Open Source Hypocrisy

We’ve written before on the suspicion that products and open source software don’t mix all that well.

TechCrunch writes an article titled How Grey Is Your Valley: Making Money From Open Source where they question the motives of Matt Mullenweg.

Matt owns a company, and also is a lead contributor to an open source project. The issue stated by TechCrunch is that the main product provided by Matt’s company depends on the open source project – or more importantly, the lack of a competitor provided in the open source project.

There are some loud protests at the accusations, one of which titled TechCrunch Questions Matt Mullenweg’s Ethics at OpenSourceCommunity.org.

I remember several core developers on some open source projects I once contributed to coming under fire with the same allegations. While I defended them at the time – as my own understanding of the logic made sense, as the things that were turned into products were not multi-purpose and had deployment requirements that just didn’t fit being default – I cannot really defend Matt’s predicament as spam filtering to me seems like an obviously stock thing that needs to be done.

On the flip side, Akismet is more than a product, it is a service, and providing that service carries a cost. How can such a service be provided for free?

It is my belief that anyone that plays a major role on an open source project cannot really profit from that effort, lest they have thick enough skin to tolerate the backlash of accusations and so on. This isn’t new, folks.

Ok, so MySQL.com moves their enterprise tarballs to the paid-only enterprise downloads section on the site, and makes a few other changes.

Pandemonium.

Now, is this reaction really justified, or just a whole lotta whooey? (Thanks Eben)

The Register’s Developer section has a good overview, and MySQL’s own Kaj Arnö explains on his own blog.

*spacemonkey pats himself on the back for remembering the HTML entity for that last letter in Kaj’s last name

Gavin Clarke hits the nail on the head in the Register article when he says:

“There is concern that restricted access to source will harm the quality of the final product while leaving the community straddled with a second-class database that slips out of touch with MySQL’s development cycles.”

This was the same concern many had with RedHat when they split RedHat Linux into Fedora and RedHat Enterprise. Personally, I couldn’t keep up with the pace of Fedora (seemed I needed to erase all my machines and start over every 6 months) so I switched all my servers to Debian. Problem solved. :-)

Maybe the better question here is this:

Can an open source project be solely sponsored by a corporate entity that’s sole means of income is based on that project?

Something tells me this is a lot harder balance to find than is commonly believed. In fact I suspect it’s just not really a combination that will work, like oil and water.

PostgreSQL is another FOSS database that instead of having only one corporate sponsor, has many. The biggest sponsors seem to have no commercial interest in the project, as they use the technology internally. Of course this seems to be a much more optimal scenario, but how can other FOSS projects find that balance? Or is corporate sponsorship just a bad idea for FOSS?

Man oh man, am I sad to have missed this one. By this I am talking about the O’Reilly Radar: The Executive Briefing at the O’Reilly Open Source Conference( in Oregon, titled “Licensing in the Web 2.0 Era”.

The topic of the talk, between Tim O’Reilly and Eben Moglen, was to be:

“How does open source licensing need to adapt to the realities of software delivered as a service? We’ll talk with Eben Moglen about GPLv3’s and the AGPLv3’s attempt to deal with this issue.”

Instead it apparently turned into a lopsided smackdown, where Eben pretty much let loose with some direct (and arguably harsh) criticism of Tim.

By reading the most excellent blog post by Stephen Walli titled Tim O’Reilly, Eben Moglen, and Jane Jacobs, you will find links to the conference pages, as well as additional posts on other blogs about the event. As expected there are some pretty strong emotions and varied interpretations of what happened, however it is critical to note who actually attended the event, and who claims to know what happened but wasn’t actually there…

As I didn’t attend the event, I have little to say, other than the fact that I’m a little surprised that Eben would make such personal attacks in such a public fashion – however he might have been upset about a lot of things, as some of his comments make it sound that he’s been waiting for this opportunity for a while. Maybe Tim saw this coming, as his response was supposedly quite muted. Ok, maybe he was speechless. I have no idea, and wished I’d been there to see for myself.

For the record, I love Eben Moglen. He’s fought tirelessly for a worthy cause for a loooooong time, and has always been the source of a few good zingers, which of course I appreciate :-) I’ve met him several times, and have tremendous respect for him, as well as the causes for which he fights. It’s hard for me to criticize his actions when I wasn’t there, and have no context to interpret what happened.

On the flipside, one thing he said that brings me into a good great mood was about the GPLv3 and the desire by some to add verbage to restrict SaaS(Software as a Service). Ultimately, the debate rages, and one side says that companies that take GPL software and just host it on their servers should not be exempt from the restrictions of the GPL. They say the GPLv3 should be amended to include those scenarios, so your typical Web2.0 company (such as Facebook) is compelled to share their modifications to existing GPL works with the public.

Eben responded (and I quote from another blog post by Joe ‘Zonker’ Brockmeier for Linux.com, for fair attribution):

“Moglen also took several questions from the audience. One attendee asked how we could take Moglen seriously when the GPLv3 didn’t close the software-as-a-service loophole. Moglen says that the GPLv3 could have closed the “loophole” but then it would have violated two of the fundamental freedoms: the freedom to run code for any purpose, and the right to private modifications. Moglen says that he’s not interested in legal work that removes people’s rights, but that he is more interested in doing work that finds a way to support the rights of both parties. When rights are in conflict, he says that lawyers need to find ways to protect the rights of both parties.”

There are a lot of people out there supposedly fighting for open source and free software and they clearly don’t care about both parties. I am relieved to hear that someone with the stature of Eben Moglen still remembers that there are several pieces in this puzzle that need to be put in the right place.

It is in fact that fear of rampant one-sided zealotry run amok that I’ve started this very website. I’m working on a new post that outlines one event that triggered the creation of this blog titled “Standing On The Shoulders Of…DELETE”. A tornado and a couple concerts are keeping me from getting it done, but all things in good time :-)

Back on topic, I’m elated to see Eben using the correct definition of freedom. Now to work on the rest of the group! ;-)

Here’s a really refreshing take on the GPL license from the Plone CMS, as quoted from their License FAQ:

You suck! The GPL sucks! The contract is unacceptable! Everything should be license X! Et cetera.

Blind ideological wars are tiresome and will simply damage Plone. We have chosen the GPL as our license, and are sticking with that for now.

Since the majority of the blind ideological wars usually come from GPL extremists, this is a really fresh take on the use of the GPL. They basically say “We’re using the GPL because that’s our choice, that is all.”

Yes, normal people use the GPL too! ;-)

Several blogs point to an article by Matt Asay at C|Net News.com titled The ironic rise of the Mac among open source developers.

The money quote:

“Maybe the open-source world isn’t as religious about freedom as is thought? I have a hard time with this answer, since I’m sometimes dubbed a zealot for believing that the GPL is the best open-source license yet I’m a hard-core Mac freak. I can’t really explain the contradiction, except that I found the Linux desktop difficult to use back when I used it (2004 and 2005), and I never liked Windows beyond Windows 2000. At a certain point, I just want something that works well. Maybe I’m not alone?”

You are not alone. Yeah baby, yeah!

I’m a MacBook Pro user myself, and noticed that a huge number of the Rails (and Ruby) developer community prefer the fruity computer experience as well.

Being that I started my technology career at Apple – longer ago than I want to admit in public – I’m somewhat biased though.

Another curiosity is that most of the Apple-powered developers I know also favor Debian on the server side of things. It’s a pretty solid majority of folks polled. Hmm.

Matt Mullenweg, founding developer of WordPress, posted an interesting article called Price of Freedom. The main thrust of the article is the thorny problem of open source software protecting itself from people that simply remove all original references and copyright notice and pretend they created the software.

Being someone that just recently had their own copyright violated (article on that one soon), I can relate. Matt states:

“Though the freedom intrinsic in the GPL that has allowed people to abuse WordPress it has allowed even more people to do amazing things and over time the good far, far outweighs the bad. Most importantly I feel like WordPress would have never gotten off the ground if it hadn’t been open from the beginning. (In fact there were several more functional blogging programs started around the same time that have since withered away.)

Ultimately I know our software isn’t going to change anyone’s spots. Good people will do good things with it, and bad people will do bad things with it — regardless of any protections I put in place. Windows Vista, a multi-billion dollar enterprise, was cracked within days. Does any piddling encoding I can do in PHP really matter? If protection like that isn’t broken it’s a statement of popularity, not security. I suppose could harass the bad guys, shut down their host, send them scary letters, but it’s just going to stress me out and like cockroaches they’ll pop up someplace else. I also know that most projects, software, and ideas die from obscurity, not piracy.”

I agree wholeheartedly with Matt on the encryption/obfuscation issue, as it just doesn’t make sense with open source software. I’m also not hip to the idea of encrypting a footer or other such include in order to enforce some sort of copyright notification that the end user has no power to suppress.

For example, on a PHP-based open source CMS project I was once involved in, we were trying to tackle the same issue: Some folks were taking our software, removing all references to us, and rebranding it as their own and selling it as a closed commercial product.

How do you police such behavior?

As an open source volunteer, you’re most likely working with limited resources, so you don’t really have the time to spend 5 hours a day surfing the Internet looking for violations like a miniature RIAA.

On this particular project, it was decided to include a META tag in all output, identifying the platform that was powering the site. (For the record, I was aghast at the notion and fought the idea as it was not really any better than the encrypted copyright notice. But I was outnumbered. C’est la vie.)

Of course, one of the first things all clients asked me to do was remove the META output, but not because they were wanting to violate copyright, but avoid a storm of corporate issues – angry vendors when they learned the corporate site was not on their platform, competing vendors who claim favoritism, and such. My biggest gripe was that it made it easy for less-virtuous people to hunt down websites with a vulnerable version of that software if a major exploit was ever found.

It looks like Matt’s perspective is one I endorse at the end of the discussion though; as to me it’s totally uncool and un-FOSS-like to encrypt a copyright notice or spit out unwanted META output. The only thing we can do is continue to innovate, express ourselves in our craft, and know that the bad guys always end up with a burning paper bag of dog droppings on their front porch.

Not that I’m suggesting anyone take any action. (cough)