None of these blogposts (including this one) have any realistic solution to the problem of making OSS software and being able to live from it, and prevent others from exploiting you in the process.<p>Hyperscalers like Amazon exploit OSS projects by reselling them as a cloud service and they earn a gigantic sum in the process. But this is not a neutral thing to do - the OSS project is still responsible for maintenance! (And in many places, the "no warranty" clause seems completely disregarded - users and corporations <i>demand</i> bugfixes since it's a "critical library")<p>The most telling sentence is "Open source culture relies on trust. Trust that companies you and I helped build (even without being on the payroll) wouldn't rugpull."...<p>where is <i>any</i> trust in exploiting someone's work without giving <i>anything</i> back? the hyperscalers routinely break the OSS social contract, but because they abide to the <i>letter</i> of the licences, they get a free pass and many white knights from even the OSS community and even OSI itself.<p>A business model of "you can see the source, you can modify it but you can't offer it as a service or resell my work" is much more honest and trustworthy than the "develop a library, a cloud service picks it up then pressures you with PRs and issues until you permanently burn out from the whole thing"<p>This is partly addressed by the post - "But you know what? I'd just prefer honesty. If revenue is so dependent on selling software, just... make the software proprietary. Don't be so coy!".<p>This is not honesty though. Claiming that anything not party-approved.... I mean OSI-approved is not open source and it's proprietary is a very myopic thing. For users and developers, it's much more beneficial if they can see or even modify the source even if they don't have an unrestricted right to use and modify it however they want. This absolutist, black-and-white approach could potentially lead to many pieces of software becoming fully proprietary, all-rights-reserved in the future since the open source community harasses source available projects quite frequently, and not many have the patience to put up with that. And that would be a sad outcome indeed for user freedom, repairability, portability and other values RMS and the FSF dearly holds.
There are uses for CLAs besides rug pulls. For example, if you want to offer software as AGPL, accept community contributions, but be able to _also_ offer a non-AGPL option to paying customers (who effectively pay to be allowed to integrate the license without themselves being subject to licensing risk). Quite a few big orgs have a full ban on internal use of AGPL software so this can be very valuable.<p>That requires a CLA (as I understand it, IANAL) because you're relicensing a contributor's contribution. At the same time though, I wouldn't consider it a rugpull - contributors lose nothing here, and the open source project gains a funding mechanism (a rare thing in open source).
I'm glad Jeff pointed out the RMS article on Free software<p>> For the free software movement, however, nonfree software is a social problem, and the solution is to stop using it and move to free software.<p>> “Free software.” “Open source.” If it's the same software (or nearly so), does it matter which name you use? Yes, because different words convey different ideas. While a free program by any other name would give you the same freedom today, establishing freedom in a lasting way depends above all on teaching people to value freedom. If you want to help do this, it is essential to speak of “free software.”<p>> We in the free software movement don't think of the open source camp as an enemy; the enemy is proprietary (nonfree) software. But we want people to know we stand for freedom, so we do not accept being mislabeled as open source supporters. What we advocate is not “open source,” and what we oppose is not “closed source.” To make this clear, we avoid using those terms.<p>People in the FOSS world has been beating this drum since the very beginning. Free software was always an ideology. I get that that turns people off, just like projects wrapped up in religion and politics do, but it's the only way to ensure that stuff like this doesn't happen.<p>I concede that the people who champion FOSS are not always the kindest people to be around, see the response from people about Guix when I mentioned it as an alternative to Nix.<p>But when I was in Boston I was a card carrying member of the FSF. I went to a few libre planets, and I met some real nice people in real life who also cared about FOSS very deeply, so I know not everyone in the community is a jerk.
Source available from the beginning is ethical. Open source that becomes something else is shady.<p>I am glad they tried. I know there's lots of cynical stuff on the internet, but realistically the open source progress on stuff like Terraform or similar wouldn't have happened if these companies didn't try an alternative.<p>I'm not sure what people want these companies to do. If there's no money, if the idea didn't work, they need to pivot to something that does work.
"Corporate Open Source" is many things. Look at how many companies are paying for membership on the Linux Foundation Board: Platinum costs $500k a year, gold is $100k a year, and silver is $5-20k based on size: <a href="https://www.linuxfoundation.org/about/members" rel="nofollow">https://www.linuxfoundation.org/about/members</a>
Products aren't projects, which has confused people for decades.<p>If open source products retreating from some of the "freedom" elements bothers you, then you should be focusing your ire on the megacorporations and overfunded startups who simply refuse to contribute to the financial viability of the products that sustain them.<p>For some reason "we" celebrate the exploitative, though, so I guess that's out.
> By working on a project with a CLA, where you sign away your code, you're giving carte blanche for the company to take away your freedom to use their software.<p>Ok it's been a while so I don't remember the details or how it played out, but when Linux introduced a CoC, there were people who contributed to the kernel in the past that threatened to withdraw their code from the kernel, which would've been a nightmare to handle and clean up. How much power does a contributor have if my project is using a standard licence like GPL or BSD? Does the contributor hold any copyright over their code? Im not talking about rug pulls here, let's just say the contributor gets really mad at me for some reason.
> <i>And they're not even a pointless AI company!</i><p>Are you <i>sure?</i> (/s), because IBM mentioned "AI" no less than 10 times in their announcement of the purchase:<p>> <i>AI-driven application growth</i> … <i>IBM's deep focus and investment in […] AI</i> … <i>The global excitement surrounding generative AI</i> … <i>HashiCorp's capabilities and talent will create a comprehensive hybrid cloud platform designed for the AI era</i> … <i>generative AI deployment continues to grow</i> … <i>IBM's commitment to […] AI innovation</i> … <i>today's AI revolution</i> … <i>AI-driven complexity</i> … <i>IBM is a leading provider of global […] AI,</i> … <i>IBM's breakthrough innovations in AI</i><p>Thankfully the press managed to delete <i>most</i> of those, though there were some announcement that nonetheless took the bait.
HN title guidelines[0]: <i>If the title includes the name of the site, please take it out, because the site name will be displayed after the link.</i><p>[0]: <a href="https://news.ycombinator.com/newsguidelines.html">https://news.ycombinator.com/newsguidelines.html</a>
The declining share price and profits is exactly what made it possible for IBM to buy Hashicorp. The license change didn't juice things -- it watered down the price. $6 billion is a snip compared to the $14 billion IPO valuation.<p>Fintan Ryan has a nice write-up here: <a href="https://medium.com/@fintanr/on-ibm-acquiring-hashicorp-c9c73a40d20c" rel="nofollow">https://medium.com/@fintanr/on-ibm-acquiring-hashicorp-c9c73...</a>
If you can't capture sufficient value, you're not going to be able to make a business around it. The problem isn't value creation, which the OSS model does do. The problem is value capture. That's why so many people go around saying "We need to pay X more". That's a sign that creation and capture have a gap.<p>You'll see that with traditional open-source. With companies that attempt to capture the value, your customers will always hate you unless you're careful.<p>Of course using the Elastic license family from the beginning is one way there. The Llama license family is another way. But perhaps my favourite observed thing has to be Kong's licensing: the base thing is Apache 2.0 but when you sign a contract with them, they'll give you access to the Enterprise plugins and you can edit their source. I loved working with them.<p>They seem to have done a good job with value capture. I think they're leaving a lot on the table, but there is significant path dependence on what they've done, so they don't have the option any more. But good job.
What is dead is the utopian dream that making companies whose main product is raw software, is possible to do in a sustainable way, while keeping everything open source.<p>There are bills to pay, donations only give so much, very few buy books from community members, consulting doesn't apply to all software, trainings even less, not everything can be a SaaS,...
Most successful open source projects are actually backed by companies and most of those projects are of course alive and kicking. The entire fortune 500 runs on software and the most of that consists of massive amounts of open source with some sprinklings of proprietary stuff mixed in. Linux would have stayed a silly hobby project without the possibility for this.<p>What's dead, or rather was never really that much alive is the notion of not quite so open source projects where a single corporate entity attempts to dictate the rules and actively discourages outside contributions, and people profiting from "their" source code. As a proportion of most widely used OSS software the amount of software and the number of developers involved with it is a rounding error.<p>There are two main problems with corporate OSS:<p>1) it stifles the formation of a healthy community of outside contributors. This endangers long term success of projects. The more restrictions exist (e.g. copy right transfers or aggressively anti commercial usage licenses like AGPL), the more likely it is that would be contributors will take the hint and stay away.<p>2) it limits growth to the strategy, financial success, and imagination/skills of just one company. Because with projects being bottle necked on the financial success of just one company and cut of from outside help, absolutely nothing happens unless that one company pays for it.<p>And with finances effectively supplied by VC investors interested more in IPOs and quick exits than good software, OSS is just a buzzword that goes on the investor deck and not something they actively value or appreciate. Hence legal monstrosities like BSL that make no sense whatsoever from the point of view of nurturing a healthy community of external developers. Most VC companies of course fail. That kind of is the point. And most of their restrictively licensed software projects die along with them and don't survive the implosion of these companies. Developers move onto other things and the software gets peddled to hedge-funds or companies like IBM.<p>The only exception to this is properly licensed open source that can simply be forked. Oracle, Redis, Red Hat, Hashicorp, Elasticsearch, etc. found that out the hard way. The answer is not getting more proprietary about OSS software and preventing forks. The software gets forked precisely because these projects are too valuable to let it rot away behind corporate pay walls. This is not a failure of open source but actually a huge success. The software will long survive the misguided corporate shenanigans. The software and community will be fine. Those companies, possibly a lot less.
I recently re-licensed a large open source project from MIT to a source-available license which restricts redistribution after someone decided to fork it, completely rearrange the code and introduce subtle breaking interface changes, and then package it up with basic Electron UI for sale on a platform digital store.<p>I don't know what the answer is, but the OSI definition is clearly not built to withstand this era of late stage capitalism and the "hustle culture" that permeates through it.
It's basically become market research where the amount of devs which get hooked indicate success and these devs also double as the client (a trap). I try to stay with my stack, which also makes me miss out on things like the highly recommended Tailscale-service.
I started (and just published) a website[1] that tries to track relicensing risks across a number of OSS projects. The current methodology looks at trademark holders, licenses, and CLA/DCO requirements. I think there's community value in educating develpers, surfacing risks, tracking when a project changes it's posture, and promoting forks.<p>If this sort of thing is interesting to you, I'm looking to expand the project listing with community support. I suspect the relicensing trend is on its way up.<p>[1] <a href="https://alexsci.com/relicensing-monitor/" rel="nofollow">https://alexsci.com/relicensing-monitor/</a>
This goes against the foss ethos but given that foss is ultimately rooted in freedom I think what I will suggest can be reconciled with the primary principle.<p>I’ve been thinking the only way to truly protect freedom of individuals and of foss development is to have a dual license which is foss unless you deploy it to over 10m users or 10m revenue or belong to list of companies like the eu designated gatekeepers. In that case each project should have the latitude to decide if they will enforce terms if any. Meaning that given the needs of the developers being otherwise met they can always forego any additional requirements
I don't blame the big corps like IBM (disclaimer: I work there, I don't speak for them) and Microsoft and Google. I really blame investors who are looking to get their money back. When they force an IPO but there's no business model to sustain the company, this is what happens. CEOs resort to developer-hostile actions which kills off the community and generates ill-will towards the company. People here shit on "lifestyle companies" but IMO that's the best model for sustainablility and developer communities (if that's what you're into).
So the TLDR; is don't trust any corporate open source that requires a CLA and don't contribute to those projects unless you are prepared to fork if the rug gets pulled.
OT: if the author of the article sees this, there's an error in a quote. You quote HN user skywhopper as saying<p>> HashiCorp already did a great job pre-draining all their flavor<p>but their quote actually says [1]<p>> HashiCorp has done a good job of pre-draining any flavor it once had<p>[1] <a href="https://news.ycombinator.com/item?id=40135686">https://news.ycombinator.com/item?id=40135686</a>
Always remember: It's either AGPLv3 or proprietary all rights reserved. Anything else means you're giving your labor away for free to the beggar barons. Biggest wealth transfer in history, from developers and straight into the pockets of billionaires. It's just irrational.<p>Also remember: Whoever owns the copyright gets to do whatever they want. The licensing security of free software, defined here as the likelihood of free software <i>remaining</i> free software, is proportional to the number of copyright owners involved. Changing the license requires agreement between all copyright holders, once a sizeable number of them has built up it becomes all but impossible. Therefore, anyone who asks you to assign your copyright to them should be viewed with suspicion. A true proponent of free software would want to maximize the number of copyright holders involved, not centralize the copyrights under a single entity.
Teraform and serverless doing the exact same thing at the exact same time really indicates that the market conditions that allowed for software like this was not long term sustainable.<p>As a builder that leverages them both, I'm saddened, but I get it.
I just watched this interesting Node.js doc (Open-source Node.js was purchased by a corp and there was some drama along the way).<p><a href="https://youtu.be/LB8KwiiUGy0" rel="nofollow">https://youtu.be/LB8KwiiUGy0</a>
> Bryan Cantrill's been sounding the alarm for years—yes, that Bryan Cantrill, the one who posted this gem<p>The video is of Brendan Gregg, not of Bryan. Am I missing something?
I think the anger comes from the rug pull, not that they chose to be source available, right?<p>If they chose to be source available from day 1, then no harm done?