The article spends a lot of words to obfuscate the truth that their "third way" is traditional proprietary software. Their online license store offers two products:
* "Parity Public License" is a poorly drafted and extremely aggressive alternative to the AGPL, requiring users to "Contribute all source code for software you develop, deploy, monitor, or run with this software".
* "Prosperity Public License" is a proprietary shareware license with a 32-day free trial.
This license is trying to square the circle of having source code open to individuals who want to tinker with it and at most cover their costs, and those who want to build multi billion dollar empires out of it.
Facebook, Google and Amazon wouldn't be the monopolies they are today if the software cost of spinning up 1 server wasn't the same as the cost of spinning up 1,000,000.
This is a very hard problem where intention matters far more than anything concrete. I can run 50 copies of some IoT code and still have it be non-commerial, I can run one copy of linux and have it as the core of a multi million dollar business.
Today we have the problem of centralized servers far more than of secret source code. The GPL can't deal with this at all, and the AGPL is one small step in the right direction. Spreading the gains of the internet giants is one way of dealing with the problem of monopoly, one that is much less violent than splitting each company into several smaller ones that should compete against each other, as nearly happened to Microsoft.
Traditional proprietary software is not publicly available in source form. _That's_ the point of the post, and the "third way": make source available, and develop it in the open, without giving a permissive public license that defeats your other immediate needs. Transition to a permissive license later, if and only if that meets your needs then.
Parity is a radical copyleft license. If "not perfectly clear in every case" means "poorly drafted" to you, welcome to the wonderful world of legal drafting. You might like to review:
Who bears the cost of the uncertainty in rules 1-3 of the Parity license? Does that help or hurt the goals of the license? For more on Parity, and the thought that went into it, see:
As for "shareware", the definition isn't rigorous. But almost all the shareware I've used was distributed binary- or bytecode-only, and often feature-incomplete, or limited by license-key-based software controls. Which is the point again. Developers can publish source without giving open source licenses.
I have no problem with somebody deciding that a shareware or dual-licensing model are the best choice for their business. But it's incredibly toxic for the people pursuing those models to muddy and contort the accepted definition of "open" in order to misrepresent what they are doing.
It's deeply disingenuous for this blog post to use the word "bullying" to describe the community's rejection of software distributed under undesirable or ill-considered terms. You can ship your code under whatever terms you want, but don't act like users and contributors have an obligation to support you when you make choices that don't serve their interests.
If you mean the Open Source Definition, I once shared your view. I can't any longer. Most times I bring it up, my conversation partner has never heard of it. When I explain, most times they don't care.
As for "bullying", that very adequately describes behavior on GitHub, Twitter, mailing lists, and news sites toward those behind React, Commons Clause projects, and Lerna. "Failure to support" is a straw man.
Maybe the reason there's not much "public-domain" "closed-source" software is the same as there's not much "all rights reserved" "source-available" software:
Commercial "source-available" software is probably more common than you realize -- it's more common in B2B and B2gov contexts than in B2C contexts though. You can be sure that when the US military buys licenses for software, they want to be able to audit the source code! Similarly, Tarsnap isn't open source but I provide the source code (and actively encourage people to audit it).
The Windows source code is available for some universities and some governmental agencies and some big companies, after signing a DNA and some additional paperwork, so it is somewhat in the "all rights reserved" "source-available" category.
I'm not sure if many webapps like gmail that have a big chunk of the UI in javascript count as "all rights reserved" "source-available". The code is minimized, obfuscated, and perhaps is the result of the transpilation of the real source, and it must talk to the servers that has not public source code.
There was lots of closed-source public domain software in earlier eras. The ethos of most of the non-commercial software on the British micros, for example, was never about the source.
Stuff written in BASIC naturally came with its own sources, but even then people would often obfuscate it to avoid derivative works being made. People wanted reputation, not money, and they didn't want their work ripped off, or for others to profit off their labours.
In the RISC OS community I was a part of, releasing source as a matter of course only became common with the influence of Linux. Before that, binary-only PD with homebrew or completely absent licensing was the norm.
There is plenty of source-available software, and I'd suggest your perception to the contrary might have more to do with thinking in the limited terms I described. For a recent example, isn't all software using the Commons Clause source-available, as I define it?
The reason there isn't much in the public-domain, closed-source quadrant is that permission without code is completely useless. For example:
I hereby grant you, m1el, an MIT license for the short novelty program I have just fixed in the tangible medium of expression know as my hard drive, project name Caveman. Enjoy!
Compare code without permission, which still has some limited value for others, especially educational and inspection value, as well as for the developers, in the form of access to free services.
I'd also put a number of public-patent-grant programs in that family. That's potentially much more interesting.
I'm still confused about the paranoia around AGPL.
If MongoDB is AGPL, why does everyone else throw a shit fit? Despite its faults, MongoDB is still massively popular, so I assume it's used at many enterprises.
Also, side note: can anyone point a blog post (preferably from a lawyer) that explains why AGPL is so problematic?
Most open-source licenses are anchored in copyright law, which is "default deny": you don't have the right to copy other people's works unless they grant you permission. This is good because copyright law is well understood, but means the license itself can only be used to restrict behavior that require copyright permission.
The AGPL attempts to restrict behavior that does _not_ require copyright permission. If I have MongoDB running on my server and it serves as a datastore to my website, then no part of MongoDB is copied off my machine. Copyright doesn't apply. So the only way the AGPL can exist is if it's _not_ a copyright license.
But if the AGPL isn't a copyright license, what _is_ it? Is it a contract with no consideration? Is it a copyright license _combined with_ a contract? Is it like a EULA, and if so, how does it apply when the apparent end-user (the person visiting my site) hasn't accepted the terms?
Lawyers don't like these sort of pseudo-contract legal constructs, they're the law equivalent of a flaky hour-long integration test.
I can only give you my opinion as I'm not involved with MongoDB, I'm not a lawyer and I'm not an expert on AGPL. However, I spend a fair bit of my spare time reading licenses and thinking about them.
There are really 2 issues you need to keep in mind: 1) there is a difference of opinion about whether linking to an unmodified, GPL or AGPL licensed library is considered to be a "modification" of that library; 2) GPL and AGPL are different in terms of software that is only accessed via a network (i.e., the user does not receive a copy of the executable code).
In the first point, the FSF (who maintains these licenses) believes that linking to a GPL or AGPL license creates a "combined work" that requires a license that is compatible with the GPL or AGPL. In other words, you can't "convey" (distribute) the combined program unless the overall license has compatible terms. Other people disagree. To my knowledge, this point has not been tested in court. While the GPL itself is well tested in court now, that is for applications that are clearly based on a GPL licensed piece of code. Whether or not a library that is providing a utility function has that same legal protection is still untested (as far as I know).
However, there are a couple of things that I think are important about this. First, the intent of the licenses is clear. It's a completely jerk move to use a GPL or AGPL licensed library without considering the intent of the authors that chose that license. You might get away with it legally, but why be a jerk just to save a few bucks? (Not that it stops people...) Secondly, the intent of the license is clear, if you want people to use the software in a different way, please pick a different license! There are many appropriate licenses (and probably the LGPL is what a project like MongoDB should be licensed as). I'll talk a bit about that at the end.
With the second point, it's important to understand the difference in use cases for the GPL and AGPL. The GPL is intended for applications that are meant to be "conveyed" (distributed) to the user. The user then runs the program themselves. With a GPL or similar license, they enjoy the 4 freedoms of being able to run the software for any purpose, inspect the source code, modify the source code, and to distribute their modifications if they wish (as long as they grant the 4 freedoms to their users).
The AGPL is designed to give similar freedoms to people who do not receive an executable -- their only interact with the software is through the network. The only reason for choosing the AGPL is to ensure that users can receive the source code to: run the code for any purpose (rather than just the purpose the service provider allows), inspect the source code, modify the source code, and distribute their changes.
I don't know the history of MongoDB, so I don't know why they chose the AGPL. It is frankly a bizarre choice, IMHO. My only guess is that they intended that users of an online service be given access to the MongoDB source code. Why they thought that was important, I really don't know. The MongoDB developers are pretty adamant that the license does not restrict people from building services that are not AGPL.
In practical terms, for the moment anyway, it's not a big deal. Even if the AGPL applies to the combined software (and FWIW, I believe that it does), the only people who have standing to sue are the copyright holders of MongoDB. They have clearly said that they are happy with people not offering the 4 freedoms when making services using MongoDB. In other words, you can be relatively sure they aren't going to sue you -- and nobody else has standing to do so.
On the other hand, it's still a legal liability. If MongoDB changes hands some day and the new copyright holder has a different opinion, will you end up getting sued? Although I think it is incredibly unlikely, it could definitely happen. Crazier things have happened.
To sum up, AGPL is not problematic at all, if you are using it as intended (as an aside, I actually don't like some of the wording, which I think is a bit hand-wavy at times, but it's the best license that I know of for the niche that it occupies). The only problem is that MongoDB developers are using it in a way that differs from its intended purpose and are thereby muddying the waters in terms of communicating what they want. I suspect they simply made a mistake originally and now it's just too difficult to make the license change.
As an active maintainer of a popular 8.8K+ starred Open Source project, I can attest to how hard and difficult it is to run, fund, finance, etc.
But, at the end of the day, there is no excuse - we cannot sacrifice our ideals/values just because Open Source can be rough.
True Open Source is worth making the sacrifice for, but there are a lot of new/old licenses trying to evangelize themselves as "Open Source" but are secretly masked proprietary/cripple-ware. This needs to be stopped.
A noncommercial license like Prosperity differs from a permissive license like MIT only in withholding permission for unlimited, free commercial use. If that delta holds your value system, then your value system amounts to business welfare, financed largely by individual sacrifices. That's a strange kind of martyrdom.
There's no question that useful software that costs for commercial use produces less economy-wide benefit than useful software that's always free of charge. But the question isn't how much potential benefit open source can pump out, but rather how much benefit open source can pump out for the cost, and how that cost gets allocated.
I've never held Prosperity, or its predecessor, out as open source licenses in the traditional sense. Others have called them so, even after I pointed out my own opinion.
I have and do hold Parity out as an open source license. If copyleft licenses don't meet your definition of open source, or only copyleft licenses with known, practical software-freedom vulnerabilities, I can certainly square that with your view of open source's purpose. But I can't square it with open source's history, or with most stacks we call "open source".
Would we have this discussion if the authors of powerful software powering multi billion dollar enterprises benefited more?
I wonder what happens when these peolle are given financial security?
As an investment in the future, the returns could be amazing! Many, if not all, authors really care and it shows.
Would making sure they are free to care, live well, maybe create more be such a bad thing?
Secondly, with that on the table, I wonder about the quality, and drive to create like that. We may see amazing tools.
Re: Open Source
Being able to see the source is high value. Being able to build on others work is high value.
Arguably, high enough value to trigger this kind of mess.
Pay them. Seriously.
Is the problem one of ego? AwesomeSauce.com wants to be recognized and get value from their work. Is recognizing CantLiveWithout DB or Language, Toolkit, etc... taking away from all that somehow?
Is it one of confusion?
AwesomeSauce.com paid, only to see AlsoAwesomeSauce.com not pay?
Does that matter, if bazillions are being made?
Seems to me this all can be litigated to our mutual detriment, or it can be handled as a family struggle, or worse.
Have to say, I do not blsme people looking hard at billion dollar enterprises, and their many big fix, support requests with a jaded eye, maybe a hungry one.
Fixing that scenario may well be ultra cheap compared to the mess and opportunity costs to come.
I put this here to stimulate some discussion, not as judgement, or anything aimed at anyone.
Really open licenses are a good thing. Really, really good thing. Many of us know the story. Pick up some code, any computer we can find and just build.
Breaking that seems extreme. Maybe it just does not need to be that way.
Maybe it should not.
What is worth what here?
Perhaps those conversations go far easier than the current ones will, and it is not like tech as a whole can't afford a solution.
Again, not a negative, or statement against anyone. Just thinking out loud here.
There is some resistance in these discussions though. Some people don't seem to like the idea of not being able to commercially benefit from free software for free, while working at organizations abusively dominating markets. Sort of oxymoron, restricting freedoms using unrestricted freedoms. The supply of unrestricted will dry out of course, as somebody has to pay for all of this. Either way changes are inevitable.
[+] [-] jmillikin|7 years ago|reply
* "Parity Public License" is a poorly drafted and extremely aggressive alternative to the AGPL, requiring users to "Contribute all source code for software you develop, deploy, monitor, or run with this software".
* "Prosperity Public License" is a proprietary shareware license with a 32-day free trial.
[+] [-] antt|7 years ago|reply
This license is trying to square the circle of having source code open to individuals who want to tinker with it and at most cover their costs, and those who want to build multi billion dollar empires out of it.
Facebook, Google and Amazon wouldn't be the monopolies they are today if the software cost of spinning up 1 server wasn't the same as the cost of spinning up 1,000,000.
This is a very hard problem where intention matters far more than anything concrete. I can run 50 copies of some IoT code and still have it be non-commerial, I can run one copy of linux and have it as the core of a multi million dollar business.
Today we have the problem of centralized servers far more than of secret source code. The GPL can't deal with this at all, and the AGPL is one small step in the right direction. Spreading the gains of the internet giants is one way of dealing with the problem of monopoly, one that is much less violent than splitting each company into several smaller ones that should compete against each other, as nearly happened to Microsoft.
[+] [-] kemitchell|7 years ago|reply
Parity is a radical copyleft license. If "not perfectly clear in every case" means "poorly drafted" to you, welcome to the wonderful world of legal drafting. You might like to review:
https://heathermeeker.com/open-source-faq/what-are-the-most-...
https://mjg59.dreamwidth.org/49370.html
https://writing.kemitchell.com/2016/09/21/MIT-License-Line-b...
Who bears the cost of the uncertainty in rules 1-3 of the Parity license? Does that help or hurt the goals of the license? For more on Parity, and the thought that went into it, see:
https://blog.licensezero.com/2018/09/14/free-to-take-freedom...
As for "shareware", the definition isn't rigorous. But almost all the shareware I've used was distributed binary- or bytecode-only, and often feature-incomplete, or limited by license-key-based software controls. Which is the point again. Developers can publish source without giving open source licenses.
[+] [-] segphault|7 years ago|reply
It's deeply disingenuous for this blog post to use the word "bullying" to describe the community's rejection of software distributed under undesirable or ill-considered terms. You can ship your code under whatever terms you want, but don't act like users and contributors have an obligation to support you when you make choices that don't serve their interests.
[+] [-] kemitchell|7 years ago|reply
As for "bullying", that very adequately describes behavior on GitHub, Twitter, mailing lists, and news sites toward those behind React, Commons Clause projects, and Lerna. "Failure to support" is a straw man.
[+] [-] m1el|7 years ago|reply
https://i.imgur.com/bSdusjH.png
It's not about "two-party system", it's about the "natural" distribution of software distribution models.
[+] [-] cperciva|7 years ago|reply
[+] [-] gus_massa|7 years ago|reply
https://www.microsoft.com/en-us/sharedsource/
I'm not sure if many webapps like gmail that have a big chunk of the UI in javascript count as "all rights reserved" "source-available". The code is minimized, obfuscated, and perhaps is the result of the transpilation of the real source, and it must talk to the servers that has not public source code.
[+] [-] pmyteh|7 years ago|reply
Stuff written in BASIC naturally came with its own sources, but even then people would often obfuscate it to avoid derivative works being made. People wanted reputation, not money, and they didn't want their work ripped off, or for others to profit off their labours.
In the RISC OS community I was a part of, releasing source as a matter of course only became common with the influence of Linux. Before that, binary-only PD with homebrew or completely absent licensing was the norm.
[+] [-] kemitchell|7 years ago|reply
The reason there isn't much in the public-domain, closed-source quadrant is that permission without code is completely useless. For example:
I hereby grant you, m1el, an MIT license for the short novelty program I have just fixed in the tangible medium of expression know as my hard drive, project name Caveman. Enjoy!
Compare code without permission, which still has some limited value for others, especially educational and inspection value, as well as for the developers, in the form of access to free services.
I'd also put a number of public-patent-grant programs in that family. That's potentially much more interesting.
[+] [-] misterbowfinger|7 years ago|reply
If MongoDB is AGPL, why does everyone else throw a shit fit? Despite its faults, MongoDB is still massively popular, so I assume it's used at many enterprises.
Also, side note: can anyone point a blog post (preferably from a lawyer) that explains why AGPL is so problematic?
[+] [-] jmillikin|7 years ago|reply
The AGPL attempts to restrict behavior that does _not_ require copyright permission. If I have MongoDB running on my server and it serves as a datastore to my website, then no part of MongoDB is copied off my machine. Copyright doesn't apply. So the only way the AGPL can exist is if it's _not_ a copyright license.
But if the AGPL isn't a copyright license, what _is_ it? Is it a contract with no consideration? Is it a copyright license _combined with_ a contract? Is it like a EULA, and if so, how does it apply when the apparent end-user (the person visiting my site) hasn't accepted the terms?
Lawyers don't like these sort of pseudo-contract legal constructs, they're the law equivalent of a flaky hour-long integration test.
[+] [-] mikekchar|7 years ago|reply
There are really 2 issues you need to keep in mind: 1) there is a difference of opinion about whether linking to an unmodified, GPL or AGPL licensed library is considered to be a "modification" of that library; 2) GPL and AGPL are different in terms of software that is only accessed via a network (i.e., the user does not receive a copy of the executable code).
In the first point, the FSF (who maintains these licenses) believes that linking to a GPL or AGPL license creates a "combined work" that requires a license that is compatible with the GPL or AGPL. In other words, you can't "convey" (distribute) the combined program unless the overall license has compatible terms. Other people disagree. To my knowledge, this point has not been tested in court. While the GPL itself is well tested in court now, that is for applications that are clearly based on a GPL licensed piece of code. Whether or not a library that is providing a utility function has that same legal protection is still untested (as far as I know).
However, there are a couple of things that I think are important about this. First, the intent of the licenses is clear. It's a completely jerk move to use a GPL or AGPL licensed library without considering the intent of the authors that chose that license. You might get away with it legally, but why be a jerk just to save a few bucks? (Not that it stops people...) Secondly, the intent of the license is clear, if you want people to use the software in a different way, please pick a different license! There are many appropriate licenses (and probably the LGPL is what a project like MongoDB should be licensed as). I'll talk a bit about that at the end.
With the second point, it's important to understand the difference in use cases for the GPL and AGPL. The GPL is intended for applications that are meant to be "conveyed" (distributed) to the user. The user then runs the program themselves. With a GPL or similar license, they enjoy the 4 freedoms of being able to run the software for any purpose, inspect the source code, modify the source code, and to distribute their modifications if they wish (as long as they grant the 4 freedoms to their users).
The AGPL is designed to give similar freedoms to people who do not receive an executable -- their only interact with the software is through the network. The only reason for choosing the AGPL is to ensure that users can receive the source code to: run the code for any purpose (rather than just the purpose the service provider allows), inspect the source code, modify the source code, and distribute their changes.
I don't know the history of MongoDB, so I don't know why they chose the AGPL. It is frankly a bizarre choice, IMHO. My only guess is that they intended that users of an online service be given access to the MongoDB source code. Why they thought that was important, I really don't know. The MongoDB developers are pretty adamant that the license does not restrict people from building services that are not AGPL.
In practical terms, for the moment anyway, it's not a big deal. Even if the AGPL applies to the combined software (and FWIW, I believe that it does), the only people who have standing to sue are the copyright holders of MongoDB. They have clearly said that they are happy with people not offering the 4 freedoms when making services using MongoDB. In other words, you can be relatively sure they aren't going to sue you -- and nobody else has standing to do so.
On the other hand, it's still a legal liability. If MongoDB changes hands some day and the new copyright holder has a different opinion, will you end up getting sued? Although I think it is incredibly unlikely, it could definitely happen. Crazier things have happened.
To sum up, AGPL is not problematic at all, if you are using it as intended (as an aside, I actually don't like some of the wording, which I think is a bit hand-wavy at times, but it's the best license that I know of for the niche that it occupies). The only problem is that MongoDB developers are using it in a way that differs from its intended purpose and are thereby muddying the waters in terms of communicating what they want. I suspect they simply made a mistake originally and now it's just too difficult to make the license change.
[+] [-] marknadal|7 years ago|reply
But, at the end of the day, there is no excuse - we cannot sacrifice our ideals/values just because Open Source can be rough.
True Open Source is worth making the sacrifice for, but there are a lot of new/old licenses trying to evangelize themselves as "Open Source" but are secretly masked proprietary/cripple-ware. This needs to be stopped.
We had a good discussion about this on Twitter the other day: https://twitter.com/marknadal/status/1032763711008559104
[+] [-] kemitchell|7 years ago|reply
There's no question that useful software that costs for commercial use produces less economy-wide benefit than useful software that's always free of charge. But the question isn't how much potential benefit open source can pump out, but rather how much benefit open source can pump out for the cost, and how that cost gets allocated.
I've never held Prosperity, or its predecessor, out as open source licenses in the traditional sense. Others have called them so, even after I pointed out my own opinion.
I have and do hold Parity out as an open source license. If copyleft licenses don't meet your definition of open source, or only copyleft licenses with known, practical software-freedom vulnerabilities, I can certainly square that with your view of open source's purpose. But I can't square it with open source's history, or with most stacks we call "open source".
[+] [-] ddingus|7 years ago|reply
I wonder what happens when these peolle are given financial security?
As an investment in the future, the returns could be amazing! Many, if not all, authors really care and it shows.
Would making sure they are free to care, live well, maybe create more be such a bad thing?
Secondly, with that on the table, I wonder about the quality, and drive to create like that. We may see amazing tools.
Re: Open Source
Being able to see the source is high value. Being able to build on others work is high value.
Arguably, high enough value to trigger this kind of mess.
Pay them. Seriously.
Is the problem one of ego? AwesomeSauce.com wants to be recognized and get value from their work. Is recognizing CantLiveWithout DB or Language, Toolkit, etc... taking away from all that somehow?
Is it one of confusion?
AwesomeSauce.com paid, only to see AlsoAwesomeSauce.com not pay?
Does that matter, if bazillions are being made?
Seems to me this all can be litigated to our mutual detriment, or it can be handled as a family struggle, or worse.
Have to say, I do not blsme people looking hard at billion dollar enterprises, and their many big fix, support requests with a jaded eye, maybe a hungry one.
Fixing that scenario may well be ultra cheap compared to the mess and opportunity costs to come.
I put this here to stimulate some discussion, not as judgement, or anything aimed at anyone.
Really open licenses are a good thing. Really, really good thing. Many of us know the story. Pick up some code, any computer we can find and just build.
Breaking that seems extreme. Maybe it just does not need to be that way.
Maybe it should not.
What is worth what here?
Perhaps those conversations go far easier than the current ones will, and it is not like tech as a whole can't afford a solution.
Again, not a negative, or statement against anyone. Just thinking out loud here.
[+] [-] zzzcpan|7 years ago|reply
[+] [-] true_religion|7 years ago|reply
I would never put such a license in the same category as the MIT or Apache licence.
[+] [-] ChristianBundy|7 years ago|reply