Products and Open Source, Revisited

Spacemonkey — Fri, 24 Aug 2007 20:59:00 +0000

We’ve written before on the suspicion that products and open source software don’t mix all that well.

TechCrunch writes an article titled How Grey Is Your Valley: Making Money From Open Source where they question the motives of Matt Mullenweg.

Matt owns a company, and also is a lead contributor to an open source project. The issue stated by TechCrunch is that the main product provided by Matt’s company depends on the open source project – or more importantly, the lack of a competitor provided in the open source project.

There are some loud protests at the accusations, one of which titled TechCrunch Questions Matt Mullenweg’s Ethics at OpenSourceCommunity.org.

I remember several core developers on some open source projects I once contributed to coming under fire with the same allegations. While I defended them at the time – as my own understanding of the logic made sense, as the things that were turned into products were not multi-purpose and had deployment requirements that just didn’t fit being default – I cannot really defend Matt’s predicament as spam filtering to me seems like an obviously stock thing that needs to be done.

On the flip side, Akismet is more than a product, it is a service, and providing that service carries a cost. How can such a service be provided for free?

It is my belief that anyone that plays a major role on an open source project cannot really profit from that effort, lest they have thick enough skin to tolerate the backlash of accusations and so on. This isn’t new, folks.

How Do You Protect Your Copyright?

Spacemonkey — Thu, 02 Aug 2007 21:16:00 +0000

Matt Mullenweg, founding developer of WordPress, posted an interesting article called Price of Freedom. The main thrust of the article is the thorny problem of open source software protecting itself from people that simply remove all original references and copyright notice and pretend they created the software.

Being someone that just recently had their own copyright violated (article on that one soon), I can relate. Matt states:

“Though the freedom intrinsic in the GPL that has allowed people to abuse WordPress it has allowed even more people to do amazing things and over time the good far, far outweighs the bad. Most importantly I feel like WordPress would have never gotten off the ground if it hadn’t been open from the beginning. (In fact there were several more functional blogging programs started around the same time that have since withered away.)

Ultimately I know our software isn’t going to change anyone’s spots. Good people will do good things with it, and bad people will do bad things with it — regardless of any protections I put in place. Windows Vista, a multi-billion dollar enterprise, was cracked within days. Does any piddling encoding I can do in PHP really matter? If protection like that isn’t broken it’s a statement of popularity, not security. I suppose could harass the bad guys, shut down their host, send them scary letters, but it’s just going to stress me out and like cockroaches they’ll pop up someplace else. I also know that most projects, software, and ideas die from obscurity, not piracy.”

I agree wholeheartedly with Matt on the encryption/obfuscation issue, as it just doesn’t make sense with open source software. I’m also not hip to the idea of encrypting a footer or other such include in order to enforce some sort of copyright notification that the end user has no power to suppress.

For example, on a PHP-based open source CMS project I was once involved in, we were trying to tackle the same issue: Some folks were taking our software, removing all references to us, and rebranding it as their own and selling it as a closed commercial product.

How do you police such behavior?

As an open source volunteer, you’re most likely working with limited resources, so you don’t really have the time to spend 5 hours a day surfing the Internet looking for violations like a miniature RIAA.

On this particular project, it was decided to include a META tag in all output, identifying the platform that was powering the site. (For the record, I was aghast at the notion and fought the idea as it was not really any better than the encrypted copyright notice. But I was outnumbered. C’est la vie.)

Of course, one of the first things all clients asked me to do was remove the META output, but not because they were wanting to violate copyright, but avoid a storm of corporate issues – angry vendors when they learned the corporate site was not on their platform, competing vendors who claim favoritism, and such. My biggest gripe was that it made it easy for less-virtuous people to hunt down websites with a vulnerable version of that software if a major exploit was ever found.

It looks like Matt’s perspective is one I endorse at the end of the discussion though; as to me it’s totally uncool and un-FOSS-like to encrypt a copyright notice or spit out unwanted META output. The only thing we can do is continue to innovate, express ourselves in our craft, and know that the bad guys always end up with a burning paper bag of dog droppings on their front porch.

Not that I’m suggesting anyone take any action. (cough)

Open Source Hypocrisy: Tag wordpress

Products and Open Source, Revisited

How Do You Protect Your Copyright?