The freedom to fork is the essential right of open-source software. Until Oracle's attempted acquisition of Sun/MySQL, however, few realized just how important it would be to retain the right to fork one's own code.
After all, just because you have the letter-of-the-law right to fork doesn't mean you have a meaningful ability to do so. So long as you're not the primary copyright holder, you're always going to be second place, with second-place commercial opportunities in the software.
MySQL co-founder Monty Widenius hints at this in his letter to the European Commission, citing conflicts of interest between Oracle and MySQL development interests. Such conflicts wouldn't be of such importance were it not for the lack of external commercial appeal that stems from MySQL's use of the GNU General Public License (GPL).
Even Richard Stallman, co-author of the GPL and founder of the free-software movement, and not someone that spends much time worrying about monetization of open-source software, gets this.
As noted in a letter co-drafted with Open Rights Group and Knowledge Ecology International, Stallman notes that Oracle's proposed acquisition of MySQL could hurt its development because the GPL reduces incentives to commercialize the code:
The acquisition of MySQL by Oracle will be a major setback to the development of a FLOSS database platform, potentially alienating and dispersing MySQL's core community of developers. It could take several years before another database platform could rival the progress and opportunities now available to MySQL, because it will take time before any of them attract and cultivate a large enough team of developers and achieve a similar customer base.
Given that forking of the MySQL code base will be particularly dependent on FLOSS community contributions - more so than on in-company development - the lack of a more flexible license for MySQL will present considerable barriers to a new forked development path for MySQL. [Emphasis added.]
For those who have been reading/hearing Stallman for the past 10-plus years as I have, this admission is shocking in the extreme. The GPL, which is supposed to be the ultimate guarantor of software freedom, may deliver the opposite. Because of its control-freak urges, it can stymie competition, which is presumably why Stallman is now calling on the European Commission to grant what his license couldn't: freedom.
Now consider if MySQL were licensed under the Apache 2.0 license. MySQL 2 could arise, take the code, hire all of the developers, and development of the open-source database would not miss a beat.
Could MySQL 2 achieve the same with the GPL? No, it could not, because the copyright holder, Oracle, would always have a superior commercial opportunity, because it has more rights than downstream users, as the GPL leaves the copyright holder with a greater range of business model options, and not simply support/services.
Apache leaves everyone--developers, users, vendors, etc.--on equal footing. The GPL does not. With the GPL, the copyright holder retains effective control.
That's one reason it has been so popular with commercial open-source companies, but the Oracle/MySQL situation may prompt more companies to consider using an Apache license so as to preserve maximum freedom in case of takeover, hostile or otherwise.
Disclosure: My company uses the GPL but has been actively considering areas to use Apache licensing.
The GPL version 2 has been in decline for some time, and has just dipped below a 50 percent adoption rate among open-source projects, according to new data released by Black Duck Software.
While some of this decline may be due to GPL version 3's increased adoption, at least some may derive from growing commercial interest in Apache-style licensing.
GPLv2 adoption falls below 50 percent
(Credit: Black Duck Software)One of the best indications of this shift is Red Hat's decision to license the JBoss HornetQ project under an Apache license, rather than the Lesser General Public License, to which it had previously defaulted.
Having said that, it's important to note that Apache's share of the market hasn't been growing dramatically (see the July 2009 data), which lends further weight to a hypothesis that GPLv3 is cannibalizing GPLv2. Even so, I find the dip interesting, and anecdotally I'm seeing a groundswell of support for Apache.
This isn't to suggest that the GPL doesn't matter: it clearly does. As Redmonk analyst Stephen O'Grady recently noted, "the GPLv2 is more popular than all of the other licenses on the (Black Duck) list...combined."
But as Open Core becomes the default business model for "pure-play" open-source companies, we will see more software licensed under the Apache license.
The GPL makes sense in a world where vendors hope to exercise control over their communities (by constraining the sorts of derivative works that remain palatable to would-be competitors or "free-riding" users), but if the desire is to foster unfettered growth, Apache licensing offers a better path.
I don't see an end to GPL adoption anytime soon, as its ethos appeals to a certain class of developer and because it can offer tangible development and business benefits, as I'll be arguing at Monday's "Which open-source license is best?" discussion with the Free and Open Source Software Learning Centre. The whole Apache vs. GPL debate may be much like Coke vs. Pepsi: a matter of personal preference and nothing more.
With GPLv2 adoption dropping below 50 percent of open-source projects surveyed by Black Duck Software, however, it's very possible that preferences are starting to shift in favor of Apache licensing.
Follow me on Twitter @mjasay.
In July 2007, version 3 of the GNU General Public License barely accounted for 164 projects. A year later, the number had climbed past 2,000 total projects. Today, as announced by Google open-source programs office manager Chris DiBona, the number of open-source projects licensed under GPLv3 is at least 56,000.
And that's just counting the projects hosted at Google Code.
In a hallway conversation with DiBona at OSCON, he told me roughly half of all projects on Google Code use the GPL and, of those, roughly half have moved to GPLv3, or 25 percent of all Google Code projects.
With more than 225,000 projects currently hosted at Google Code, that's a lot of GPLv3.
If we make the reasonable assumption that other open-source project repositories Sourceforge.net and Codehaus have similar GPLv3 adoption rates, the numbers of GPLv3 projects get very big, very fast.
The data becomes even more significant, however, when you consider the number of active projects on Google Code, Sourceforge, and elsewhere. Google's ratio of active projects is much higher than Sourceforge's, which generously sees maybe 12 percent of its total number of projects under active development.
Hence, even if GPLv3's overall numbers may still seem small compared with GPLv2, its share of active projects may be quite large.
My recent flirtations with Apache-style licensing notwithstanding, clearly there's life remaining in the GPL, and particularly Version 3.
Follow me on Twitter @mjasay.
At the Oscon conference this week, Tim O'Reilly repeated something he has been arguing for years, but that resonated powerfully given some of the rancorous debates currently raging in the free and open-source software community. O'Reilly cut through the misguided logic of free-software advocacy with a simple statement:
I don't care about free software. I care about freedom...Architecture of systems matters more than licenses.
An open-source software license doesn't necessarily make you open. An open-source license doesn't guarantee freedom, either--at least not in the broad sense of the word.
For example, O'Reilly indicated that he uses proprietary Twitter instead of open-source Identi.ca for at least two reasons: 1) O'Reilly's preferred microblogging (Twitter) client, Seesmic, doesn't support Identi.ca (this will soon change) and 2) Twitter actually has a very open platform, as can be seen in the diverse and deep developer community growing up around it, something that is not true of open-source Identi.ca.
Twitter, in other words, with its closed license, may well be more open than Identi.ca, at least in the areas that most people care about (development community plus the ability to use tool of choice).
Sometimes we in the open-source community forget that licensing is a means to an end, and not the end itself. Licensing does not create a community: there are plenty of open-source projects that completely adhere to the Open Source Definition and yet are effectively closed to outside developers, while Microsoft and others have shown for years that they can attract significant outside development around their platforms.
Free-software advocates, despite their calls for freedom, can sometimes achieve the opposite, as Linux kernel founder Linus Torvalds declares:
I may make jokes about Microsoft at times, but at the same time, I think the Microsoft hatred is a disease. I believe in open development, and that very much involves not just making the source open, but also not shutting other people and companies out.
There are 'extremists' in the free-software world, but that's one major reason why I don't call what I do 'free software' any more. I don't want to be associated with the people for whom it's about exclusion and hatred."
Open software...but closed minds? What counts as open, and why do some believe the conversation begins and ends with a license? Which breed of openness do you, as a developer or as an end-user, care most about?
It's similar to the current calls for transparency in government. Transparency is a very good thing, but it is a means to an end. It is not the end itself, and creates significant costs, as Andrea DiMaio notes:
While increasing momentum on transparency consolidates and creates further political capital, it will also cause significant stress to the machinery of government. Processes will have to create and expose more data to comply with additional requirements. Executives, managers, and other government employees will be held accountable against a much larger set of metrics, and their decision-making processes will be potentially under scrutiny at every single step.
Some will say "To hell with the cost or difficulty! Just do it, and do it NOW!!" But these are the same sort of people who demand that all software be completely free forever, and right now, because they've never had to make payroll or, if they do, it's for a small consulting business whose industry impact is constrained by its own ideology.
--Linus Torvalds
Microsoft Corporate Vice President and Deputy General Counsel Horacio Gutierrez suggests that "taking purely ideological positions does not work in real life. Instead, flexibility and nuanced approaches to complex problems will tend to win the day over dogmatic approaches."
He's right, even if Microsoft doesn't always measure up to this "flexibility" and "nuance" he prefers. But then, none of us really do live up to our own hype.
Which is why, as Glyn Moody writes, we need to be careful in how we engage in discussing various strategies of openness:
Ad hominem/ad feminam attacks are not just irrelevant, they are harmful. They can lead to abiding rancor that poisons discussions and decisions for some time, and that helps no one--neither purists nor pragmatists--and certainly not free software.
As we broaden the conversation in the open-source software world to focus on freedom, and not necessarily free software, we'll find that there are different mechanics to accomplish this goal. Sometimes this will include open-source licensing. Sometimes it won't.
So long as it's the customer that takes center stage in the debate, I'm convinced we won't go wrong.
Follow me on Twitter @mjasay.
By announcing that it has open-sourced its Launchpad project under the Affero GPL version 3, a year after rumors swirled that it would, has Canonical licensed away one of its best revenue opportunities?
Roughly two years ago, I walked up London's High Road from Seven Sisters Tube Station with Mark Shuttleworth, founder of Canonical and the popular Ubuntu Linux distribution. Mark and I talked about a range of things, but one of the things that particularly caught my attention was Launchpad, a collaboration and hosting platform for open-source projects that makes it easy to track code, ideas, and other things across projects.
Then, as now, Launchpad struck me as a fertile field for Canonical to discover a scalable, winning business model to support Ubuntu development. In fact, I remember a long conversation with open-source guru Larry Augustin about Launchpad. Augustin felt that there was a great business lurking in Launchpad.
I agreed.
While I can see how "opening up Launchpad gives the free-software world the beginnings of an open, programmatic interface to its own infrastructure," as Canonical speculates, I'm struggling to see how it helps Canonical make money. Any chance of directly monetizing Launchpad is effectively gone now.
That, of course, may not be the point. Canonical has been experimenting with other models, including hosted services that may well be augmented by this move.
As RedMonk analyst James Governor suggests, "(It may be) possible to make money as a tools company, without owning the runtime, if you offer hosting for the apps. IDE (integrated development environment) + cloud = dollars." Open source may help to make Launchpad more widely used, which, in turn, better positions it to be a Canonical-sponsored on-ramp to the Canonical-monetized cloud.
Not a bad idea. (Certainly better than the apperi-sponsored Ubuntu application store, as reported by The VAR Guy.)
It does suggest, however, that Canonical may be placing a lot of eggs in the cloud basket, a basket that has yet to prove that it can deliver solid, consistent returns to software companies. It comes with its own baggage, as Jonathan Zittrain writes).
Time will tell if the cloud can feed Canonical's employees. But Shuttleworth isn't the sort of person to do something just because all the "in" kids are open-sourcing these days. Licensing Launchpad under the AGPL version 3 is a calculated move. We just don't know what the calculus will yield quite yet.
Follow me on Twitter @mjasay.
Red Hat marketing guru Chris Grams posits a simple but powerful key to Red Hat's strategy: default to open. It's not new to Red Hat--Tim O'Reilly's analogue is the "architecture of participation"--but it has apparently influenced everything from product design to office layouts at Red Hat.
In a nutshell, it means:
...[R]ather than starting from a point where you choose what to share, you start from a point where you chose what not to share.
You begin sharing by default.
It's a good principle for any company, open or not. It's the same principle I hear from a wide variety of open-source companies today, including those that describe their business models as "Open Core." The first impulse is always to open source: holding anything back must clear a number of hurdles.
It seems to be working in accelerating adoption of open source, presumably because open source's transparency and ease of access makes adoption easy. Carol Rizzo, former CTO for Kaiser Permanente, suggests that "average Fortune 500 companies are using more than 100 open-source projects each." And those are just the ones they're tracking.
It also works on the development side, though a debate has resurfaced over the ideal way to encourage openness and adoption. A longtime GPL supporter, I've found myself increasingly in the Apache camp over the past year.
My reason follows Benjamin Black's excellent post on the topic:
...[T]he goal of the GPL and its variants...[is to act] as a virus to force the release of ever more source. The GPL serves to rigidly control what you can and cannot do with software covered by it, and is thus the license equivalent of digital rights management.
This leads to a related problem. The GPL produces, in practice, a two-tiered structure dividing those who control a software project from those who merely contribute to it. Those in the former group are free to create a dual-license: those who want to use the software for non-commercial purposes can do so freely, but those wanting to use the software commercially must pay. The latter group cannot do this, regardless of how much they may have contributed to the project....
When the GPL is abused like this, as it is more and more frequently, the most obvious difference between it and the permissive licenses is a matter of who decides who gets paid. Under the GPL, that control rests only with the project owner, just like content DRM. Under a permissive license, anyone can decide.
The GPL is basically proprietary software with the intent to control through openness rather than opacity. The result is largely the same.
I used to like this because, as I once wrote in Open Sources 2.0 (PDF here), as a vendor I wanted this control:
What we thought was a software development methodology may have far more importance as a business strategy that undercuts competitors while driving down costs and shifting control to buyers. In such a world, those who understand and leverage open source commodification (or escape it) will thrive - everyone else will be marginalized into economic oblivion. Commodification, the highest stage of capitalism; open source, the highest stage of software.
Years later, I'm surprised by how consistent my thinking has been on this (right or wrong - you choose). The GPL is great for control, but if it's community you want, Apache may be the better bet because, following Grams' post, it may be "more open by default."
Glyn Moody offers an excellent defense of the GPL, but the primary thing that Moody misses, and that Richard Stallman and other free-software advocates miss, is Black's critical point about control over who gets paid.
This isn't their concern, and that's fair. But it is the concern of just about everyone else that has to make a living selling software or services around it, which is why you find no businesses of any significant scale that depend upon monetizing GPL software directly. (Even Red Hat doesn't count - it sells a subscription to a closed binary of otherwise open-source software, much of it GPL.)
"Open by default" is absolutely the right strategy for software, in my view. But how different people interpret it will be highly variable. And while I'm leaning toward Apache, I'm grateful that my views can dovetail with the GPL crowd the vast majority of the time. We share a commitment to openness. We just interpret it differently.
Follow me on Twitter @mjasay.
If most developers contribute to open-source projects because they want to, rather than because they're forced to, why do we have the GNU General Public License?
Free Software Foundation
That's the question that hit me last night as I tried to sleep in the shadow of Richard Stallman's MIT. Stallman, of course, originated the GPL, a brilliant way to turn copyright on its head in order to force software to remain open.
But in the process, did Stallman simply create an alternative way to release proprietary software?
I'm not trying to be cute here. Think about it. If you you want to maximize adoption and reuse of your software, why wouldn't you use Apache? Perhaps because you don't like the thought of someone using your free software in a proprietary product?
"I would actually rather nobody use my software than be in a situation where everyone is using my gear, and nobody is admitting it," wrote Zed Shaw, creator of a popular library and Web server for Rails called Mongrel.
Shaw, and perhaps other coders, have turned to the GPL as a way to protect their software from use they deem objectionable. But isn't this precisely what the proprietary software licenses do? The only difference is that the GPL forces code to be open, rather than closed.
Are the two approaches so very different? The effect--blocking undesirable use of one's software--is largely the same.
After 10 years in open source, I'm increasingly of the Apache-licensing persuasion because I'm starting to concur with open-source luminary Eric Raymond that "the GPL is unnecessary...(and) is also a confession of fear and weakness."
If I'm mostly concerned about adoption, Apache promises to be better than the GPL for all the reasons stated by Daniel Jalkut in his excellent ode to Apache.
And if I'm concerned about protection, then why not simply use a proprietary license--one that doesn't scare opposing legal counsel?
With the Web making open-source licensing largely irrelevant, anyway, it's a good time to evaluate the merits of the two dominant open-source-licensing approaches. For this moment in time, they're essentially equivalent, at least to end users and Web developers, neither of which is required to contribute back derivative works.
Indeed, I believe that one of the primary reasons that Linux, MySQL, Lucene, Hadoop, and other Web-oriented technologies have thrived in the past few years is that they have basically come legal-encumbrance-free.
Would Google have built its server infrastructure with Linux if it had been required to contribute all its software back? Almost certainly not. Yes, it has elected to contribute back to MySQL and others when it was advantageous to do so, but I think that Affero GPL, which translates the GPL's provisions to network-hosted software, would have effectively killed the utility of MySQL, Linux, and other open-source technologies for Web titans like Google, Facebook, and others.
In short, perhaps the best thing that could have happened to open source in the past few years is the increasing relevance of its code due to the decreasing relevance of its licensing. More adoption due to fewer controls.
Developers don't contribute to open-source projects out of force. They do so out of interest, desire for recognition, and other reasons. Once you take force out of the equation, the GPL loses its relevance except as a tool to protect against competition...which proprietary licensing perfected long ago.
For those who worry about the world being closed off behind proprietary licenses, it's not going to happen. The software world has been opening up, though not always at the pace some open-source advocates would prefer. On this point Tim O'Reilly has correctly argued:
If you close things off, eventually, you lose. This is why one of my slogans is, "Create more value than you capture." As long as people are doing that, I don't care whether they're trying to capture some value (through proprietary licensing).
In other words, people don't have to be forced into openness. It happens out of natural, selfish desires. Given the history of humanity, that's probably a more dependable basis for business strategy than an expectation of charitable donations through code contributions.
So, wither the GPL? I'm asking a sincere question to which I have hunches but no definitive answers. I'd love to hear your thoughts.
Disclosure: my company licenses its software under the GPL. This post reflects my personal (evolving) opinion and should not be construed as representative of the intentions of my employer.
Follow me on Twitter @mjasay.
As a law student doing my thesis on open-source licensing (PDF), it was nearly impossible to find any substantive legal papers on the topic. In fact, the only one I can remember is Ira Heffan's excellent "Copyleft: Licensing Collaborative Works in the Digital Age" from Stanford Law Review in 1997.
It's about time.
The journal is peer-reviewed by an editorial committee made up of members of the European Legal Network which, despite its name, actually includes legal experts from all over the globe. A few of the better-known names include Andrew Katz, Amanda Brock (Canonical), Mark Webbink (former general counsel at Red Hat), and Lawrence Rosen (noted author and author of the Open Source License). The journal will be released biannually.
As companies like Qualcomm seek lawyers with deep open-source expertise, journals like the IFOSSLR are critical to elevating the depth and breadth of open-source analysis, moving it well beyond the intellectual battleground of opposing ideologues.
The first issue is now available online. As Glyn Moody notes, despite the legal nature of the journal, its contents are genuinely interesting--fascinating at times--and relevant to anyone in the business or development of open-source software.
Follow me on Twitter @mjasay.
(Credit:
Doigy Media)
For those who have yet to grok the Open Core business model, Trent Reznor of Nine Inch Nails fame will sing it to you. In a series of forum entries, Reznor explains exactly how to build a music business on the Web and, in the process, classically defines Open Core, the primary business model for open-source software, too.
Forget thinking you are going to make any real money from record sales. Make your record cheaply (but great) and GIVE IT AWAY. As an artist you want as many people as possible to hear your work. Word of mouth is the only true marketing that matters. To clarify:
Parter with a TopSpin or similar or build your own Web site, but what you NEED to do is this--give your music away as high-quality DRM-free MP3s. Collect people's e-mail info in exchange (which means having the infrastructure to do so) and start building your database of potential customers.
Then, offer a variety of premium packages for sale and make them limited editions/scarce goods. Base the price and amount available on what you think you can sell. Make the packages special--make them by hand, sign them, make them unique, make them something YOU would want to have as a fan. Make a premium download available that includes high-resolution versions (for sale at a reasonable price) and include the download as something immediately available with any physical purchase. Sell T-shirts. Sell buttons, posters...whatever.
Having trouble following that? Well, the excellent TechDirt simplifies it:
Connect with Fans (CwF) + Reason to Buy (RtB) = The Business Model
In the software world, "Connect with Fans" is the community download. It's the software made freely available for anyone to download, tinker with, and share (if they wish). As noted in a recent MindTouch post, word of mouth is an open-source project's best friend, and word of mouth depends upon giving people something to talk about.
Unfettered discussion. Highly usable code. These are the key ingredients to driving word of mouth.
As for Reznor's "Reason to Buy," that is the enterprise version. Importantly, it's not really about lock-in so much as it is about (temporary) lock-out: Open Core, just as with Red Hat's licensing model, isn't about forcing customers to stay so much as giving a convenient, compelling reason to buy. Once the customer is in the door, every open-source company I know makes it easy to leave and depends upon a subscription offering that forces the vendor to deliver continuous value to earn the customer's loyalty.
Community is for the geeks: it's all about code, code that average consumers could not possibly care any less about ("I thought that obsessing about an OS in 1993 was depressing; why are we still doing it in 2009?").
Enterprise is for users who just want to get on with their day, and want software to be part of that day without consuming the day.
You need both but, as Reznor accurately describes, you must have a compelling reason to buy. Charitable urges don't count.
The GNU General Public License (GPL) used to dominate open-source licensing, but its hold appears to be slipping according to new research from Black Duck Software. While GPLv3 has seen a 400-percent increase in adoption, and though the GPL and its variants still claim over 65 percent of all open-source projects, Black Duck reports a 5 percent decline in GPL adoption.
This drop makes sense, given the GPL's decreasing relevance to the modern world of network-delivered software and the increasing value of data over software.
ZDNet's Dana Blankenhorn points out that there are no clear replacements arising for the GPL, and he's right. But I'm not sure that's the point.
Peter Vescuso, executive vice president of marketing and business development at Black Duck Software, argues that we're starting to see greater diversity in licensing approaches, as "many developers are selecting licenses that are less restrictive, a move that underscores the broader adoption and value of open source in today's multisource development environments."
Perhaps. Or perhaps developers simply don't care that much about open-source licensing qua licensing very much any more. The real value in open-source software is no longer the software, but rather the resultant services that are delivered over the Web, a theme that Tim O'Reilly has been hitting consistently over the past six years.
The GPL was highly relevant in the Software 1.0 world because it was a great way to protect software assets. In effect, the GPL became the preferred way to replicate the copyright regime, except under the banner of free software.
Today, the GPL (and open-source licensing, generally) is irrelevant.
It's irrelevant because the GPL protects nothing in a world where software is delivered over the Web, because the GPL's "distribution clause" isn't triggered. The GPL becomes BSD/Apache, in short.
Because of this, Web developers long ago stopped worrying about open-source license requirements and instead are focused on data-driven lock-in. Open-source software becomes a way to build free services that encourage adoption, which adoption yields valuable data. That data is the crown jewels in a networked world, as O'Reilly suggests.
Because Web developers don't necessarily need to protect their software, we're seeing more adopt licenses like BSD, Apache, and other permissive licenses in order to foster community, rather than protection, around their software. Those who persist in seeing the world through the Software 1.0 lens continue to try to protect the software, which is why we're seeing a four-fold increase in AGPLv3 adoption. (AGPLv3 extends the definition of "distribution" to include network-based delivery of software.)
The GPL isn't dead, and perhaps it's not even dying. But that isn't the point. The point is that the real question is Web-based delivery of software, and current licensing has almost nothing to say on that topic.
Follow me on Twitter @mjasay.
