So open source means only licenses that are most favourable to the big tech monopolists now?
As a user, I can use Elasticsearch just fine with the new license. I can read the code, modify it and use in my own projects.
So it is more difficult for Amazon to use their monopolistic power to build a competing service to the one that is financing Elasticsearch development? Yeah, good stuff.
If the big tech monopolists need something under a permissive license they should pay for its development.
> So open source means only licenses that are most favourable to the big tech monopolists now?
No, open source means the same thing it's always meant since the term was first coined. See the Open Source Initiative's Open Source Definition: https://opensource.org/osd.
Now someone will respond "why does OSI get to decide the meaning of the term?" Well, they don't have any _legal_ right to do so, but if you don't accept their definition, does that mean every person gets to come up with their own definition? And if they do, what's the point of using the term?
So it makes sense to take OSI's definition as canonical, the same way the Free Software Foundation's definition of Free Software is generally considered canonical (https://www.gnu.org/philosophy/free-sw.html).
Also, to forestall another common reply, I'm not defending Amazon or attacking Elastic. I'm simply trying to define a term that's at the center of this discussion. If we can't agree on the definition, then any discussion of whether a license is open source is moot. The same goes for discussing the impact and value of open source vs non-open licenses.
As a developer acting on behalf of an organization using open source, I benefit from being able to pay the vendor of my choice to host a given piece of software.
If only the single-source author can host it as a service, or you need the permission of the single source author to host it as a service, then my choices are either self-hosting, or paying whatever price the single legal-as-a-service-host wants to charge, at whatever service quality they provide. (The fact they can choose to allow other licensed hosts, perhaps for a free if they want, does not change their monopoly control). It is a form of vendor lock-in, and avoiding vendor lock-in is one popular motivation for using open source.
So yes, this restriction makes something not open source. This restriction also is not favourable to me as a user of the open source software. Open source was always about avoiding monopoly control of who is allowed to do what with the software. Monopoly control of who is allowed to host it as a service is such, and it is more favourable to me as a consumer when there is not that monopoly control.
Now, meanwhile, there are various market battles going on between various big tech cloud providers and other companies providing (previously) open source software. This is also true. Both things can be true.
For the consumer, as the OP suggests, your best bet is when there is software that can be produced sustainably by multiple entities collaborating, instead of a single company.
Now, if that's not sustainable, that's a problem. It's possible that open source is facing sustainability problems due to current conditions.
But that doesn't change the fact that monopolizing legal right to host software as a service is not open source, is rightly not approved by OSI, and is making consumers locked in to that single vendor (or their licencees), which is indeed contrary to intention of open source.
> As a user, I can use Elasticsearch just fine with the new license. I can read the code, modify it and use in my own projects.
This illustrates just one kind of user. And only in some situations. For example, lets say Elastic.co goes under. Under the license another company couldn't setup a replacement. So, the end user is screwed just as if a proprietary vendor had gone under.
What the companies behind the new licenses are attempting to do is have their cake and eat it, too. They want open source for all the cred and for one type of user. The want proprietary for the complete control of the stack right through some types of hosting situations.
It's hard to produce something completely open and yet monetize it in way that meets VC grown desires. That's why so many companies open source the common stuff but keep the special sauce proprietary.
First of all the 'spirit' of the new license is "you can do anything you like with the code, except if we don't want you to". Nobody knows when or whether one of these companies will turn around and say "that's now part of our business model, you can no longer do it". Perhaps they will decide that not only can Amazon not 'resell' their product, neither can anyone host it themselves, but everyone has to subscribe to their cloud service.
Secondly, although I love the Redis product for example, the company that sells it is no longer getting rewarded for their added value, as when they sold support or consultation, or as when AWS sells the fact of putting Redis on a machine and maintaining it. Instead they get paid for supplying something that no one else has, something which they have made artificially scarce.
Next, Amazon et al have resources and market power enough to push their own versions of these. Who will it serve when there's Amazon Redis, RedisLabs Redis, Community Redis, Azure Redis, all with slightly different interfaces? Who do you think will win? Amazon and Microsoft have the resources to destroy small competitors in these type of battles, and the user will be even more screwed. Just because Oracle failed with Jenkins, don't assume that no big tech is savvy enough to succeed at this game.
Lastly, free software wouldn't exist if everyone took your attitude. If Linus had told people that they could install his kernel for free, but that distros had to pay $2, Linux would never have been a thing. If you can't deal with sharing when someone else might end up putting in less and taking out more, you're not ready to share.
A viewpoint that often gets left out of these discussions is the intersection of true open source and doing big things. So many orgs and people in these debates fall into the easy trap of assuming the world of potential open source users (and contributors) can be split into two camps: there are small-scale/small-business/hobby/startup projects running on true open source, and then there are Big Internet Things run by Big Money Machines that can afford to pay any price and should, and probably don't care about open principles in the first place and therefore don't mind running a closed-source version of some project.
The Wikimedia Foundation (WMF) doesn't fit these molds: Wikipedia is kind of a Big Thing on the Internet, and yet the WMF is committed to openness and transparency, and part of that commitment is that we only use real open source software. This is increasingly a challenging proposition with the shift towards "Open Core" concepts and specialty not-so-open licensing. The "Open Core" model is especially challenging for the WMF, as it's usually structured along the lines of "The hobbyist version of this product is open source, but if you want the features that are necessary to operate at big global scale, you need to buy licenses and run proprietary extensions or versions." The WMF's principled way of operating relies on there being real open source projects that actually work for doing big things.
I think the Internet (and the world) would be a better place if there were more principled organizations like the WMF which operate with a high degree of technical transparency and openness. If open source licensing models keep going down these darker paths, it's hard to imagine such organizations being very successful. It should not be a given that doing big things in the world implies going proprietary and commercial and running hidden code nobody else can see (or use to replicate your success at other open orgs!).
> I can read the code, modify it and use in my own projects.
That isn't clear. The license language can be read as requiring you to provide the source code for any software that interacts with ES (e.g., the Linux kernel that you are using to deploy ES over) under the terms of the SSPL to your own users, which you literally can't do.
Elastic claims in their FAQ that this is not the intention, and that may be enough, but it is debatable. Regardless, the SSPL is a bad license for having this ambiguity in the first place.
> So open source means only licenses that are most favourable to the big tech monopolists now?
The article explains its point of view in the first paragraph:
"I’ve been asked repeatedly about a two-year trend in the open source ecosystem: ‘single source’ open source companies scrapping their Open Source Initiative-approved open source license for a ‘source available’ license."
In spanish* we have a word: "emparejado" which means a door is not open but not quite closed. It appears closed, but it's not. Maybe we should use "emparejado-source" :)
Careful when you read and modify it, since it’s not actually an open source license, you can poison yourself if later in your career you decide to write a new thing in the same space. Someone could come and argue that you are writing a derivative work, similar to if you spent years seeing closed source software inside a company and then went and made a similar product. That’s the actual safety from using something like MIT, BSD, or Apache: who cares whether or not the projects you read and maybe even contributed to inspired you, or if code you later write coincidentally looks similar to code from these projects, it’s no strings attached! These licenses however have many of the same legal subtleties as the GPL, except with a more explicit commercial intent, and owned by parties who have already demonstrated that they become unhappy when competitors make more money than them (as opposed to the “spirit” of the GPL which ultimately just wanted everyone to be able to see the code).
> So open source means only licenses that are most favourable to the big tech monopolists now?
Fully agree with your opinion here. In fact, I posted a lengthy comment on reddit about this, here it is copy/pasted. NB: "You" below refers to the OP on reddit I was replying to.
---
Yes, and that's why the phrase "open source" would be perfectly appropriate: open for inspection, review and modifications, but with possible restrictions on use and redistribution.
Now from your description and quick glance at approved OSI licenses, the problem is that OSI seems to like and approve "free source" licenses, "free" basically being the freedom to do what the heck you want with it. (Except for GPL and its variants as /u/nemec noted. Not to mention that Affero GPL is OSI-approved and comes with restrictions/obligations not unlike the new Elastic license.). [EDIT: this paragraph was meant to illustrate the ambiguity of "open" in the OSI's license collection.]
If somebody is the "enemy" of developers here (in terms of they getting fairly compensated), it's OSI: they've made a marketing stunt (which you seem to have bought -- and I don't mean anything bad by this -- you're not alone) by adopting the phrase "open source" instead of "free source", or even more explicit phrase "free-rider source". So now you have a bunch of developers striving for the OSI "seal of approval" and donating their work for free to huge companies. It almost seems like a plan devised by those big companies. Oh wait, look at the sponsors: https://opensource.org/sponsors
No, I do not believe that OSI is the result of a conspiracy of big companies. But those big companies have been smart and coopted OSI for their benefit and now contribute to OSI to keep the marketing stunt rolling on.
Honestly, I wonder whether GPL and AGPL world be considered open source licensing if they were released today. Ironically, it's commercial interests that have made the Apache-like licenses popular in the first place.
> So open source means only licenses that are most favourable to the big tech monopolists now?
Open source originated in the 1980s and 1990s in largely academic circles. It gained mainstream popularity as an alternative to closed source "shrink wrap" software and closed shareware.
Back then the legitimate fear was that closed-source vendors would lock everyone in and end up effectively owning the entire computing ecosystem and the Internet. By the mid-late 1990s Microsoft was well on its way to having a total OS monopoly on PCs and increasingly servers, and were it not for Linux and many other projects this likely would have come to pass.
Good news: open source mostly won! We now have a fairly open compute ecosystem. Even Windows was dragged into adopting more Posix-like standards, and the Mac is just a proprietary GUI and set of system services running on top of a mostly open BSD kernel. It's borderline trivial to port most software between Windows, Mac, BSD, and Linux, so we avoided OS lock-in!
Then along came the SaaS business model and closed Internet silos.
Cloud-hosted SaaS just totally upends everything. Now open source doesn't really matter from a freedom perspective. The cloud has all your data, and by keeping select bits of code (or even just the system configuration) secret and locked inside cloud servers vendors can achieve DRM that is effectively impossible to circumvent.
You can't even run the software yourself, and even if you could your data isn't yours. Having the source is meaningless. It's a model that's more closed than closed, and not only is it compatible with classical open source but is actually fed and sustained by it. Open source is free labor for closed cloud SaaS.
The OSI is fully industry captured and isn't interested in challenging this, which is why large projects are adopting non-OSI-compliant licenses.
The problem with these licenses is that they're not open source and they're pretending to be. I doubt you could start a new project and get adoption if you start with these licenses.
There were problems with some OS projects keeping security / auth stuff out of the main project so that it could be used to drive commercial sales.
You can compete on hosting (very hard), support, customization, advanced / narrow features. But it needs to be in alignment with the users / contributors.
> In response to this pressure, many open-core or dual-license companies, including Confluent, MongoDB, Cockroach Labs, Redis Labs, Timescale, and Graylog moved away from OSI-approved licenses to licenses that are not ‘open source.’
Redis Labs gets undeserved flack for their licensing changes. Redis remains fully open source under the BSD 3-Clause License. The relicensing only applied to the modules that are part of Redis Labs' paid offerings. So it's the open core model, but even better because the non-core offerings are source-available.
What's up is that large companies started abusing the open source licenses to benefit themselves at the expense of open source communities. All it took was one jerk ignoring the spirit of open source and exploiting open source projects to the maximum extent that was legal under the old licenses. It's not hard to guess who it was either.
It's a good lesson. As soon as one person cheats or violates the spirit of a system, everyone else has to too or they'll fall behind. Unethical people ruin everything.
This article takes a purist stance driven by a rigid adherence to ideology. Let's look at this another way...
Open-source and proprietary licenses are at two ends of the software development spectrum. The open-source model maximizes ease-of-adoption but doesn't provide much incentive for the developers. Proprietary software provides a lot of incentive but adoption can be slow and burdensome.
Let's assume that a good goal for society is to maximize the rate of innovation in software. To do that, you need a mix of BOTH ease of adoption and suitable development incentives. Source-available licenses are an attempt to accomplish this.
Is this a perfect solution? Probably not. I think better licensing models are still waiting to be discovered.
However, my sense is that these new licenses will accelerate the development of software with limited downside for the user. After all, they are designed only to impact companies attempting to sell a SaaS.
In addition, they have the potential to weaken the tech monopolies which, in my mind, is a Very Good Thing.
> After all, they are designed only to impact companies attempting to sell a SaaS.
Well, that’s the PR message associated with the new wave of source-available licenses (source-available licensing is not, itself, new; its long been an established form of proprietary licensing.) But it doesn’t hold up: you can’t harm competing services providers without harming end users. There is a reason why the very different ideologies of the Free Software Movement and the Open Source Community nevertheless have stably settled on definitions which are virtually identical in practical applications (and even though those communities have very different preferences for licenses within the scope meeting their similar definitions.) It is because the space is not a continuum, and there is a minimum needed in each of a number of axes of liberty for the whole structure not to collapse into something which either community prefers free/open licensing. Particularly, without robust freedom that protects what other people can do with it (including there ability to sell you services built around the software that the original maker might also want to sell), you are not insulated against future actions of the copyright owner restricting the software or its or others services around it.
And this isn’t opaque to the people issuing these licenses; the overt motive is to enhance monetization by preventing licensees from competing with them to sell services: it is to create a moat enabling monopolization and monopoly rents. That’s the explicit idea: to create lock-in that free/open licenses would not support.
The benefit that the licensors seek directly depends on the harms that extend beyond competitors to end users.
If these licensing models were worthwhile, they would be able to stand on their own merits. I've no objection to someone coming up with a new licensing model and trying to show that it's a good way to make software, good for society and all that. What I object to is freeloading on the success of the open-source model by obscuring the differences between your model and that model. If you're genuinely trying to pursue a new model that you think is worthwhile, own it! Give it a name that doesn't sound like "open source", that could never be mistaken for being the same thing as open source.
> After all, they are designed only to impact companies attempting to sell a SaaS.
That might be the intent, but the problem is that integrating any non-free software to a bigger project becomes problematic because the combined project likely becomes non-free. Which is most apparent in that these non-free components will not be appearing on any major distros main repositories.
So the non-free software remains an isolated island rather than melding smoothly into the larger ecosystem. And this has impact well beyond some SaaS providers.
It doesn’t seem all that purist? It describes the situation, but in the end it says to decide for yourself what you want to do.
There is some mild caution about knowing the differences between these licenses, and mild support for open source projects that aren’t controlled by a single vendor.
I disagree. I personally would prefer to license the code I write myself with a GPL copyleft or a 'no commercial use' type of license. However, I license it instead under MIT, specifically to make sure that your average corporate user will be ok using it because:
1. I would prefer that it be widely used. Not because I am seeking clout or advancement, but because that's why I share it.
2. Sharing benefits everyone, including me. Fragmentation and bureaucracy harms everyone, including me.
3. I don't support monopolistic practices by large tech, but this is not the way to stop them. What we had before widespread free software was worse than it is now, arguably held back human progress for years, and didn't stop Microsoft one bit.
I wonder, what keeps a project like postgresql "healthy" and true to its open source/free software roots, and what makes redis/elasticsearch/etc go down this new path of "source available" licenses? From 30000 ft, they are all just data management software.
Is it just that Pg is older? Is the code too complex? Do they simply have more diverse group of contributors?
And, how do we keep Pg and other projects 'healthy'?
> Open source-licensed projects with a non-profit home, neutral trademark ownership, and multiple significant contributors are less likely to face pressures to relicense. Projects that are the main revenue generator for a ‘single source’ for-profit company have different dynamics.
To "protect" important projects, the more we can find a way to keep them running via a non-profit structure would probably help most of them.
This is why I think the Rust Foundation is an important step for that language, and gives me optimism. It's the right approach: basically, become supported by multiple businesses, effectively not putting all your eggs in one basket. I hope the Rust Foundation succeeds and becomes a paradigm more popular than "try to build a business on my open source project" concept.
An important component that seems many people miss, is that both open source and free software licenses include a business model[1] in the definition: other people are free to sell services for the licensed software.
Some people claim _I can download the software and use it for free, so it is ok that Amazon should not make money out of it and allow ElasticSearch to have a cloud monopoly_.
This sounds like Tesla selling you a car that you are allowed to service yourself, but you cannot have a professional service it for you except for Tesla.
I don't have a strong opinion towards the practice (I'm also working for a company that does closed source after all), but I do believe it is important to show respect to the freedoms that both free software and open source try to protect.
There's a famous essay about the Tragedy of the Commons -- the high level idea is that if there is a resource that is commonly available for free then some users will exploit it for their own gain. It originally referred to ranchers who would overuse communal grazing lands, but I think the lessons apply equally well to open source as well.
In my opinion, a healthy open source ecosystem relies on people using and contributing back, supporting the distributed creators that make the ecosystem possible. This historically has been something of a gift economy or social contract, but it's become wildly distorted by companies (e.g. Amazon/AWS) attempting to overuse the commons resource and make profit from it.
So it comes as no surprise that when one rancher comes in and overgrazes the common resource, the other participants might want to make some changes in rules. These new licenses aren't "just because", they come from lived experience of entities like Amazon coming in an exploiting a shared resource.
And I get it, the letter of the law says, "Do whatever you want with this shared resource". And there are plenty of folks who believe that Amazon has done nothing wrong -- the rules allowed for overgrazing, so naturally the right thing for Amazon to do was to overgraze.
I personally see it differently -- Amazon is hiding behind the letter of the licenses and totally distorting a community, exploiting the gifts of the engineers' labor, and getting us to point our fingers at one another over the "one true definition of 'Open Source'" rather than constructively figuring out ways to protect the community of open development and reward the individual workers who volunteer their time.
> Open source-licensed projects with a non-profit home, *neutral trademark ownership*, and multiple significant contributors are less likely to face pressures to relicense.
Presumably something like "Linux", where although it's owned by Linus Torvalds, there is no single bully organization that gets to use it to the exclusion of others. So, the opposite of something like Mozilla, where Mozilla Foundation owns the trademark, but there's a for-profit vendor that also gets to use it in exchange for kickbacks to the Mozilla Foundation, no one else in the community can operate under that banner, and they have to make it abundantly clear that their work is not endorsed by Mozilla.
Maybe "ownership by a foundation" like Apache or Linux Foundation? Projects I've worked on for corporations have sometimes been donated to foundations for neutral ownership.
That is almost certainly reference to several open source projects where building the thing from source and distributing the resulting build artifacts is "legally problematic" because of trademarks. In the 00's this was giant issue for Mozilla(TM) anything. If I understand it correctly there is some kind of related issue with for example "OpenShift(TM)".
On the other hand it somewhat seems that most projects learned from the mozilla shitstorm, at least looking at the amount of "foo"s with open core "foo-ium"s. The point there is that whatever sourcetree that the version with trademarked branding gets built from should be fork of the branding-free opensource project, not the other way around.
A bit off topic, but is there some consensus about what the best way to license software so that non-commercial use = MIT, commercial use = 'proprietary, please negotiate a license' is?
If you're just sharing binaries then CC-BY-NC-SA (or some other variant of the creative commons licenses). For open source projects there isn't really an agreed upon equivalent. The most popular version is probably "AGPL, or talk to us for a more permissive licence". Most companies would rather pay you than use something under AGPL license terms, but for hobby use AGPL works just fine.
If I, an open-source hobbyist, am thinking about incorporating some code from your software into my project which I want to allow unrestricted commercial use of (i.e., which I want to put under a standard F/OSS license), even though I am not making any money from it, are you okay with that?
If you're not okay with that, then the open-source-like properties of allowing derivatives / incorporation into other works probably just aren't appealing to you at all, and what you probably want is a simple "Non-commercial use is permitted" statement. But it won't actually be the MIT license, which permits unrestricted use, modification, and redistribution.
If you are okay with me incorporating your code, then how do you define how much of your code I can use? If I build a GUI around your program and I tell AWS that they can freely build a GUI, is that still okay with you? That's going to have to be a case-by-case thing, probably.
Another question is what you expect to do about contributions. If I, an open-source hobbyist, contribute some useful feature to your code, am I entitled to get paid a portion of what commercial users pay you? The simplest answer here might be to not accept contributions.
Some practical options, depending on what you're really trying to do, might be:
- licensing under the AGPL, on the assumption that many companies are scared by it even though it isn't a restriction on use (just a compliance headache for potential external use), and maybe clearly advertising a less restrictive commercial license (which could be MIT, or could be a super long contract/EULA) for money
- licensing a previous version of your code under the MIT license, but keeping the current version as just source-available
- marking commercial features as proprietary and source-available (what GitLab does, and what Elasticsearch used to do)
- capitalizing on the fact that you know the software really well, and selling consulting / support but using a free software license (what Red Hat, Canonical, etc. do)
- capitalizing on the fact that you know the software really well, and running it as SaaS (what Google does with Kubernetes, for instance)
- giving your software a simple "Non-commercial use permitted" statement, but saying that open source developers who are interested in parts of your code are free to contact you and you're willing to relicense limited parts of the code as MIT on request
Finally, what's your goal? Is it to prevent commercial use? Is it to make money from commercial users? Commercial software houses are, sort of by definition, good at writing software in-house - if your software is a really good idea as opposed to a really good implementation of an old idea, chances are that a motivated commercial developer will just make their own version of it.
> “the Open source-licensed projects with a non-profit home, neutral trademark ownership, and multiple significant contributors are less likely to face pressures to relicense”
It’s a good observation, but how many non-profit style open source projects actually exist and how do we create more of those?
Side query but can their be like a Defanger license that everyone other than FAANG companies can use? Just so you know, to make em bleed... Or at least a clause that FAANG has to pay to use the software but it is open-source for everyone else just to level playing grounds?
These companies should come up with a practical version of the AGPL or, if they don't find a need, just use it directly.
Cooking up your own license ala Mongo is not going to help you amongst the professional users. Companies that take their legal obligations seriously are not going to use your not-so-open-source offerings on the basis of interpreting your weird anti-amazon clause.
Aren't most open source projects single source in practice? even the big non-profit projects tend to have a single company heavily promoting and developing them behind the scenes e.g. cloudera, databricks etc.
Databricks most popular open source contributions are with Spark, which is owned by Apache, not by Databricks. Looking at Delta Lake, a more recent project still owned by them, it uses a DCO, not a CLA, which means it only has the clauses that relate to a developer stating they have a legal right to license the software as open source (apache 2.0 in this case). Likewise Cloudera mostly works on Apache owned projects.
This is important, because it means that while Apache could relicense to give themselves an unfair advantage, Cloudera or Databricks could not. People trust Apache not to, being an independent non-profit and the act would destroy their reputation, and given the ASF's main product is being seen as vendor neutral and independent (well that or Apache httpd, but the latter is clearly becoming less and less relevant), would be a serious blow to the organisation.
[+] [-] cardanome|5 years ago|reply
As a user, I can use Elasticsearch just fine with the new license. I can read the code, modify it and use in my own projects.
So it is more difficult for Amazon to use their monopolistic power to build a competing service to the one that is financing Elasticsearch development? Yeah, good stuff.
If the big tech monopolists need something under a permissive license they should pay for its development.
[+] [-] autarch|5 years ago|reply
No, open source means the same thing it's always meant since the term was first coined. See the Open Source Initiative's Open Source Definition: https://opensource.org/osd.
Now someone will respond "why does OSI get to decide the meaning of the term?" Well, they don't have any _legal_ right to do so, but if you don't accept their definition, does that mean every person gets to come up with their own definition? And if they do, what's the point of using the term?
So it makes sense to take OSI's definition as canonical, the same way the Free Software Foundation's definition of Free Software is generally considered canonical (https://www.gnu.org/philosophy/free-sw.html).
Also, to forestall another common reply, I'm not defending Amazon or attacking Elastic. I'm simply trying to define a term that's at the center of this discussion. If we can't agree on the definition, then any discussion of whether a license is open source is moot. The same goes for discussing the impact and value of open source vs non-open licenses.
[+] [-] jrochkind1|5 years ago|reply
If only the single-source author can host it as a service, or you need the permission of the single source author to host it as a service, then my choices are either self-hosting, or paying whatever price the single legal-as-a-service-host wants to charge, at whatever service quality they provide. (The fact they can choose to allow other licensed hosts, perhaps for a free if they want, does not change their monopoly control). It is a form of vendor lock-in, and avoiding vendor lock-in is one popular motivation for using open source.
So yes, this restriction makes something not open source. This restriction also is not favourable to me as a user of the open source software. Open source was always about avoiding monopoly control of who is allowed to do what with the software. Monopoly control of who is allowed to host it as a service is such, and it is more favourable to me as a consumer when there is not that monopoly control.
Now, meanwhile, there are various market battles going on between various big tech cloud providers and other companies providing (previously) open source software. This is also true. Both things can be true.
For the consumer, as the OP suggests, your best bet is when there is software that can be produced sustainably by multiple entities collaborating, instead of a single company.
Now, if that's not sustainable, that's a problem. It's possible that open source is facing sustainability problems due to current conditions.
But that doesn't change the fact that monopolizing legal right to host software as a service is not open source, is rightly not approved by OSI, and is making consumers locked in to that single vendor (or their licencees), which is indeed contrary to intention of open source.
[+] [-] mfer|5 years ago|reply
This illustrates just one kind of user. And only in some situations. For example, lets say Elastic.co goes under. Under the license another company couldn't setup a replacement. So, the end user is screwed just as if a proprietary vendor had gone under.
What the companies behind the new licenses are attempting to do is have their cake and eat it, too. They want open source for all the cred and for one type of user. The want proprietary for the complete control of the stack right through some types of hosting situations.
It's hard to produce something completely open and yet monetize it in way that meets VC grown desires. That's why so many companies open source the common stuff but keep the special sauce proprietary.
[+] [-] pullmn|5 years ago|reply
Secondly, although I love the Redis product for example, the company that sells it is no longer getting rewarded for their added value, as when they sold support or consultation, or as when AWS sells the fact of putting Redis on a machine and maintaining it. Instead they get paid for supplying something that no one else has, something which they have made artificially scarce.
Next, Amazon et al have resources and market power enough to push their own versions of these. Who will it serve when there's Amazon Redis, RedisLabs Redis, Community Redis, Azure Redis, all with slightly different interfaces? Who do you think will win? Amazon and Microsoft have the resources to destroy small competitors in these type of battles, and the user will be even more screwed. Just because Oracle failed with Jenkins, don't assume that no big tech is savvy enough to succeed at this game.
Lastly, free software wouldn't exist if everyone took your attitude. If Linus had told people that they could install his kernel for free, but that distros had to pay $2, Linux would never have been a thing. If you can't deal with sharing when someone else might end up putting in less and taking out more, you're not ready to share.
[+] [-] heavyset_go|5 years ago|reply
AGPLv3 is open source and isn't exactly favorable to tech monopolists, either.
[+] [-] vorpalhex|5 years ago|reply
[+] [-] ff317|5 years ago|reply
The Wikimedia Foundation (WMF) doesn't fit these molds: Wikipedia is kind of a Big Thing on the Internet, and yet the WMF is committed to openness and transparency, and part of that commitment is that we only use real open source software. This is increasingly a challenging proposition with the shift towards "Open Core" concepts and specialty not-so-open licensing. The "Open Core" model is especially challenging for the WMF, as it's usually structured along the lines of "The hobbyist version of this product is open source, but if you want the features that are necessary to operate at big global scale, you need to buy licenses and run proprietary extensions or versions." The WMF's principled way of operating relies on there being real open source projects that actually work for doing big things.
I think the Internet (and the world) would be a better place if there were more principled organizations like the WMF which operate with a high degree of technical transparency and openness. If open source licensing models keep going down these darker paths, it's hard to imagine such organizations being very successful. It should not be a given that doing big things in the world implies going proprietary and commercial and running hidden code nobody else can see (or use to replicate your success at other open orgs!).
[+] [-] tsimionescu|5 years ago|reply
That isn't clear. The license language can be read as requiring you to provide the source code for any software that interacts with ES (e.g., the Linux kernel that you are using to deploy ES over) under the terms of the SSPL to your own users, which you literally can't do.
Elastic claims in their FAQ that this is not the intention, and that may be enough, but it is debatable. Regardless, the SSPL is a bad license for having this ambiguity in the first place.
[+] [-] musicale|5 years ago|reply
The article explains its point of view in the first paragraph:
"I’ve been asked repeatedly about a two-year trend in the open source ecosystem: ‘single source’ open source companies scrapping their Open Source Initiative-approved open source license for a ‘source available’ license."
[+] [-] armandososa|5 years ago|reply
* Maybe it's just a mexicanism, IDK.
[+] [-] tolmasky|5 years ago|reply
[+] [-] zvrba|5 years ago|reply
Fully agree with your opinion here. In fact, I posted a lengthy comment on reddit about this, here it is copy/pasted. NB: "You" below refers to the OP on reddit I was replying to.
---
Yes, and that's why the phrase "open source" would be perfectly appropriate: open for inspection, review and modifications, but with possible restrictions on use and redistribution.
Now from your description and quick glance at approved OSI licenses, the problem is that OSI seems to like and approve "free source" licenses, "free" basically being the freedom to do what the heck you want with it. (Except for GPL and its variants as /u/nemec noted. Not to mention that Affero GPL is OSI-approved and comes with restrictions/obligations not unlike the new Elastic license.). [EDIT: this paragraph was meant to illustrate the ambiguity of "open" in the OSI's license collection.]
If somebody is the "enemy" of developers here (in terms of they getting fairly compensated), it's OSI: they've made a marketing stunt (which you seem to have bought -- and I don't mean anything bad by this -- you're not alone) by adopting the phrase "open source" instead of "free source", or even more explicit phrase "free-rider source". So now you have a bunch of developers striving for the OSI "seal of approval" and donating their work for free to huge companies. It almost seems like a plan devised by those big companies. Oh wait, look at the sponsors: https://opensource.org/sponsors
No, I do not believe that OSI is the result of a conspiracy of big companies. But those big companies have been smart and coopted OSI for their benefit and now contribute to OSI to keep the marketing stunt rolling on.
[+] [-] retrac|5 years ago|reply
[+] [-] Yeroc|5 years ago|reply
[+] [-] pydry|5 years ago|reply
If it's open for you but not for him what's your problem?
[+] [-] api|5 years ago|reply
Open source originated in the 1980s and 1990s in largely academic circles. It gained mainstream popularity as an alternative to closed source "shrink wrap" software and closed shareware.
Back then the legitimate fear was that closed-source vendors would lock everyone in and end up effectively owning the entire computing ecosystem and the Internet. By the mid-late 1990s Microsoft was well on its way to having a total OS monopoly on PCs and increasingly servers, and were it not for Linux and many other projects this likely would have come to pass.
Good news: open source mostly won! We now have a fairly open compute ecosystem. Even Windows was dragged into adopting more Posix-like standards, and the Mac is just a proprietary GUI and set of system services running on top of a mostly open BSD kernel. It's borderline trivial to port most software between Windows, Mac, BSD, and Linux, so we avoided OS lock-in!
Then along came the SaaS business model and closed Internet silos.
Cloud-hosted SaaS just totally upends everything. Now open source doesn't really matter from a freedom perspective. The cloud has all your data, and by keeping select bits of code (or even just the system configuration) secret and locked inside cloud servers vendors can achieve DRM that is effectively impossible to circumvent.
You can't even run the software yourself, and even if you could your data isn't yours. Having the source is meaningless. It's a model that's more closed than closed, and not only is it compatible with classical open source but is actually fed and sustained by it. Open source is free labor for closed cloud SaaS.
The OSI is fully industry captured and isn't interested in challenging this, which is why large projects are adopting non-OSI-compliant licenses.
[+] [-] dantheman|5 years ago|reply
There were problems with some OS projects keeping security / auth stuff out of the main project so that it could be used to drive commercial sales.
You can compete on hosting (very hard), support, customization, advanced / narrow features. But it needs to be in alignment with the users / contributors.
[+] [-] luhn|5 years ago|reply
Redis Labs gets undeserved flack for their licensing changes. Redis remains fully open source under the BSD 3-Clause License. The relicensing only applied to the modules that are part of Redis Labs' paid offerings. So it's the open core model, but even better because the non-core offerings are source-available.
[+] [-] donmcronald|5 years ago|reply
It's a good lesson. As soon as one person cheats or violates the spirit of a system, everyone else has to too or they'll fall behind. Unethical people ruin everything.
[+] [-] scottrogowski|5 years ago|reply
Open-source and proprietary licenses are at two ends of the software development spectrum. The open-source model maximizes ease-of-adoption but doesn't provide much incentive for the developers. Proprietary software provides a lot of incentive but adoption can be slow and burdensome.
Let's assume that a good goal for society is to maximize the rate of innovation in software. To do that, you need a mix of BOTH ease of adoption and suitable development incentives. Source-available licenses are an attempt to accomplish this.
Is this a perfect solution? Probably not. I think better licensing models are still waiting to be discovered.
However, my sense is that these new licenses will accelerate the development of software with limited downside for the user. After all, they are designed only to impact companies attempting to sell a SaaS.
In addition, they have the potential to weaken the tech monopolies which, in my mind, is a Very Good Thing.
[+] [-] dragonwriter|5 years ago|reply
Well, that’s the PR message associated with the new wave of source-available licenses (source-available licensing is not, itself, new; its long been an established form of proprietary licensing.) But it doesn’t hold up: you can’t harm competing services providers without harming end users. There is a reason why the very different ideologies of the Free Software Movement and the Open Source Community nevertheless have stably settled on definitions which are virtually identical in practical applications (and even though those communities have very different preferences for licenses within the scope meeting their similar definitions.) It is because the space is not a continuum, and there is a minimum needed in each of a number of axes of liberty for the whole structure not to collapse into something which either community prefers free/open licensing. Particularly, without robust freedom that protects what other people can do with it (including there ability to sell you services built around the software that the original maker might also want to sell), you are not insulated against future actions of the copyright owner restricting the software or its or others services around it.
And this isn’t opaque to the people issuing these licenses; the overt motive is to enhance monetization by preventing licensees from competing with them to sell services: it is to create a moat enabling monopolization and monopoly rents. That’s the explicit idea: to create lock-in that free/open licenses would not support.
The benefit that the licensors seek directly depends on the harms that extend beyond competitors to end users.
[+] [-] lmm|5 years ago|reply
[+] [-] zokier|5 years ago|reply
That might be the intent, but the problem is that integrating any non-free software to a bigger project becomes problematic because the combined project likely becomes non-free. Which is most apparent in that these non-free components will not be appearing on any major distros main repositories.
So the non-free software remains an isolated island rather than melding smoothly into the larger ecosystem. And this has impact well beyond some SaaS providers.
[+] [-] skybrian|5 years ago|reply
There is some mild caution about knowing the differences between these licenses, and mild support for open source projects that aren’t controlled by a single vendor.
[+] [-] pullmn|5 years ago|reply
1. I would prefer that it be widely used. Not because I am seeking clout or advancement, but because that's why I share it. 2. Sharing benefits everyone, including me. Fragmentation and bureaucracy harms everyone, including me. 3. I don't support monopolistic practices by large tech, but this is not the way to stop them. What we had before widespread free software was worse than it is now, arguably held back human progress for years, and didn't stop Microsoft one bit.
[+] [-] wheresmycraisin|5 years ago|reply
Is it just that Pg is older? Is the code too complex? Do they simply have more diverse group of contributors?
And, how do we keep Pg and other projects 'healthy'?
[+] [-] mr_tristan|5 years ago|reply
Even today, it's contributors come from all over the place: https://www.postgresql.org/community/contributors/
I agree with the final statements of the article:
> Open source-licensed projects with a non-profit home, neutral trademark ownership, and multiple significant contributors are less likely to face pressures to relicense. Projects that are the main revenue generator for a ‘single source’ for-profit company have different dynamics.
To "protect" important projects, the more we can find a way to keep them running via a non-profit structure would probably help most of them.
This is why I think the Rust Foundation is an important step for that language, and gives me optimism. It's the right approach: basically, become supported by multiple businesses, effectively not putting all your eggs in one basket. I hope the Rust Foundation succeeds and becomes a paradigm more popular than "try to build a business on my open source project" concept.
[+] [-] andmarios|5 years ago|reply
Some people claim _I can download the software and use it for free, so it is ok that Amazon should not make money out of it and allow ElasticSearch to have a cloud monopoly_.
This sounds like Tesla selling you a car that you are allowed to service yourself, but you cannot have a professional service it for you except for Tesla.
I don't have a strong opinion towards the practice (I'm also working for a company that does closed source after all), but I do believe it is important to show respect to the freedoms that both free software and open source try to protect.
[1] https://www.gnu.org/philosophy/selling.en.html
[+] [-] imwillofficial|5 years ago|reply
[+] [-] _qwfv|5 years ago|reply
In my opinion, a healthy open source ecosystem relies on people using and contributing back, supporting the distributed creators that make the ecosystem possible. This historically has been something of a gift economy or social contract, but it's become wildly distorted by companies (e.g. Amazon/AWS) attempting to overuse the commons resource and make profit from it.
So it comes as no surprise that when one rancher comes in and overgrazes the common resource, the other participants might want to make some changes in rules. These new licenses aren't "just because", they come from lived experience of entities like Amazon coming in an exploiting a shared resource.
And I get it, the letter of the law says, "Do whatever you want with this shared resource". And there are plenty of folks who believe that Amazon has done nothing wrong -- the rules allowed for overgrazing, so naturally the right thing for Amazon to do was to overgraze.
I personally see it differently -- Amazon is hiding behind the letter of the licenses and totally distorting a community, exploiting the gifts of the engineers' labor, and getting us to point our fingers at one another over the "one true definition of 'Open Source'" rather than constructively figuring out ways to protect the community of open development and reward the individual workers who volunteer their time.
[+] [-] endisneigh|5 years ago|reply
I know Google v Oracle is still ongoing but other than that?
Unless there’s a whistleblower in your organization or your product itself is open source it seems impossible to identify, let alone litigate.
[+] [-] pkamb|5 years ago|reply
What does "neutral trademark ownership" mean?
[+] [-] pwdisswordfish0|5 years ago|reply
[+] [-] fritzo|5 years ago|reply
[+] [-] dfox|5 years ago|reply
On the other hand it somewhat seems that most projects learned from the mozilla shitstorm, at least looking at the amount of "foo"s with open core "foo-ium"s. The point there is that whatever sourcetree that the version with trademarked branding gets built from should be fork of the branding-free opensource project, not the other way around.
[+] [-] 838812052807016|5 years ago|reply
[+] [-] kube-system|5 years ago|reply
[+] [-] tpush|5 years ago|reply
Like, some standardized legalese or something.
[+] [-] wongarsu|5 years ago|reply
[+] [-] wmf|5 years ago|reply
[+] [-] geofft|5 years ago|reply
If I, an open-source hobbyist, am thinking about incorporating some code from your software into my project which I want to allow unrestricted commercial use of (i.e., which I want to put under a standard F/OSS license), even though I am not making any money from it, are you okay with that?
If you're not okay with that, then the open-source-like properties of allowing derivatives / incorporation into other works probably just aren't appealing to you at all, and what you probably want is a simple "Non-commercial use is permitted" statement. But it won't actually be the MIT license, which permits unrestricted use, modification, and redistribution.
If you are okay with me incorporating your code, then how do you define how much of your code I can use? If I build a GUI around your program and I tell AWS that they can freely build a GUI, is that still okay with you? That's going to have to be a case-by-case thing, probably.
Another question is what you expect to do about contributions. If I, an open-source hobbyist, contribute some useful feature to your code, am I entitled to get paid a portion of what commercial users pay you? The simplest answer here might be to not accept contributions.
Some practical options, depending on what you're really trying to do, might be:
- licensing under the AGPL, on the assumption that many companies are scared by it even though it isn't a restriction on use (just a compliance headache for potential external use), and maybe clearly advertising a less restrictive commercial license (which could be MIT, or could be a super long contract/EULA) for money
- licensing a previous version of your code under the MIT license, but keeping the current version as just source-available
- marking commercial features as proprietary and source-available (what GitLab does, and what Elasticsearch used to do)
- capitalizing on the fact that you know the software really well, and selling consulting / support but using a free software license (what Red Hat, Canonical, etc. do)
- capitalizing on the fact that you know the software really well, and running it as SaaS (what Google does with Kubernetes, for instance)
- giving your software a simple "Non-commercial use permitted" statement, but saying that open source developers who are interested in parts of your code are free to contact you and you're willing to relicense limited parts of the code as MIT on request
Finally, what's your goal? Is it to prevent commercial use? Is it to make money from commercial users? Commercial software houses are, sort of by definition, good at writing software in-house - if your software is a really good idea as opposed to a really good implementation of an old idea, chances are that a motivated commercial developer will just make their own version of it.
[+] [-] galaxyLogic|5 years ago|reply
I see lots of license-texts but less frequently any mention about who is allowed to copy the license-text to use it with their own software?
Take the Elastic License: https://www.elastic.co/licensing/elastic-license
Can I use it for my software?
[+] [-] heliodor|5 years ago|reply
[+] [-] mjgs|5 years ago|reply
It’s a good observation, but how many non-profit style open source projects actually exist and how do we create more of those?
[+] [-] DukeBaset|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] choeger|5 years ago|reply
Cooking up your own license ala Mongo is not going to help you amongst the professional users. Companies that take their legal obligations seriously are not going to use your not-so-open-source offerings on the basis of interpreting your weird anti-amazon clause.
[+] [-] lumost|5 years ago|reply
[+] [-] Macha|5 years ago|reply
This is important, because it means that while Apache could relicense to give themselves an unfair advantage, Cloudera or Databricks could not. People trust Apache not to, being an independent non-profit and the act would destroy their reputation, and given the ASF's main product is being seen as vendor neutral and independent (well that or Apache httpd, but the latter is clearly becoming less and less relevant), would be a serious blow to the organisation.