[personal profile] mjg59
The Commons Clause was announced recently, along with several projects moving portions of their codebase under it. It's an additional restriction intended to be applied to existing open source licenses with the effect of preventing the work from being sold[1], where the definition of being sold includes being used as a component of an online pay-for service. As described in the FAQ, this changes the effective license of the work from an open source license to a source-available license. However, the site doesn't go into a great deal of detail as to why you'd want to do that.

Fortunately one of the VCs behind this move wrote an opinion article that goes into more detail. The central argument is that Amazon make use of a great deal of open source software and integrate it into commercial products that are incredibly lucrative, but give little back to the community in return. By adopting the commons clause, Amazon will be forced to negotiate with the projects before being able to use covered versions of the software. This will, apparently, prevent behaviour that is not conducive to sustainable open-source communities.

But this is where things get somewhat confusing. The author continues:

Our view is that open-source software was never intended for cloud infrastructure companies to take and sell. That is not the original ethos of open source.

which is a pretty astonishingly unsupported argument. Open source code has been incorporated into proprietary applications without giving back to the originating community since before the term open source even existed. MIT-licensed X11 became part of not only multiple Unixes, but also a variety of proprietary commercial products for non-Unix platforms. Large portions of BSD ended up in a whole range of proprietary operating systems (including older versions of Windows). The only argument in favour of this assertion is that cloud infrastructure companies didn't exist at that point in time, so they weren't taken into consideration[2] - but no argument is made as to why cloud infrastructure companies are fundamentally different to proprietary operating system companies in this respect. Both took open source code, incorporated it into other products and sold them on without (in most cases) giving anything back.

There's one counter-argument. When companies sold products based on open source code, they distributed it. Copyleft licenses like the GPL trigger on distribution, and as a result selling products based on copyleft code meant that the community would gain access to any modifications the vendor had made - improvements could be incorporated back into the original work, and everyone benefited. Incorporating open source code into a cloud product generally doesn't count as distribution, and so the source code disclosure requirements don't trigger. So perhaps that's the distinction being made?

Well, no. The GNU Affero GPL has a clause that covers this case - if you provide a network service based on AGPLed code then you must provide the source code in a similar way to if you distributed it under a more traditional copyleft license. But the article's author goes on to say:

AGPL makes it inconvenient but does not prevent cloud infrastructure providers from engaging in the abusive behavior described above. It simply says that they must release any modifications they make while engaging in such behavior.

IE, the problem isn't that cloud providers aren't giving back code, it's that they're using the code without contributing financially. There's no difference between what cloud providers are doing now and what proprietary operating system vendors were doing 30 years ago. The argument that "open source" was never intended to permit this sort of behaviour is simply untrue. The use of permissive licenses has always allowed large companies to benefit disproportionately when compared to the authors of said code. There's nothing new to see here.

But that doesn't mean that the status quo is good - the argument for why the commons clause is required may be specious, but that doesn't mean it's bad. We've seen multiple cases of open source projects struggling to obtain the resources required to make a project sustainable, even as many large companies make significant amounts of money off that work. Does the commons clause help us here?

As hinted at in the title, the answer's no. The commons clause attempts to change the power dynamic of the author/user role, but it does so in a way that's fundamentally tied to a business model and in a way that prevents many of the things that make open source software interesting to begin with. Let's talk about some problems.

The power dynamic still doesn't favour contributors

The commons clause only really works if there's a single copyright holder - if not, selling the code requires you to get permission from multiple people. But the clause does nothing to guarantee that the people who actually write the code benefit, merely that whoever holds the copyright does. If I rewrite a large part of a covered work and that code is merged (presumably after I've signed a CLA that assigns a copyright grant to the project owners), I have no power in any negotiations with any cloud providers. There's no guarantee that the project stewards will choose to reward me in any way. I contribute to them but get nothing back in return - instead, my improved code allows the project owners to charge more and provide stronger returns for the VCs. The inequity has shifted, but individual contributors still lose out.

It discourages use of covered projects

One of the benefits of being able to use open source software is that you don't need to fill out purchase orders or start commercial negotiations before you're able to deploy. Turns out the project doesn't actually fill your needs? Revert it, and all you've lost is some development time. Adding additional barriers is going to reduce uptake of covered projects, and that does nothing to benefit the contributors.

You can no longer meaningfully fork a project

One of the strengths of open source projects is that if the original project stewards turn out to violate the trust of their community, someone can fork it and provide a reasonable alternative. But if the project is released with the commons clause, it's impossible to sell any forked versions - anyone who wishes to do so would still need the permission of the original copyright holder, and they can refuse that in order to prevent a fork from gaining any significant uptake.

It doesn't inherently benefit the commons

The entire argument here is that the cloud providers are exploiting the commons, and by forcing them to pay for a license that allows them to make use of that software the commons will benefit. But there's no obvious link between these things. Maybe extra money will result in more development work being done and the commons benefiting, but maybe extra money will instead just result in greater payout to shareholders. Forcing cloud providers to release their modifications to the wider world would be of benefit to the commons, but this is explicitly ruled out as a goal. The clause isn't inherently incompatible with this - the negotiations between a vendor and a project to obtain a license to be permitted to sell the code could include a commitment to provide patches rather money, for instance, but the focus on money makes it clear that this wasn't the authors' priority.

What we're left with is a license condition that does nothing to benefit individual contributors or other users, and costs us the opportunity to fork projects in response to disagreements over design decisions or governance. What it does is ensure that a range of VC-backed projects are in a better position to improve their returns, without any guarantee that the commons will be left better off. It's an attempt to solve a problem that's existed since before the term "open source" was even coined, by simply layering on a business model that's also existed since before the term "open source" was even coined[3]. It's not anything new, and open source derives from an explicit rejection of this sort of business model.

That's not to say we're in a good place at the moment. It's clear that there is a giant level of power disparity between many projects and the consumers of those projects. But we're not going to fix that by simply discarding many of the benefits of open source and going back to an older way of doing things. Companies like Tidelift[4] are trying to identify ways of making this sustainable without losing the things that make open source a better way of doing software development in the first place, and that's what we should be focusing on rather than just admitting defeat to satisfy a small number of VC-backed firms that have otherwise failed to develop a sustainable business model.

[1] It is unclear how this interacts with licenses that include clauses that assert you can remove any additional restrictions that have been applied
[2] Although companies like Hotmail were making money from running open source software before the open source definition existed, so this still seems like a reach
[3] "Source available" predates my existence, let alone any existing open source licenses
[4] Disclosure: I know several people involved in Tidelift, but have no financial involvement in the company
From: (Anonymous)
Came here to perhaps read something about sustainable business practices that do not depend on advertising and replicating the DNA of your customers so you can better exploit them. However, all I got was another fluff piece on how the other people are harming the community again. I don’t care much what Redis Labs or Google does to make money, but I do know that you are not right person to criticize the projects using the commons clause.
From: (Anonymous)
...but apparently the Anonymous commenter is the right person to provide criticism.
From: (Anonymous)
I’m not the one criticizing the people who choose to use the commons clause for being a threat to the community. I am criticizing Matthew, because he is once again choosing to do some (rather silly imo) virtue signaling instead of finding or proposing solutions for a much bigger problem.
From: (Anonymous)
The commons clause is non-free. I have no interest in helping VCs develop non-free software.
From: (Anonymous)
Some people also consider the GPL "non-free" in that it's overly restrictive. Rewind 20 years and there were all the same useless opinions about the meanings of Open Source vs Free Software. No community is at risk, practices evolve with time to solve new needs that arise. Different actors will act within their best interests, as has been the case since beginning of life.
From: (Anonymous)
There are well recognized definitions for both open source and free software. There are people that think that the GPL is overly restrictive, but if they claim it is non-free they are using non-standard terminology and it's going to be hard to have a conversation with them.
Yes some Vcs want easy money by having people contribute to their non-free software that they can sell to some organizations and let some of their contributors do some things with, but not others, for gratis. I personally don't want to help with that as I believe strongly in user freedoms. I'm sure there are people who are willing to do it, but I think it is a bad direction to encourage in general.
From: (Anonymous)
I am confused, do you mean that Tidelift company?

From what I can tell this is a very young VC-backed startup that focuses on selling services for a piece of the cake. Correct? I don’t see how this is relevant if you don’t want to outsource your business management.

Also judging from the github repository there does not seem to be much open about it.
marahmarie: (M In M Forever) (Default)
From: [personal profile] marahmarie
Anyone who doesn't care how Google makes its money (mostly by sucking the most personal info out of every person alive whom they can reach then monetizing it, somehow) is probably not the right person to be criticizing anything.
From: (Anonymous)
Well obviously I do care about that just like you, otherwise I would not be mentioning it. In case you missed it, it was an attempt to redirect the discussion about F/OSS business models that do not depend on or fit into ad-tech, not about who is more virtuous to criticize the other.
marahmarie: (M In M Forever) (Default)
From: [personal profile] marahmarie
Well, if you're the same person (and I believe you are) who not only knocked Mat for producing "fluff" with this and other posts (furthest thing from it; did you actually rtfa?) and the same person who had to use the chalk-on-chalkboard terminology "virtue signaling" and the same person who said you don't care how Google makes its money then I don't believe you. And it doesn't matter, because you're a jerk. Mat has a tendency to let the first commenter/s ruin everything - if this were my blog I would've tossed your baseless "fluff" right in the trash but hey, so it's not.

On the bright side, you reminded me I finally have a comment policy in place for my own blog after many years of not having any I could live with - one strike and you're deleted/just gone forever. Surely will save me most of these kinds of headaches.
From: (Anonymous)
(Same OP here) You are obviously hurt and threatened by someone like me criticizing Matthew because you seem to have this idea that Matthew is somehow very virtuous and right and when someone speaks ill of him they must be wrong or in your terminology a “jerk”. As far as I know Matthew is still a human and he is also susceptible to the same biases he accuses others to possess.

Once upon the time there was a very critical man who said he did not want to live in a self-congratulating bubble of awesomeness. This man became adored by many, including yourself, for often being right about subjects that mattered to most. However, just like many before him, he started developing a selective amnesia about where his exuberant paycheck was coming from and what effect this had on the wider society. The problem is that this causes lots cognitive dissonance and from time to time this gets projected onto others who are deemed to be less virtuous. When I saw this happening to this man, I thought I might do this man a favor by bringing it to his attention the way he is projecting his own daemons onto others. Perhaps I was wrong.
From: (Anonymous)
Sure, however I think you are perfectly capable of understanding that this was not meant to discuss Google. Somehow I seriously doubt you would remain silent about a company that produces F/OSS by exploiting minorities for example. Everything one does has consequences. The excessive pays and benefits in ad-tech combined with the omerta (legal or not) to talk about the consequences can make even the most hardcore F/OSS idealist disillusioned to keep on going.

Nota bene; I don’t know how this handled in the US, but here in Europe business models like Uber, Deliveroo, etc that are based on the labor of self-employed contractors are being highly scrutinized by both labor unions and government. These non-employees are often exploited and discarded at will. As someone like yourself, who is in favor of more employee rights, I find it truly strange that you promote a company whose business model is essentially the same for the future of F/OSS.
marahmarie: (M In M Forever) (Default)
From: [personal profile] marahmarie
Waaaait a second, hold up, you don't even know what you're talking about. I am not some devotee of Matthew, and anyone who knows me already knows that, because I have actually fucking said so. He's got his issues. But that doesn't stop me from using an open mind each time he posts, because a lot of what he says is actually very useful and informative. I've been reading every post of his for at least 6-8 years now so I can guarantee you I will not be changing my mind. Only he can do that, yet he hasn't done so, yet.

Denigrating/dismissing his thoughts ("fluff"), denigrating his character ("virtue signalling") and denigrating others who criticize you for your attacks on him is not helpful to a discussion of whatever it is about the contents of the post that you don't like. Get it? That's my problem with what you've said, full stop.

Not to mention the article is not "fluff", it felt helpful to me, and "virtue signalling" is just another character attack on a discussion/airing out of topics that people care about. I don't care if you don't care what he's actually discussing (and apparently you don't). I don't care if you don't care how Google makes its money, I just think it highlights the fact you're not worth listening to anymore than you think Mat is. I don't feel hurt, insecure or threatened by any of this because Matthew is someone I just enjoy reading. For hurt, threatened and insecure to occur I'd have to feel some personal connection or affection for him that I just don't.
Edited (typos, clarity) Date: 2018-09-16 01:54 am (UTC)

Profile

Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Expand Cut Tags

No cut tags