I'd like to see some recognition from this crowd of the "free-ride competition" problem as this author puts it. What Herman is doing is a service to us all, and we should find a term (better than 'source-available', which is cold and doesn't capture community projects accurately) that people can promote themselves under without much weeping and gnashing of teeth.
EDIT from a comment in a thread way down, that summarises my point:
I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software. In fact, having no safeguard against large organisations making money this way is actually hugely detrimental to the mission by enabling these companies to ensnare unsuspecting users in a web of both their own proprietary software as well as all that free and open source software has to offer.
Isn't this what the AGPL is for? That's an OSI approved "open source" license that places restrictions on people making the software accessible as a network service.
So if you had some AGPL OCR tool you were using, you could use it, but not in a way the user sees that text. Generate audio from it and expose the sound? Probably fine.
And that you can comply with that completely, run the software, and then have a proxy in front that strips that offer without violating the letter of the license.
And if that theory works I think "substantial features" of the code could be directly (but for the indirection of that proxy) exposed.
> However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so.
and
> Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License.
"Convey" is the key word there. You _must_ convey the license. Stripping it out, is not conveying it. Why is it automatic? Because under the AGPL, the license is a part of the work itself. You cannot remove it or modify it, without breaking the license, and thus having no right to modify it in the first place.
You didn't convey a covered work by using it to respond to a response or anywhere else in my hypothetical - and indeed that part of the license exactly matches the GPLv3. The relevant portion of the license is rather
> Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph.
Yeah, I'm not continuing this convetsation.
I know what section of the license is relevant to network requests, why the section of license you cited is not, and that a proxy stripping offers of source does not seem to violate the text (though it certainly violates the spirit) of the license. I do not know how a court would react to such an attempt.
I agree that I'm done with this conversation though.
Technically true, but in practice almost every tech company forbids GPL code. I bet if you re-read your employment contract closely you'll find that you agreed not to introduce any GPL code into the company's codebases.
(Edited for clarity).
Just using Linux is not enough to say anything built with it is a combined product in the eyes of the GPL, the license is pretty specific about what it considers a derivative work.
For example, you can ship closed source apps and OS on top of Linux so long as you respect the license.
Those are pretty rare when it comes to the GPL, a lot of hardware companies do not comply with it fully, in some way. Vizio is being made an example of at the moment:
Of course a company must forbid copy/paste of GPL code, because that would GPL the codebase and that's hardly what they want. But one should ask the Legal office (and/or other offices) about adding any MIT, BSD or proprietary library: credit must be given (how?), licenses must be available and compatible with the way the software is distributed. There are so many licenses out there, everything should be vetted.
Of course everything should be vetted, but lawyers have canned advice about common licenses they see often — GPL, MIT, etc.
[1] https://opensource.google/documentation/reference/using/agpl...
(AGPL, however, was nearly impossible to get permission to use)
Some companies subscribe to FUD (aka lawyers covering their ass) and forbid use of AGPL, GPL and sometimes even LGPL software outright even though they allow proprietary sofware that has even more restrictions, but the big elephant in the room that is usually cited for these open source to "proprietary but we still want the publicity of open source" license changes (AWS) is not one of those companies that put fear over profit.
I don't see how, there is nothing in the spirit of FOSS by doing that.
From the license at <https://github.com/HermanMartinus/bearblog/blob/998e87263248...>:
"You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality"
Given that the exclusive purpose of the Software in question is to implement a managed service for its users' hosting needs, I'm having trouble understanding how anyone could take the position that this is "mostly in the spirit of FOSS".
The license might as well say, "You just can't use this."
"Bear Blog has been built as a platform and not as an individual blog generator. It is more like Substack than Hugo. Due to this it isn't possible to individually self-host a Bear Blog."
"It isn't possible" is obviously not true but a plain reading of both that combined with the license would suggest you can't use bear at all for anything.
Where does it say that?
Any examples when AGPL was used successfully by competitors? Typically every company prohibits using this licence.
They want to seem altruistic but want to also be the only provider.
GPL would have been a better initial license, and AGPL would have been the next logical step to ensure that changes that hosted services make can come back to the original version.
I'm not entirely sure what they were hoping to get by making an extremely permissive licensed piece of software, but competition doesn't appear to be it.
This is an overly negative take. At the end of the day, they are still providing software and the source code free to use for practically every purpose except directly competing with them.
That's still altruistic while also being sensible in the real world rather than an ideal.
You might say, "well wouldn't that be most of what people might want to do with it?" And you might be right, but so what? No one is entitled to build their business on the back of someone else's work, not without their permission anyway.
That certainly makes software like this no longer Free Software. But I'm not religious about it, and maybe that's ok sometimes.
(It also runs afoul of several parts of the OSI Open Source Definition, but maybe that's ok too.)
This is incorrect.
https://github.com/HermanMartinus/bearblog/blob/master/LICEN...
> You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality.
It does not make the distinction around a financial transaction.
Some people pick the AGPL because the license itself acts like garlic to commons destroying IP vampires and are disappointed that those vampires still found a way to drink their IP milkshake.
Has nothing to do with altruism and everything to do with not wanting to be taken advantage of for free labor and IP by powerful entities that would deny them a glass of water if they were dying from thirst.
The conflict is entirely between the original developer wanting to be the sole service provider and the open source license that lets people host the software themselves. The software as a service business model is the problem here, not AWS hosting.
Doubly so when they relicense outside contributors' work with a closed source license because those contributors signed a CLA.
And lets be real here: https://github.com/HermanMartinus/bearblog/graphs/contributo...
Looking at the details of that, the only two (small) substantial code changes from other people are "User can delete their own account" from 2020, and "Use cloudflare online dns api to perform domain check" from 2021.
I have no horse in the race, just think that maybe this project is not a good measure of contributions.
That's why I said "most people" (of which I think HN commenters are not a representative sample) rather than "nobody" :)
A commitment that any significant derivative retain the original (or some later version) of the original license.
"Free to do whatever as long as it retains this license. A commitment that this license will not change, even by the original author".
No special cases, just a blanket license for all derivatives.
If it exists, what are the barriers to adoption? Why don't we all use it?
(What I'm given to understand does work is using a copyleft license and taking code from multiple parties without a CLA, because then relicensing requires all the copyright owners to agree, which for a large enough project is impractical.)
It is quite fun to try and think of ways that this could work though. Perhaps a bot that code-paraphrases (paracodes?) every accepted PR. Or maybe there's some crypto magic you could do to make the only option a clean room rewrite.
It’s possible to say anything. Without something like a contract with reciprocal commitments to make it binding, the legal effect of saying it is limited (though not necessarily zero, because legal concepts like promissory estoppel exist.)
Unless you’re entering into a contract with the project maintainer (which you’re not, if you’re just downloading or using it) then such a commitment means nothing.
Applying an open source license to your work means you’ve licensed other people to use it under those terms.
You can make all the commitments you want in the license, but it doesn’t actually commit you to keeping all future work open source as well under the law.
So you could write this license and make the commitment, but if you changed your mind later and decided not to open source future commits to the project that you made then nobody could stop you. Not unless you had entered into a contractual agreement with them and exchanged some consideration (money).
> If it exists, what are the barriers to adoption? Why don't we all use it?
My theory is that people in general don’t care that much, or (particularly in the case of corporations) consider permissive licenses to be ”freer” than copyleft.
They couldn't do anything with it (alter or even build iirc), but they could look at it.
https://www.computerworld.com/article/1336859/microsoft-open...
Ha. How times have changed:
> But governments won’t get the ability to alter source code. “This isn’t about developing or supporting customized versions of Windows,” Mundie said. The GSP and other source-code access programs are about “helping build comfort and trust with our key customers on how Windows is deployed, how security is running and how other software is running on top of Windows,” he said.
> Russia’s Federal Agency for Governmental Communication and Information has signed a GSP agreement with Microsoft, and the company says it’s in discussions with about 20 other governments.
It does take some mental discipline to actually believe in the movement and not view someone using your software to start a business as them "stealing your work." Such a thing doesn't make sense in OSS, you gave it away freely. It's a good thing, the competition is healthy. You don't have to believe, closed-source proprietary software is much easier to run a business off of as evidenced by most businesses operating that way. There's no shame in it. The FOSS folks are the free love "we don't believe in intellectual property mann" hippies of the software world.
The history of technology and markets show this just isn’t true on any significant timescale.
That’s why the AGPL exists.
> Its portfolio includes Bear, the Apple Design Award winner notes app, …
> Bear, the Apple Design Award winner notes app
Which you could have known by spending five seconds on https://lambdalpha.com, or actually reading your own link which calls Bear an "Apple Design Award winner notes app", which doesn't really sound like the Bear blog.
Stop spreading rampant misinformation.
> This is a morbid topic for me to write about: what happens to Bear if something happens to me? I've got that covered too. There's a detailed succession plan in place, including:
Full documentation of all systems and processes Multiple trusted developers with access to the codebase Clear instructions for maintaining the platform So if I were to be incapacitated in any way, the platform will live on.
That term already exists: it's proprietary software.
If you're going to restrict what users can do with their copies of the program, please do not try to label the program as Free Software / open-source.
(I have no objections against the “source available” though - it’s a pretty unambiguous and useful term, that isolates one specific property.)
Now, we can agree and talk about unfortunate consequences and possible mitigations.
The AGPL is one possible mitigation: Big corps are usually afraid of it. But they do themselves: the AGPL doesn't forbid them to use the thing.
That doesn't mean I think everything has to be open source. Bear is a blogging platform trying to make money and it seems fine to me for it not to be open source.
If one of those options places restrictions on the users, then those users are probably going to choose one of the other options.
As a result, licensing your project GPL or the like usually means relegating it to obscurity. There are very notable exceptions, including Linux and WordPress, but they are outliers. It's hard to monetize an MIT project, but it is even harder to monetize a project without users.
Whether this is "good" or "bad" is a separate debate (err, usually flame war), but I think many people gloss over that this is a coordination problem and that everyone is acting rationally. For better or worse, software does not seem to be scarce.
But once we start talking about the kind of software large corporations (like AWS) will have an interest in, projects have to be successful to be useful. Software requires maintenance so the maintainers need to be able to devote their time to maintaining and improving the project. So this will select for projects that are successful enough that the maintainers can focus on it fully (either because some company hires them to work on their own project, they can charge high consulting fees because of their association with the project, or whatever).
I think "the code" (the thing covered by copyright) in most cases is not as valuable as "the project:" the leadership, the contributors, the users, the norms and practices, the commitment to ongoing maintenance, and so on. So just lots of individuals all putting pieces of their code out there with GPL probably doesn't make a lot of impact (though there is nothing wrong with it), because most users don't want "code" they want a "project" they can rely on.
I'm not sure why someone who is spending their limited free time building software to give away for free would want Amazon as a downstream consumer
Do you enjoy spending your nights and weekends dealing with CVE reports, while a high-6-figure BigTech engineer nags you that they need it fixed?
It is an annoying problem to have, but if your goal is to be able to support yourself by working on your open source project full time (not saying this has to be or should be everyone’s goal), then having big tech engineers nagging you is probably a good problem to have.
It’s a huge badge of honor and a rare accomplishment. You’re thinking too directly if you can’t imagine how having your OSS project adopted by Big Tech isn’t a career boost.
He posted that in the heat of the moment while angry, but they didn’t literally reject him for a single LeetCode problem. He admits that he was just not at a point where being hired into a FAANG job would have been a good move.
That one Tweet has fueled years of internet rage from people who didn’t get the whole story, though.
I’ve also worked at companies where people who write OSS have been recruited with comp packages that would be hard to get even at FAANG because their OSS work was crucial to the company.
Are you kidding? This is the dream scenario for many open source projects: Getting adopted by a major company is a claim to fame like none other.
> Do you enjoy spending your nights and weekends dealing with CVE reports, while a high-6-figure BigTech engineer nags you that they need it fixed?
Then don’t? You don’t have to do anything. It’s fine to ignore it you want.
Practically speaking, Amazon engineers aren’t going to sit around and hope the maintainer fixes the thing that unblocks them. If they actually need it, they’ll fix it. They might fork it. They might try to recruit the person.
But nothing obligates you to do anything. This hand-wringing about the idea that someone might find the project useful enough to identify issues and report them is rather ridiculous. Just ignore it if that’s prerogative.
The amount of paperwork they have to jump through just to send you a patch makes it not worthwhile. They might fork in extremis, but to do that they first have to justify to management that it's worth ongoing effort to support. Hiring a maintainer really only happens for truly foundational projects like the Xen hypervisor.
What they will do is use the public nature of the CVE process to pressure you to patch with the SLA - and that's generally pretty effective. Only a few open source groups (for example, the npm team) have enough public clout to reject CVEs without reputation damage.
That is a matter of opinion. I have put out some open source stuff under the form you mentioned, and it's always BSD or another permissive license. I view it as quite wrong to force my moral choices upon others, so I give others the freedom to use whatever license they like. In my case, that is what makes sense because of my own moral convictions.
Subjective. Sure if you are talking about percent of market share, but it's a huge market, you don't need to capture even 1% of users to have a viable business.
The vast majority of the GNU ecosystem is GPL. Bash, git, Apache, Gimp, Blender, Libreoffice.
There are also a lot of projects that are dual licensed, allowing commercial software to be charged a fee and non-commercial software to use for free with GPL.
Importantly - any competitor can grab it and modify it to make it easier for them to run at scale and keep those changes closed-source.
I actually see this as a valuable incentive to open-sourcing under MIT -- if a commercial provider of your software emerges, it will help you test/prove that a commercial market for your software exists, after which point you can completely close-source it and pivot to purely commercial competition.
Open-sourcing, then, is basically baiting the waters to see if anyone sees commercial potential in your work. And the minute that's validated, you get funding and start your company.
I agree that if you can somehow achieve widespread adoption with a copy left license (like Linux or Wordpress), then that will be better for you. But IME copyleft licenses are a major hurdle to widespread adoption, so such projects remain obscure.
I'm not saying it is a good thing, but I've never worked at a company where we were allowed to bring in copyleft dependencies (even though everything invariably runs on Linux, which is GPLv2).
> If one of those options places restrictions on the users, then those users are probably going to choose one of the other options.
First, if someone isn’t paying, he’s not buying. ‘Paying’ should be understood broadly, e.g. code as well as money counts. A company paying dollars really doesn’t care that much about the license — plenty of companies pay for proprietarily-licensed products (even ridiculously limited ones, with dongles and high seat prices). OTOH, a company ‘paying’ with code contributions should prefer the GPL, because it knows that its contributions will never be taken away from it.
Second, the GPL does not restrict users; it restricts developers from restricting users.
The GPL family is the right way for individuals and companies to form a software commons in which all can benefit.
A MIT licensed project on the other hand, I personally consider like a potential liability more often than not. Not different from any piece of code I could find on stackoverflow. Not something that is serious. Even if it were tied to a big corpo, that would probably become fast unsupported.
If you aren't interested in open source, that's your option, but open source has had a clear meaning for decades. You can use/write your software and people that believe in open source can use/write open source. What's the problem?
If you are concerned about mandating users provide modifications by a similar license to the one they received material under, what you want is copyleft.
All free software licenses are open source licenses. Not all open source licenses are free software licenses.
No, it doesn't. The FSF uses “Free Software” to refer to a broad class that is essentially identical to the OSI use of “Open Source.”
The term the FSF uses for copyleft is “copyleft”, which is a subset of Free Software.
1) hasn't/doesn't publish a free software definition that describes copyleft as a precondition to free software
2) hasn't/doesn't claim in any of their non-normative commentary that the definition has that precondition
3) readily and regularly refers to projects published under permissive licenses like the BSD, MIT/X11, and Apache licenses as "free software", despite not being copyleft licenses
4) themselves publish/maintain/govern software projects that are licensed under permissive licenses like the aforementioned non-copyleft licenses
The claim that "'free software' means 'copyleft'" is a pernicious, bizarrely recurring but wildly misinformed claim that only shows up on message boards by people who can't ever have actually read primary sources that explain the positions of the organization they purport to describe, and have instead just, like, decided they understand the topic (through, I dunno, osmosis or something, I guess).
Linked to from here:
https://www.fsf.org/about/what-is-free-software
Very explicit about open source being different from free software.
Also if what you say is true, there would be no reason for “open source” to exist. It was coined by Christine Peterson explicitly because the term free software conveyed a different ideal than the BSD/MIT license crowd was aiming for.
You are just wrong, and your first link proves it. The definitions are essentially identical. The philosophies behind them are different.
It's like the "Gulf of America" vs. the "Gulf of Mexico". You are talking about the same territory in either case, just expressing a different viewpoint about it.
Examples of non-free software are shareware like WinRar, software only available for non-commercial use like OMNeT++ [0], and (slightly more controversially) things like ElasticSearch or MongoDB.
https://www.gnu.org/philosophy/free-sw.html
> “Free software” means software that respects users' freedom and community. Roughly, it means that the users have the freedom to run, copy, distribute, study, change and improve the software. Thus, “free software” is a matter of liberty, not price. To understand the concept, you should think of “free” as in “free speech,” not as in “free beer.” We sometimes call it “libre software,” borrowing the French or Spanish word for “free” as in freedom, to show we do not mean the software is gratis.
And
> “Open source” is something different: it has a very different philosophy based on different values. Its practical definition is different too, but nearly all open source programs are in fact free. We explain the difference in Why “Open Source” misses the point of Free Software.
etc.
Yes. The comment you are replying to already said this: ‘Free/libre software is distinguished from "gratis" software’.
Your earlier comment wasn’t wrong for saying that ‘free software’ refers to freedom; that part was correct. But it was wrong for agreeing with a comment which claimed that ‘free software’ means ‘copyleft’. Copyleft is free software, but free software isn’t always copyleft.
Saying that ‘free software means copyleft’ is like saying that ‘bird means goose’. Goose is a kind of bird, but not every bird is a goose; just like copyleft licences are free, but not every free licence is copyleft. The responses (which you called incorrect) were trying to explain this important difference.
(Granted, Creative Commons licenses are typically not used for software, but the point stands.)
I see that a similar mechanism is used by some non-free licences, as you have just shown, but are those really considered ‘copyleft’? Isn’t the term more properly used when said mechanism is used specifically to grant and protect the four freedoms? Both the FSF¹ and Wikipedia² seem to view the freedom aspect as an important part of copyleft, at the very least.
1. https://www.gnu.org/licenses/copyleft.en.html 2. https://en.wikipedia.org/wiki/Copyleft
(I'm not sure I would rely heavily on Wikipedia for this — they only use secondary sources and in practice most of their sources will be GNU-related, so the article is probably biased in that direction.)
Here is Stallman spelling it out explicitly:
https://www.gnu.org/licenses/bsd.en.html
> The two major categories of free software license are copyleft and non-copyleft. Copyleft licenses such as the GNU GPL insist that modified versions of the program must be free software as well. Non-copyleft licenses do not insist on this. We recommend copyleft, because it protects freedom for all users, but non-copylefted software can still be free software, and useful to the free software community.
> There are many variants of simple non-copyleft free software licenses, such as the Expat license, FreeBSD license, X10 license, the X11 license, and the two BSD (Berkeley Software Distribution) licenses.
So, I stand by my assertion. You are completely wrong in saying that only copy left licenses are free/libre software, even according to Richard Stallman himself.
Open-source never attempted to distinguish itself from free software in terms of licensing or content, and "free software" has always included permissive licenses.
You can find lots of free software licenses which are not copyleft listed on the FSF website, with links to longer commentaries on them. The FSF clearly identifies them as free software licenses, and always has.
https://www.gnu.org/licenses/license-list.html
this page is linked to from FSF.org here:
https://www.fsf.org/licensing/
Take a few minutes reading the publications of the organizations and movements you're misrepresenting. Take a look at the OSI's Open-Source definition as well.
If I’ve learned anything from reading HN comments, it’s that “open source” means different things to different people, including those who believe themselves to have specific knowledge of the history of the topic.
There are half a dozen different claims about the original meaning of “open source” in this comment section alone. They’re coming from people citing history and notable figures from open source past.
"Open source" is not just a turn of phrase which became common over time. The phrase was coined by the founders of the Open Source Initiative, and it has always had a very specific meaning: https://en.m.wikipedia.org/wiki/Open_Source_Initiative
People who seem to think that "open source" has a variety of meanings, are probably confusing it for "free software" which does indeed have a variety of meanings (which was the whole reason the phrase "open source" was created - because "free software" was too vague, and they wanted to create a term with a single, specific definition!)
it's not copyleft, it's a version of freeware license
Also, MIT license in particular is much shorter and easier to understand for a non-lawyer, than most other software licenses.
I don't owe that guy s*it, what are you talking about.
He's actually doing a disservice to the OSS community, as there's now another story of OSS turning non-OSS out of greed, which damages (by a bit, but still) the whole aura that true OSS has built over the past 40 years.
The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
The proliferation of "give everything away for free" MIT/BSD/Apache licenses seems to me to have been an intentional campaign by corporate interests to undermine free software ideals
The reason why MIT/BSD licenses flourished is that they were easy to understand. As long as you didn't sue the original author or try to claim the code was written by you, you were free to do almost anything with it, including mixing it in with other for-profit code.
Whether that's an abomination or a blessing depends on your corporate vs. free software politics.
So I think it would cover pretty much any JS library usage, except maybe if you just drop in a widget and don’t interact with it in any way.
People who aren't trying to get freebies from he commons without paying back never had a problem with the GPL.
I'm not actually sure what a better way to square the circle of not making the large entities that have developed a weird patronage relationship with open source projects run away while also avoiding the kinds of problem that the GPLv3 and AGPL are hoping to deal with, would be. Limiting the virality scope might be beneficial there, but I'm not sure how you would word that in a way that's not gameable.
It feels like we've wound up in a weird position where because so many GPLv2 projects moved to GPLv3, companies were startled into paying attention to the risks involved in a new license with open questions about how it would shake out in actual courts, as well as being jolted to the very real possibility it could happen again, and took the path of risk reduction by moving toward platforms where that couldn't happen.
You might compare it to everyone pointing to Solaris's source closing as a reason to not trust Oracle about MySQL's license remaining GPLv2. (As it turned out, so far, they haven't changed the license, but there was certainly a lot of fearmongering about that at the time.)
So I think I agree that it's not so much a coordinated effort to steer anything as the direct effects of companies avoiding funding that space, as well as the knock-on effect that anyone whose goals involve large companies using their product and leveraging that avoids picking a license that precludes that in turn.
Protecting the user's right to compete with the developer is not sustainable.
Protecting the user's right to run the software for free on their own or in their company so long as they don't resell it is perfectly salient and should be enough for anyone. That's really all the freedom a user needs.
If you're asking for more, it's because you want to take the developer's business. That's 100% unfair.
The hyperscalers aren't giving back 1/1,000,000th of what they've taken. Yet we go after "source available" or "fair source" like it's some grave evil.
Where is there opportunity left for software outside of the major trillion dollar companies if we don't start giving developers the benefit of profiting on their work?
I make a point to cheer on every fair source, source available, or open core project I see. It's the sustainable path forward. We shouldn't be taking from each other - we should be finding out how to take back from the hyperscalers.
I made some of them because I needed them, and had no reason to own them. I made some because I thought another library was poorly designed and I could demonstrate a better way. I didn't make any because I wanted money or recognition. I don't care who uses them, or how. It is literally impossible for a user to do anything with any of them that harms me.
I am deeply suspicious of any world view that declares it bad when people use code I have released for free. I released it so people would use it. Good for them!
Rather, full-time commitment to software of scale. Software that does have business use cases. Software where outages can cost money.
I agree with you, actually - but Richard Stallman and the Free Software movement more generally really don't. They exactly and explicitly believe this right exists and should ideally be a legal right, and the AGPL quite explicitly maintains this right.
Ultimately the Free Software movement is predicated on the concept that ideas can't be owned. They generally oppose both copyright and patents, and not just for software. Their licenses are meant as a stop gap solution. Ideally to them, or at least to some of the more die-hard members, laws would be changed such that what the GPL grants would not be a license predicated on copyright, but instead a legal requirement for all software, while copyright would be entirely abolished.
In addition to their general opposition to copyright and patents, Free Software people also view software as having a special role in terms of privacy and control - that, even more so than books and other copyrightable works, you have a right to know what the software in your house and business is doing, and to modify and fix it if it's doing something you don't like. This is related to privacy rights on one hand, and also anti-monopoly, right to repair concepts on the other hand.
This is all very different from the Open Source movement, even though they basically use the same kinds of licenses. The OpenSource movement is more of an industry group that believes competing on building much foundational software is a waste of resources. Instead, they believe the best way to build this foundational software is in collaboration with other commercial or non-commercial entities, building it in the open such that all may benefit from contributions and add their own contributions. However, the Open Source movement is completely fine with, and even expects, then making a proprietary product on top of this open source base.
To them copyleft licenses are a tool to make sure others don't keep their improvements for themselves, but have the downside of making it harder to build your proprietary stuff on top. Conversely, software that takes your contributions but then doesn't allow you to use it in commercial offerings is completely unacceptable, since the whole goal of the movement is for different companies to build a common infra on which they can then build their own commercial products.
Ultimately, both the Free Software and the Open Source movements will agree that a core part of open source is that anyone should be able to compete on delivering the original software, even if for entirely different ideological reasons.
https://drewdevault.com/2021/01/20/FOSS-is-to-surrender-your...
The hyperscalers are contributors to FOSS, both in code contributions and funding. They could easily far better though.
It's only unsustainable when you are interested in keeping "user" and "developer" as distinct sets.
> The hyperscalers aren't giving back 1/1,000,000th of what they've taken. Yet we go after "source available" or "fair source" like it's some grave evil.
No we are going after it when people try to pass it off as open source when it really isn't.
I like open source because it means I'm not beholden to the original developer in any way as long as I pay it forward. I'm OK if this means you can't find a profitable business model.
I hate open source purism. It's not pragmatic and it's enabled us to be resold a world with ever disappearing rights.
This view is okay with hyperscalers. But it attacks the small developer.
The hyperscalers are removing our freedoms and privacy. Not small developers.
We need leverage against this.
There's just tons of software that you expect people to re-host. Yunohost has a massive catalog of free and open source software that is specifically designed to be spun up in a matter of minutes on open source VMs. To do what you're suggesting for those pieces of software would destroy the ecosystem entirely. The goal is to have multiple providers that are interchangeable that can host the software you need. So if one provider goes down, you can switch.
Meanwhile, MBAs that wanted to make money on their open source software decided that a good way to do that was to host services in charge for them. I agree, but the challenge here is what do you do when Amazon decides to take your software and also make it available to host?
And that's the moment where people abandon free software because it's inconvenient for that particular business model. The bug is not in free software. The bug is in the business model of the companies wanting to claim that they're peddling open source software, while not actually doing so: they want to have a monopoly on providing that software as a service. I understand why, but it's not good for the customer.
A real example that's getting a little long in the tooth, but back in the mid-2010s, I wanted to buy elasticsearch for a geographic search for my startup, and turns out that elasticsearch hosting, which I preferred, didn't actually offer CPU intensive instances suitable for geo-hashing. And I ended up having to switch over to Amazon to get the kinds of memory and CPU allocations that were best for our use case.
I get that you're concerned about the sustainability of these businesses, but introducing a monopoly on hosting has other downsides.
One company uses the software internally to create more value for a customer of theirs.
A second company uses the software internally to provide a paid service to a customer.
A third company resells software they bought to their customer.
The end result is the same: Company makes money, customer exhanges money for value. Somehow only one or two of those use cases would be legal.
Not wanting to further widen the schism but wasn't that the free software people rather than the open source people? cf [0], particularly the "not as strict" part.
> In the late 1990's Eric Raymond and others developed the term "open source" as a more business friendly term than "free software", with a more inclusive meaning where licenses that were not as strict about the passing on of modifications would also quality for the term.
[0] https://www.freeopensourcesoftware.org/index.php?title=Eric_...
Using GPL software: yes. Totally fine. The rise of Linux and all that jazz.
Incorporating any part of GPL software _into_ other products? Pretty much doesn’t happen. Every company I’ve ever worked for has said “do not bring LGPL or GPL software into the codebase.” When it comes to commercial software, be it cloud based, or downloadable, you’re not going to find much that tries to incorporate GPL stuff. You just won’t.
1. You incorporate GPL software and hope that no one notices and/or no one challenges. This is the most popular approach, and it’s quite successful, actually. 2. You cease to be a proprietary software company. Less popular, but an option.
Both of these are literally possible.
Expanding on this, the Free Software movement always focused on freedom for users - which, in a world where copyright applies to computer programs, ultimately leads to the licenses you listed to repurpose it.
The Open Source movement usually tries to advocate for open-source as the best development model. As in, writing it in the open and contributing with other people will result in objectively better software in the long term. Others treated it (when the term was coined) as a marketing term for Free Software, making it more palatable to businesses whose people running it don't want to talk about ethics too much.
https://www.gnu.org/philosophy/open-source-misses-the-point....
s/open source/free software/
None of those licenses prevent Amazon-style freeloading though.
Open Source provides the same “4 freedoms” as Free Software so most Open Source licenses qualify as Free Software as well.
If the goal is developer collaboration, permissive licenses are often the best choice. If you want maximum user entitlement, copyleft licenses limit developer freedom in exchange for a guarantee that future code will also be released as free software.
Cloud hosting was a challenge that did not exist when either philosophy first emerged.
With hosting, you are able to become the preferred source for software without adding much value to the code itself. This is what the author is complaining about.
The AGPL tries to address this in the GPL family but I don’t think it quite gets there. For permissive licenses, we see these “no hosting” exceptions.
If you read the early writings from the Free Software Foundation, they do not care if devs can make a living. The goal is user freedom. I think it is this philosophy that objects to the hosting exceptions.
Perhaps a better solution will be found in the future.
>The proliferation of "give everything away for free" MIT/BSD/Apache licenses...
Interesting how the world have changed. The so called GPL preference, or GPL > GPLv3 > AGPL among Open source crowd is a recent thing. Arguably in the last 15 to 20 years. Both BSD and MIT dates back before GPL. And you will see far more people prefer BSD and MIT in the 90s and 00s.
I have also long argued that the license preference among generation has somewhat a linkage to political shift in spectrum. Likely to do with Tech, now known as Big tech taking advantage. And it used to be very cool if your OSS project get used by a big company, until it is not.
Back when I was getting started in the mid-90s, GPL and LGPL were kind of the default. BSD and MIT were used for certain projects, like the BSDs and X11 of course, but the goal back then was to build up a large library of open source (then, "free software") as viable alternatives to proprietary software, and the GPL was the easiest way to do that and ensure it remained free.
It was the rise of Rails, and the attracting of commercial programmers and startup bros to open source in the '00s, that motivated the historical preference for BSD and MIT licenses.
We wanted our code to be as widely used as possible. It’s really not any more complicated than that.
There was always tension between the folks that shipped GPL software and folks that shipped BSD/MIT software, but the dividing line was not whether or not we were “commercial programmers and startup bros”.
It has always come down to questions of what we believe freedom to mean, how we wanted to contribute utility to the world, and whether we saw the use of our software in commercial projects as a loss to ourselves in a zero sum game.
The rise of “software as a service” has changed that calculus for some, and disadvantaged those that sought to build commercial service entities around their open source software. In the areas that I work, it’s made no material difference.
As for Ruby on Rails, I think it’s outsized presence on hacker news might have given you an inaccurate picture of its influence on the broader open source ecosystem.
Very well put! I personally believe that "freedom" must include the freedom to do anything you want with the software, even close off your fork if you choose. And I do not believe that a commercial project using my software harms anyone at all, as my project is still there, still available for all. Accordingly, I have always believed in and used permissive licenses. It has nothing to do with corporate profits, and I find it vexing that people make that bad faith assumption in discussions such as this.
> It has always come down to questions of what we believe freedom to mean, how we wanted to contribute utility to the world, and whether we saw the use of our software in commercial projects as a loss to ourselves in a zero sum game.
I remember the shitstorm Zed Shaw caused when he built something on top of MIT/BSD-licensed libraries and released it under GPL. "B-but that's against the spirit of the license!" people said.
BSD/MIT authors see most proprietary use as a feature — it can drive adoption and contributions that wouldn’t exist otherwise, while generally not directly competing with the original project in the open source commons.
It is considered an opportunity to leverage social mechanisms to garner support and contribution that would otherwise not be available.
GPL relicensing is different, in that it creates a direct rival open source commons with inescapable one-way asymmetry.
The license permits it, but since BSD/MIT authors tend to prefer social norms over legal fiat to sustain cooperation, they don’t see hypocrisy in objecting (even if GPL advocates do).
(I’ve tried to be as measured as possible, but obviously, I fall on one side of the debate, and I’m sure that my point of view leaks through.)
Working for big companies used to cool, but now they are just all EvilCorps.
Yup. Open source advocates would brag about adoption in enterprise. They would incessantly argue about how safe open source is compared to close source and would constantly complain about stupid managers not allowing open source.
Not all of them, but that stance was predominant when I was younger.
Is it not because corporations started funding open source projects in a big way (multiple billions of dollars a year big), and they fund projects that have licenses that they can use in their commercial projects.
To me that's a sign of the success of Open Source rather than the opposite.
As a counterpoint, when I make something open source, I really mean "freedom", which includes the freedom to build a commercial service using the software. I use the MIT license not because of "corporate interests to undermine free software ideals", but because I really want the software to be free as in freedom.
GPL, GPLv3, AGPL and similar license actually restrict the freedom to do anything you want with the software. I'm not saying there is anything wrong with it, just that "free software ideals" could mean different things to different people, and there might not be any "corporate interests".
GPL style licenses provide some guarantee you're investing in an ecosystem that is resistant to EEE. Freedom from takeover in exchange for freedom to make any arbitrary business venture. It's a choice, but to conflate libertarian freedom as the only form of freedom is narrow and ignores this centuries old unsettled debate.
Tivo-ization really woke up a lot of people to the dangers of proprietary lock in and abuse. https://en.wikipedia.org/wiki/Tivoization
But that also makes people not wanna bother with it. People in the middle who doesn't care either way will be very apprehensive of putting in a license virus in their project.
True because that's how the system actually works today.
Absurd because monopolies on ideas -- specifically patents and software licenses as mentioned here -- have absurd durations.
This statement is 100% correct. Open means open for everyone. There's a "but they are providing FOSS as a service on a proprietary platform", which seems like the next step on the LGPL-GPL-AGPL stairway of licenses, but SSPL failed to convince anyone it was a necessary freedom:
- MongoDB Inc obviously had no plans to release their own SaaS platform under SSPL
- AWS source code being released wouldn't have benefited anyone other than maybe other major cloud providers
Freedom 0 is the freedom to run the software for any purpose. You can't deny users this freedom "for their own good", or to spite big corporations, and still be free software.
Subtler issues of power and dependency won't be resolved through licensing alone, and certainly not by compromising on basic software freedom for users.
That's because then it isn't. Sorry, but you can't just take terms with an accepted meaning and decide they mean something else, without any conversation or consensus from there people using that term.
The OSI has a specific definition of what "open source" means[0]. Restricting what users of the software can do in this way is in direct opposition to parts of that definition, so no, if you do that, then it is no longer open source.
I'm not saying you aren't entitled to set up your licensing that way. I think it's disgusting when the likes of Amazon decide to take someone's hard work and use their massive oligopolist position to trivially outcompete anything the original author might try to do to make some money.
But that doesn't mean it's open source. I think people need to stop being so afraid to call their software something else. They seem to be really attached to the idea of being an "open source developer", and don't want to drop that moniker even after changing their licensing away from open source.
People also need to stop licensing their software under true OSS licenses, building a community of regular, significant contributors around it, and then changing their licensing (which they can do because they've [IMO shadily] required contributors to reassign copyright). That's a huge bait-and-switch, and people are right to be upset when that happens.
In the case of Bearblog, it seems like the author is really the only significant contributor, so I think what he's doing is totally fine, for the record. Frankly I think he did this the right way: his announcement email is entirely reasonable and sympathetic, and he doesn't try to breathlessly claim that his software is still open source.
[0] https://opensource.org/osd [1]
[1] While I don't love how the OSI folks basically just decided they own the term "open source" and that they get to define it, I think they've been pretty good stewards over time, and having clear-cut definitions of things is a good thing.
I think some people lose sight of the difference between the theoretical possibility of competing forks/implementations/services and the practical possibility. If a big enough organization gets ahold of something and begins to drive it, the fact that it's nominally open source may not be enough to ensure that people have a practical ability to get out from under that organization. In other words you need not just openness of "information" but actual open space to maneuver in the real world of food and money and markets and so on.
In many cases for-profit companies have taken up (or created) open source tools and made use of them in ways that still benefited the community at large. But it's not clear to me that FOSS licenses as we know them actually guarantee that. It doesn't seem unreasonable to me to want to build safeguards against open source software being weaponized or co-opted for unfree purposes.
One thing that's not clear from the Bearblog dev's post is whether he would be open to small-scale "competitors" who share an ethos similar to his own. In theory such competitors could be granted special license exceptions. If I were in his position I could see myself wanting to exclude big companies (and companies that hope to become big) while allowing small operators. The challenge is to create an enforceable license that encodes that, rather than requiring the author to manually approve or deny each request.
There are factions in open source advocacy, ranging from laissez faire views of freedom to views of freedom as something that needs some limitations to conserve it and prevent abuses/tragedy of the commons/etc.
I mean this stuff isn't just theoretical, there have been video games where we only find out they violated the GPL after a major code breach. [1]
I don't think anyone has a problem with the non open source licenses themselves. If you start with a closed source license or whatever, that's fine. It is switching from an open source licenses to something that is not.
A lot of the projects that later switched out of open source would have never gotten any traction if they started with the license they ended up with.
Open-source normally means there's no use restrictions, but there could be some requirements in order to do so (like attribution).
Free software normally means there's no use restrictions, but modifications can mandate maintaining the modifications also free to use, retaining the same freedoms.
And if you fray from those, you can call it source-available and the specifics of what usage restrictions exist are per-license.
People are cold to source-available projects because of their experience of source-available projects. If you want to benefit from the warm reputation that open source has, you need to offer the things that open source offers. If you want to do some novel thing, that's fine, but your novel thing will have to earn its reputation.
It’s a gift. Once you gift it, it is no longer yours, it belongs to the people to whom you have given it to, to do whatever they wish with.
Exactly! As RMS famously put it[0]:
> It is essential, for the sake of true freedom, that every user - including the humble billionaire overlord who owns a rocket factory - has the unfettered right to run the software we, the noble proletariat of unpaid maintainers, lovingly craft in our basements at 3 a.m. Our highest ethical duty is to empower Jeff Bezos to instantiate yet another Kubernetes cluster that bills government agencies by the millisecond, for freedom means all users, especially those with yachts shaped like smaller yachts. Therefore, to deny Amazon the liberty to exploit our software without a cent of reciprocation would be to shackle the very essence of the Four Freedoms, for Freedom Zero is, and always has been, the sacred right of the richest man alive to squeeze the last drops of value from our volunteer patches while whispering “thank you for your contribution” into the abyss of a PR bot.
On a more serious note:
> I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software.
Now, if said software was intended to run on users machines to actually empower the user, we wouldn't be in this pickle, wouldn't we?
I don't see Amazon freeloading off of GNOME, KDE, LibreOffice, Blender or GIMP.
No, I would argue the root cause of the problems here is that bros want to own their users (saas to the moon) and think open source is the way to do it. I say, fork those people!
As the author of Bear put in this very article:
> I wanted the code to be available for people to learn from, and to make it easily auditable so users could validate claims I have made about the privacy and security of the platform.
>
> Unfortunately over the years there have been cases of people forking the project in the attempt to set up a competing service.
Nowhere here is the intent for users to host the blogs themselves. No, he wants uses to use his service, not his software.
Fair enough, but that shouldn't have been open source in the first place. The author is just rectifying a mistake he made previously.
If the author had actually wanted end users to use his software, he wouldn't care who runs it. Look at Hugo, they're doing alright.
> enabling these companies to ensnare unsuspecting users
Well, to me, as a user, Bear is the company that ensnares me unexpectedly, because it tells me it's running open source but the minute I want to run it myself, oh no, I'm freeloading.
Whenever I see a project that requires a Kubernetes cluster to do something people would have in the past done in 15 files of C, I know they don't care about me as an empowered user in the "free software" sense. They see me as "a user" in a drug-addict sense.
F that.
[0] he never said that, obviously
Having the option for competing service providers (including yourself) is a big advantage of open source.
You don't get to just redefine terms if you find them inconvenient and people are right to push back against such attempts. If you want something else, put in the work to get mind share for your model instead of trying to catch a free ride by taking over an established one.
From what I can tell, the argument against including stuff that's called source available in the category of open source basically boils down to the OSI definition, but it doesn't seem reasonable to me for an organization to claim exclusive rights to a very generic-sounding term with an intuitive definition that clashes with how they want to define it. If there's a concern over the pollution of their brand, they should be trying to trademark it, and if there's not, the constant backlash against anyone using the term in a way that conflicts with their definition is pretty antisocial. I recognize that this battle is probably already lost, but I'm not sure I'll ever understand why as a community we seem to have been happy to police usage of an unintuitive definition through public pressure just to try to make a point that doesn't seem to have nearly as much consensus behind it as the expectation of uniformity would imply.
However, I still believe AGPL is a better alternative in most cases and functionally prevents large enterprises from touching your code due to typical internal policies.
This is a grievance against the spirit of open source.
You should be vocal against CLAs, not the AGPL. CLAs with any license is a risk of seeing the code closed up.
The FSF pretends this isn't true by pretending that some uses are actually redistribution. However, this is too clever by half. Redistribution has a well-settled meaning, and allowing interaction over a network—unless it involves downloading the software itself—does not meet that definition.
Are you under the impression that a restriction can only take the form of a blanket prohibition?
The whole piece is about CLAs, the AGPL has absolutely nothing to do with signing over your copyrights. See Canonical for the same behaviour without the AGPL, the AGPL just requires that you allow your users to also see the code they are using, even if it is accessed over a network.
> Many, like Google, have flat out banned the AGPL.
Yeah, but that's because Google hates sharing what they have built on the shoulders of giants.
People are welcome to use and host AGPLed software under its own FOSS terms. If people don't want to do that, and want to pay for alternative terms, that is also a sign that the license is effective. There's no point in restricting things people don't want to do. The GPL restricts something people want to do: make proprietary software. The AGPL restricts something people want to do: host software without distributing the source at all.
I wouldn't be so quick to judge. I love open source. But I also think words and intent matters.
I don't really 'win' by attacking customers/users that use the AGPL.
Freedom 0 the freedom to use the work
Freedom 1 the freedom to study the work
Freedom 2 the freedom to copy and share the work with others
Freedom 3 the freedom to modify the work, and the freedom to distribute modified and therefore derivative works
If Amazon tomorrow turns around and open sources everything that is a derivative work of the code they ever used, I would be more than happy, even proud if they used my software. Today any company which doesn’t deny their users the core software freedoms is already free to do so.
This is not a “hack” to be maliciously compliant OSS; this is the spirit of open source.
Why do you think the GPL has the virality clause in the first place?
Edit: a perhaps reductive, but hopefully instructive summary: MIT/BSD guarantee freedoms of the software developers, GPL guarantees freedoms of the software users.
You are free to choose which you prefer, but they're quite explicit choices, and the AGPL is absolutely squarely in the spirit of the GPL.
(Now if you had said you take issue with the tivoization clause, on the other hand... :) :))
believe it or not this is not actually true! the corporations who disallow agpl do so because their lawyers (correctly) tell them that agpl-licensed software has not been adequately tested in relevant courts of law, and that by including agpl-licensed software they are opening themselves up to unknown/unbounded legal liability/risk!
"the spirit of open source" has nothing to do with anything!
the more you know
Don’t like the agpl wording, but agree with the spirit? Ok, you have the lawyers, write a better agpl that abides by the same spirit and which you trust.
But: nothing. And waiting won’t change that. It may be also true, but it’s just excuse at this point. They’re not chomping at the bit to introduce networked virality of software freedom into their platforms.
you're also completely missing the point. it's not on anyone to "fix" the agpl, the point is about whether the agpl as it exists is usable in practice. answer, no, not really. "software freedom" doesn't even enter the discussion.
Corporations are free to do as they choose. They can choose not to use AGPL software. That's ok, they don't owe anyone anything (arguable but let's go with it), and I'd have no leg to stand on.
But that's not what happened here. Look at the quote that kicked off this thread:
> Shame on the people who recommend the AGPL to effectively be an OSI-approved source-available license.
> This is a grievance against the spirit of open source.
Note "Shame" and "the spirit of open source." Someone kicked off this thread painting authors of AGPL software as going against the spirit of open source for promoting a license which they know big corporations shun.
At that point it's a very different context. Remember how corporations don't owe anyone anything? Neither do free software devs. That entire comment is completely wrong, and the entire thread which followed only exists in its context. Not outside. And inside that context, it is absolutely valid to talk about the spirit of open source, to talk about what "should", etc, because that's the context introduced by the comment itself.
"Software freedom" doesn't just "enter" the discussion--it is the discussion.
> the corporations who disallow agpl only do so because they want to comply in a way that is against the spirit of open source
in isolation
"the spirit of open source" is not anything that can even be evaluated by any corporate legal team, much less is it anything that can be complied-with (or not-complied-with) in any kind of way
but i guess we talkin' past each other
I'd like to comment further on the permissive license point:
> When I started building Bear I made the code available under an MIT license. I didn't give it much thought at the time
I suspect many people choosing permissive licenses do it in the same spirit. They don't give much thoughts about the license, they just want to share the code with others (which is very nice!), and there was a push some years ago to make permissive licenses the default in many ecosystems (this is not innocent, by the way).
For me, the first lesson from this blog post is: think hard about what you want to really allow.
Given what the author says later:
> It hurts to see something you've worked so hard on for so long get copied and distributed with only a few hours of modification
The permissive license was obviously a bad choice. Not blaming, of course, hindsight is 20/20.
Pick permissive licenses if you are okay to work for free for other entities, and if you are cool with the potential asymmetry of them not sharing their improvements.
I'll preach for my church: when you release something, please consider a strong copyleft license. If it's SaaS, consider AGPL. It still allows people to provide services with your work, but if they need to improve your code, they are required to redistribute the improvements to their users. I don't see many reasons, in most cases, to allow people to get your code and not do the same as you: provide the code to their users; that's unfair to both their users and yourself (a notable exception is if you want to push/promote a format or a standard - then you want to push adoption at "all" costs).
Most of the times, this means you can get these improvements back. By sharing free software under AGPL, it is still possible that you'll work for free for someone else. But at least, you'll be competing on more equal footing. They'll actually need to work to be better than you.
In both cases, your advantage over them is your expertise in your own stuff.
A side effect of the AGPL is that big corps are afraid of it, so you will likely not get competition from them (even though AGPL allows them to do so).
"Bear Blog has been built as a platform and not as an individual blog generator. It is more like Substack than Hugo. Due to this it isn't possible to individually self-host a Bear Blog."
Maybe it was a mistake on their part to make it initially open source or it is bad that there are people looking to steal other people’s work
If this doesn't suit you (as in, if this is a project you can't run, let alone maintain yourself), then you should consider paying someone (preferably the authors) to do so. I know this is novel to many people here who are used to exploiting the free labour of open-source maintainers, but it's been a decider in tech choices I make lately.
'Can I/anyone else at the company debug an issue and create a bugfix for this cool new open-source tech I want to introduce?' If no, then we are not qualified to run it without external help.
0. https://github.com/HermanMartinus/bearblog/blob/master/requi...
If you want your projects license agreement to be withheld in future projects there is a license for that. Its called copyleft
So this whole post on HN is confusing as heck.
Why post the code at all if you can’t self-host? But apparently you can self-host?!?
Well, I guess kudos to those that saw the note and downloaded the code anyways and tried to spin it up.
It also aligns quite well with Bear's manifesto [3]. Even if Bear PTY LTD ceases to exist, Bear won't. This can be codified under DOSP.
Disclaimer: I'm involved with fair source and helped write the FCL.
[0]: https://fair.io
[1]: https://opensource.org/dosp
[2]: https://fcl.dev
Is it correct to assume that software than eventually becomes open under something like Apache or MIT is fair source? Or is there more subtlety to it?
The concrete definition we came up with and published:
> Fair Source is an alternative to closed source, allowing you to safely share access to your core products. Fair Source Software (FSS):
> - is publicly available to read;
> - allows use, modification, and redistribution with minimal restrictions to protect the producer’s business model; and
> - undergoes delayed Open Source publication (DOSP).
The problem of attempting to enumerate the jerks does seem pretty... insurmountable... to me though.
BTW, if the jerk list is tied to the license, if the project had external contributors, they all need to agree to add or remove someone from the list, like any license change…
Not if you base this off a license like MIT that allows sublicensing under more restrictive terms (not a lawyer, not legal advice)
This way someone could create a competing service but they would have to write the entire service layer themselves and a single user would be able to self host the core part.
Also curious what they think about the thiefs not caring about the license and copy pasting it anyway. I don’t think the kind of person that copies your code and tries to sell it would really care about the license
You know something's broken when Microsoft gets to claim to be the biggest backer of open source.
Meanwhile they'll break your back and steal all your trust and credibility if they can
They can say whatever they want. They're just lying. If you spend even a little bit of time looking into it you'll find it's just a marketing strategy.
I'm not claiming Microsoft is a good actor (and they certainly produce a whole lot of derpy trash along the way), but the argument itself is not particular sound.
Even better when a project starts with this model so it doesn't feel like a rug pull or doesn't get messy with forks overshadowing the original product. But I don't feel like Bear had the kind of scale to face this type of reaction.
I use mataroa.blog periodically which is in the same nice and I wish the Bear maintainers fulfillment with their project.
He seems to claim 3rd parties are offering bearblog commercially without modifications (or with useless modifications, like just a changed name).
I would love to see this reversed and moved to AGPL instead.
Obviously the goal of Open Source licenses does not include making money. You might, or might not, but it's not a priority.
Equally your goal may be to only support Open Source projects. That's fine. For you removing support for this project makes sense.
Once a project reaches the stage of needing to create an income stream, Open Source licenses are no longer appropriate.
Yes, some developers are naive in thinking Open Source licenses protect their income stream. Yes some users are naive in thinking that projects will remain Open Source forever.
Source-available, or Shipped-with-source of whatever you want to call it is a proprietary license which is just fine. It's not Open Source, nor does it need to be.
I’m not going out of my way to support a commercial license. There are a million commercial blog platforms to choose from.
ʕ•ᴥ•ʔ Bear vs. ʕ·ᴥ·ʔ Build EAR
The compilation database tool (https://github.com/rizsotto/Bear), is extremely helpful. It got CCLS/clangd working for me over multiple in-house build systems at a vfx studio.
It also is super helpful for debugging. I have used it a lot alongside a script which converts a compile_commands.json to a sequence of commands, so I can edit them individually without fiddling with the build system, and then once fixed (such as adding a flag to one TU) try to find the way to do that in the build system.
>Limitations: You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality.
Where on the spectrum sits an average cookie-cutter VPS provider that comes with an OS package manager that installs the program? Does the VPS provider have to screen the package manager? Does that change if they build a wiki with "1-click-install" that just sends an ssh command to install?
Is this just a requirement to have some theater where an "unaffiliated" third party has to provide the set-up scripts? Or just a rule you can't mention the option during the sales pipeline?
Crucially, I think what is banned to offer accounts. Offering turnkey-hosting is probably banned in spirit, but the person offering the turnkey-hosting is not in violation, rather the person booking the turnkey hosting and offering the accounts on the instance to third parties is in violation.
I think the wording is originally against somebody like Amazon hosting e.g. database instances for other people to use, and then giving you an account in that database. It's still OK to rent a VM from them and use the package manager to install it.
In any way, it is really confusing, in a way a license should not be. And I don't really understand why someone builds a blog platform, which is not monetized, open sources it, but doesn't want other people to host it. If I open source my stuff, I want people to use it. If I want to share the code but don't want people to use it I'd just put it somewhere it with no license at all (all rights reserved).
Idk. That's not how I'm reading it. Someone reading my blog is a user of the blog software. So running the blog and letting people read it would fall under that limitation and therefore would be prohibited.
I understand that's probably not what they tried to write, but wouldn't want to defend that understanding in a courtroom.
> It's still OK to rent a VM from them and use the package manager to install it.
Do you open up port 80 to the world? Because then you are hosting the service that offers users access to substantial features or functionality.
> In any way, it is really confusing, in a way a license should not be.
On that we agree.
Or to put it in another context, if you went and volunteered for a highway cleanup, would you get mad if Bezos drove on the highway you cleaned? Because that is what your position here is analogous to, and that seems like a poor line of reasoning to me.
No, but I would get mad if Bezos made a ton of money charging people to drive on a clean highway after I had cleaned it for free.
Note that while the original change was an additional clause to the MIT license, it was quickly changed to something completely different.[0] Since it no longer permits sublicensing and restricts "remov[ing] or obscur[ing] any licensing, copyright, or other notices in the Software," I believe it's closer to GPL now?
[0]: https://github.com/HermanMartinus/bearblog/commit/89c3f346ef...
Your options are: MIT / BSD, GPL, LGPL, AGPL. All others are unnecessary and create needless incompatibility.
The fault here lies not with the persons who use the maintainer's code exactly in line with the license, no matter what other _intentions_ he might have had.
Authors gave the right to change license to a proprietary one. Users being surprised by this are as equally naive as developers who think you can make money writing Open Source.
It's less viral than the GPLs when just using the licensed work, and less permissive than MIT / BSD because changes have to be open sourced, when the program using the changed library is distributed.
and turns out once you upvote, you can't downvote?
Well, I love minimalist site providers Its license is AGPL which still technically falls under Open source as to what "OSI?" says.
Source available just have a bad taste in my mouth. Maybe my critique of them isn't based on good intentions but I feel like I am getting really restricted as a user by source available licenses. I understand the pain of developers trying to make money. I just think that AGPL is a better use case and even elastic search went back to agpl and a lot of these source available things are going to agpl
I am sure that big tech might be able to bypass agpl itself somehow and that's why there were things like sspl but I still think that agpl is one of the most rock solid copy left licenses.
IMO - you are charging money for your app which makes you a business. When you don't listen to the market you forfeit any right to complain when you get your lunch money stolen. Sounds hard but most lessons in business are expensive!
I've been curious about how LLMs would impact open source, I have some theories and this is not the only one.
I don't think it would exactly be "create a fork of this repo", but if a developer invests significant time and effort solving hard problems where the solutions are implemented in the released source, once an LLM model is trained on it, then someone else could quickly and easily have the LLM generate a new program that implements the novel solutions. Whether this is a problem or not may depend on the motivations of the developer, but this potential for IP laundering may very well begin influencing the licenses and methods of distribution that people choose.
(Of course, I suppose at some point AI will be able to analyze and learn from binary executables or obfuscated source...)
Why does this keep happening? Why are so may developers blind to this obvious outcome?
I think MPL 2.0 is the ideal kind of copyleft, because of its scope being very clear.
> When is a program and its plug-ins considered a single combined program?
> It depends on how the main program invokes its plug-ins. If the main program uses fork and exec to invoke plug-ins, and they establish intimate communication by sharing complex data structures, or shipping complex data structures back and forth, that can make them one single combined program. A main program that uses simple fork and exec to invoke plug-ins and does not establish intimate communication between them results in the plug-ins being a separate program.
JSON data sent over the wire, particularly data with nested arrays and maps, and especially a bidirectional communication protocol, can reasonably count as "intimate communication" with "complex data structures" shipped "back and forth".
This is nonbinding guidance, but it is from the FSF, and it is legally untested afaik (not a lawyer). There's sufficient legal risk here that I'd be wary of using rich communication protocols with GPL programs, particularly if there isn't an explicit exception for that protocol.
No, shared memory is addressed later within the same answer.
> Using shared memory to communicate with complex data structures is pretty much equivalent to dynamic linking.
The first part of the answer clearly includes programs sending each other "complex data structures", including nested JSON data, over pipes.
> If the main program uses fork and exec to invoke plug-ins
Which limits a lot the relationship between the original program and the "plug-in" concept. I mean, we literally have binary proprietary blobs used as kernel drivers...
The GPL attaches to programs that are legally derivative works. So does any other license that doesn't explicitly grant the right to prepare and distribute derivative works, such as the overwhelming majority of commercial/proprietary licenses. The issue is with the overall copyright/legal system, not with the GPL specifically, and given that most entities are comfortable using at least some non-BSD programs it doesn't seem to worry people in practice.
There isn't a similar degree of legal risk with MPL 2.0, nor with non-copyleft licenses (which is the subject of this subthread, not proprietary licenses) -- whether or not a plugin counts as a combined work, there are no requirements on you.
There is a similar degree of legal risk with the overwhelming majority of licenses in use. Yes, using exclusively permissively-licensed software would let you avoid this particular risk - but given that essentially no-one (BSD advocates are, if anything, less scrupulous about avoiding proprietary software than GPL advocates - you rarely hear of BSD-land pushing firmware into a separate nonfree repository or the like) does that, it's clearly not a risk many people care much about.
In general, businesses acquire commercial licenses for proprietary software, which is a kind of derisking.
The FSF says a program that exchanges complex data structures with the covered program "can" be something that requires a license; they don't claim that it always or usually is. My position is that they're correct that it's possible (at least in some jurisdictions) but the risk is low in cases where you're not trying to do a technological end run around something you obviously need a license for.
> In general, businesses acquire commercial licenses for proprietary software, which is a kind of derisking.
Only if the license grants permission to do the thing you're doing! Otherwise you're no better off than if you had no license (and you're worse off than under the GPL, which at least permits you to prepare derivative works freely, only putting conditions on distributing them). Almost every commercial/proprietary license I've seen has a blanket prohibition on preparing or distributing derivative works.
Especially when your project is new it's also not often clear that this project will become something more serious later where you have to worry about such things as people cloning your project.
A lot of people say that it can prevent these situations but from working for large enterprises, a lot of the offerings that are created literally don’t even change the code. Thus they have nothing to contribute and have no obligation to release any source code.
GPL also does not prevent the corporation from building software in front of whatever GPL service it is. Kind of like the Linux kernel, why bother changing the kernel when you can build software in front of it and not change anything and thus have nothing to release.
Of course, the author cannot retroactively change the license of any previously distributed work. Anyone is free to fork off Bear from its last MIT code and do whatever they want with it.
So no, the MIT license does not "explicitly allow to relicense a project at any point" (emphasis mine). The MIT license allows licensees to license their derived work however they see fit, it has no effect on the relicensing by the licensor (the copyright holder).
> Any previous licenses used (MIT here) bear no effect whatsoever. There is no license in the world (and cannot be) that would prohibit the copyright owner from changing it.
I don’t think it’s that simple. The Bear project appears to have accepted external contributions under the original license, so the project is subject to that license as long as those contributions remain.
It may not be a big practical issue in this case, due to the MIT license being quite permissive, but if the project was e.g. GPL-licensed, the maintainer wouldn’t trivially be able to change the license in “whatever direction they want”. (And by “trivial” I mean without e.g. rewriting or discarding the external contributions.)
But you're right, relicensing requires the approval of all copyright holders, and in general there can be many. Of course many projects require the prospecting contributor sign a CLA where they relinquish their rights to the project in order to be able to contribute. Personally while I have signed some CLAs, such as the Go one where I retained my rights, I'd never sign one which required me to give away my copyright rights, precisely so they wouldn't be able to do a rugpull on me.
I believe that copyright law is the biggest weapon one has against open source rugpulls and one should not give it away.
[1] https://github.com/HermanMartinus/bearblog/blob/master/CONTR...
[2] https://github.com/HermanMartinus/bearblog/graphs/contributo...
No, you don't believe in open source, hypocrite.
Open source means anyone can use it, even for commercial purposes, and you knew this from day zero.
Honestly, no sympathy for these people, as this happens over and over again, they actually exploit the very few good intended OSS people. They portray their project as open source initially, to gather sympathy and free work from others, then when they see the $$$ they flip the switch to non-OSS and rub their hands.
If open source purists can't accept that, they'll find their cause gradually shrinking into nothing.
Then in the last couple weeks or so[1] it seems they saw a bit of a spike, and immediately pulled up the ladder.
They even criticised this sort of behaviour in their manifesto:
>We've seen our fair share of open-source projects become sour (see the recent Wordpress drama) or abandoned entirely. We've seen OpenAI become ClosedAI. There's a common thread here. Trust isn't just a legal structure, but a social contract.
I am actually totally in favor of source available licenses, but in this case it seems counter to all the boasts the developer has made about their platform.[2]
[0]: https://herman.bearblog.dev/manifesto/ [1]: https://trends.google.com/trends/explore?date=today%205-y&q=... [2]: https://herman.bearblog.dev/building-software-to-last-foreve...
Your evidence is solid, after all, it was the same guy who wrote that just a few months ago.
That post might be gone soon, "smaht" people are inclined to rewrite history to fit their current mood.
Now, no LLM is currently anywhere near doing that for ElasticSearch.
But for a project with 4845 lines of Python code? (as per tokei)
Definitely doable, with a bit of handholding and manual fixing.
Would that be a derivative work? Maybe, but that would be a hard legal battle.
You could probably feed all of ElasticSearch into an LLM and ask it to "reimplement it" successfully. But why would you even bother? There's already an existing open-source alternative called OpenSearch [1].
Wouldn't you do this just against the/an API documentation? Interesting thought.
https://pico.sh includes a suite of other services (some paid) but the business model doesn’t depend on prose in particular.
https://podcasts.apple.com/us/podcast/open-source-and-capita...
https://podcasts.apple.com/us/podcast/open-source-anti-patte...
Bear is still here https://github.com/rizsotto/Bear and open source
So the original project wants to restrict user freedoms, i.e. they _do not_ want the project to be open source; it's a legit choice, even if I personally prefer free software.
IANAL, but does the above limitation prevent users from hosting bear for their own (or your company’s own) needs?
If so, doesn’t that defeat the whole reason why it’s MIT licensed.
https://github.com/HermanMartinus/bearblog/blob/master/LICEN...
People and companies cannot host it and offer it as a service to other people or companies.
Again, IANAL, but I can see why a company might be cautious about using Bear as a self-hosted blog engine, since companies technically have “users.”
For comparison, the Elastic License v2 - which this license is apparently modeled on - explicitly restricts use by "third parties":
> "You may not provide the software to third parties as a hosted or managed service"
----
The Bear license doesn’t include similar language, which could create uncertainty.
It might help to explicitly clarify that self-hosting for one’s own use is allowed, or to add “third party” wording to the limitations.
I only raise this because (a) licensing is tricky, and (b) if this feedback helps the author clarify their intended license terms, that’s a win for everyone.
So you can get a self-hosted site that looks and acts like a Bear Blog, but run it yourself with a free software SSG.
We should probably remind people that licensing is an agreement between them and the other party deciding what can and can't be done. Make sure you've considered things like profit, competitors, source redistribution, etc ahead of time. Then, pick the license that suits your goals best. For many, that's source-available licenses instead of open source.
I can say that if I had spent years working on a blog platform with some decent side hustle income I may want to protect it better if I thought my main income might change, by choice or otherwise.
Don't get me wrong, I have released libraries under MIT before because I have absolutely no problems with others using it even if they want to commercialize it, but I've also released things under GPL3.
Considering how LLM companies don't respect licenses, and if your livelihood depends on it, I'd go a step further and only make the source available upon request, under strict agreements about how it's used.
There's a lot of "open-source" nowadays that has nothing to do with the spirit of hacking.
Have I missed a different source for the license text?
But when you look at the github repo here: https://github.com/HermanMartinus/bearblog
It says the repo is 40% CSS and 31% Javascript? Am I misinterpreting what this means in this context?
Source code is cheaper than ever, so if you fail to open source first then an open source clone will be created, and your hard work will be irrelevant. Best to have the first open source mover advantage.
This move just told users you are selfish, and breaking the pay it forward chain of goodwill extended by all the developers of the open source libraries your code relies on.
You also just told everyone to park their content on a platform that now has a bus factor of 1, with no option to export and reimport to a compatible fork hosted elsewhere.
If your ability to make a living hinges on open source code like yours not existing, then you are already on too fragile ground to be sustainable, and this looks desperate and will just make more people leave.
This sentence crystalises open source:
> "Unfortunately over the years there have been cases of people forking the project in the attempt to set up a competing service."
You make something for everyone. And they may use it as they please. This is what open means. Did the author make something open source with the hope that nobody would actually use the gift that they made?
Mataroa [1] also started with MIT license (directly inspired by bear blog) and it subsequently changed as well but to Affero GPL instead.
$ URL=https://herman.bearblog.dev/
$ curl -v -H 'Accept-Encoding: deflate, gzip, br, zstd' $URL 2>&1 | grep --text ^'< Content-Encoding:\|< Content-Length:\|> Accept-Encoding:'I am literally incapable of sympathising with this situation. Seriously, what did you expect to happen?
I suspect it is now probably more than in 2024.
The free solution to this is Affero GPL. The AGPL ensures that anyone who hosts a program must grant its users the same rights to use, examine, modify and share it that he received. The original author can just download that source and incorporate its changes.
That means that a fork doesn’t hide changes from the original author who ‘poured so much love’ into it.
We as a community have got to stop using the MIT or BSD licenses on our code. Use the AGPL for server code, the GPL for tools and the LGPL for libraries.
The concern is livelihood. When a big player swoops in, they can completely decimate your business because of shear scale advantages, they can undercut you into bankruptcy. And while sharing the source under even GPL is noble, it's just also kneecapping your ability to make and grow a new business if it's a tool/service that has market traction. The OG author having access to that modified source code does absolutely nothing to help them.
The big players are literally seagulls waiting to steal your current and future customers.
That is a big part of the concern, yes. That anyone can copy your work, setup a competitor, and never give anything back. Copyleft licenses, and the AGPL in particular, ensure that those changes are made public, which benefits everyone, including the original project.
> When a big player swoops in, they can completely decimate your business because of shear scale advantages, they can undercut you into bankruptcy.
That's not a guarantee. In fact, many businesses built around copyleft licensed products can thrive, in ways that their competitors cannot. The original authors understand the code base, the product, and their users much better. They have first-mover advantage on any new features, and have full control over the project's direction. They can use these advantages to build a business that is difficult to compete with, even for much larger and more powerful competitors.
In the open source world, the value of a company hinges on the quality of its product and the community around it, not on market hype, speculative valuations, and venture capital. It is more difficult to build unicorns and make investors rich with this approach, but focusing on the user avoids many of the wrong incentives that make most companies user hostile. Many companies fail because the leadership doesn't understand this, nor the philosophy behind open source, and they simply want to use it as a marketing tactic.
If we are doing it for ideological reasons why not go all in and use AGPLv3 for everything, including libraries? It also has the added benefit that big corporations will not use your code.
Today there's another thing going for Bear: the discovery page. It's gradually becoming a driver of visibility, attracting more authors to Bear to get readers who are there. But I'm wary of these "flywheel" kind of things, even if they have an indie look. To me it still feels better to have my own website, and participate only in those discovery systems that support it, like Reddit or HN.
LLMs are great at translation from X programming language to Y programming language.
The Google/Oracle Android/Java lawsuit boiled down to whether Google engineers copied source code, or whether they re-implemented things in a clean room without using prior code, right?
Isn't using an LLM to rebuild something a great loophole for this elastic search license?
I see this being a losing battle because the license is only as strong as your ability to enforce it. Bear is probably in a good position because of their network position, but this seems like a losing battle long term.
This is the license Hashicorp used. It means that abandoned projects never need to die. It means that the source code is publically available now.
I'm confused: how is this their livelihood? I don't see any way to pay them directly nor where they monetize the blogs.
Their pain is real, my question is in good faith, and I explicitly am not disparaging the love they have poured into this project.
jilles•2d ago