The freedom to fork is the essential right of open-source software. Until Oracle's attempted acquisition of Sun/MySQL, however, few realized just how important it would be to retain the right to fork one's own code.
After all, just because you have the letter-of-the-law right to fork doesn't mean you have a meaningful ability to do so. So long as you're not the primary copyright holder, you're always going to be second place, with second-place commercial opportunities in the software.
MySQL co-founder Monty Widenius hints at this in his letter to the European Commission, citing conflicts of interest between Oracle and MySQL development interests. Such conflicts wouldn't be of such importance were it not for the lack of external commercial appeal that stems from MySQL's use of the GNU General Public License (GPL).
Even Richard Stallman, co-author of the GPL and founder of the free-software movement, and not someone that spends much time worrying about monetization of open-source software, gets this.
As noted in a letter co-drafted with Open Rights Group and Knowledge Ecology International, Stallman notes that Oracle's proposed acquisition of MySQL could hurt its development because the GPL reduces incentives to commercialize the code:
The acquisition of MySQL by Oracle will be a major setback to the development of a FLOSS database platform, potentially alienating and dispersing MySQL's core community of developers. It could take several years before another database platform could rival the progress and opportunities now available to MySQL, because it will take time before any of them attract and cultivate a large enough team of developers and achieve a similar customer base.
Given that forking of the MySQL code base will be particularly dependent on FLOSS community contributions - more so than on in-company development - the lack of a more flexible license for MySQL will present considerable barriers to a new forked development path for MySQL. [Emphasis added.]
For those who have been reading/hearing Stallman for the past 10-plus years as I have, this admission is shocking in the extreme. The GPL, which is supposed to be the ultimate guarantor of software freedom, may deliver the opposite. Because of its control-freak urges, it can stymie competition, which is presumably why Stallman is now calling on the European Commission to grant what his license couldn't: freedom.
Now consider if MySQL were licensed under the Apache 2.0 license. MySQL 2 could arise, take the code, hire all of the developers, and development of the open-source database would not miss a beat.
Could MySQL 2 achieve the same with the GPL? No, it could not, because the copyright holder, Oracle, would always have a superior commercial opportunity, because it has more rights than downstream users, as the GPL leaves the copyright holder with a greater range of business model options, and not simply support/services.
Apache leaves everyone--developers, users, vendors, etc.--on equal footing. The GPL does not. With the GPL, the copyright holder retains effective control.
That's one reason it has been so popular with commercial open-source companies, but the Oracle/MySQL situation may prompt more companies to consider using an Apache license so as to preserve maximum freedom in case of takeover, hostile or otherwise.
Disclosure: My company uses the GPL but has been actively considering areas to use Apache licensing.
Richard Stallman, godfather of the free-software movement and co-author of the GNU General Public License (GPL), has apparently found a home:
(Credit:
Steve McLoughlin (Alfresco))
It's not clear whether it's a retirement home, a private club for members, or what, but I'm sure they'll welcome him anytime he's in London, where it's located. Let's hope it's nearby Microsoft CEO Steve Ballmer's Zune House, as the man doesn't seem to have much love for the iPhone, according to this story in Ars Technica.
(I think GPL, in this case, actually stands for Garden Picture Library, but...don't tell Stallman. :-)
The GPL version 2 has been in decline for some time, and has just dipped below a 50 percent adoption rate among open-source projects, according to new data released by Black Duck Software.
While some of this decline may be due to GPL version 3's increased adoption, at least some may derive from growing commercial interest in Apache-style licensing.
GPLv2 adoption falls below 50 percent
(Credit: Black Duck Software)One of the best indications of this shift is Red Hat's decision to license the JBoss HornetQ project under an Apache license, rather than the Lesser General Public License, to which it had previously defaulted.
Having said that, it's important to note that Apache's share of the market hasn't been growing dramatically (see the July 2009 data), which lends further weight to a hypothesis that GPLv3 is cannibalizing GPLv2. Even so, I find the dip interesting, and anecdotally I'm seeing a groundswell of support for Apache.
This isn't to suggest that the GPL doesn't matter: it clearly does. As Redmonk analyst Stephen O'Grady recently noted, "the GPLv2 is more popular than all of the other licenses on the (Black Duck) list...combined."
But as Open Core becomes the default business model for "pure-play" open-source companies, we will see more software licensed under the Apache license.
The GPL makes sense in a world where vendors hope to exercise control over their communities (by constraining the sorts of derivative works that remain palatable to would-be competitors or "free-riding" users), but if the desire is to foster unfettered growth, Apache licensing offers a better path.
I don't see an end to GPL adoption anytime soon, as its ethos appeals to a certain class of developer and because it can offer tangible development and business benefits, as I'll be arguing at Monday's "Which open-source license is best?" discussion with the Free and Open Source Software Learning Centre. The whole Apache vs. GPL debate may be much like Coke vs. Pepsi: a matter of personal preference and nothing more.
With GPLv2 adoption dropping below 50 percent of open-source projects surveyed by Black Duck Software, however, it's very possible that preferences are starting to shift in favor of Apache licensing.
Follow me on Twitter @mjasay.
Others and I have made much of VMware's acquisition of SpringSource for $420 million, but one crucial point has been overlooked: this is the first big acquisition of a company that depends on the Apache license.
But the big, head-turning deals? GNU General Public License (GPL). Every one of them.
Nearly every other big open-source acquisition, from JBoss ($350 million) to MySQL ($1 billion) to XenSource ($500 million), has involved the GPL. Even Zimbra ($350 million), while not GPL, fits the mold because it used an attribution clause with an MPL license that was designed to accomplish GPL-esque ambitions.
The GPL has been prominent for good reason. It's accepted wisdom in the commercial open-source crowd that it's difficult to directly monetize Apache-licensed software, and that the GPL, what with its capitalist urge for control, is a better tool for the financially inclined.
The SpringSource acquisition turns this "wisdom" on its head.
Perhaps this is because our notion of "monetizing open source" has expanded, as Eric Barroca astutely argues. The GPL is great for dual-licensing and support-based businesses, but it's not very adept at incorporating proprietary software in the way that IBM does, for example, or Day Software, as Kevin Cochrane notes.
In other words, we're getting beyond open source as a religious coda, the secret handshake that makes one part of The Club, and instead are focused on building businesses that provide greater transparency and value for customers. I suspect we'll therefore see more Apache and less GPL going forward, with companies contributing significant parts of their product/business to open source, while delivering the rest via proprietary licensing.
IBM already does this. So, frankly, does Microsoft (though still to a small degree). I think we'll see a lot more.
The reason is that customers have never been as religious about open source as the vendors/communities that develop it, a lesson I was taught by a crowd of CTOs in New York and which is highlighted in a recent Enterprise Systems Journal article.
But it's also a function of open source's growing importance in the software ecosystem. As more money pours into open source--IDC projects $8.1 billion in open-source revenues by 2013--there will be increasing pressure to make it pay, as InfoWorld recently wrote:
As the open source market continues marching away from its roots--the lone developer who creates a useful product as a labor of love--appreciation for the idealism that lies at the GPL's heart is diminishing. Businesses that view open source development as a path to a profitable future rather than as an altruistic mission are increasingly balking at what they view as the license's excessively restrictive aspects concerning code improvements.
Such thinking, among other considerations, led Appcelerator to drop the GPL for Apache, and I believe we'll see more. We just had a significant demonstration that you can make money with Apache-licensed software. SpringSource was doubling sales every year with Apache, and had a $420 million outcome as a result of both its sales and its community, which may be easier to come by with an Apache license than GPL, at least for commercial open-source projects.
It's telling, for example, that InfoWorld's attempts to interview Richard Stallman, founder of the GPL, were stymied by his "demand(ing) control of what (InfoWorld) published." You don't grow a community with that emphasis on control of the outcome.
IBM proved long ago that it's possible to build billion-dollar businesses with Apache. But SpringSource is the first start-up to suggest that Apache isn't simply a way for big companies to create complements to proprietary cores. Sometimes an Apache core is worth something, too. At least $420 million, by SpringSource's reckoning.
Follow me on Twitter @mjasay.
In July 2007, version 3 of the GNU General Public License barely accounted for 164 projects. A year later, the number had climbed past 2,000 total projects. Today, as announced by Google open-source programs office manager Chris DiBona, the number of open-source projects licensed under GPLv3 is at least 56,000.
And that's just counting the projects hosted at Google Code.
In a hallway conversation with DiBona at OSCON, he told me roughly half of all projects on Google Code use the GPL and, of those, roughly half have moved to GPLv3, or 25 percent of all Google Code projects.
With more than 225,000 projects currently hosted at Google Code, that's a lot of GPLv3.
If we make the reasonable assumption that other open-source project repositories Sourceforge.net and Codehaus have similar GPLv3 adoption rates, the numbers of GPLv3 projects get very big, very fast.
The data becomes even more significant, however, when you consider the number of active projects on Google Code, Sourceforge, and elsewhere. Google's ratio of active projects is much higher than Sourceforge's, which generously sees maybe 12 percent of its total number of projects under active development.
Hence, even if GPLv3's overall numbers may still seem small compared with GPLv2, its share of active projects may be quite large.
My recent flirtations with Apache-style licensing notwithstanding, clearly there's life remaining in the GPL, and particularly Version 3.
Follow me on Twitter @mjasay.
Old dogs may struggle with new tricks, but they seem to be able to figure out new licenses.
In a shocking move, Microsoft announced Monday the release of Hyper-V Linux Integration Components (LinuxIC).
The news reflects Microsoft's continued interest in lobotomizing its virtualization competition through low prices, but also the recognition that it must open up if it wants to fend off insurgent virtualization strategies from Red Hat, Novell, and others in the open-source camp.
But the truly startling news is that LinuxIC is being released under the GNU General Public License (version 2). Microsoft once called GPL anti-American. Now it calls it friend.
The gods must be crazy.
Or maybe Microsoft is simply recognizing (finally!) that GPL can be a capitalist's close ally. That and the fact that many components within the Linux kernel are GPLv2-licensed make the move completely natural...at least, once you forget that this is Microsoft embracing GPL, rather than some other company like Red Hat.
LinuxIC is a collection of kernel drivers that enable Linux to recognize that it is running on Microsoft's Hyper-V and optimize accordingly, resulting in an "enlightened version of Linux," according to market researcher IDC. The device drivers have yet to be accepted into the Linux kernel, but the GPL license and general utility makes their inclusion probable.
The move opens up Hyper-V to much more than Windows, which has arguably been its weakest point. As IDC notes, this embrace of Linux is a "key element if Microsoft is going to successfully go head to head with VMware in large accounts--many of which already are dedicated VMware customers."
Importantly, Microsoft is now opening up even beyond its long-time Linux partner, Novell, to embrace an array of other Linux partners, including Red Hat. While Novell was the first Linux vendor to certify for Hyper-V, Microsoft's lack of real support beyond Novell's Suse Linux Enterprise Server was a weakness, as some have complained.
But this is arguably a new Microsoft. Redmond recently announced that Office 2010 will support Internet Explorer and Mozilla's Firefox. The company is learning that its customers run heterogeneous software environments, and it's (slowly) responding. Microsoft's Sam Ramji, senior director of Platform Strategy, notes: "We are seeing Microsoft communities and open source communities grow together, which is ultimately of benefit to our customers."
Microsoft, in short, can't ignore open source, including Linux, without ignoring its own customers.
But surely this move is more Machiavelli than Santa Claus? Maybe, maybe not. I asked Novell's Greg Kroah-Hartman, a prominent Linux kernel developer who was deeply involved in influencing Microsoft to release LinuxIC, what Microsoft's move means for Linux. His response reflects an enthusiasm that is as surprising as it is refreshing:
We want Linux to work well for everybody. This move is not bad in any way for Linux, Xen (Novell's preferred virtualization technology), or KVM (Red Hat's preferred virtualization technology). This is not a competition, per se.
With LinuxIC, Microsoft is doing two things. First, it's saying that contributing open-source software under GPL is acceptable. And second, it's supporting the idea, which I and others in the Linux kernel community have long advanced, that all Linux kernel drivers should be open source.
LinuxIC is the latest example of how Microsoft is changing, and it's a big proof point. When Microsoft embraces Linux, that's news. When it does so by embracing GPL, it's perhaps time to start the countdown to Armageddon.
Follow me on Twitter @mjasay.
Red Hat marketing guru Chris Grams posits a simple but powerful key to Red Hat's strategy: default to open. It's not new to Red Hat--Tim O'Reilly's analogue is the "architecture of participation"--but it has apparently influenced everything from product design to office layouts at Red Hat.
In a nutshell, it means:
...[R]ather than starting from a point where you choose what to share, you start from a point where you chose what not to share.
You begin sharing by default.
It's a good principle for any company, open or not. It's the same principle I hear from a wide variety of open-source companies today, including those that describe their business models as "Open Core." The first impulse is always to open source: holding anything back must clear a number of hurdles.
It seems to be working in accelerating adoption of open source, presumably because open source's transparency and ease of access makes adoption easy. Carol Rizzo, former CTO for Kaiser Permanente, suggests that "average Fortune 500 companies are using more than 100 open-source projects each." And those are just the ones they're tracking.
It also works on the development side, though a debate has resurfaced over the ideal way to encourage openness and adoption. A longtime GPL supporter, I've found myself increasingly in the Apache camp over the past year.
My reason follows Benjamin Black's excellent post on the topic:
...[T]he goal of the GPL and its variants...[is to act] as a virus to force the release of ever more source. The GPL serves to rigidly control what you can and cannot do with software covered by it, and is thus the license equivalent of digital rights management.
This leads to a related problem. The GPL produces, in practice, a two-tiered structure dividing those who control a software project from those who merely contribute to it. Those in the former group are free to create a dual-license: those who want to use the software for non-commercial purposes can do so freely, but those wanting to use the software commercially must pay. The latter group cannot do this, regardless of how much they may have contributed to the project....
When the GPL is abused like this, as it is more and more frequently, the most obvious difference between it and the permissive licenses is a matter of who decides who gets paid. Under the GPL, that control rests only with the project owner, just like content DRM. Under a permissive license, anyone can decide.
The GPL is basically proprietary software with the intent to control through openness rather than opacity. The result is largely the same.
I used to like this because, as I once wrote in Open Sources 2.0 (PDF here), as a vendor I wanted this control:
What we thought was a software development methodology may have far more importance as a business strategy that undercuts competitors while driving down costs and shifting control to buyers. In such a world, those who understand and leverage open source commodification (or escape it) will thrive - everyone else will be marginalized into economic oblivion. Commodification, the highest stage of capitalism; open source, the highest stage of software.
Years later, I'm surprised by how consistent my thinking has been on this (right or wrong - you choose). The GPL is great for control, but if it's community you want, Apache may be the better bet because, following Grams' post, it may be "more open by default."
Glyn Moody offers an excellent defense of the GPL, but the primary thing that Moody misses, and that Richard Stallman and other free-software advocates miss, is Black's critical point about control over who gets paid.
This isn't their concern, and that's fair. But it is the concern of just about everyone else that has to make a living selling software or services around it, which is why you find no businesses of any significant scale that depend upon monetizing GPL software directly. (Even Red Hat doesn't count - it sells a subscription to a closed binary of otherwise open-source software, much of it GPL.)
"Open by default" is absolutely the right strategy for software, in my view. But how different people interpret it will be highly variable. And while I'm leaning toward Apache, I'm grateful that my views can dovetail with the GPL crowd the vast majority of the time. We share a commitment to openness. We just interpret it differently.
Follow me on Twitter @mjasay.
If most developers contribute to open-source projects because they want to, rather than because they're forced to, why do we have the GNU General Public License?
Free Software Foundation
That's the question that hit me last night as I tried to sleep in the shadow of Richard Stallman's MIT. Stallman, of course, originated the GPL, a brilliant way to turn copyright on its head in order to force software to remain open.
But in the process, did Stallman simply create an alternative way to release proprietary software?
I'm not trying to be cute here. Think about it. If you you want to maximize adoption and reuse of your software, why wouldn't you use Apache? Perhaps because you don't like the thought of someone using your free software in a proprietary product?
"I would actually rather nobody use my software than be in a situation where everyone is using my gear, and nobody is admitting it," wrote Zed Shaw, creator of a popular library and Web server for Rails called Mongrel.
Shaw, and perhaps other coders, have turned to the GPL as a way to protect their software from use they deem objectionable. But isn't this precisely what the proprietary software licenses do? The only difference is that the GPL forces code to be open, rather than closed.
Are the two approaches so very different? The effect--blocking undesirable use of one's software--is largely the same.
After 10 years in open source, I'm increasingly of the Apache-licensing persuasion because I'm starting to concur with open-source luminary Eric Raymond that "the GPL is unnecessary...(and) is also a confession of fear and weakness."
If I'm mostly concerned about adoption, Apache promises to be better than the GPL for all the reasons stated by Daniel Jalkut in his excellent ode to Apache.
And if I'm concerned about protection, then why not simply use a proprietary license--one that doesn't scare opposing legal counsel?
With the Web making open-source licensing largely irrelevant, anyway, it's a good time to evaluate the merits of the two dominant open-source-licensing approaches. For this moment in time, they're essentially equivalent, at least to end users and Web developers, neither of which is required to contribute back derivative works.
Indeed, I believe that one of the primary reasons that Linux, MySQL, Lucene, Hadoop, and other Web-oriented technologies have thrived in the past few years is that they have basically come legal-encumbrance-free.
Would Google have built its server infrastructure with Linux if it had been required to contribute all its software back? Almost certainly not. Yes, it has elected to contribute back to MySQL and others when it was advantageous to do so, but I think that Affero GPL, which translates the GPL's provisions to network-hosted software, would have effectively killed the utility of MySQL, Linux, and other open-source technologies for Web titans like Google, Facebook, and others.
In short, perhaps the best thing that could have happened to open source in the past few years is the increasing relevance of its code due to the decreasing relevance of its licensing. More adoption due to fewer controls.
Developers don't contribute to open-source projects out of force. They do so out of interest, desire for recognition, and other reasons. Once you take force out of the equation, the GPL loses its relevance except as a tool to protect against competition...which proprietary licensing perfected long ago.
For those who worry about the world being closed off behind proprietary licenses, it's not going to happen. The software world has been opening up, though not always at the pace some open-source advocates would prefer. On this point Tim O'Reilly has correctly argued:
If you close things off, eventually, you lose. This is why one of my slogans is, "Create more value than you capture." As long as people are doing that, I don't care whether they're trying to capture some value (through proprietary licensing).
In other words, people don't have to be forced into openness. It happens out of natural, selfish desires. Given the history of humanity, that's probably a more dependable basis for business strategy than an expectation of charitable donations through code contributions.
So, wither the GPL? I'm asking a sincere question to which I have hunches but no definitive answers. I'd love to hear your thoughts.
Disclosure: my company licenses its software under the GPL. This post reflects my personal (evolving) opinion and should not be construed as representative of the intentions of my employer.
Follow me on Twitter @mjasay.
Over the past 10 years that I've been involved in open source, one thing has become strikingly clear to me: there are no real predictors of open-source success. There are, of course, general principles that contribute to the creation of successful open-source projects, but serendipitous "right project, right time" circumstances often matter most.
Apache Software License 2.0.
(Credit: Apache Software Foundation)I was therefore intrigued to read two articles that crystallized my own thinking around critical components of successful open-source projects.
The first is from BusinessWeek and details the mechanics of Mozilla's Firefox community. Mike Beltzner, Mozilla's director of Firefox, reveals that while 40 percent of Firefox is contributed by outside developers, what and where they contribute may not be what many would expect:
There's structure in (how Firefox is developed). But at the same time you allow people to innovate and to explore and (give them) the freedom to do what they want along those edges--that's where innovation tends to happen in startling and unexpected ways (emphasis mine).
This may be easier for the Mozilla Foundation, given its nonprofit status, as you'd expect developers to more willingly build around a product if they trust the foundation (pun intended) upon which they're building.
But the general principle holds: most open-source development and, for that matter, most development around proprietary software, happens at the edges. Whether it's Microsoft Windows or Mozilla's Firefox, developers generally don't touch the core: they create add-ons, complementary products, and so forth.
So, principle No. 1: Open-source projects that create a strong, valuable, easily extensible core that developers have the ability to build upon, as well as the pecuniary or reputational interest in extending, are more likely to succeed. No one works for "free."
The second principle is related to the first, and deals with ownership of add-ons. While some people are motivated by peace, love, and open source, others (rightly, in my view) see open source as a means to an end, and not the end itself.
As such, the license used for an open-source project matters a great deal. I've long been a proponent of the GNU General Public License (GPL) because it enables vendors to bless customers (free code!) while cursing competitors (we just open-sourced your entire value proposition and you won't dare touch our code!).
But lately I've been seeing the role Apache-style licensing can play in fostering vibrant open-source communities. Daniel Jalkut, founder of Red Sweater Software, describes this well:
As the developer evaluates communities to participate in, they must evaluate the legal impact such participation will have on their own project. The closed-source communities are, by definition, uninviting to outsiders. GPL communities are open and embracing of other GPL developers, but generally off-putting to liberal-license and closed-license developers. Only the liberal-license communities are attractive to developers from all three camps.
It's your party, and you're entitled to write the guest list. But take a look around the room: not as many folks as you'd hoped for? Liberally licensed projects are booming. Speaking for myself, a developer who has been to all the parties, I'm much more likely to pass through the door that doesn't read "GPL Only."
If you want maximum participation whatever the cost, Apache/BSD is probably the right way to go. Most companies and project owners, however, have to make a living, so it's reasonable that they measure the costs of going Apache, which likely means they'll trade a liberal license to some of their code for a proprietary license of the rest of their code.
IBM is an example of this strategy on a big scale, but so are Day Software, Microsoft, SpringSource, and others.
Principle No. 2, broadly stated, is this: Your odds of encouraging adoption of your product go up if you use a liberal license like Apache, but your ability to directly monetize Apache-licensed code vaporizes.
This isn't a bad thing. It just means you have to separate community creation from customer creation, as Funambol's Fabrizio Capobianco has stated. The two aren't necessarily the same, and are sometimes inimical to each other.
As noted above, however, you don't have to license your software as open source to encourage community around it. Microsoft, with its vibrant partner ecosystem, demonstrates this, as does Apple with its amazing iPhone ecosystem.
Developers will flock to the platforms that offer them the most return, whether financial or in reputation (which eventually translates into money). Liberally licensing of your code might tip the scales in your favor if you lack the largess of Apple or Microsoft. But no guarantees.
Follow me on Twitter @mjasay.
The GNU General Public License (GPL) used to dominate open-source licensing, but its hold appears to be slipping according to new research from Black Duck Software. While GPLv3 has seen a 400-percent increase in adoption, and though the GPL and its variants still claim over 65 percent of all open-source projects, Black Duck reports a 5 percent decline in GPL adoption.
This drop makes sense, given the GPL's decreasing relevance to the modern world of network-delivered software and the increasing value of data over software.
ZDNet's Dana Blankenhorn points out that there are no clear replacements arising for the GPL, and he's right. But I'm not sure that's the point.
Peter Vescuso, executive vice president of marketing and business development at Black Duck Software, argues that we're starting to see greater diversity in licensing approaches, as "many developers are selecting licenses that are less restrictive, a move that underscores the broader adoption and value of open source in today's multisource development environments."
Perhaps. Or perhaps developers simply don't care that much about open-source licensing qua licensing very much any more. The real value in open-source software is no longer the software, but rather the resultant services that are delivered over the Web, a theme that Tim O'Reilly has been hitting consistently over the past six years.
The GPL was highly relevant in the Software 1.0 world because it was a great way to protect software assets. In effect, the GPL became the preferred way to replicate the copyright regime, except under the banner of free software.
Today, the GPL (and open-source licensing, generally) is irrelevant.
It's irrelevant because the GPL protects nothing in a world where software is delivered over the Web, because the GPL's "distribution clause" isn't triggered. The GPL becomes BSD/Apache, in short.
Because of this, Web developers long ago stopped worrying about open-source license requirements and instead are focused on data-driven lock-in. Open-source software becomes a way to build free services that encourage adoption, which adoption yields valuable data. That data is the crown jewels in a networked world, as O'Reilly suggests.
Because Web developers don't necessarily need to protect their software, we're seeing more adopt licenses like BSD, Apache, and other permissive licenses in order to foster community, rather than protection, around their software. Those who persist in seeing the world through the Software 1.0 lens continue to try to protect the software, which is why we're seeing a four-fold increase in AGPLv3 adoption. (AGPLv3 extends the definition of "distribution" to include network-based delivery of software.)
The GPL isn't dead, and perhaps it's not even dying. But that isn't the point. The point is that the real question is Web-based delivery of software, and current licensing has almost nothing to say on that topic.
Follow me on Twitter @mjasay.
