The Open Road

There's something different about the Apache Software Foundation. While Apache hosts some of the world's most important software development, its members seem more concerned with good code than good politics.

It's no secret that I've become enamored lately with the Apache License, but it's less well-known what first attracted me to the license: the wonderfully nice people affiliated with Apache. From Greg Stein to Geir Magnusson to Brian Behlendorf, it's hard to find a jerk at Apache. I'm sure they exist, but they hide pretty well.

In fact, in a presentation today I attended at SAP in Walldorf, Germany, Apache Software Foundation President Justin Erenkrantz called out the importance of good manners to good governance at Apache:

There are going to be people on an open mailing list who are idiots, or maybe they're just having a bad day. Don't feed the trolls. Don't become a poisonous person.

It seems like reasonable advice, but it's discouraging to see this basic rule of polite society regularly broken within the wider open-source community. Some feel that a license to code is a license to shout others down. It's not. At least, not at Apache.

Perhaps this is particularly important to Apache because of the way it manages project development. It's one thing to be open source but, as I've written recently and as Erenkrantz highlighted in his presentation, open source doesn't necessarily equate to real openness:

You see a lot of people doing open source, but not a lot of people doing open development...At some open-source projects [Erenkrantz mentioned Mozilla], all of the technical decisions, even if the license is open source, are not subject to public comment. At Apache, everything is done in the open over public forums.

Or, as Day Software's Roy Fielding says, "If it doesn't happen on-list, it didn't happen."

Such transparent development creates great software, given that it fosters a true meritocracy. You know exactly who's doing what at Apache: it's all on the mailing lists.

Erenkrantz also noted a few other interesting aspects of Apache:

• Each Apache project is independent, which means that status on one Apache project is not fungible to another Apache project. I can be a core committer on the Apache HTTP project and it won't get me any brownie points with the Apache Cocoon project.
• Microsoft was a sponsor before it was a contributor. Its sponsorship was meant to send a message to Microsoft internally that it was OK to contribute to Apache projects.
• Erenkrantz stressed that Apache developers tend to believe that code, not licensing, should motivate contributions. Apache doesn't believe in forcing contributions through licensing or other mechanisms.

It's a great way to do development and, as Day Software and other companies have discovered, it's also a great way to do business. Open-source development, done openly.

And no jerks allowed.

The freedom to fork is the essential right of open-source software. Until Oracle's attempted acquisition of Sun/MySQL, however, few realized just how important it would be to retain the right to fork one's own code.

After all, just because you have the letter-of-the-law right to fork doesn't mean you have a meaningful ability to do so. So long as you're not the primary copyright holder, you're always going to be second place, with second-place commercial opportunities in the software.

MySQL co-founder Monty Widenius hints at this in his letter to the European Commission, citing conflicts of interest between Oracle and MySQL development interests. Such conflicts wouldn't be of such importance were it not for the lack of external commercial appeal that stems from MySQL's use of the GNU General Public License (GPL).

Even Richard Stallman, co-author of the GPL and founder of the free-software movement, and not someone that spends much time worrying about monetization of open-source software, gets this.

As noted in a letter co-drafted with Open Rights Group and Knowledge Ecology International, Stallman notes that Oracle's proposed acquisition of MySQL could hurt its development because the GPL reduces incentives to commercialize the code:

The acquisition of MySQL by Oracle will be a major setback to the development of a FLOSS database platform, potentially alienating and dispersing MySQL's core community of developers. It could take several years before another database platform could rival the progress and opportunities now available to MySQL, because it will take time before any of them attract and cultivate a large enough team of developers and achieve a similar customer base.

Given that forking of the MySQL code base will be particularly dependent on FLOSS community contributions - more so than on in-company development - the lack of a more flexible license for MySQL will present considerable barriers to a new forked development path for MySQL. [Emphasis added.]

For those who have been reading/hearing Stallman for the past 10-plus years as I have, this admission is shocking in the extreme. The GPL, which is supposed to be the ultimate guarantor of software freedom, may deliver the opposite. Because of its control-freak urges, it can stymie competition, which is presumably why Stallman is now calling on the European Commission to grant what his license couldn't: freedom.

Now consider if MySQL were licensed under the Apache 2.0 license. MySQL 2 could arise, take the code, hire all of the developers, and development of the open-source database would not miss a beat.

Could MySQL 2 achieve the same with the GPL? No, it could not, because the copyright holder, Oracle, would always have a superior commercial opportunity, because it has more rights than downstream users, as the GPL leaves the copyright holder with a greater range of business model options, and not simply support/services.

Apache leaves everyone--developers, users, vendors, etc.--on equal footing. The GPL does not. With the GPL, the copyright holder retains effective control.

That's one reason it has been so popular with commercial open-source companies, but the Oracle/MySQL situation may prompt more companies to consider using an Apache license so as to preserve maximum freedom in case of takeover, hostile or otherwise.

Disclosure: My company uses the GPL but has been actively considering areas to use Apache licensing.

The GPL version 2 has been in decline for some time, and has just dipped below a 50 percent adoption rate among open-source projects, according to new data released by Black Duck Software.

While some of this decline may be due to GPL version 3's increased adoption, at least some may derive from growing commercial interest in Apache-style licensing.

One of the best indications of this shift is Red Hat's decision to license the JBoss HornetQ project under an Apache license, rather than the Lesser General Public License, to which it had previously defaulted.

Having said that, it's important to note that Apache's share of the market hasn't been growing dramatically (see the July 2009 data), which lends further weight to a hypothesis that GPLv3 is cannibalizing GPLv2. Even so, I find the dip interesting, and anecdotally I'm seeing a groundswell of support for Apache.

This isn't to suggest that the GPL doesn't matter: it clearly does. As Redmonk analyst Stephen O'Grady recently noted, "the GPLv2 is more popular than all of the other licenses on the (Black Duck) list...combined."

But as Open Core becomes the default business model for "pure-play" open-source companies, we will see more software licensed under the Apache license.

The GPL makes sense in a world where vendors hope to exercise control over their communities (by constraining the sorts of derivative works that remain palatable to would-be competitors or "free-riding" users), but if the desire is to foster unfettered growth, Apache licensing offers a better path.

I don't see an end to GPL adoption anytime soon, as its ethos appeals to a certain class of developer and because it can offer tangible development and business benefits, as I'll be arguing at Monday's "Which open-source license is best?" discussion with the Free and Open Source Software Learning Centre. The whole Apache vs. GPL debate may be much like Coke vs. Pepsi: a matter of personal preference and nothing more.

With GPLv2 adoption dropping below 50 percent of open-source projects surveyed by Black Duck Software, however, it's very possible that preferences are starting to shift in favor of Apache licensing.

Follow me on Twitter @mjasay.

Others and I have made much of VMware's acquisition of SpringSource for $420 million, but one crucial point has been overlooked: this is the first big acquisition of a company that depends on the Apache license.

Yes, we've seen smaller acquisitions of open-source companies that rely on Apache-style licensing. IBM acquired Gluecode (Geronimo project), SpringSource bought Covalent (Tomcat), Oracle acquired Sleepycat (Sleepycat, BSD license), and there have likely been others that I'm simply not remembering.

But the big, head-turning deals? GNU General Public License (GPL). Every one of them.

Nearly every other big open-source acquisition, from JBoss ($350 million) to MySQL ($1 billion) to XenSource ($500 million), has involved the GPL. Even Zimbra ($350 million), while not GPL, fits the mold because it used an attribution clause with an MPL license that was designed to accomplish GPL-esque ambitions.

The GPL has been prominent for good reason. It's accepted wisdom in the commercial open-source crowd that it's difficult to directly monetize Apache-licensed software, and that the GPL, what with its capitalist urge for control, is a better tool for the financially inclined.

The SpringSource acquisition turns this "wisdom" on its head.

Perhaps this is because our notion of "monetizing open source" has expanded, as Eric Barroca astutely argues. The GPL is great for dual-licensing and support-based businesses, but it's not very adept at incorporating proprietary software in the way that IBM does, for example, or Day Software, as Kevin Cochrane notes.

In other words, we're getting beyond open source as a religious coda, the secret handshake that makes one part of The Club, and instead are focused on building businesses that provide greater transparency and value for customers. I suspect we'll therefore see more Apache and less GPL going forward, with companies contributing significant parts of their product/business to open source, while delivering the rest via proprietary licensing.

IBM already does this. So, frankly, does Microsoft (though still to a small degree). I think we'll see a lot more.

The reason is that customers have never been as religious about open source as the vendors/communities that develop it, a lesson I was taught by a crowd of CTOs in New York and which is highlighted in a recent Enterprise Systems Journal article.

But it's also a function of open source's growing importance in the software ecosystem. As more money pours into open source--IDC projects $8.1 billion in open-source revenues by 2013--there will be increasing pressure to make it pay, as InfoWorld recently wrote:

As the open source market continues marching away from its roots--the lone developer who creates a useful product as a labor of love--appreciation for the idealism that lies at the GPL's heart is diminishing. Businesses that view open source development as a path to a profitable future rather than as an altruistic mission are increasingly balking at what they view as the license's excessively restrictive aspects concerning code improvements.

Such thinking, among other considerations, led Appcelerator to drop the GPL for Apache, and I believe we'll see more. We just had a significant demonstration that you can make money with Apache-licensed software. SpringSource was doubling sales every year with Apache, and had a $420 million outcome as a result of both its sales and its community, which may be easier to come by with an Apache license than GPL, at least for commercial open-source projects.

It's telling, for example, that InfoWorld's attempts to interview Richard Stallman, founder of the GPL, were stymied by his "demand(ing) control of what (InfoWorld) published." You don't grow a community with that emphasis on control of the outcome.

IBM proved long ago that it's possible to build billion-dollar businesses with Apache. But SpringSource is the first start-up to suggest that Apache isn't simply a way for big companies to create complements to proprietary cores. Sometimes an Apache core is worth something, too. At least $420 million, by SpringSource's reckoning.

Follow me on Twitter @mjasay.

Red Hat marketing guru Chris Grams posits a simple but powerful key to Red Hat's strategy: default to open. It's not new to Red Hat--Tim O'Reilly's analogue is the "architecture of participation"--but it has apparently influenced everything from product design to office layouts at Red Hat.

In a nutshell, it means:

...[R]ather than starting from a point where you choose what to share, you start from a point where you chose what not to share.

You begin sharing by default.

It's a good principle for any company, open or not. It's the same principle I hear from a wide variety of open-source companies today, including those that describe their business models as "Open Core." The first impulse is always to open source: holding anything back must clear a number of hurdles.

It seems to be working in accelerating adoption of open source, presumably because open source's transparency and ease of access makes adoption easy. Carol Rizzo, former CTO for Kaiser Permanente, suggests that "average Fortune 500 companies are using more than 100 open-source projects each." And those are just the ones they're tracking.

It also works on the development side, though a debate has resurfaced over the ideal way to encourage openness and adoption. A longtime GPL supporter, I've found myself increasingly in the Apache camp over the past year.

My reason follows Benjamin Black's excellent post on the topic:

...[T]he goal of the GPL and its variants...[is to act] as a virus to force the release of ever more source. The GPL serves to rigidly control what you can and cannot do with software covered by it, and is thus the license equivalent of digital rights management.

This leads to a related problem. The GPL produces, in practice, a two-tiered structure dividing those who control a software project from those who merely contribute to it. Those in the former group are free to create a dual-license: those who want to use the software for non-commercial purposes can do so freely, but those wanting to use the software commercially must pay. The latter group cannot do this, regardless of how much they may have contributed to the project....

When the GPL is abused like this, as it is more and more frequently, the most obvious difference between it and the permissive licenses is a matter of who decides who gets paid. Under the GPL, that control rests only with the project owner, just like content DRM. Under a permissive license, anyone can decide.

The GPL is basically proprietary software with the intent to control through openness rather than opacity. The result is largely the same.

I used to like this because, as I once wrote in Open Sources 2.0 (PDF here), as a vendor I wanted this control:

What we thought was a software development methodology may have far more importance as a business strategy that undercuts competitors while driving down costs and shifting control to buyers. In such a world, those who understand and leverage open source commodification (or escape it) will thrive - everyone else will be marginalized into economic oblivion. Commodification, the highest stage of capitalism; open source, the highest stage of software.

Years later, I'm surprised by how consistent my thinking has been on this (right or wrong - you choose). The GPL is great for control, but if it's community you want, Apache may be the better bet because, following Grams' post, it may be "more open by default."

Glyn Moody offers an excellent defense of the GPL, but the primary thing that Moody misses, and that Richard Stallman and other free-software advocates miss, is Black's critical point about control over who gets paid.

This isn't their concern, and that's fair. But it is the concern of just about everyone else that has to make a living selling software or services around it, which is why you find no businesses of any significant scale that depend upon monetizing GPL software directly. (Even Red Hat doesn't count - it sells a subscription to a closed binary of otherwise open-source software, much of it GPL.)

"Open by default" is absolutely the right strategy for software, in my view. But how different people interpret it will be highly variable. And while I'm leaning toward Apache, I'm grateful that my views can dovetail with the GPL crowd the vast majority of the time. We share a commitment to openness. We just interpret it differently.

Follow me on Twitter @mjasay.

If most developers contribute to open-source projects because they want to, rather than because they're forced to, why do we have the GNU General Public License?

That's the question that hit me last night as I tried to sleep in the shadow of Richard Stallman's MIT. Stallman, of course, originated the GPL, a brilliant way to turn copyright on its head in order to force software to remain open.

But in the process, did Stallman simply create an alternative way to release proprietary software?

I'm not trying to be cute here. Think about it. If you you want to maximize adoption and reuse of your software, why wouldn't you use Apache? Perhaps because you don't like the thought of someone using your free software in a proprietary product?

"I would actually rather nobody use my software than be in a situation where everyone is using my gear, and nobody is admitting it," wrote Zed Shaw, creator of a popular library and Web server for Rails called Mongrel.

Shaw, and perhaps other coders, have turned to the GPL as a way to protect their software from use they deem objectionable. But isn't this precisely what the proprietary software licenses do? The only difference is that the GPL forces code to be open, rather than closed.

Are the two approaches so very different? The effect--blocking undesirable use of one's software--is largely the same.

After 10 years in open source, I'm increasingly of the Apache-licensing persuasion because I'm starting to concur with open-source luminary Eric Raymond that "the GPL is unnecessary...(and) is also a confession of fear and weakness."

If I'm mostly concerned about adoption, Apache promises to be better than the GPL for all the reasons stated by Daniel Jalkut in his excellent ode to Apache.

And if I'm concerned about protection, then why not simply use a proprietary license--one that doesn't scare opposing legal counsel?

With the Web making open-source licensing largely irrelevant, anyway, it's a good time to evaluate the merits of the two dominant open-source-licensing approaches. For this moment in time, they're essentially equivalent, at least to end users and Web developers, neither of which is required to contribute back derivative works.

Indeed, I believe that one of the primary reasons that Linux, MySQL, Lucene, Hadoop, and other Web-oriented technologies have thrived in the past few years is that they have basically come legal-encumbrance-free.

Would Google have built its server infrastructure with Linux if it had been required to contribute all its software back? Almost certainly not. Yes, it has elected to contribute back to MySQL and others when it was advantageous to do so, but I think that Affero GPL, which translates the GPL's provisions to network-hosted software, would have effectively killed the utility of MySQL, Linux, and other open-source technologies for Web titans like Google, Facebook, and others.

In short, perhaps the best thing that could have happened to open source in the past few years is the increasing relevance of its code due to the decreasing relevance of its licensing. More adoption due to fewer controls.

Developers don't contribute to open-source projects out of force. They do so out of interest, desire for recognition, and other reasons. Once you take force out of the equation, the GPL loses its relevance except as a tool to protect against competition...which proprietary licensing perfected long ago.

For those who worry about the world being closed off behind proprietary licenses, it's not going to happen. The software world has been opening up, though not always at the pace some open-source advocates would prefer. On this point Tim O'Reilly has correctly argued:

If you close things off, eventually, you lose. This is why one of my slogans is, "Create more value than you capture." As long as people are doing that, I don't care whether they're trying to capture some value (through proprietary licensing).

In other words, people don't have to be forced into openness. It happens out of natural, selfish desires. Given the history of humanity, that's probably a more dependable basis for business strategy than an expectation of charitable donations through code contributions.

So, wither the GPL? I'm asking a sincere question to which I have hunches but no definitive answers. I'd love to hear your thoughts.

Disclosure: my company licenses its software under the GPL. This post reflects my personal (evolving) opinion and should not be construed as representative of the intentions of my employer.

Follow me on Twitter @mjasay.

Over the past 10 years that I've been involved in open source, one thing has become strikingly clear to me: there are no real predictors of open-source success. There are, of course, general principles that contribute to the creation of successful open-source projects, but serendipitous "right project, right time" circumstances often matter most.

I was therefore intrigued to read two articles that crystallized my own thinking around critical components of successful open-source projects.

The first is from BusinessWeek and details the mechanics of Mozilla's Firefox community. Mike Beltzner, Mozilla's director of Firefox, reveals that while 40 percent of Firefox is contributed by outside developers, what and where they contribute may not be what many would expect:

There's structure in (how Firefox is developed). But at the same time you allow people to innovate and to explore and (give them) the freedom to do what they want along those edges--that's where innovation tends to happen in startling and unexpected ways (emphasis mine).

This may be easier for the Mozilla Foundation, given its nonprofit status, as you'd expect developers to more willingly build around a product if they trust the foundation (pun intended) upon which they're building.

But the general principle holds: most open-source development and, for that matter, most development around proprietary software, happens at the edges. Whether it's Microsoft Windows or Mozilla's Firefox, developers generally don't touch the core: they create add-ons, complementary products, and so forth.

So, principle No. 1: Open-source projects that create a strong, valuable, easily extensible core that developers have the ability to build upon, as well as the pecuniary or reputational interest in extending, are more likely to succeed. No one works for "free."

The second principle is related to the first, and deals with ownership of add-ons. While some people are motivated by peace, love, and open source, others (rightly, in my view) see open source as a means to an end, and not the end itself.

As such, the license used for an open-source project matters a great deal. I've long been a proponent of the GNU General Public License (GPL) because it enables vendors to bless customers (free code!) while cursing competitors (we just open-sourced your entire value proposition and you won't dare touch our code!).

But lately I've been seeing the role Apache-style licensing can play in fostering vibrant open-source communities. Daniel Jalkut, founder of Red Sweater Software, describes this well:

As the developer evaluates communities to participate in, they must evaluate the legal impact such participation will have on their own project. The closed-source communities are, by definition, uninviting to outsiders. GPL communities are open and embracing of other GPL developers, but generally off-putting to liberal-license and closed-license developers. Only the liberal-license communities are attractive to developers from all three camps.

It's your party, and you're entitled to write the guest list. But take a look around the room: not as many folks as you'd hoped for? Liberally licensed projects are booming. Speaking for myself, a developer who has been to all the parties, I'm much more likely to pass through the door that doesn't read "GPL Only."

If you want maximum participation whatever the cost, Apache/BSD is probably the right way to go. Most companies and project owners, however, have to make a living, so it's reasonable that they measure the costs of going Apache, which likely means they'll trade a liberal license to some of their code for a proprietary license of the rest of their code.

IBM is an example of this strategy on a big scale, but so are Day Software, Microsoft, SpringSource, and others.

Principle No. 2, broadly stated, is this: Your odds of encouraging adoption of your product go up if you use a liberal license like Apache, but your ability to directly monetize Apache-licensed code vaporizes.

This isn't a bad thing. It just means you have to separate community creation from customer creation, as Funambol's Fabrizio Capobianco has stated. The two aren't necessarily the same, and are sometimes inimical to each other.

As noted above, however, you don't have to license your software as open source to encourage community around it. Microsoft, with its vibrant partner ecosystem, demonstrates this, as does Apple with its amazing iPhone ecosystem.

Developers will flock to the platforms that offer them the most return, whether financial or in reputation (which eventually translates into money). Liberally licensing of your code might tip the scales in your favor if you lack the largess of Apple or Microsoft. But no guarantees.

Follow me on Twitter @mjasay.

I have spent years advocating the GNU General Public License as the optimal open-source license for commercial open source.

Roughly nine years after I first became a fan of the GPL, I think I've been wrong.

My admiration for the GPL mostly stemmed from its ability to mimic, but then invert, proprietary licensing. The GPL is like opening a cannister of radioactive waste: while your competitors can touch it, you're dead certain that they won't.

Given that openness is increasingly a winning business model--if not the winning business model, as Red Hat executive Michael Tiemann argues--one has to wonder if pretending to be open through the GPL accomplishes as much as fully opening up through Apache-style licensing would.

Open-source luminary Eric Raymond is pretty clear on this point:

I think we live in a...universe...in which the GPL is unnecessary rather than futile. Mind you, I am not claiming the GPL is entirely useless. It's a signaling behavior, like wearing a crucifix or yarmulke or pentagram; it helps build trust groups. But it has costs, too.

It creates a lot of needless fear from potential allies and users who suspect they won't be able to control their exposure, if they let it in...Is the GPL's utility as a form of in-group signaling worth the degree to which fear and uncertainty about it slows down open-source adoption? Increasingly, I think the answer is no.

The GPL may be a community-building signaling device, but it is also a confession of fear and weakness. To believe that it matters, you have to believe that you live in a...universe where closed-source development is such an attractive proposition that you have to punish people for trying to move to it.

In other words, if openness works (in the Jamesian, pragmatic way), why not give it free rein, rather than hedging our open-source bets to the point of obviating their efficacy?

Equally important, we may not be getting the "protection" we seek from the GPL, anyway, as the GPL becomes the new BSD in the cloud, as Linus Torvalds recently commented to me in an e-mail:

AGPL/GPLv3 anti-ASP/TiVo language doesn't "protect" anything. There is no upside to pushing freeloaders away.

Sun Microsystems CEO Jonathan Schwartz rightly identifies adoption, not protection of freedom, as a key open-source benefit: open source provides an efficient way to distribute software to the maximum audience at the minimum price. With this in mind, unfettered Apache-style licensing would be the ideal license to maximize adoption, despite likely being the worst way to directly monetize software.

So long, however, as one's business either monetizes software indirectly (i.e., Google with its advertising model) or adds to the open-source components with commercial extensions (i.e., IBM with proprietary software, services, and hardware add-ons), then a company should be able to reap a bounteous harvest from its open-source seeds.

In sum, the GPL may well be an excellent capitalist tool, but Apache licensing could well be even better.

Disclosure: My company uses the GPL, not an Apache license.

Follow me on Twitter @mjasay.

It's increasingly common for prominent open-source developers to leave IBM or other open-source-friendly companies to try their luck at Microsoft. It's not common at all for them to blog about it before actually getting a formal offer.

Yet that is what Sam Ruby, prominent Apache Software Foundation director and Atom developer, has done on his blog. Ruby was hired by IBM directly from Christopher Newport University in 1981 and has never left.

Until now. Or, rather, in about two weeks from now. Ruby writes:

I expect to receive a credible offer from Microsoft in the next two weeks. I, in no way, initiated the conversation, nor am I an any way unhappy with IBM.

We've discussed a number of possible roles, most of them focusing on open Web activities, either advocating their increased and correct use within Microsoft, and/or engaging in open Web communities on Microsoft's behalf.

Whatever the open-source development community's opinion of Microsoft, I've talked with other open-source "expats" that have ended up in Redmond, such as Tom Hanrahan, also formerly of IBM and the Linux Foundation, and Microsoft has provided interesting, engaging work for them. I'm sure that Sam's case will be no different.

But why post about the job before receiving a formal offer? Ruby notes that he is "very comfortable in (his) current job, so the most (he is) placing in jeopardy by posting (his interest in working for Microsoft) is the opportunity costs of a better job."

In many ways, Ruby's transparency is a great way for him to prepare his open-source compatriots for what might superficially appear to be an abandonment of his ideals. IBM might prefer that he not talk openly about it, but considering Ruby's stature in the open-source community, this is probably the best way to announce his imminent departure for Microsoft.

It's also a good advertisement for the changes Microsoft is making as it grows increasingly open to open source. Ruby reminds his blog readers that when he joined IBM in 1981, Big Blue, not Microsoft, was the "evil empire."

Times change. So do companies. And maybe, just maybe, Ruby will be one of the key individuals to help shape a new era at Microsoft.

Follow me on Twitter at mjasay.