autarch wrote: | What do you hope to achieve with this? Ok, you win, the | term "open source" predates the OSI. So what? | | Using the term "open source" without any definition is | useless. If we can't agree on a definition, it's impossible | to know if we're actually talking about the same thing. | | I want people to use the OSI definition in order to elevate | debates. I'd prefer to skip past definitions to more | substantial matters, like whether "open source" (per OSI) | is useful. Is it somehow better than closed source code? Is | it _ethically_ valuable? Is there some subset of the OSI | definition that provides more value than the rest? These | are interesting discussions worth having. | | Endless debating the meaning of "open source" is a huge | waste of time. | | Given that OSI is the only body I know of with a clear | definition, let's use theirs and move on to more | substantial topics. | markdown wrote: | > Using the term "open source" without any definition is | useless. If we can't agree on a definition, it's | impossible to know if we're actually talking about the | same thing. | | Get with the program, dude. It's 2021, and the prevailing | sentiment is that all definitions are now fluid. | #GoForWoke #GoWokeOrGoHome | _jal wrote: | > Given that OSI is the only body I know of with a clear | definition | | If this is the only definition you're aware of, then | apologies, but you're not the right person to be | attempting to drive this discussion. | | If you're aware of the many others but do not consider | them 'clear', then there is something else going on here, | and I am starting to wander about agenda. | yesenadam wrote: | Ok, could you give the other (clear) definitions you are | aware of? That might be actually useful here. Thanks. | kube-system wrote: | > Using the term "open source" without any definition is | useless. If we can't agree on a definition, it's | impossible to know if we're actually talking about the | same thing. | | Which is why you should call them "OSI Licenses" if you | are referring to OSI licenses. | | > let's use theirs and move on to more substantial | topics. | | This just isn't how English works. It isn't prescriptive. | English is descriptive by nature and permits multiple | uses, which have been around before OSI ever existed and | are still valid. | phd514 wrote: | AWS, Google, and MSFT are among the top sponsors of OSI*. | They are not neutral arbiters in the OSS space. | | [0] https://opensource.org/sponsors | samat wrote: | Do we really need a 'legally clear' definition of open | source and free software? Both look like a common term. | Want something you could claim ownership over and exact | your specific meaning -- pick some proper name like | 'Apache license' or 'lgpl license' -- pretty unambiguous. | pessimizer wrote: | The Apache are a group of culturally related Native | American tribes in the Southwestern United States. I'm | pretty sure none of their tribal authorities have given | you a license for your software. | chc wrote: | Talking about categories of things are useful. This is | like saying "Do we really need a term for two-wheeled | vehicles driven by pedals? Just say you have a Cannondale | or a Schwinn." | dataflow wrote: | > Given that OSI is the only body I know of with a clear | definition | | No, you can also use the common definition of "open | source" = "not closed-source" = "not (source | unavailable)". Nobody has branded this definition but | that doesn't make it any less legitimate. See definition | #1 on dictionary.com for "closed-source", or #2 for | "open-source". [1] [2] | | > I want people to use the OSI definition in order to | elevate debates. | | This is... obviously biased? Other people prefer to use | other definitions to elevate debates. You can't claim | only the definition you like is able to elevate debates. | | And the parent is putting so much effort into arguing | about the definition for the same reason you did in your | comment. If it was so inconsequential, nobody would care. | But evidently people find it a powerful thing, hence they | argue about it. You can't simultaneously do that and then | claim it's irrelevant. | | [1] https://www.dictionary.com/browse/closed-source | | [2] https://www.dictionary.com/browse/open-source | ZephyrBlu wrote: | I think this is the most sensible and inclusive | definition, otherwise you have a lot of situations where | it's not technically OSI "Open Source" but the source is | literally open. | | I've seen people use "source available" (?) in these | situations, but I don't think it really makes sense | because a lot of the time the only thing holding it back | from being OSI "Open Source" is that their license has | not been recognized by OSI. | chc wrote: | But now we need a new term to mean what "open-source" has | meant for two decades, just because for some reason we | wanted to be inclusive of licenses where the source is | viewable but not open for use. And once we've redefined | it, we've rendered all discussion of open-source | deceptive for the period where it had its traditional | meaning. I don't see any benefit to this inclusion. | jcheng wrote: | I would like a term that is inclusive of CC0. | ZephyrBlu wrote: | > _just because for some reason we wanted to be inclusive | of licenses where the source is viewable but not open for | use_ | | This is not true. Recent licenses trying to protect the | business built on the open source code are in general, | open for use: | | - Sentry: https://news.ycombinator.com/item?id=21466967 | | - Elastic: https://news.ycombinator.com/item?id=25833781 | | I see these sorts of licenses becoming increasingly | common in the future, which is why I think it's silly to | continue excluding them from being called open source. | chc wrote: | The primary distinction in those licenses is that they're | not generally open for use -- they allow a carefully | chosen, _closed_ set of use cases. As an analogy, when a | bar has a TV showing some preselected channel at a | preselected volume, I don 't consider that TV open to my | use, even though I can use it for the use case the bar | specifically chose to enable. | | I do agree that licenses like this will become more | common in the future, and that's why I think it's useful | to have an identifying term for them rather than making | "open-source" less precise to include them. Different | words for different things is good, in my opinion. | ZephyrBlu wrote: | > _they allow a carefully chosen, closed set of use | cases_ | | I would argue that they prohibit far less use cases than | they are open for. | | In any case, how would you describe these licenses? I | don't feel like "source available" is an accurate | descriptor in this case. | chc wrote: | I agree. My personal term for this sort of "We're OK with | little people using the software but we don't want any | competition" arrangement is "private-use source license," | but I wouldn't be so bold as to argue that's The Best | Name. My point is just that I don't think broadening | "open-source" is a good answer, because all that does is | make it harder to talk about the differences in licenses. | EarlKing wrote: | > What do you hope to achieve with this? Ok, you win, the | term "open source" predates the OSI. So what? | | The point is to demonstrate that the term predates the | OSI's alleged coinage thereof. They don't get to dictate | language. This usage pre-exists them and obviously | persists to this day. | | > Using the term "open source" without any definition is | useless. If we can't agree on a definition, it's | impossible to know if we're actually talking about the | same thing. | | Really? It seemed quite useful to the people cited in | each of those earlier prior references. They seemed to | know exactly what they were talking about in context. You | have only to read the messages to see that. | | > I want people to use the OSI definition in order to | elevate debates. | | No, I think you want people to use the OSI definition | because that conveniently includes certain clauses that | have nothing to do with being open source, much like the | FSF's definition of free software has nothing to do with | freedom. | | > Endless debating the meaning of "open source" is a huge | waste of time. | | You're right. Equally useless is attempting to privilege | the OSI's definition over others. | | > Given that OSI is the only body I know of with a clear | definition, let's use theirs and move on to more | substantial topics. | | The numerous citations you are now aware of make you | aware of others with a clear definition, so... No. | mindcrime wrote: | _Equally useless is attempting to privilege the OSI 's | definition over others._ | | The OSI definition was elevated over others (to the | extent that there even _are_ any others) by usage. You | can dislike that all you want, but it doesn 't change | anything. Maybe, in time, usage will flip the meaning to | something else... English has a way of doing that. But | let's not stick our heads in the sand and pretend that | current reality is anything other than what it is. | EarlKing wrote: | Language is not a popularity contest. Words and phrases | can mean different things in different contexts. That the | OSI came along and proffered its own definition does not | mean we have to forget what came before and, moreover, is | still current today. The OSI is an organization that co- | opted a movement for their own business purposes... much | like Eric Raymond co-opted the MIT Jargon File. | pessimizer wrote: | The important thing to take away from those references is | that the term "open source" (not followed by the word | "code") wasn't ever used in a consistent way, and that a | bunch of people putting the word "open" to in front of | "source code" is not the same thing. Open Source is | something invented by and defined by the OSI, and I always | capitalize it to sidestep the argument. | | If you were talking about "opening your source code," or | developing new versions of your product with "open source | code," no one would be confused, or if they were confused, | they'd ask a follow up. The claim isn't that "open" and | "source" were not words with meanings, the claim is that | "open source" didn't describe anything specific until OSI | made it. This argument is like complaining that people had | windows in their houses before MS Windows. | EarlKing wrote: | > the claim is that "open source" didn't describe | anything specific until OSI made it. | | Yes, and that claim is wrong. Each of Usenet posts cited | in Martin Tournoij's blog make reference to open source | (code) in one manner or another... like this one, for | example: https://groups.google.com/d/msg/comp.os.linux/06 | y4cr6wr7o/fZ... | | Quoting from the above: | | > The GPL and the open source code have made Linux the | success that it is. | | That post is from 27 February 1993. | | I don't think you can seriously continue claiming it | didn't mean anything specific. | [deleted] | jrochkind1 wrote: | As a developer acting on behalf of an organization using open | source, I benefit from being able to pay the vendor of my | choice to host a given piece of software. | | If only the single-source author can host it as a service, or | you need the permission of the single source author to host it | as a service, then my choices are either self-hosting, or | paying whatever price the single legal-as-a-service-host wants | to charge, at whatever service quality they provide. (The fact | they can choose to allow other licensed hosts, perhaps for a | free if they want, does not change their monopoly control). It | is a form of vendor lock-in, and avoiding vendor lock-in is one | popular motivation for using open source. | | So yes, this restriction makes something not open source. This | restriction also is not favourable to me as a user of the open | source software. Open source was always about avoiding monopoly | control of who is allowed to do what with the software. | Monopoly control of who is allowed to host it as a service is | such, and it is more favourable to me as a consumer when there | is not that monopoly control. | | Now, meanwhile, there are various market battles going on | between various big tech cloud providers and other companies | providing (previously) open source software. This is also true. | Both things can be true. | | For the consumer, as the OP suggests, your best bet is when | there is software that can be produced sustainably by _multiple | entities_ collaborating, instead of a single company. | | Now, if that's not sustainable, that's a problem. It's possible | that open source is facing sustainability problems due to | current conditions. | | But that doesn't change the fact that monopolizing legal right | to host software as a service is not open source, is rightly | not approved by OSI, and is making consumers locked in to that | single vendor (or their licencees), which is indeed contrary to | intention of open source. | kodah wrote: | > It is a form of vendor lock-in, and avoiding vendor lock-in | is one popular motivation for using open source. | | Likely also a false one. For example, if you use WordPress | guess who your vendor is? WordPress. More vexing, if you use | Kubernetes provided by a cloud provider guess who your vendor | is? The cloud provider, because of all those non-free doodads | they put into their managed service. | | It is possible for a company like AWS to continue to offer a | managed service for things like elastic, but I suspect | elastic wants the nature of the agreement to change; which as | far as I can tell we're not privy to. | jrochkind1 wrote: | I can pay for a hosted wordpress on BlueHost, FlyWheel, | GoDaddy (don't do it!), linode as a "marketplace app", and | many many others. | | None of these sites need any agreement with the wordpress | authors at all, because wordpress is open source, anyone | can run it. wordpress owners can't withdraw permission to | offer hosted wordpress or make them pay for the right to | host, because it's open source. | | if I don't like the pricing or service on wordpress.com, I | have many options for wordpress-as-a-service. If | wordpress.com is the best price/quality, it's because | they've done a good job, sure perhaps because they have the | most expertise with the software since they write it -- not | because they have a license that gives them a monopoly on | wordpress hosting. | kodah wrote: | My point was that the term "vendor lock-in" is loaded. | Your point is valid simultaneously. | | Expanding on my point, I do think it's possible that AWS | can provide services that continue to make software easy | to run (like fully managed services). The way I see this | is if AWS becomes the primary contributor and the | dominant service provider, then the same situation you | described happens in reverse. I think the solution here | is probably about connecting the success of managed open | source based services on AWS to keeping the companies | that power them funded. If you balance contributions and | money, it keeps the ecosystem in a better state. | mfer wrote: | > As a user, I can use Elasticsearch just fine with the new | license. I can read the code, modify it and use in my own | projects. | | This illustrates just one kind of user. And only in some | situations. For example, lets say Elastic.co goes under. Under | the license another company couldn't setup a replacement. So, | the end user is screwed just as if a proprietary vendor had | gone under. | | What the companies behind the new licenses are attempting to do | is have their cake and eat it, too. They want open source for | all the cred and for one type of user. The want proprietary for | the complete control of the stack right through some types of | hosting situations. | | It's hard to produce something completely open and yet monetize | it in way that meets VC grown desires. That's why so many | companies open source the common stuff but keep the special | sauce proprietary. | bramblerose wrote: | > Under the license another company couldn't setup a | replacement. | | I'm confused here -- the new 'open core' is available under | the SSPL, which clearly allows this, as long as you provide | the source code of any management layers as well. The non- | open parts already weren't available under the Apache | license, so nothing has really changed there. | | And, yes, this does mean Elastic is the only company able to | build proprietary components on top of the code base, which | means there isn't an even playing field with competitors. But | once Elastic goes bankrupt this is no longer an issue. | growse wrote: | > > Under the license another company couldn't setup a | replacement. | | > I'm confused here -- the new 'open core' is available | under the SSPL, which clearly allows this, as long as you | provide the source code of any management layers as well. | The non-open parts already weren't available under the | Apache license, so nothing has really changed there. | | This is essentially a legal "gotcha", given that | "management layers" is not defined anywhere. The purpose of | the clause is not to encourage companies to "open source | everything" (what does that even mean? Do they need to open | source their IPMI firmware?), it's to prevent anyone from | going anywhere near it. | | Do elastic.co open source all the management layers in | their stack? | ryukafalz wrote: | > The purpose of the clause is not to encourage companies | to "open source everything" (what does that even mean? Do | they need to open source their IPMI firmware?), it's to | prevent anyone from going anywhere near it. | | Right. To make matters worse: it doesn't just require | that all of the software used to run the service is open | source, it requires that it be released _under the SSPL_. | This immediately rules out using anything which you do | not have the legal authority to relicense. So, for | example, Linux. | | Quoting the SSPL (emphasis mine): | | > If you make the functionality of the Program or a | modified version available to third parties as a service, | you must make the Service Source Code available via | network download to everyone at no charge, _under the | terms of this License._ | | ... | | > "Service Source Code" means the Corresponding Source | for the Program or the modified version, and the | Corresponding Source for _all programs that you use to | make the Program or modified version available as a | service_ , including, without limitation, management | software, user interfaces, application program | interfaces, automation software, monitoring software, | backup software, storage software and hosting software, | all such that a user could run an instance of the service | using the Service Source Code you make available. | tsimionescu wrote: | > I can read the code, modify it and use in my own projects. | | That isn't clear. The license language can be read as requiring | you to provide the source code for any software that interacts | with ES (e.g., the Linux kernel that you are using to deploy ES | over) under the terms of the SSPL to your own users, which you | literally can't do. | | Elastic claims in their FAQ that this is not the intention, and | that may be enough, but it is debatable. Regardless, the SSPL | is a bad license for having this ambiguity in the first place. | dfox wrote: | Similar kind of ambiguity is even in GPLv2. ie. what does | "anything that is normally distributed with..." in section 3 | mean and how all that interacts with notionally GPL licensed | software which depends on 3rd party components with GPL- | incompatible licenses (on Unix-like systems the issue is | typically only with OpenSSL but for GPL licensed Windows-only | software this is giant can of worms). | | What makes SSPL and similar freedom-0 ignoring licenses | problematic is that you have to care about these kinds of | license ambiguities even if you are just using the software. | musicale wrote: | > So open source means only licenses that are most favourable | to the big tech monopolists now? | | The article explains its point of view in the first paragraph: | | "I've been asked repeatedly about a two-year trend in the open | source ecosystem: 'single source' open source companies | scrapping their Open Source Initiative-approved open source | license for a 'source available' license." | retrac wrote: | The GPL family is not permissive (as the term is usually meant) | and is certainly FLOSS. | api wrote: | > So open source means only licenses that are most favourable | to the big tech monopolists now? | | Open source originated in the 1980s and 1990s in largely | academic circles. It gained mainstream popularity as an | alternative to closed source "shrink wrap" software and closed | shareware. | | Back then the legitimate fear was that closed-source vendors | would lock everyone in and end up effectively owning the entire | computing ecosystem and the Internet. By the mid-late 1990s | Microsoft was well on its way to having a total OS monopoly on | PCs and increasingly servers, and were it not for Linux and | many other projects this likely would have come to pass. | | Good news: open source mostly won! We now have a fairly open | compute ecosystem. Even Windows was dragged into adopting more | Posix-like standards, and the Mac is just a proprietary GUI and | set of system services running on top of a mostly open BSD | kernel. It's borderline trivial to port most software between | Windows, Mac, BSD, and Linux, so we avoided OS lock-in! | | Then along came the SaaS business model and closed Internet | silos. | | Cloud-hosted SaaS just totally upends everything. Now open | source doesn't really matter from a freedom perspective. The | cloud has all your data, and by keeping select bits of code (or | even just the system configuration) secret and locked inside | cloud servers vendors can achieve DRM that is effectively | impossible to circumvent. | | You _can 't even run the software_ yourself, and even if you | could your data isn't yours. Having the source is meaningless. | It's a model that's more closed than closed, and not only is it | compatible with classical open source but is actually fed and | sustained by it. Open source is free labor for closed cloud | SaaS. | | The OSI is fully industry captured and isn't interested in | challenging this, which is why large projects are adopting non- | OSI-compliant licenses. | chc wrote: | I don't think your conclusion follows. Elastic effectively | saying "Nobody can provide our software as a service" doesn't | increase the openness of the overall system -- it _reduces_ | the openness of the system in order to benefit Elastic, which | would like a monopoly on providing Elasticsearch as a | service. | vorpalhex wrote: | No, open source means they aren't user hostile. Contractual | landmines and restrictions on running the software are user | hostile. | dannyw wrote: | Amazon isn't an user. They are an exploiter. | | Users aren't affected by any of the relicenses. | spijdar wrote: | How do you draw the line between "user" and "exploiter"? | Was there any point in the past Amazon wasn't an | "exploiter"? What if a user becomes an exploiter? Can an | exploiter become a user through repentance? Where's the | legal boundary? | drdeca wrote: | legal boundary or moral boundary? (Not that I have an | answer in either case, but my impression was that | "exploiter" was an expression of moral judgement, not a | legal judgement) | luckylion wrote: | Not OP and not really invested. You can probably replace | "exploiter" with provider. A user uses the software | directly, a provider provides it to users. Amazon can be | both simultaneously, they can run ES to analyze sales and | find out what products of third party sellers are worth | copying, and they can also offer ES as a service to other | users. | | That kind of difference is pretty common in non-source- | related things, e.g. you can use the API for your | business, but you can't resell access to the API. | aaomidi wrote: | Are you able to, in your head, draw a difference between | Amazon and Amin running some application in their home- | built system? | | That's how you draw the line. | samat wrote: | 1) who is the user? | | 2) let's give some love to BSD, since GPL is hostile to my | intention of selling modified software | eeZah7Ux wrote: | This is plain false: tivoization is the best example. | heavyset_go wrote: | > _So open source means only licenses that are most favourable | to the big tech monopolists now?_ | | AGPLv3 is open source and isn't exactly favorable to tech | monopolists, either. | pydry wrote: | That's another license that gets a disproportionate level of | flak. | mfer wrote: | Big companies or those with lawyers notice that the AGPLv3 | says the software used to make something a service must be | licensed under the same license. Much of that software | isn't something a company controls. For example, you put | the AGPLv3 software behind a load balancer. Does that | software need to be AGPLv3? Some would say so and how often | can a company control that license. | | Companies with more are conservative on their risk. | | Not a lawyer and this is not legal advice | pydry wrote: | >Does that software need to be AGPLv3? | | No. It doesn't "infect" the load balancer. There's zero | ambiguity about this. | | A lot of companies have bad lawyers who try to eliminate | rather than mitigate risk and who try to grab every scrap | of IP for the company. This is the kind of company you're | talking about. | | This is also why many try to get you to sign away every | profitable idea you've ever dreamed up in the shower: a | combination of extreme risk aversion and flagrant greed. | | I'd even venture as far as to say it's a feature not a | bug if this type of company were forced to use expensive | proprietary software or older, shittier versions. | ghaff wrote: | Yeah. The boundaries of the GPL are mostly clear because | they're essentially tied to Unix linking behavior. There | are some edge case--I know people who don't think you | shouldn't be able to load binary blobs for example--but | mostly. There doesn't seem to be the same sort of clear | consensus over how broadly the AGPL interacts with other | code on the network. | glsdfgkjsklfj wrote: | AGPLv3 get the exact same level of flak as GPL got. And | will lose (lost?) in exactly the same way. | | GPL was the fight against device manufacturers using linux | et al and not giving back/selling closed source linux | devices. | | We completely lost with tainted kernel and such, as they | corrupted the only software that they couldn't live without | and was promoting an open source license. Case in point: | you cannot build 1% of your android phone software, proving | GPL code (android, linux kernel) is as useless for open | software as MIT (ios, darwin) | | Now the fight moved from OEM manufacturers vs GPL to cloud | providers vs AGPLv3. And source-available licenses are the | tainted-kernel compromise all over again: get the thing you | cannot live without but is fighting you with a pro- | opensource license, and offer a carrot so they change, and | they all changed. | | Without the change the article talks about, cloud providers | would have people using the AGPLv3 code in their derivative | work of projectX. while they paid the closed source version | from the company dual licensing it. With this new | arrangement, they can use all derivative work at will with | zero consequence, for the same low price. | | Just like tainted kernel was a hard blow in the face of | everyone who contributed to linux (heh, specially the GNU | folks porting their stuff) with open source in mind. This | is nothing but a greedy bait and switch on the community. | mschuetz wrote: | AGPLv3 doesn't solve the problem of projects being used as | components SaaS services, as far as I understand? So | companies can still use the projects just fine without the | need to contribute anything back. | lrem wrote: | https://opensource.google/docs/using/agpl-policy/ | heavyset_go wrote: | AGPLv3 stipulates that network communication counts as | linking, so that putting AGPv3 software behind a SaaS | requires that the software's source must be made available | to the users of the SaaS. | | _edit_ : thanks to pydry for pointing out that this | interpretation isn't correct. It is more correct to say | that if a user interacts with AGPL software over the | network, they have a right to its source. | pydry wrote: | Where does it say this? Every interpretation I've ever | read says otherwise. E. G. | | https://medium.com/swlh/understanding-the-agpl-the-most- | misu... | heavyset_go wrote: | From here[1]: | | > _13. Remote Network Interaction; Use with the GNU | General Public License._ | | > _Notwithstanding any other provision of this License, | if you modify the Program, your modified version must | prominently offer all users interacting with it remotely | through a computer network (if your version supports such | interaction) an opportunity to receive the Corresponding | Source of your version by providing access to the | Corresponding Source from a network server at no charge, | through some standard or customary means of facilitating | copying of software._ | | I'm not a lawyer, but that's my interpretation of this | section. | | Reading it again, it was wrong of me to say that network | communications count as linking, though. It's more | correct to say that if a user interacts with AGPL | software via network communication, then its source must | be made available to them. | | [1] https://www.gnu.org/licenses/agpl-3.0.en.html | chc wrote: | I think the problem is just slightly wrong terminology. | In GPL terms, a network connection under the AGPL is | treated as _distribution_ , not _linking_. If it counted | as linking, that would mean that any software that makes | a network connection to an AGPL service has to be AGPL as | well. | armandososa wrote: | In spanish* we have a word: "emparejado" which means a door is | not open but not quite closed. It appears closed, but it's not. | Maybe we should use "emparejado-source" :) | | * Maybe it's just a mexicanism, IDK. | vincent-manis wrote: | So in English, we can call these faux-open-source licences | "ajar-source"? | pkamb wrote: | > Open source-licensed projects with a non-profit home, *neutral | trademark ownership*, and multiple significant contributors are | less likely to face pressures to relicense. | | What does "neutral trademark ownership" mean? | fritzo wrote: | Maybe "ownership by a foundation" like Apache or Linux | Foundation? Projects I've worked on for corporations have | sometimes been donated to foundations for neutral ownership. | ghaff wrote: | That's certainly how I would read it. Although it's not just | about the trademark but governance more broadly. | pwdisswordfish0 wrote: | Presumably something like "Linux", where although it's owned by | Linus Torvalds, there is no single bully organization that gets | to use it to the exclusion of others. So, the opposite of | something like Mozilla, where Mozilla Foundation owns the | trademark, but there's a for-profit vendor that also gets to | use it in exchange for kickbacks to the Mozilla Foundation, no | one else in the community can operate under that banner, and | they have to make it abundantly clear that their work is not | endorsed by Mozilla. | imwillofficial wrote: | I see this movement as a necessary evolution. Open source isn't | for everyone, however, source available could be. | choeger wrote: | These companies should come up with a practical version of the | AGPL or, if they don't find a need, just use it directly. | | Cooking up your own license ala Mongo is _not_ going to help you | amongst the professional users. Companies that take their legal | obligations seriously are not going to use your not-so-open- | source offerings on the basis of interpreting your weird anti- | amazon clause. | wmf wrote: | Every license has to start somewhere. SSPL is intended to be a | practical version of the AGPL; it's not intended to be a weird | Mongo-only license. | [deleted] | andmarios wrote: | An important component that seems many people miss, is that both | open source and free software licenses include a business | model[1] in the definition: other people are free to sell | services for the licensed software. | | Some people claim _I can download the software and use it for | free, so it is ok that Amazon should not make money out of it and | allow ElasticSearch to have a cloud monopoly_. | | This sounds like Tesla selling you a car that you are allowed to | service yourself, but you cannot have a professional service it | for you except for Tesla. | | I don't have a strong opinion towards the practice (I'm also | working for a company that does closed source after all), but I | do believe it is important to show respect to the freedoms that | both free software and open source try to protect. | | [1] https://www.gnu.org/philosophy/selling.en.html | Pfhreak wrote: | There's a famous essay about the Tragedy of the Commons -- the | high level idea is that if there is a resource that is commonly | available for free then some users will exploit it for their own | gain. It originally referred to ranchers who would overuse | communal grazing lands, but I think the lessons apply equally | well to open source as well. | | In my opinion, a healthy open source ecosystem relies on people | using and contributing back, supporting the distributed creators | that make the ecosystem possible. This historically has been | something of a gift economy or social contract, but it's become | wildly distorted by companies (e.g. Amazon/AWS) attempting to | overuse the commons resource and make profit from it. | | So it comes as no surprise that when one rancher comes in and | overgrazes the common resource, the other participants might want | to make some changes in rules. These new licenses aren't "just | because", they come from lived experience of entities like Amazon | coming in an exploiting a shared resource. | | And I get it, the letter of the law says, "Do whatever you want | with this shared resource". And there are plenty of folks who | believe that Amazon has done nothing wrong -- the rules allowed | for overgrazing, so naturally the right thing for Amazon to do | was to overgraze. | | I personally see it differently -- Amazon is hiding behind the | letter of the licenses and totally distorting a community, | exploiting the gifts of the engineers' labor, and getting us to | point our fingers at one another over the "one true definition of | 'Open Source'" rather than constructively figuring out ways to | protect the community of open development and reward the | individual workers who volunteer their time. | x0x0 wrote: | I also find it befuddling that people here appear to be very | opposed to their dependencies monetizing. We should be in favor | of our deps being well monetized; we get high quality features, | good engineering, fast (and ideally proactive) security, etc. | Our eng teams are making multi-million dollar investments into | our dependencies and having to port away is extremely costly, | both in dollars and opportunity cost. | guerrilla wrote: | > There's a famous essay | | An essay famously refuted by the work of the first woman to win | a Nobel prize in economics. She spent half her life collecting | evidence showing that in reality what you describe is more | often not what actually happens and outlining the conditions | (derived emperically) under which commons resource management | works. [1] | | 1. https://en.m.wikipedia.org/wiki/Elinor_Ostrom#Research | 838812052807016 wrote: | I'm not sure the tragedy of the commons applies here since | there is no scarce resource. How does a big company profiting | from open source code hurt the open source project? ___________________________________________________________________ (page generated 2021-03-18 23:00 UTC)