As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
I'd like to see some recognition from this crowd of the "free-ride competition" problem as this author puts it. What Herman is doing is a service to us all, and we should find a term (better than 'source-available', which is cold and doesn't capture community projects accurately) that people can promote themselves under without much weeping and gnashing of teeth.
EDIT from a comment in a thread way down, that summarises my point:
I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software. In fact, having no safeguard against large organisations making money this way is actually hugely detrimental to the mission by enabling these companies to ensnare unsuspecting users in a web of both their own proprietary software as well as all that free and open source software has to offer.
The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
The proliferation of "give everything away for free" MIT/BSD/Apache licenses seems to me to have been an intentional campaign by corporate interests to undermine free software ideals
> The proliferation of "give everything away for free" MIT/BSD/Apache licenses seems to me to have been an intentional campaign by corporate interests to undermine free software ideals
As a counterpoint, when I make something open source, I really mean "freedom", which includes the freedom to build a commercial service using the software. I use the MIT license not because of "corporate interests to undermine free software ideals", but because I really want the software to be free as in freedom.
GPL, GPLv3, AGPL and similar license actually restrict the freedom to do anything you want with the software. I'm not saying there is anything wrong with it, just that "free software ideals" could mean different things to different people, and there might not be any "corporate interests".
There are two freedoms of different people (or rather different roles) that are in conflict here: the freedom of developers to do whatever they would like to do with code that they have access to, and the freedom of users to be able to change and control the software they use. MIT/BSD/etc prioritise the former, while GPL prioritises the latter: free software advocates generally believe that proprietary software is immoral, and that _all_ software should be open to users to modify, even if that limits developers freedom to keep it secret. The GPL is an attempt to enforce this as much as can be achieved under current law, not a natural reflection of their wishes (which would compel all software to have source code available for modification).
(There's also a secondary motiviation for using the GPL which seems to be driving this kind of discussion, that of 'paying your part', but this is neither open source nor free software in origin IMO: the desired deal is 'I make the source code available, but I want a cut if you're making money from it'. You can often do this with a version of the GPL that is viewed as sufficiently anti-commercial, and then offering a paid proprietary license, but this is antithetical to the goals of those who wrote the GPL)
The GPL is meant to be viral... it infects other projects so as to open up software ecosystems. The open source movement came out of a time when nearly everything was proprietary and locked up.
But that also makes people not wanna bother with it. People in the middle who doesn't care either way will be very apprehensive of putting in a license virus in their project.
But the point others make is, this type of libertarian free is wide open to the Embrace, Extend, Extinguish strategy. A very successful, repeatable business strategy to own supposedly "open" domains. There's a reason people have debated freedom to and freedom from for centuries. This is the core conundrum/challenge of freedom.
GPL style licenses provide some guarantee you're investing in an ecosystem that is resistant to EEE. Freedom from takeover in exchange for freedom to make any arbitrary business venture. It's a choice, but to conflate libertarian freedom as the only form of freedom is narrow and ignores this centuries old unsettled debate.
Amazon offers lots of AGPL software, and they fully respect the license in all cases. Ultimately the GPL is about protecting users' rights at the expense of developers' rights. So as long as AWS can offer a better/cheaper managed version of a software service, while still giving the users all details on how to run the same service if they chose to, then the AGPL is completely achieving its aims, even if the original company goes out of business.
> protecting users' rights at the expense of developers' rights.
Protecting the user's right to compete with the developer is not sustainable.
Protecting the user's right to run the software for free on their own or in their company so long as they don't resell it is perfectly salient and should be enough for anyone. That's really all the freedom a user needs.
If you're asking for more, it's because you want to take the developer's business. That's 100% unfair.
The hyperscalers aren't giving back 1/1,000,000th of what they've taken. Yet we go after "source available" or "fair source" like it's some grave evil.
Where is there opportunity left for software outside of the major trillion dollar companies if we don't start giving developers the benefit of profiting on their work?
I make a point to cheer on every fair source, source available, or open core project I see. It's the sustainable path forward. We shouldn't be taking from each other - we should be finding out how to take back from the hyperscalers.
This is a very business-centric viewpoint. I publish a small number of open-source libraries. They are not a business. I have no interest in making them a business. In fact, the idea of making them a business is repellent. They're just code for doing some tasks more easily than starting from scratch.
I made some of them because I needed them, and had no reason to own them. I made some because I thought another library was poorly designed and I could demonstrate a better way. I didn't make any because I wanted money or recognition. I don't care who uses them, or how. It is literally impossible for a user to do anything with any of them that harms me.
I am deeply suspicious of any world view that declares it bad when people use code I have released for free. I released it so people would use it. Good for them!
> Protecting the user's right to compete with the developer is not sustainable.
It's only unsustainable when you are interested in keeping "user" and "developer" as distinct sets.
> The hyperscalers aren't giving back 1/1,000,000th of what they've taken. Yet we go after "source available" or "fair source" like it's some grave evil.
No we are going after it when people try to pass it off as open source when it really isn't.
I like open source because it means I'm not beholden to the original developer in any way as long as I pay it forward. I'm OK if this means you can't find a profitable business model.
Strongly agree with the view you're responding to. So maybe I can talk about it.
There's just tons of software that you expect people to re-host. Yunohost has a massive catalog of free and open source software that is specifically designed to be spun up in a matter of minutes on open source VMs. To do what you're suggesting for those pieces of software would destroy the ecosystem entirely. The goal is to have multiple providers that are interchangeable that can host the software you need. So if one provider goes down, you can switch.
Meanwhile, MBAs that wanted to make money on their open source software decided that a good way to do that was to host services in charge for them. I agree, but the challenge here is what do you do when Amazon decides to take your software and also make it available to host?
And that's the moment where people abandon free software because it's inconvenient for that particular business model. The bug is not in free software. The bug is in the business model of the companies wanting to claim that they're peddling open source software, while not actually doing so: they want to have a monopoly on providing that software as a service. I understand why, but it's not good for the customer.
A real example that's getting a little long in the tooth, but back in the mid-2010s, I wanted to buy elasticsearch for a geographic search for my startup, and turns out that elasticsearch hosting, which I preferred, didn't actually offer CPU intensive instances suitable for geo-hashing. And I ended up having to switch over to Amazon to get the kinds of memory and CPU allocations that were best for our use case.
I get that you're concerned about the sustainability of these businesses, but introducing a monopoly on hosting has other downsides.
> Protecting the user's right to compete with the developer is not sustainable.
I agree with you, actually - but Richard Stallman and the Free Software movement more generally really don't. They exactly and explicitly believe this right exists and should ideally be a legal right, and the AGPL quite explicitly maintains this right.
Ultimately the Free Software movement is predicated on the concept that ideas can't be owned. They generally oppose both copyright and patents, and not just for software. Their licenses are meant as a stop gap solution. Ideally to them, or at least to some of the more die-hard members, laws would be changed such that what the GPL grants would not be a license predicated on copyright, but instead a legal requirement for all software, while copyright would be entirely abolished.
In addition to their general opposition to copyright and patents, Free Software people also view software as having a special role in terms of privacy and control - that, even more so than books and other copyrightable works, you have a right to know what the software in your house and business is doing, and to modify and fix it if it's doing something you don't like. This is related to privacy rights on one hand, and also anti-monopoly, right to repair concepts on the other hand.
This is all very different from the Open Source movement, even though they basically use the same kinds of licenses. The OpenSource movement is more of an industry group that believes competing on building much foundational software is a waste of resources. Instead, they believe the best way to build this foundational software is in collaboration with other commercial or non-commercial entities, building it in the open such that all may benefit from contributions and add their own contributions. However, the Open Source movement is completely fine with, and even expects, then making a proprietary product on top of this open source base.
To them copyleft licenses are a tool to make sure others don't keep their improvements for themselves, but have the downside of making it harder to build your proprietary stuff on top. Conversely, software that takes your contributions but then doesn't allow you to use it in commercial offerings is completely unacceptable, since the whole goal of the movement is for different companies to build a common infra on which they can then build their own commercial products.
Ultimately, both the Free Software and the Open Source movements will agree that a core part of open source is that anyone should be able to compete on delivering the original software, even if for entirely different ideological reasons.
As I recall, Open Source was about developers collaborating to make better software. It was a pro-developer philosophy vs the Free Software movement which was all about the rights of users (and developer hostile in my view). GPL and its children are from the Free Software Tradition.
Open Source provides the same “4 freedoms” as Free Software so most Open Source licenses qualify as Free Software as well.
If the goal is developer collaboration, permissive licenses are often the best choice. If you want maximum user entitlement, copyleft licenses limit developer freedom in exchange for a guarantee that future code will also be released as free software.
Cloud hosting was a challenge that did not exist when either philosophy first emerged.
With hosting, you are able to become the preferred source for software without adding much value to the code itself. This is what the author is complaining about.
The AGPL tries to address this in the GPL family but I don’t think it quite gets there. For permissive licenses, we see these “no hosting” exceptions.
If you read the early writings from the Free Software Foundation, they do not care if devs can make a living. The goal is user freedom. I think it is this philosophy that objects to the hosting exceptions.
Perhaps a better solution will be found in the future.
I often think the solution is to move away from crafting a perfect ideology to encapsulate in your license, and just throw out some numbers. If you make more than N* the median income of this or that place, you can't use this software for free (whether that means licensing fees, code contribution, etc can vary). Let the smaller fish grow. If they get big enough, they can give back.
At 50k USD / year revenue it would be impossible, probably a lot easier at 1m / year. Higher profile use cases are known, and companies tend to comply with licenses rather than pirate software. Just like now, you lose a lot of control as soon as your source is available.
> The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
Not wanting to further widen the schism but wasn't that the free software people rather than the open source people? cf [0], particularly the "not as strict" part.
> In the late 1990's Eric Raymond and others developed the term "open source" as a more business friendly term than "free software", with a more inclusive meaning where licenses that were not as strict about the passing on of modifications would also quality for the term.
This is FUD. Some businesses may have a policy of not using GPL software, but all the major enterprises, including Microsoft and Apple, use GPL software.
Using GPL software: yes. Totally fine. The rise of Linux and all that jazz.
Incorporating any part of GPL software _into_ other products? Pretty much doesn’t happen. Every company I’ve ever worked for has said “do not bring LGPL or GPL software into the codebase.” When it comes to commercial software, be it cloud based, or downloadable, you’re not going to find much that tries to incorporate GPL stuff. You just won’t.
1. You incorporate GPL software and hope that no one notices and/or no one challenges. This is the most popular approach, and it’s quite successful, actually.
2. You cease to be a proprietary software company. Less popular, but an option.
>The original stance of the open source crowd.....
>The proliferation of "give everything away for free" MIT/BSD/Apache licenses...
Interesting how the world have changed. The so called GPL preference, or GPL > GPLv3 > AGPL among Open source crowd is a recent thing. Arguably in the last 15 to 20 years. Both BSD and MIT dates back before GPL. And you will see far more people prefer BSD and MIT in the 90s and 00s.
I have also long argued that the license preference among generation has somewhat a linkage to political shift in spectrum. Likely to do with Tech, now known as Big tech taking advantage. And it used to be very cool if your OSS project get used by a big company, until it is not.
> Interesting how the world have changed. The so called GPL preference, or GPL > GPLv3 > AGPL among Open source crowd is a recent thing. Arguably in the last 15 to 20 years. Both BSD and MIT dates back before GPL. And you will see far more people prefer BSD and MIT in the 90s and 00s.
Back when I was getting started in the mid-90s, GPL and LGPL were kind of the default. BSD and MIT were used for certain projects, like the BSDs and X11 of course, but the goal back then was to build up a large library of open source (then, "free software") as viable alternatives to proprietary software, and the GPL was the easiest way to do that and ensure it remained free.
It was the rise of Rails, and the attracting of commercial programmers and startup bros to open source in the '00s, that motivated the historical preference for BSD and MIT licenses.
As a BSD developer from the 90s, that does not reflect my experience.
We wanted our code to be as widely used as possible. It’s really not any more complicated than that.
There was always tension between the folks that shipped GPL software and folks that shipped BSD/MIT software, but the dividing line was not whether or not we were “commercial programmers and startup bros”.
It has always come down to questions of what we believe freedom to mean, how we wanted to contribute utility to the world, and whether we saw the use of our software in commercial projects as a loss to ourselves in a zero sum game.
The rise of “software as a service” has changed that calculus for some, and disadvantaged those that sought to build commercial service entities around their open source software. In the areas that I work, it’s made no material difference.
As for Ruby on Rails, I think it’s outsized presence on hacker news might have given you an inaccurate picture of its influence on the broader open source ecosystem.
> There was always tension between the folks that shipped GPL software and folks that shipped BSD/MIT software, but the dividing line was not whether or not we were “commercial programmers and startup bros”.
> It has always come down to questions of what we believe freedom to mean, how we wanted to contribute utility to the world, and whether we saw the use of our software in commercial projects as a loss to ourselves in a zero sum game.
I remember the shitstorm Zed Shaw caused when he built something on top of MIT/BSD-licensed libraries and released it under GPL. "B-but that's against the spirit of the license!" people said.
This is a very old argument, rooted in differences in how one believes OSS cooperation is best fostered; through social norms and practices, and/or through legal fiat.
BSD/MIT authors see most proprietary use as a feature — it can drive adoption and contributions that wouldn’t exist otherwise, while generally not directly competing with the original project in the open source commons.
It is considered an opportunity to leverage social mechanisms to garner support and contribution that would otherwise not be available.
GPL relicensing is different, in that it creates a direct rival open source commons with inescapable one-way asymmetry.
The license permits it, but since BSD/MIT authors tend to prefer social norms over legal fiat to sustain cooperation, they don’t see hypocrisy in objecting (even if GPL advocates do).
(I’ve tried to be as measured as possible, but obviously, I fall on one side of the debate, and I’m sure that my point of view leaks through.)
> It has always come down to questions of what we believe freedom to mean, how we wanted to contribute utility to the world, and whether we saw the use of our software in commercial projects as a loss to ourselves in a zero sum game.
Very well put! I personally believe that "freedom" must include the freedom to do anything you want with the software, even close off your fork if you choose. And I do not believe that a commercial project using my software harms anyone at all, as my project is still there, still available for all. Accordingly, I have always believed in and used permissive licenses. It has nothing to do with corporate profits, and I find it vexing that people make that bad faith assumption in discussions such as this.
Yep. This tinfoil conspiracy theory about these licenses being a scheme by VC backed startups is insane. Only a relative newbie to the scene could fall for that narrative. If you've been on the scene for 15-20 years, you know this is just the ethos, and these various licenses arose out of specific needs, but not opposing ideologies.
> And it used to be very cool if your OSS project get used by a big company, until it is not.
Yup. Open source advocates would brag about adoption in enterprise. They would incessantly argue about how safe open source is compared to close source and would constantly complain about stupid managers not allowing open source.
Not all of them, but that stance was predominant when I was younger.
> The proliferation of "give everything away for free" MIT/BSD/Apache licenses seems to me to have been an intentional campaign by corporate interests to undermine free software ideals
Is it not because corporations started funding open source projects in a big way (multiple billions of dollars a year big), and they fund projects that have licenses that they can use in their commercial projects.
To me that's a sign of the success of Open Source rather than the opposite.
As someone in the MIT/BSD/Apache camp, no, for me it has nothing to do with corporate interests. When I release code for free I'm doing it altruistically, and to me MIT/BSD/Apache has the most impact as it can be used in the most places now and into the future.
> The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
Expanding on this, the Free Software movement always focused on freedom for users - which, in a world where copyright applies to computer programs, ultimately leads to the licenses you listed to repurpose it.
The Open Source movement usually tries to advocate for open-source as the best development model. As in, writing it in the open and contributing with other people will result in objectively better software in the long term. Others treated it (when the term was coined) as a marketing term for Free Software, making it more palatable to businesses whose people running it don't want to talk about ethics too much.
Amazon isn't freeloading anymore than users hosting the software themselves. They are providing a service and getting paid for that. This is only a problem for the original creator because they would rather get paid for the service himself but that desired vendor lock in was never something compatible with an open source license that ensures user freedom.
The original stance of open source is to cater to "free-riding" businesses. That's like, why the term "open source" even exists. You're thinking of the "free software" crowd.
The MIT and BSD licenses predated the GPL. People have a choice as to which ethic to follow ... it's not the result of a corporate conspiracy. (And I'm a social democrat, not a corporate simp.)
I'm not so clear the choice was made consciously. There's a big swing away from the GPL and towards MIT/BSD around the time that Apple starts adopting a bunch of open-source projects for inclusion in MacOS X, and it accelerates when various big companies announced that they would be forbidding GPLv3 adoption. Fast forward to the cloud provider era, and basically no new software is being placed under the GPL (at least in part because Amazon/Google/Facebook/etc are predicating contributions on being GPL-free)
The problem with GPL was "tainting." It was never clear in what cases you could use GPL without it dragging all your code into being freely available. LGPL was supposed to help with that; AGPL made it even worse. The lawyers were terribly confused and recommended you just not use anything with "GPL" in the license.
The reason why MIT/BSD licenses flourished is that they were easy to understand. As long as you didn't sue the original author or try to claim the code was written by you, you were free to do almost anything with it, including mixing it in with other for-profit code.
Whether that's an abomination or a blessing depends on your corporate vs. free software politics.
GPL also gets incredibly ambiguous when it's applied to anything that isn't software written in a language like C for a personal computer. (What does "linking" even mean with respect to a Javascript library, for instance?)
Just think about the goals of the GPL (software freedom for users), and its easy to see what you should do. Make it practical for a user to obtain and modify the source form (non-minified, non-transpiled, non-concatenated TypeScript/JavaScript/etc) of the library, build the version ran by the web browser, and replace the original with their modified version. Source maps can make part of that easier too. Progressive enhancement helps. Clean frontend/backend separation helps.
The "goals" of the license are irrelevant. What matters from a legal perspective is the text of the license, and every time that text sets legal conditions which reference specific technologies like "linking", "object code", or "interface definition files" which don't apply to all programming languages, a lawyer's blood pressure rises.
> For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work.
So I think it would cover pretty much any JS library usage, except maybe if you just drop in a widget and don’t interact with it in any way.
I'm not actually sure what a better way to square the circle of not making the large entities that have developed a weird patronage relationship with open source projects run away while also avoiding the kinds of problem that the GPLv3 and AGPL are hoping to deal with, would be. Limiting the virality scope might be beneficial there, but I'm not sure how you would word that in a way that's not gameable.
It feels like we've wound up in a weird position where because so many GPLv2 projects moved to GPLv3, companies were startled into paying attention to the risks involved in a new license with open questions about how it would shake out in actual courts, as well as being jolted to the very real possibility it could happen again, and took the path of risk reduction by moving toward platforms where that couldn't happen.
You might compare it to everyone pointing to Solaris's source closing as a reason to not trust Oracle about MySQL's license remaining GPLv2. (As it turned out, so far, they haven't changed the license, but there was certainly a lot of fearmongering about that at the time.)
So I think I agree that it's not so much a coordinated effort to steer anything as the direct effects of companies avoiding funding that space, as well as the knock-on effect that anyone whose goals involve large companies using their product and leveraging that avoids picking a license that precludes that in turn.
The creation of those licenses, maybe. Their mass popularization, and the pooh-poohing of GPL licenses that often goes with it in related discussions, is much more recent.
Most people have no problem with non-open source software. The gnashing of teeth comes in when projects like Terraform become successful specifically because they're open source, and then the maintainer changes to a closed source license that would have prevented the project from being successful in the first place.
Doubly so when they relicense outside contributors' work with a closed source license because those contributors signed a CLA.
Looking at the details of that, the only two (small) substantial code changes from other people are "User can delete their own account" from 2020, and "Use cloudflare online dns api to perform domain check" from 2021.
If we are real, it's also quite clear that contributions are not accepted at least from 2023. And the Readme talked about the project not meant to be self-hosted in the past.
I have no horse in the race, just think that maybe this project is not a good measure of contributions.
The trick is not to get attached to a project name. `Terraform` is a trademark of IBM (previously Hashicorp). Terraform used to refer to an open-source IaC project, but now it doesn't. OpenTofu, https://opentofu.org, is probably the most accurate name for the continuation of that open-source project.
> A commitment that this license will not change, even by the original author
Unless you’re entering into a contract with the project maintainer (which you’re not, if you’re just downloading or using it) then such a commitment means nothing.
Applying an open source license to your work means you’ve licensed other people to use it under those terms.
You can make all the commitments you want in the license, but it doesn’t actually commit you to keeping all future work open source as well under the law.
So you could write this license and make the commitment, but if you changed your mind later and decided not to open source future commits to the project that you made then nobody could stop you. Not unless you had entered into a contractual agreement with them and exchanged some consideration (money).
I'm really not a lawyer, but I'm skeptical that such a thing is even possible; is it legally possible to say that you as the copyright owner will never relicense something?
(What I'm given to understand does work is using a copyleft license and taking code from multiple parties without a CLA, because then relicensing requires all the copyright owners to agree, which for a large enough project is impractical.)
> I'm really not a lawyer, but I'm skeptical that such a thing is even possible; is it legally possible to say that you as the copyright owner will never relicense something?
It’s possible to say anything. Without something like a contract with reciprocal commitments to make it binding, the legal effect of saying it is limited (though not necessarily zero, because legal concepts like promissory estoppel exist.)
How about a standard entity "OSI perhaps?!", that commits a file to an early stage of the repository (could this be automated), who then cannot / will not give approval for a relicense?
Love the idea but the thing is, if it's just one file then it's probably easy enough to work that contribution out of the repository.
It is quite fun to try and think of ways that this could work though. Perhaps a bot that code-paraphrases (paracodes?) every accepted PR. Or maybe there's some crypto magic you could do to make the only option a clean room rewrite.
Relicensing still can be done, just keeping that file out. (and reimplementing it the same but with new code, if it was really needed for something important)
I’d suggest the GPL family without a CLA as an approximation of that intent.
> If it exists, what are the barriers to adoption? Why don't we all use it?
My theory is that people in general don’t care that much, or (particularly in the case of corporations) consider permissive licenses to be ”freer” than copyleft.
Maybe this makes more sense as a change to trademark law than a license thing. If a name OpenSourceProject has gotten popular due to being open source then I would say it's in the interest of the public to ensure that OpenSourceProject keeps referring to an open source project an isn't misappropriated for something else. It's a kind of bait and switch fraud that I think should be generally illegal. On the other hand I don't see why we should care about the creator not being allowed to re-license his own work as long as no one has been mislead about what they are getting.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
If you aren't interested in open source, that's your option, but open source has had a clear meaning for decades. You can use/write your software and people that believe in open source can use/write open source. What's the problem?
> If you aren't interested in open source, that's your option, but open source has had a clear meaning for decades.
If I’ve learned anything from reading HN comments, it’s that “open source” means different things to different people, including those who believe themselves to have specific knowledge of the history of the topic.
There are half a dozen different claims about the original meaning of “open source” in this comment section alone. They’re coming from people citing history and notable figures from open source past.
Yeah, and all but one of those claims is incorrect.
"Open source" is not just a turn of phrase which became common over time. The phrase was coined by the founders of the Open Source Initiative, and it has always had a very specific meaning: https://en.m.wikipedia.org/wiki/Open_Source_Initiative
People who seem to think that "open source" has a variety of meanings, are probably confusing it for "free software" which does indeed have a variety of meanings (which was the whole reason the phrase "open source" was created - because "free software" was too vague, and they wanted to create a term with a single, specific definition!)
Not at all. There are some people who want open source to mean something else than it does because they want the positive publicity that comes with the term without the commitments to user freedom. Those people should not be given any weight.
Free Software and Open Source have definitions that are both on their face and in practical application by the bodies responsible for each almost entirely identical. Neither is a subset of the other.
If you are concerned about mandating users provide modifications by a similar license to the one they received material under, what you want is copyleft.
“Free software” means copyleft. The free software foundation manages copyleft licenses. The term open source was explicitly coined to differentiate from the more restrictive free software / copyleft.
All free software licenses are open source licenses. Not all open source licenses are free software licenses.
1) hasn't/doesn't publish a free software definition that describes copyleft as a precondition to free software
2) hasn't/doesn't claim in any of their non-normative commentary that the definition has that precondition
3) readily and regularly refers to projects published under permissive licenses like the BSD, MIT/X11, and Apache licenses as "free software", despite not being copyleft licenses
4) themselves publish/maintain/govern software projects that are licensed under permissive licenses like the aforementioned non-copyleft licenses
The claim that "'free software' means 'copyleft'" is a pernicious, bizarrely recurring but wildly misinformed claim that only shows up on message boards by people who can't ever have actually read primary sources that explain the positions of the organization they purport to describe, and have instead just, like, decided they understand the topic (through, I dunno, osmosis or something, I guess).
Very explicit about open source being different from free software.
Also if what you say is true, there would be no reason for “open source” to exist. It was coined by Christine Peterson explicitly because the term free software conveyed a different ideal than the BSD/MIT license crowd was aiming for.
> nearly all open source programs are in fact free.
You are just wrong, and your first link proves it. The definitions are essentially identical. The philosophies behind them are different.
It's like the "Gulf of America" vs. the "Gulf of Mexico". You are talking about the same territory in either case, just expressing a different viewpoint about it.
This is completely false and ahistorical. The first license associated with the term "open-source" was the MPL, which is a copyleft license.
Open-source never attempted to distinguish itself from free software in terms of licensing or content, and "free software" has always included permissive licenses.
You can find lots of free software licenses which are not copyleft listed on the FSF website, with links to longer commentaries on them. The FSF clearly identifies them as free software licenses, and always has.
Take a few minutes reading the publications of the organizations and movements you're misrepresenting. Take a look at the OSI's Open-Source definition as well.
Indeed it is, but can people please not abuse the flag function for such cases? It's not against the rules to be mistaken, and "flag" is not supposed to be a super downvote.
You are correct ... the other responses to you are not. "Free software" as in the FSF is "free as in freedom, not free as in free beer", which is why copyleft was invented, to establish such a distinction.
No, this is completely wrong. Free/libre software is distinguished from "gratis" software, such as demos or shareware. Any software that is freely available for users to legally modify and redistribute however they see fit, under the same license or some other, is free software.
Examples of non-free software are shareware like WinRar, software only available for non-commercial use like OMNeT++ [0], and (slightly more controversially) things like ElasticSearch or MongoDB.
It's not completely wrong ... how rude. Shareware isn't even open source, generally, and it certainly isn't gratis--you have to pay for it, or at least should, and there are often restrictions or time limits if you don't. Again, the "free" in "free software" refers to freedom, not free beer.
> “Free software” means software that respects users' freedom and community. Roughly, it means that the users have the freedom to run, copy, distribute, study, change and improve the software. Thus, “free software” is a matter of liberty, not price. To understand the concept, you should think of “free” as in “free speech,” not as in “free beer.” We sometimes call it “libre software,” borrowing the French or Spanish word for “free” as in freedom, to show we do not mean the software is gratis.
And
> “Open source” is something different: it has a very different philosophy based on different values. Its practical definition is different too, but nearly all open source programs are in fact free. We explain the difference in Why “Open Source” misses the point of Free Software.
That definition, and Richard Stallman himself, completely agree with me. A BSD license also guarantees "that the users have the freedom to run, copy, distribute, study, change and improve the software".
> The two major categories of free software license are copyleft and non-copyleft. Copyleft licenses such as the GNU GPL insist that modified versions of the program must be free software as well. Non-copyleft licenses do not insist on this. We recommend copyleft, because it protects freedom for all users, but non-copylefted software can still be free software, and useful to the free software community.
> There are many variants of simple non-copyleft free software licenses, such as the Expat license, FreeBSD license, X10 license, the X11 license, and the two BSD (Berkeley Software Distribution) licenses.
So, I stand by my assertion. You are completely wrong in saying that only copy left licenses are free/libre software, even according to Richard Stallman himself.
The BSD license does not offer the same software freedom guarantees as copyleft licenses though, since downstreams can elect to not release the source code. You are right otherwise though.
> Shareware isn't even open source, generally, and it certainly isn't gratis--you have to pay for it, or at least should, and there are often restrictions or time limits if you don't. Again, the "free" in "free software" refers to freedom, not free beer.
Yes. The comment you are replying to already said this: ‘Free/libre software is distinguished from "gratis" software’.
Your earlier comment wasn’t wrong for saying that ‘free software’ refers to freedom; that part was correct. But it was wrong for agreeing with a comment which claimed that ‘free software’ means ‘copyleft’. Copyleft is free software, but free software isn’t always copyleft.
Saying that ‘free software means copyleft’ is like saying that ‘bird means goose’. Goose is a kind of bird, but not every bird is a goose; just like copyleft licences are free, but not every free licence is copyleft. The responses (which you called incorrect) were trying to explain this important difference.
Copyleft licenses don't even need to be free! All copyleft means is that derivative works must use the same license. For example, the Creative Commons BY-NC-SA license [1] wouldn't fulfill freedom 0, since you can't use the material for commercial purposes.
(Granted, Creative Commons licenses are typically not used for software, but the point stands.)
Is that really the case? I’m not outright disputing this, but with the term ‘copyleft’ originating from the free software movement and all, I normally take it to identify free software which protects the freedoms it grants (typically by extending the terms of its licence to derivative works).
I see that a similar mechanism is used by some non-free licences, as you have just shown, but are those really considered ‘copyleft’? Isn’t the term more properly used when said mechanism is used specifically to grant and protect the four freedoms? Both the FSF¹ and Wikipedia² seem to view the freedom aspect as an important part of copyleft, at the very least.
Hm! The Wikipedia article intro explicitly lists the Creative Commons share-alike license condition in its list of "notable copyleft licenses", but later says that "any copyleft license is automatically a share-alike license but not the other way around". So at the very least I guess it's debatable :)
(I'm not sure I would rely heavily on Wikipedia for this — they only use secondary sources and in practice most of their sources will be GNU-related, so the article is probably biased in that direction.)
People can license their software however they want, but it is worth reflecting on why almost all open source authors go with a permissive license like MIT: because it is basically a "buyer's market." When choosing a database, distributed queue, blogging platform, or whatever, companies usually have a choice of at least several high quality open source options.
If one of those options places restrictions on the users, then those users are probably going to choose one of the other options.
As a result, licensing your project GPL or the like usually means relegating it to obscurity. There are very notable exceptions, including Linux and WordPress, but they are outliers. It's hard to monetize an MIT project, but it is even harder to monetize a project without users.
Whether this is "good" or "bad" is a separate debate (err, usually flame war), but I think many people gloss over that this is a coordination problem and that everyone is acting rationally. For better or worse, software does not seem to be scarce.
I disagree. It will be harder to monetize MIT licensed projects, because any competitor can just grab and run. With AGPLv3, at least legally the competitor needs to publish their modifications as well. This in turn makes it more likely the competitor will not use your code, or if they do, in accordance with the license, which would be fine, and users of the product you build will mostly not care, because they don't even know what the licenses are about.
Sure, but you're skipping the first part where if you make your project AGPLv3 most users will just choose a different project doing the same thing but with an MIT license.
I agree that if you can somehow achieve widespread adoption with a copy left license (like Linux or Wordpress), then that will be better for you. But IME copyleft licenses are a major hurdle to widespread adoption, so such projects remain obscure.
I'm not saying it is a good thing, but I've never worked at a company where we were allowed to bring in copyleft dependencies (even though everything invariably runs on Linux, which is GPLv2).
If it stays obscure, that isn't necessarily too bad. You respect your users and grant them the freedoms, if they seek them, but if not then that's their choice. It is merely geared against competitors taking and running, making a "better" (moaaar features) closed source version.
None of the limitations of open-source licenses apply to the authors themselves. (author = the person or organization whose name appears in the copyright notice). I.e., you can have a MIT/GPL/AGPL licensed project, but have a "premium" fork/derivation/later-version of it that's completely closed source.
I actually see this as a valuable incentive to open-sourcing under MIT -- if a commercial provider of your software emerges, it will help you test/prove that a commercial market for your software exists, after which point you can completely close-source it and pivot to purely commercial competition.
Open-sourcing, then, is basically baiting the waters to see if anyone sees commercial potential in your work. And the minute that's validated, you get funding and start your company.
Close-sourcing a previously open source project is like a deathwish for that project. Will meet much aversion, and if the project is important, people will fork whatever the last open source version was. Then you usually lost all cards and don't have a business at all.
> People can license their software however they want, but it is worth reflecting on why almost all open source authors go with a permissive license like MIT: because it is basically a "buyer's market." When choosing a database, distributed queue, blogging platform, or whatever, companies usually have a choice of at least several high quality open source options.
> If one of those options places restrictions on the users, then those users are probably going to choose one of the other options.
First, if someone isn’t paying, he’s not buying. ‘Paying’ should be understood broadly, e.g. code as well as money counts. A company paying dollars really doesn’t care that much about the license — plenty of companies pay for proprietarily-licensed products (even ridiculously limited ones, with dongles and high seat prices). OTOH, a company ‘paying’ with code contributions should prefer the GPL, because it knows that its contributions will never be taken away from it.
Second, the GPL does not restrict users; it restricts developers from restricting users.
The GPL family is the right way for individuals and companies to form a software commons in which all can benefit.
Well, many developers publish their code not because they want to specifically make a successful open source project, but because they made something that was useful to themselves, and like the idea behind open source. In that case it makes more sense to do a copyleft license because it will legally require all derivatives to also follow that open source idea.
Yea I think stuff like this is great and will have some impact around the edges. Perhaps particularly in the realm of end-user software, like a window tiling manager.
But once we start talking about the kind of software large corporations (like AWS) will have an interest in, projects have to be successful to be useful. Software requires maintenance so the maintainers need to be able to devote their time to maintaining and improving the project. So this will select for projects that are successful enough that the maintainers can focus on it fully (either because some company hires them to work on their own project, they can charge high consulting fees because of their association with the project, or whatever).
I think "the code" (the thing covered by copyright) in most cases is not as valuable as "the project:" the leadership, the contributors, the users, the norms and practices, the commitment to ongoing maintenance, and so on. So just lots of individuals all putting pieces of their code out there with GPL probably doesn't make a lot of impact (though there is nothing wrong with it), because most users don't want "code" they want a "project" they can rely on.
We definitely agree on this point. Different licenses select for different things.
It is an annoying problem to have, but if your goal is to be able to support yourself by working on your open source project full time (not saying this has to be or should be everyone’s goal), then having big tech engineers nagging you is probably a good problem to have.
Honestly haven't seen many open-source maintainers convert a BigTech downstream into recurring revenue. I'm sure it does happen, but its far from the norm
If your project gets adopted by Big Tech then your market rate as an engineer just went way up.
It’s a huge badge of honor and a rare accomplishment. You’re thinking too directly if you can’t imagine how having your OSS project adopted by Big Tech isn’t a career boost.
Maybe it can happen, but ask the people maintaining open source projects long term, how much it helped them pass silly leetcode interviews, which companies insist must be done, even if you have a golden track record.
Please see his follow up comments years later where he reflects on the situation and agrees that he should not have been hired at that time.
He posted that in the heat of the moment while angry, but they didn’t literally reject him for a single LeetCode problem. He admits that he was just not at a point where being hired into a FAANG job would have been a good move.
That one Tweet has fueled years of internet rage from people who didn’t get the whole story, though.
I know people maintaining open source projects long term and getting FAANG adoption is a dream come true. That’s why I posted it.
I’ve also worked at companies where people who write OSS have been recruited with comp packages that would be hard to get even at FAANG because their OSS work was crucial to the company.
Maybe in specific fields this is true, but a lot of folks in Big Tech view open source as where developers who couldn't hack the interviews end up (they also hold a pretty similar view of startup engineers, unless they are ex-FAANG)
> I'm not sure why someone who is spending their limited free time building software to give away for free would want Amazon as a downstream consumer
Are you kidding? This is the dream scenario for many open source projects: Getting adopted by a major company is a claim to fame like none other.
> Do you enjoy spending your nights and weekends dealing with CVE reports, while a high-6-figure BigTech engineer nags you that they need it fixed?
Then don’t? You don’t have to do anything. It’s fine to ignore it you want.
Practically speaking, Amazon engineers aren’t going to sit around and hope the maintainer fixes the thing that unblocks them. If they actually need it, they’ll fix it. They might fork it. They might try to recruit the person.
But nothing obligates you to do anything. This hand-wringing about the idea that someone might find the project useful enough to identify issues and report them is rather ridiculous. Just ignore it if that’s prerogative.
Having been upstream of this problem (I was engineer at Amazon for ~5 years), they will typically not do any of those things.
The amount of paperwork they have to jump through just to send you a patch makes it not worthwhile. They might fork in extremis, but to do that they first have to justify to management that it's worth ongoing effort to support. Hiring a maintainer really only happens for truly foundational projects like the Xen hypervisor.
What they will do is use the public nature of the CVE process to pressure you to patch with the SLA - and that's generally pretty effective. Only a few open source groups (for example, the npm team) have enough public clout to reject CVEs without reputation damage.
Which copyleft software does AWS use? Linux, certainly. And MariaDB/MySQL (but also the BSD-like PostgreSQL). I was under the impression that it typically avoids GPL software when there is a BSD- or MIT-licensed alternative.
> In that case it makes more sense to do a copyleft license because it will legally require all derivatives to also follow that open source idea.
That is a matter of opinion. I have put out some open source stuff under the form you mentioned, and it's always BSD or another permissive license. I view it as quite wrong to force my moral choices upon others, so I give others the freedom to use whatever license they like. In my case, that is what makes sense because of my own moral convictions.
Understand your point, but I wouldn't be so sure.
People also want to ensure that the software is being supported, the inevitable bugs being worked on, and not abandoned. It is more likely that a commercial project will be supported than a MIT licensed one.
So there might not be as many github stars for such project, but on the other hand, as long as it feeds people, it will not disappear.
A MIT licensed project on the other hand, I personally consider like a potential liability more often than not. Not different from any piece of code I could find on stackoverflow.
Not something that is serious. Even if it were tied to a big corpo, that would probably become fast unsupported.
> licensing your project GPL or the like usually means relegating it to obscurity
Subjective. Sure if you are talking about percent of market share, but it's a huge market, you don't need to capture even 1% of users to have a viable business.
The vast majority of the GNU ecosystem is GPL. Bash, git, Apache, Gimp, Blender, Libreoffice.
There are also a lot of projects that are dual licensed, allowing commercial software to be charged a fee and non-commercial software to use for free with GPL.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source
Isn't this what the AGPL is for? That's an OSI approved "open source" license that places restrictions on people making the software accessible as a network service.
I think the problem that these folks have is that AGPL still allows other people to host the software.
They want to seem altruistic but want to also be the only provider.
GPL would have been a better initial license, and AGPL would have been the next logical step to ensure that changes that hosted services make can come back to the original version.
I'm not entirely sure what they were hoping to get by making an extremely permissive licensed piece of software, but competition doesn't appear to be it.
They care that other people can sell the software, not that other people can use the software, which is why the license they use makes that distinction.
This is a confusing claim. Are you saying the chosen license (<https://github.com/HermanMartinus/bearblog/blob/998e87263248...>) makes the software free to use to offer (e.g. gratis) "hosted or managed service[s]" so long as one does not sell the services? This is trivially confirmed not to be true. It prohibits all use of the software to provide services, not just a prohibition on selling them.
> They want to seem altruistic but want to also be the only provider.
Some people pick the AGPL because the license itself acts like garlic to commons destroying IP vampires and are disappointed that those vampires still found a way to drink their IP milkshake.
Has nothing to do with altruism and everything to do with not wanting to be taken advantage of for free labor and IP by powerful entities that would deny them a glass of water if they were dying from thirst.
Except AWS is not an IP vampire in this case, they are providing a hosting service. There is no conflict between AWS's use and the spirit of the open source license.
The conflict is entirely between the original developer wanting to be the sole service provider and the open source license that lets people host the software themselves. The software as a service business model is the problem here, not AWS hosting.
> They want to seem altruistic but want to also be the only provider.
This is an overly negative take. At the end of the day, they are still providing software and the source code free to use for practically every purpose except directly competing with them.
That's still altruistic while also being sensible in the real world rather than an ideal.
No, the license disallows use of the software for seeing up a multi-user blogging system as a paid service.
You might say, "well wouldn't that be most of what people might want to do with it?" And you might be right, but so what? No one is entitled to build their business on the back of someone else's work, not without their permission anyway.
That certainly makes software like this no longer Free Software. But I'm not religious about it, and maybe that's ok sometimes.
(It also runs afoul of several parts of the OSI Open Source Definition, but maybe that's ok too.)
Not for practically every purpose. It's a blog platform to be used by services that provide blog hosting, just like his own business does, so any use of it would be directly competing with him. From TFA, he never wanted people to actually use it, just to look at the source code.
I thought so, too, at first. But there's a crucial difference: With the AGPL, Bear's competition can offer the software as as service if they publish the source code they are deploying. With the Bear license, Bear's competition just cannot offer the software as a service. It feels mostly in the spirit of FOSS to me, but Stallman would disagree. He has made it clear that there should be no restrictions on use.
"You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality"
Given that the exclusive purpose of the Software in question is to implement a managed service for its users' hosting needs, I'm having trouble understanding how anyone could take the position that this is "mostly in the spirit of FOSS".
The license might as well say, "You just can't use this."
The readme has this to say about hosting your own blog on it:
"Bear Blog has been built as a platform and not as an individual blog generator. It is more like Substack than Hugo. Due to this it isn't possible to individually self-host a Bear Blog."
"It isn't possible" is obviously not true but a plain reading of both that combined with the license would suggest you can't use bear at all for anything.
> With the AGPL, Bear's competition can offer the software as as service if they publish the source code they are deploying.
Technically true, but in practice almost every tech company forbids GPL code. I bet if you re-read your employment contract closely you'll find that you agreed not to introduce any GPL code into the company's codebases.
By "use GPL code" I mean integrate it into a company codebase (which would require the codebase to be licensed as GPL). Edited my original comment to clarify.
Companies that follow the law will release their changes to the Linux kernel when they distribute their products to users.
Just using Linux is not enough to say anything built with it is a combined product in the eyes of the GPL, the license is pretty specific about what it considers a derivative work.
For example, you can ship closed source apps and OS on top of Linux so long as you respect the license.
Those are pretty rare when it comes to the GPL, a lot of hardware companies do not comply with it fully, in some way. Vizio is being made an example of at the moment:
Note that this is about source code, not binaries, or nobody would be working with docker (and more.)
Of course a company must forbid copy/paste of GPL code, because that would GPL the codebase and that's hardly what they want. But one should ask the Legal office (and/or other offices) about adding any MIT, BSD or proprietary library: credit must be given (how?), licenses must be available and compatible with the way the software is distributed. There are so many licenses out there, everything should be vetted.
Re: code vs. binaries, it depends on the license. Another commenter has been pointing out that Google forbids any use of AGPL projects, period [1] because its definition of "linking" includes communication over a network.
Of course everything should be vetted, but lawyers have canned advice about common licenses they see often — GPL, MIT, etc.
I'm self-employed in Germany, and when I was employed, what was in the contract went more in the other direction: it was explicitly allowed to contribute to FOSS projects. Of course, it still would not have been OK to randomly add GPL software to a closed source customer project. If anyone had been stupid (uneducated, really) enough, somebody else on the same project would have noticed.
I was at a FANG until 2022, and we were allowed to introduce GPL code into the monorepo. There were policies on how to do it correctly, but definitely not prohibited.
(AGPL, however, was nearly impossible to get permission to use)
Companies not wanting GPL code in code bases they want to keep proprietary should not be surprising to anyone. I fail to see how that is relevant to the comment you are replying though.
Some companies subscribe to FUD (aka lawyers covering their ass) and forbid use of AGPL, GPL and sometimes even LGPL software outright even though they allow proprietary sofware that has even more restrictions, but the big elephant in the room that is usually cited for these open source to "proprietary but we still want the publicity of open source" license changes (AWS) is not one of those companies that put fear over profit.
The comment I'm replying to says that the reason companies like Bear choose these licenses over the AGPL is that the AGPL allows other companies to offer competing hosting services. I'm saying that while that's true, in practice most companies will not touch AGPL code.
Why would I want to stop them making it available as a network service except as a way of circumventing the copyleft by effectively distributing it without actually distributing it (which AIUI the AGPL fixes)? If you want to place restrictions on how people are allowed to use the software then A) I don't see the relevance of AWS as a special case, and B) go ahead but don't imply the "open source crowd" are being unreasonable by not considering it open source.
You'd want to stop them if like in TFA you don't actually want to provide open source software but rather want to sell your software as a service with free marketing from being "open source".
It doesn't in an indirect way. A friend that worked for Amazon about 5 years ago told me they were even allowed to look at AGPL codebases on the clock because the lawyers were so afraid of it.
Not a lawyer, but my understanding is there is a strong feeling that AGPL can be roughly ignored if a service provider provides some level of indirection (e.g. a proxy) between the user and the software. Then, the software is somehow not being accessed over a network and thus they are not required to release the source.
I have a strong feeling you would be told "we don't know, it's never been tested in court, there's a chance you would win and a chance you would lose on that argument".
Not just a level of indirection. The "substantial features" of the code need to not be directly exposed.
So if you had some AGPL OCR tool you were using, you could use it, but not in a way the user sees that text. Generate audio from it and expose the sound? Probably fine.
My understanding of the theory that they're advocating is that the AGPL requires that when you modify AGPL software you modify it to provide an offer of its source.
And that you can comply with that completely, run the software, and then have a proxy in front that strips that offer without violating the letter of the license.
And if that theory works I think "substantial features" of the code could be directly (but for the indirection of that proxy) exposed.
> However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so.
and
> Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License.
"Convey" is the key word there. You _must_ convey the license. Stripping it out, is not conveying it. Why is it automatic? Because under the AGPL, the license is a part of the work itself. You cannot remove it or modify it, without breaking the license, and thus having no right to modify it in the first place.
You didn't convey a covered work by using it to respond to a response or anywhere else in my hypothetical - and indeed that part of the license exactly matches the GPLv3. The relevant portion of the license is rather
> Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph.
I know what section of the license is relevant to network requests, why the section of license you cited is not, and that a proxy stripping offers of source does not seem to violate the text (though it certainly violates the spirit) of the license. I do not know how a court would react to such an attempt.
I agree that I'm done with this conversation though.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't...
Freedom 0 is the freedom to run the software for any purpose. You can't deny users this freedom "for their own good", or to spite big corporations, and still be free software.
Subtler issues of power and dependency won't be resolved through licensing alone, and certainly not by compromising on basic software freedom for users.
> What Herman is doing is a service to us all, and we should find a term (better than 'source-available', which is cold and doesn't capture community projects accurately) that people can promote themselves under without much weeping and gnashing of teeth.
People are cold to source-available projects because of their experience of source-available projects. If you want to benefit from the warm reputation that open source has, you need to offer the things that open source offers. If you want to do some novel thing, that's fine, but your novel thing will have to earn its reputation.
I guess I'm in that crowd, and well, I definitely recognise that! Open source is an important term, and I don't want to see it degraded. I think I'd find it annoying if this blog post was trying to claim Bear was still free software, or open source.
That doesn't mean I think everything has to be open source. Bear is a blogging platform trying to make money and it seems fine to me for it not to be open source.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source.
This statement is 100% correct. Open means open for everyone. There's a "but they are providing FOSS as a service on a proprietary platform", which seems like the next step on the LGPL-GPL-AGPL stairway of licenses, but SSPL failed to convince anyone it was a necessary freedom:
- MongoDB Inc obviously had no plans to release their own SaaS platform under SSPL
- AWS source code being released wouldn't have benefited anyone other than maybe other major cloud providers
Why the scare quotes, the first freedom of both Open Source and Free Software is the right to run the software for any purpose. It's not some little unimportant detail. It's arguably the most
important property of Open Source.
I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software. In fact, having no safeguard against large organisations making money this way is actually hugely detrimental to the mission by enabling these companies to ensnare unsuspecting users in a web of both their own proprietary software as well as all that free and open source software has to offer.
The base-stealing that comes with the throwing out the term “winner-take-all” is astounding. People claim this all the time on HN without any shred of evidence that it is the case.
The history of technology and markets show this just isn’t true on any significant timescale.
I mean in this specific case we're not talking about AWS or any other large company. We're talking about someone wanting to offer Bear.app hosting in the vein of managed Wordpress. This is good for Open Source. Having multiple commercial entities working off of and invested in the same codebase is exactly what Open Source envisions.
It does take some mental discipline to actually believe in the movement and not view someone using your software to start a business as them "stealing your work." Such a
thing doesn't make sense in OSS, you gave it away freely. It's a good thing, the competition is healthy. You don't have to believe, closed-source proprietary software is much easier to run a business off of as evidenced by most businesses operating that way. There's no shame in it. The FOSS folks are the free love "we don't believe in intellectual property mann" hippies of the software world.
> enabling these companies to ensnare unsuspecting users in a web of both their own proprietary software as well as all that free and open source software has to offer.
Why use the MIT license when the AGPL is the better choice? I don’t understand why developers choose MIT and or Apache license and then figure out that they now have a competitor cloning their product .
My issue with "source available" as a term has always been that it basically sounds like a synonym to "open source". It's not clear to me why the place to draw the line for what level of restriction constitutes " would be between what's known as " source available" and "true" open source when the question of "can I read the source code for this or not" seems way more intuitive to me than "can I run a cloud-based software service for this without violating the terms of the license".
From what I can tell, the argument against including stuff that's called source available in the category of open source basically boils down to the OSI definition, but it doesn't seem reasonable to me for an organization to claim exclusive rights to a very generic-sounding term with an intuitive definition that clashes with how they want to define it. If there's a concern over the pollution of their brand, they should be trying to trademark it, and if there's not, the constant backlash against anyone using the term in a way that conflicts with their definition is pretty antisocial. I recognize that this battle is probably already lost, but I'm not sure I'll ever understand why as a community we seem to have been happy to police usage of an unintuitive definition through public pressure just to try to make a point that doesn't seem to have nearly as much consensus behind it as the expectation of uniformity would imply.
The history stems from the term “free” software not being very palatable for marketing. There are 4 tenants to free software. Bear is no longer free software.
All of those statements are reasonable, but they don't really change the point I'm making from what I can tell. Having trouble marketing "free software" doesn't justify anything about how an entirely separate term should be used.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
You don't get to just redefine terms if you find them inconvenient and people are right to push back against such attempts. If you want something else, put in the work to get mind share for your model instead of trying to catch a free ride by taking over an established one.
The weird part is that these companies/individuals will use proprietary software with no qualms of the sort they express for these "source available" licenses.
> But governments won’t get the ability to alter source code. “This isn’t about developing or supporting customized versions of Windows,” Mundie said. The GSP and other source-code access programs are about “helping build comfort and trust with our key customers on how Windows is deployed, how security is running and how other software is running on top of Windows,” he said.
> Russia’s Federal Agency for Governmental Communication and Information has signed a GSP agreement with Microsoft, and the company says it’s in discussions with about 20 other governments.
Open-source normally means there's no use restrictions, but there could be some requirements in order to do so (like attribution).
Free software normally means there's no use restrictions, but modifications can mandate maintaining the modifications also free to use, retaining the same freedoms.
And if you fray from those, you can call it source-available and the specifics of what usage restrictions exist are per-license.
Maximalism and lack of nuance aren't going to fix the world. Though, neither is lack of thinking things through. I'm not sure how people, including myself, would feel about the situation if the company using a "Bear-like" license was, say, Oracle or Microsoft.
I think it's more like "a project made for the community", not quite "project made by the community", though the former is definitely usually what's implied.
I think some people lose sight of the difference between the theoretical possibility of competing forks/implementations/services and the practical possibility. If a big enough organization gets ahold of something and begins to drive it, the fact that it's nominally open source may not be enough to ensure that people have a practical ability to get out from under that organization. In other words you need not just openness of "information" but actual open space to maneuver in the real world of food and money and markets and so on.
In many cases for-profit companies have taken up (or created) open source tools and made use of them in ways that still benefited the community at large. But it's not clear to me that FOSS licenses as we know them actually guarantee that. It doesn't seem unreasonable to me to want to build safeguards against open source software being weaponized or co-opted for unfree purposes.
One thing that's not clear from the Bearblog dev's post is whether he would be open to small-scale "competitors" who share an ethos similar to his own. In theory such competitors could be granted special license exceptions. If I were in his position I could see myself wanting to exclude big companies (and companies that hope to become big) while allowing small operators. The challenge is to create an enforceable license that encodes that, rather than requiring the author to manually approve or deny each request.
That is exactly the stance. If there are strings attached that means some people can't use it, it's not really open.
(GPL has strings attached if you use it, which is bad in a different way)
I don't think anyone has a problem with the non open source licenses themselves. If you start with a closed source license or whatever, that's fine. It is switching from an open source licenses to something that is not.
A lot of the projects that later switched out of open source would have never gotten any traction if they started with the license they ended up with.
Unfortunately, AWS has invented and legitimized this entirely new class of leeching off of open source work, where they capture the entire economic value of a project by owning the hosting infrastructure; contributing nothing back and forking when the original authors protest. OSS stewards should correct this - in my view disallow cloud vendors beyond a certain size to freeload.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
There are factions in open source advocacy, ranging from laissez faire views of freedom to views of freedom as something that needs some limitations to conserve it and prevent abuses/tragedy of the commons/etc.
I don't owe that guy s*it, what are you talking about.
He's actually doing a disservice to the OSS community, as there's now another story of OSS turning non-OSS out of greed, which damages (by a bit, but still) the whole aura that true OSS has built over the past 40 years.
I've long thought there needs to be some sort of "cooperative source" license. With DAOs and whatnot, there's even the possibility of an automated global common fund for contributing and supporting. There's definitely a big opportunity to rethink things in this arena.
I'm not 100% convinced that these licenses actually work. How hard would it be for a BigCo to have an intern to modify the code enough so that it's not an easily detectable violation?
I mean this stuff isn't just theoretical, there have been video games where we only find out they violated the GPL after a major code breach. [1]
> if Amazon can't make it one of their AWS offerings then it isn't true open source
That's because then it isn't. Sorry, but you can't just take terms with an accepted meaning and decide they mean something else, without any conversation or consensus from there people using that term.
The OSI has a specific definition of what "open source" means[0]. Restricting what users of the software can do in this way is in direct opposition to parts of that definition, so no, if you do that, then it is no longer open source.
I'm not saying you aren't entitled to set up your licensing that way. I think it's disgusting when the likes of Amazon decide to take someone's hard work and use their massive oligopolist position to trivially outcompete anything the original author might try to do to make some money.
But that doesn't mean it's open source. I think people need to stop being so afraid to call their software something else. They seem to be really attached to the idea of being an "open source developer", and don't want to drop that moniker even after changing their licensing away from open source.
People also need to stop licensing their software under true OSS licenses, building a community of regular, significant contributors around it, and then changing their licensing (which they can do because they've [IMO shadily] required contributors to reassign copyright). That's a huge bait-and-switch, and people are right to be upset when that happens.
In the case of Bearblog, it seems like the author is really the only significant contributor, so I think what he's doing is totally fine, for the record. Frankly I think he did this the right way: his announcement email is entirely reasonable and sympathetic, and he doesn't try to breathlessly claim that his software is still open source.
[1] While I don't love how the OSI folks basically just decided they own the term "open source" and that they get to define it, I think they've been pretty good stewards over time, and having clear-cut definitions of things is a good thing.
> the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source
Exactly! As RMS famously put it[0]:
> It is essential, for the sake of true freedom, that every user - including the humble billionaire overlord who owns a rocket factory - has the unfettered right to run the software we, the noble proletariat of unpaid maintainers, lovingly craft in our basements at 3 a.m. Our highest ethical duty is to empower Jeff Bezos to instantiate yet another Kubernetes cluster that bills government agencies by the millisecond, for freedom means all users, especially those with yachts shaped like smaller yachts. Therefore, to deny Amazon the liberty to exploit our software without a cent of reciprocation would be to shackle the very essence of the Four Freedoms, for Freedom Zero is, and always has been, the sacred right of the richest man alive to squeeze the last drops of value from our volunteer patches while whispering “thank you for your contribution” into the abyss of a PR bot.
On a more serious note:
> I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software.
Now, if said software was intended to run on users machines to actually empower the user, we wouldn't be in this pickle, wouldn't we?
I don't see Amazon freeloading off of GNOME, KDE, LibreOffice, Blender or GIMP.
No, I would argue the root cause of the problems here is that bros want to own their users (saas to the moon) and think open source is the way to do it. I say, fork those people!
As the author of Bear put in this very article:
> I wanted the code to be available for people to learn from, and to make it easily auditable so users could validate claims I have made about the privacy and security of the platform.
>
> Unfortunately over the years there have been cases of people forking the project in the attempt to set up a competing service.
Nowhere here is the intent for users to host the blogs themselves. No, he wants uses to use his service, not his software.
Fair enough, but that shouldn't have been open source in the first place. The author is just rectifying a mistake he made previously.
If the author had actually wanted end users to use his software, he wouldn't care who runs it. Look at Hugo, they're doing alright.
> enabling these companies to ensnare unsuspecting users
Well, to me, as a user, Bear is the company that ensnares me unexpectedly, because it tells me it's running open source but the minute I want to run it myself, oh no, I'm freeloading.
Whenever I see a project that requires a Kubernetes cluster to do something people would have in the past done in 15 files of C, I know they don't care about me as an empowered user in the "free software" sense. They see me as "a user" in a drug-addict sense.
> This is a morbid topic for me to write about: what happens to Bear if something happens to me? I've got that covered too. There's a detailed succession plan in place, including:
Full documentation of all systems and processes
Multiple trusted developers with access to the codebase
Clear instructions for maintaining the platform
So if I were to be incapacitated in any way, the platform will live on.
Which you could have known by spending five seconds on https://lambdalpha.com, or actually reading your own link which calls Bear an "Apple Design Award winner notes app", which doesn't really sound like the Bear blog.
Wait, you’re saying open source shouldn’t exist just to be free labor for billion dollar companies and hustlers? Or to dump free product on the market to make it impossible to compete with said billion dollar companies?
Has the maintainer looked at fair source? [0] I believe it's superior to source-available (and open core), because it eventually becomes fully open source under DOSP [1], which is great for free and paid users, especially for a blog platform like Bear. There's an FCL [2] fair source license, which aligns pretty well with their current Bear Blog License (namely the non-compete and license key bits from the ELv2). All in all, the term "source-available" is pretty meaningless, because there are too many variables. Fair source tries to tighten that up.
It also aligns quite well with Bear's manifesto [3]. Even if Bear PTY LTD ceases to exist, Bear won't. This can be codified under DOSP.
Disclaimer: I'm involved with fair source and helped write the FCL.
> Is it correct to assume that software than eventually becomes open under something like Apache or MIT is fair source? Or is there more subtlety to it?
The concrete definition we came up with and published:
> Fair Source is an alternative to closed source, allowing you to safely share access to your core products. Fair Source Software (FSS):
> - is publicly available to read;
> - allows use, modification, and redistribution with minimal restrictions to protect the producer’s business model; and
> - undergoes delayed Open Source publication (DOSP).
Naive. Guy picks a license that allow anyone to do anything they want with his code. Later realizes that was not appropriate when he's trying make money. Changes to an obscure license that on the surface seems to fix the problem.
Your options are: MIT / BSD, GPL, LGPL, AGPL. All others are unnecessary and create needless incompatibility.
I'd have to agree with this stance. You choose MIT when you are happy to share your source with no strings attached. Some do pick MIT with this intent, but that was not the case here. But rather a case of either miscommunication or wanting to have the pie ("look how altruistic I am") and eating it too ("look how business-minded I am").
I mean, there’s a chance it’s exactly what he said, “I didn't give it much thought at the time, but knew that I wanted the code to be available for people to learn from, and to make it easily auditable so users could validate claims I have made about the privacy and security of the platform.” … it doesn’t have to be some to be some sort of nefarious OSS altruism, it really could be, “maybe people would want to see how this works”… that ends up leading to … oh crap a bunch of people who have never contributed, and will never contribute, are hosting versions of what I created and taking money that I really would like to have to feed my family.
To be unfairly cynical here, the sentence you quoted sounds to me like "I chose to not have a front door. I didn't give it much thought at the time, but knew that I wanted my home to be available for people to learn from my interior design choices and decorations. Then I discovered that people walked in, started to eat out of my fridge, leave dirt everywhere and carry off some of my chairs, and it hurts".
The fault here lies not with the persons who use the maintainer's code exactly in line with the license, no matter what other _intentions_ he might have had.
Possibly, but that would be pretty damning. A license isn't something you should YOLO. If he is that laissez-faire about licensing the source code then what other important aspects of the project has he not given sufficient thought.
Misunderstanding or failing to predict the legal ramifications of choosing an extremely popular license is in no way an indicator of programming care or ability. They’re different sets of skills.
Also, something starts off as a nothingburger side project, so you make some decisions based on that. Then it develops a bit, and turns into something you care about and are able to turn into a business. What people want and expect changes over time, and a license on a codebase that is basically developed by one person, isn't a marriage.
The Apache license is IMO ok in isolation. But its good to minimize the number of licenses used to enable sharing of code between programs. I also have a serious dislike of the Apache Foundation for their continued "support" of the joke that is OpenOffice and its trademark. That is such a disservice to open source and Free Software that I boycott them.
I think the MPL is a useful license as well, and underrated/underused.
It's less viral than the GPLs when just using the licensed work, and less permissive than MIT / BSD because changes have to be open sourced, when the program using the changed library is distributed.
Naive. Users who think a project that is Open Source will remain Open Source forever.
Authors gave the right to change license to a proprietary one. Users being surprised by this are as equally naive as developers who think you can make money writing Open Source.
Well, the versions that were published as open source will remain open source forever. That's never a guarantee for new updates by the same author, for any licence.
Not sure why you're being downvoted, but for the people in the back: "Open source is not a business model!" As RMS has stated on multiple occasions, it's not a business model and has never been a business model. It is a model to enshrine software freedoms. Nothing more, nothing less.
> Unfortunately over the years there have been cases of people forking the project in the attempt to set up a competing service. And it hurts. It hurts to see something you've worked so hard on for so long get copied and distributed with only a few hours of modification. It hurts to have poured so much love into a piece of software to see it turned against you and threaten your livelihood. It hurts to believe in open-source and then be bitten by it.
The free solution to this is Affero GPL. The AGPL ensures that anyone who hosts a program must grant its users the same rights to use, examine, modify and share it that he received. The original author can just download that source and incorporate its changes.
That means that a fork doesn’t hide changes from the original author who ‘poured so much love’ into it.
We as a community have got to stop using the MIT or BSD licenses on our code. Use the AGPL for server code, the GPL for tools and the LGPL for libraries.
>Use the AGPL for server code, the GPL for tools and the LGPL for libraries.
If we are doing it for ideological reasons why not go all in and use AGPLv3 for everything, including libraries? It also has the added benefit that big corporations will not use your code.
Eh? Big players still run AGPL licensed services. The concern is not about the access to source code.
The concern is livelihood. When a big player swoops in, they can completely decimate your business because of shear scale advantages, they can undercut you into bankruptcy. And while sharing the source under even GPL is noble, it's just also kneecapping your ability to make and grow a new business if it's a tool/service that has market traction. The OG author having access to that modified source code does absolutely nothing to help them.
The big players are literally seagulls waiting to steal your current and future customers.
> The concern is not about the access to source code.
That is a big part of the concern, yes. That anyone can copy your work, setup a competitor, and never give anything back. Copyleft licenses, and the AGPL in particular, ensure that those changes are made public, which benefits everyone, including the original project.
> When a big player swoops in, they can completely decimate your business because of shear scale advantages, they can undercut you into bankruptcy.
That's not a guarantee. In fact, many businesses built around copyleft licensed products can thrive, in ways that their competitors cannot. The original authors understand the code base, the product, and their users much better. They have first-mover advantage on any new features, and have full control over the project's direction. They can use these advantages to build a business that is difficult to compete with, even for much larger and more powerful competitors.
In the open source world, the value of a company hinges on the quality of its product and the community around it, not on market hype, speculative valuations, and venture capital. It is more difficult to build unicorns and make investors rich with this approach, but focusing on the user avoids many of the wrong incentives that make most companies user hostile. Many companies fail because the leadership doesn't understand this, nor the philosophy behind open source, and they simply want to use it as a marketing tactic.
I suppose this is the move if you're looking to foreclose all possible competing usages. Kudos for using correct terminology as it is no longer Open Source.
However, I still believe AGPL is a better alternative in most cases and functionally prevents large enterprises from touching your code due to typical internal policies.
AGPL is exactly the spirit of open source. The license used by bear violates freedom 0. AGPL ensures that freedom 1, 2 and 3 are allowed even in hosted services scenarios.
Freedom 0
the freedom to use the work
Freedom 1
the freedom to study the work
Freedom 2
the freedom to copy and share the work with others
Freedom 3
the freedom to modify the work, and the freedom to distribute modified and therefore derivative works
Its weirdly incorrect to zero index stuff like this. The zero index refers to the start of the first thing, which is not what numbered lists are supposed to indicate.
If I recall correctly, there were originally three freedoms, but then a fourth one was thought of and put at the front to give it prominence, numbering it as zero as not to disturb the original numbering.
Unless you think they'd add a "Freedom -1" in the event that they add a 5th even more important freedom, then this is clearly just selected because 0 indexed lists are cute to programmers
I think it’s most likely a combination of both: Freedom 0 was later added in the first place, and newly numbering the first place with 0 could likely only have been thought of by a programmer.
That is not the spirit of open source, but rather the spirit of free software. The spirit of open source is to effectively have freedom without talking about it.
the corporations who disallow agpl only do so because they want to comply in a way that is against the spirit of open source. When I advocate for the agpl to prevent Amazon and Google using my software, it’s not because of who those companies are, but how they use it.
If Amazon tomorrow turns around and open sources
everything that is a derivative work of the code they ever used, I would be more than happy, even proud if they used my software. Today any company which doesn’t deny their users the core software freedoms is already free to do so.
This is not a “hack” to be maliciously compliant OSS; this is the spirit of open source.
Why do you think the GPL has the virality clause in the first place?
Edit: a perhaps reductive, but hopefully instructive summary: MIT/BSD guarantee freedoms of the software developers, GPL guarantees freedoms of the software users.
You are free to choose which you prefer, but they're quite explicit choices, and the AGPL is absolutely squarely in the spirit of the GPL.
(Now if you had said you take issue with the tivoization clause, on the other hand... :) :))
> the corporations who disallow agpl only do so because they want to comply in a way that is against the spirit of open source
believe it or not this is not actually true! the corporations who disallow agpl do so because their lawyers (correctly) tell them that agpl-licensed software has not been adequately tested in relevant courts of law, and that by including agpl-licensed software they are opening themselves up to unknown/unbounded legal liability/risk!
"the spirit of open source" has nothing to do with anything!
I’ve heard this one before and if the agpl were two years old I’d buy it. But they had ample opportunity to craft a better license by now, so at this point it’s hard to believe that’s not just a convenient excuse.
Don’t like the agpl wording, but agree with the spirit? Ok, you have the lawyers, write a better agpl that abides by the same spirit and which you trust.
But: nothing. And waiting won’t change that. It may be also true, but it’s just excuse at this point. They’re not chomping at the bit to introduce networked virality of software freedom into their platforms.
you're arguing with the messenger. whether or not you buy anything is completely immaterial, what matters is the actual position of legal depts in corporations. said another way this is not a normative discussion (folks SHOULD be doing X) it is a descriptive discussion (folks ARE doing X)
you're also completely missing the point. it's not on anyone to "fix" the agpl, the point is about whether the agpl as it exists is usable in practice. answer, no, not really. "software freedom" doesn't even enter the discussion.
Your position would be eminently reasonable if this comment thread were kicked off by a blog post called "Evil Corpos are Bad Guys, They Should Accept AGPL! A Treatise Out Of Nowhere."
Corporations are free to do as they choose. They can choose not to use AGPL software. That's ok, they don't owe anyone anything (arguable but let's go with it), and I'd have no leg to stand on.
But that's not what happened here. Look at the quote that kicked off this thread:
> Shame on the people who recommend the AGPL to effectively be an OSI-approved source-available license.
> This is a grievance against the spirit of open source.
Note "Shame" and "the spirit of open source." Someone kicked off this thread painting authors of AGPL software as going against the spirit of open source for promoting a license which they know big corporations shun.
At that point it's a very different context. Remember how corporations don't owe anyone anything? Neither do free software devs. That entire comment is completely wrong, and the entire thread which followed only exists in its context. Not outside. And inside that context, it is absolutely valid to talk about the spirit of open source, to talk about what "should", etc, because that's the context introduced by the comment itself.
"Software freedom" doesn't just "enter" the discussion--it is the discussion.
> the corporations who disallow agpl only do so because they want to comply in a way that is against the spirit of open source
in isolation
"the spirit of open source" is not anything that can even be evaluated by any corporate legal team, much less is it anything that can be complied-with (or not-complied-with) in any kind of way
People saying wrong things about the AGPL isn't an AGPL problem, it's an issue of people saying wrong things.
AGPL allows competition. Any free software license does. It's rule 0 of free software.
> it's chosen to to be a non-compete.
Well, too bad for them, because I can still fork this AGPL software and compete. So what's the issue?
The issue would be for contributors contributing for to this code under CLA seeing their contributions closed up. If that's not your thing, don't contribute to software under such CLA. I avoid it myself.
The AGPL is supposed to increase user freedom, not the legal department's freedom.
The FSF have never cared even slightly about corporations being happy. Who cares if Google can't enrich themselves further? The point is to protect the users who are free to fork / host the software themselves.
Sorry, but I won't cry for corps big enough to have legal departments because they elected not to benefit from my software. They have too much power for me to worry about looking to accommodate them and their fantasy.
I don't mind them not using my code. They are doing themselves here.
They have the human power to rebuild it anyway and I actually believe it should cost them.
it's actually them who are spreading the FUD, because they don't like the AGPL.
Meanwhile, my goal of providing software freedom to my users is fulfilled.
My point is less about the AGPL license itself and more about the people who choose it.
If the OSI came out and made a statement on the ambiguities in the AGPL, and cleared the FUD in such a way that all companies agreed and could reference it, I'd wager that the AGPL would over time become much, much less popular for commercial open source. But I'd wager that they won't do that, because they win when COSS wins.
But if they did, we'd likely even see a move towards non-OSS licenses, ones that are clear as to their intent and rules -- rather than relying on ambiguity -- because there would no longer be an OSI-approved license that businesses could use to have their cake and eat it too.
Very few COSS business/startup/w/e right now are choosing AGPL for altruistic reasons. This thread and every other COSS licensing thread here are evidence of that.
Few of them care about software freedoms, or know why they chose the AGPL. They have a playbook that says AGPL lets them take advantage of the open source distribution flywheel, while largely protecting them from the risks associated with commercial open source, i.e. competition. They choose AGPL for this, not because it's the best license for users.
I honestly don't get how people don't see the deception under the AGPL right now.
Let's say I don't care about the intent of people choosing the AGPL (I do, I wish people did stuff for altruistic reasons, but the economical system in which we live makes it so we can't rely on this).
You say people are choosing the AGPL because they think it lets them do effectively source-available while benefiting from open source washing. Fine. I don't like this. But the effect of this for me is that we actually get actual free software.
What's so bad with this?
I've reread your second text and didn't find what's actually bad with the AGPL.
Now, I wish all the FUD around AGPL was cleared; the FUD is what's bad, but I don't wan't to wait for this to happen before picking the AGPL for my software.
It's lying. It's an open source project and a business model built on deceit. I guess I care about clear rules, clear intentions, and I care about integrity above all. The AGPL is ambiguity; unclear rules, veiled intentions. And these same people will relicense without a thought, too. I think we should care about these things, otherwise we repeat history over and over again.
The intentions behind the AGPL were never veiled. The intent was to close the loophole in the GPL3 that is opened by providing software as a network service. If you were to release software that provides a network service under the GPL3, someone else could use and modify it without sharing their changes, but while also providing it as a service. AGPL3 closes this loophole by ensuring that everyone who can use the software must have access to the source including any changes. I don't see any deceit, and I don't even see any anti-competitiveness.
If you read the conversation higher up, instead of taking what I said out of context, you'd see that I was talking about the author veiling their intentions, i.e. using the AGPL as an effective non-compete while masquerading as "open source."
They (the author aka the startup) wouldn't have chosen the AGPL if not for enterprises/bigtech/competition being scared of it.
They didn't choose AGPL to increase freedom 0 (AGPL's purpose), they chose it to decrease it.
I don't see how it can do this. The AGPL is a license text. It states what people can do with the licensed code. What is lying in this text?
> I guess I care about clear rules, clear intentions, and I care about integrity
Me too
> The AGPL is ambiguity; unclear rules, veiled intentions
That's where I don't agree: The rules are written in the license text and I see no ambiguity there. Where is the ambiguity in the AGPL text? What is not clear about it? What granted rights are we not sure about?
> veiled intentions
The original intent of the AGPL authors (the FSF) was clear and simple to me: ensure the end user's freedom. It was GPL, but address the SaaS situation where someone can modify networked GPL software, make users use it from the network, without having to redistribute the modification since the program runs remotely and not on the user's machine. And that intent is perfectly align with what I want for my code.
Sure, people with bad intents will use the AGPL, and so what?
People kill with knives, but I'll definitely keep cooking with mine. The AGPL is a tool. It doesn't, by itself, has intents, especially veiled intents.
I'm not going to stop using the AGPL because someone wants to use it to trap users.
This is all abstract, I'd appreciate concrete examples where:
- people have done that, without a CLA (because yeah, I'm convinced AGPL+CLA can be bad).
- the AGPL doesn't work well for someone using it with the original intent in which the AGPL was written.
Sorry, but this yes-answered AI slop subtly makes no sense, it just reads comfortable to you. You should not delegate writing your opinion to the llm and even less use it to shape your opinion, this is my main takeaway from your screenshot. The AI answered your biased question in a way that pleases you, it's well known that they do this. This stuff is actually scary, and that clever people like you rely on this and don't notice the glaring issues is even more.
The agpl is ambiguous because users may choose not to fully use the freedom they were given? Sorry but this is bullshit. I'm glad I haven't started using this stuff yet (for other reasons). I'm sure I wouldn't notice such issues in topics I'm not at ease with and I can see how easy one can be seduced by this stuff.
Now, I'm convinced AGPL can be misused. What's more, I'm certainly quite happy that a side effect of the AGPL is that Google won't touch it, to mirror the comment you point to (whose author is wrong by the way, the intent behind the AGPL was not to exclude big tech, but to promote/protect user software freedom). All the fud around the AGPL actually comes from companies like Google, so respectfully fuck them all. Nobody could possibly have weaponised the AGPL against them had they not started spreading all the fud in the first place.
But even considering that picking the AGPL to scare big tech away is bad and weaponizes it (which I can hear, and let's assume), I believe you are wrong that nobody chooses the AGPL for the user freedom genuinely. There are a lot of examples of software under AGPL in good faith seemingly to me. Examples: Nextcloud, Joplin, CryptPad, Overleaf, Passbolt, Univention...
I doubt any of these commercial projects from friendly (?) companies choose the AGPL to fuck the world. I don't know the numbers, maybe it's a minority. You may not have numbers as well. Are you against the AGPL when used in good faith? If so, what to you suggest as an alternative?
I'm with you with the wish people were altruistic. But the system we live in doesn't exactly help being altruistic. Not being altruistic is certainly not a trait of people using AGPL, it's virtually everyone in a commercial setting (although some of us try to do their best to be good humans and virtuous). If anything, the AGPL was born from a ideal and that was certainly driven by something like altruism. All this blame towards the AGPL because people are out there to make money really feels weird to me.
Anyway, I don't think we'll reach an agreement here and that's OK. Thanks for the discussion, despite the strong disagreement it is/was stimulating.
Fair enough, but the LLM said nothing incorrect (if it did, please point it out). Regardless, the screenshots don't even matter. You didn't seem to actually read the thread I pointed to, where a VC-backed startup founder admitted to using the AGPL to limit bigtech from using the software, a clear violation of freedom 0. They didn't choose the AGPL for altruistic reasons, rather, it's simply a part of the COSS startup playbook now -- because it works! -- they can use the term "open source" while protecting themselves from competition. Which is my entire point.
Why do they get to use "open source" while effectively violating the freedoms but somebody using the Elastic License, or the Sustainable Use License, or the SSPL, or the BSL, or the FSL, etc. isn't allowed to? They're all doing the same thing, only the latter licenses are saying the quiet part out loud.
Anyways, I agree we do seem to be talking past each other at this point. gl
> You didn't seem to actually read the thread I pointed to
I had mentioned it so you could see I actually read it. I had actually made the effort to load this twitter link despite the PITA it is.
> if it did, please point it out
Already pointed out my main qualm, but Brandolini's law is particularly bad with LLMs, I won't have time to debunk in details each time I run into generated text. I'd rather argue with a human being.
Let's forget this part of the discussion, it was not your point, I should have ignored it, I'm just losing patience with the LLM madness.
> effectively violating the freedoms
They don't. There's a fundamental difference between "the license permits something but someone elects to avoid benefiting from it" (someone = big corps) and "the license actually forbids something". The difference is quite major for the rest of us who are not big corps stupidly afraid of the AGPL, and we are the vast majority.
Which resolves your question:
> Why do they get to use "open source" while effectively violating the freedoms but somebody using the Elastic License, or the Sustainable Use License, or the SSPL, or the BSL, or the FSL, etc. isn't allowed to?
The reason is the Elastic License, or the Sustainable Use License, or the SSPL, or the BSL, or the FSL actually forbid running stuff for some endeavors.
AGPL doesn't. We only have big corps deciding they should stay clear from the AGPL. That's not the AGPL forbidding anything to anyone. It's not a feature of AGPL. It's a feature of big corps.
Now, that some people choose the AGPL because they know big corps stay clear from it, okay. I understand you find this veiled. Fine. But that doesn't make AGPL non open source.
Our main disagreement IMHO is that you would like that we qualify licenses depending on the intent of people using it or on the FUD corps who don't like it (and you too!) spread instead of what they intrinsically allow or not. I can't agree with this.
I'll go further. "Sustainable" and "Fair" are terrible and intentionally misleading qualifiers for these non-free licenses that are sustainable and fair only to the authors of the software under those licenses.
You just need to own the fact that you write proprietary software, and shouldn't bitch on people actually doing open source stuff and find them gotchas. They are not doing some anti-competitive stuff that's unfair to you. If you find AGPL gives unfair advantage because it gets called open source, nothing prevents you from adopting it. I suspect you won't because you know it actually gives more rights than you want to give, which also answers your question.
You guys using proprietary licenses are the ones not respecting software freedom, and you trying to call out people who actually do is quite rich. This really doesn't look great. I'd suggest you quit doing this and focus on the positive things instead.
I've asked you what harm the AGPL actually does and all you have to share is some tweet written in jest answering a low quality LLM generated text tickling the gafam. Not very convincing. Not sure you'll find deep meaning in such low quality interactions on such a low quality platform.
But why wouldn’t they change their minds if those big corporations actually changed their ways? Is there a similar sentiment against red hat?
I now understand where you’re coming from but I am not sold on your prediction that the agpl would crater if Google started complying with it. It would mean that Google open sources everything which is derivative work. That sounds like it would buy a lot of good will amongst precisely those people who are mad about how Amazon screwed redis (to put it bluntly).
What specifically is your problem with the AGPL? I read both of your links and while there are a lot of incisive statements ("But the truth is, the AGPL isn't used to increase user freedom — it's used to restrict it, primarily through its legal ambiguities") you never spell out why you believe them.
It is objectively true. AGPL does not meet the definition of free software, because it restricts the use of the software when modified.
The FSF pretends this isn't true by pretending that some uses are actually redistribution. However, this is too clever by half. Redistribution has a well-settled meaning, and allowing interaction over a network—unless it involves downloading the software itself—does not meet that definition.
Let's grant your definition of "redistribution" for the sake of argument. How does the license restrict your use of any modified versions of the software? Like, what specifically are you forbidden from doing?
No assumptions here! You said that the AGPL "restricts the use of the software when modified", so I'm just asking specifically what the restrictions are.
> Author's note: the above thoughts are for how the AGPL is used in startup-land alongside a CLA — not for AGPL in general. The AGPL is a fine open source license for libraries and other infrastructure.
The whole piece is about CLAs, the AGPL has absolutely nothing to do with signing over your copyrights. See Canonical for the same behaviour without the AGPL, the AGPL just requires that you allow your users to also see the code they are using, even if it is accessed over a network.
> Many, like Google, have flat out banned the AGPL.
Yeah, but that's because Google hates sharing what they have built on the shoulders of giants.
No offense meant, but what's wrong with y'all today, people? Why so many folks in the comments use words in a way that doesn't match their dictionary-intended meanings and even insist that doing otherwise is something... weird, in a bad way? Am I taking crazy pills?
Save for The Church of Emacs and St. IGNUcius (obvious jokes), FSF is a political and social activism organization - not a religious one. They have foundational principles and manifestos, sure, but those aren't religious dogmas, but rather the views/desires how the society should work.
Labeling FSF as religious implies that it's a cult and thus there's no talking reason to them. But they're no more religious than any other civil rights movement - the beliefs about software freedoms are no different than beliefs in any other social rights.
Using a FOSS license and charging money for an alternative license is not abuse. And those blog posts appear to be FUD spread by a company whose own software is under proprietary licenses with source available.
People are welcome to use and host AGPLed software under its own FOSS terms. If people don't want to do that, and want to pay for alternative terms, that is also a sign that the license is effective. There's no point in restricting things people don't want to do. The GPL restricts something people want to do: make proprietary software. The AGPL restricts something people want to do: host software without distributing the source at all.
I've probably contributed more to open source than you [0]. I also contribute the source code of my entire company under the open source Apache 2 license via DOSP [1].
I wouldn't be so quick to judge. I love open source. But I also think words and intent matters.
I don't really 'win' by attacking customers/users that use the AGPL.
I think this is fair, by both Bear and yourself. He's free to attach any license he likes, you are free to use it or not.
Obviously the goal of Open Source licenses does not include making money. You might, or might not, but it's not a priority.
Equally your goal may be to only support Open Source projects. That's fine. For you removing support for this project makes sense.
Once a project reaches the stage of needing to create an income stream, Open Source licenses are no longer appropriate.
Yes, some developers are naive in thinking Open Source licenses protect their income stream. Yes some users are naive in thinking that projects will remain Open Source forever.
Source-available, or Shipped-with-source of whatever you want to call it is a proprietary license which is just fine. It's not Open Source, nor does it need to be.
Legally it's OK but I think ethically using open source to build up a brand that is then used to sell proprietary software is ethically questionable - just like the free until the competition has been eliminated bait and switch common in tech startups. Not saying this happened in this specific case though.
One is altruistic, akin to charity. It deliberately maximizes users’ rights to do anything they want with the software (freedom 0). I’m only in the lucky position I’m in now because of open source, and I want to push for more of that in the world with my wallet and my time.
I’m not going out of my way to support a commercial license. There are a million commercial blog platforms to choose from.
MIT was always the easy default that every project used, you just select it from the GitHub dropdown and you are done when setting up a new project. I think you can't really blame people for using it.
Especially when your project is new it's also not often clear that this project will become something more serious later where you have to worry about such things as people cloning your project.
A lot of people say that it can prevent these situations but from working for large enterprises, a lot of the offerings that are created literally don’t even change the code. Thus they have nothing to contribute and have no obligation to release any source code.
GPL also does not prevent the corporation from building software in front of whatever GPL service it is. Kind of like the Linux kernel, why bother changing the kernel when you can build software in front of it and not change anything and thus have nothing to release.
Why would this be surprising? The MIT license explicitly allows to relicense a project at any point. In this case, the Bear maintainer decided to start off with a permissive license and now exercised their rights to change to a more restrictive license due to changing requirements. To me, this seems actually quite reasonable.
The copyright holder (the author) is solely responsible for choosing how they want their work to be distributed, and is not bound by any other sort of constraint. They can choose any license at any time, and change their mind however often, and it whatever direction they want. Any previous licenses used (MIT here) bear no effect whatsoever. There is no license in the world (and cannot be) that would prohibit the copyright owner from changing it. It makes no sense, the license terms only apply to the licensee, not to the licensor.
Of course, the author cannot retroactively change the license of any previously distributed work. Anyone is free to fork off Bear from its last MIT code and do whatever they want with it.
So no, the MIT license does not "explicitly allow to relicense a project at any point" (emphasis mine). The MIT license allows licensees to license their derived work however they see fit, it has no effect on the relicensing by the licensor (the copyright holder).
Yeah, sorry if my terminology was unclear here: by “relicense” I colloquially meant to say “assign a different license to the project that is applicable for any work from that point onwards”.
> Any previous licenses used (MIT here) bear no effect whatsoever. There is no license in the world (and cannot be) that would prohibit the copyright owner from changing it.
I don’t think it’s that simple. The Bear project appears to have accepted external contributions under the original license, so the project is subject to that license as long as those contributions remain.
It may not be a big practical issue in this case, due to the MIT license being quite permissive, but if the project was e.g. GPL-licensed, the maintainer wouldn’t trivially be able to change the license in “whatever direction they want”. (And by “trivial” I mean without e.g. rewriting or discarding the external contributions.)
It appears that Bear does not accept contributions[1] and the very few contributors it had in the past only contributed a trivial amount of code[2].
But you're right, relicensing requires the approval of all copyright holders, and in general there can be many. Of course many projects require the prospecting contributor sign a CLA where they relinquish their rights to the project in order to be able to contribute. Personally while I have signed some CLAs, such as the Go one where I retained my rights, I'd never sign one which required me to give away my copyright rights, precisely so they wouldn't be able to do a rugpull on me.
I believe that copyright law is the biggest weapon one has against open source rugpulls and one should not give it away.
Because between 15 and 20 years ago the BSD zealots won that culture war.
I would really love to see a simulation where GNU licenses won that culture war and which landscape we would have today.
There are good reasons the so-called "BSD zealots" won the so-called "culture war", such as the definition of a derived work being largely uncharted territory. Did you know that there's a compelling legal argument that the GPL attaches to programs talking to each other via JSON data structures?
I think MPL 2.0 is the ideal kind of copyleft, because of its scope being very clear.
> Did you know that there's a compelling legal argument that the GPL attaches to programs talking to each other via JSON data structures?
The GPL attaches to programs that are legally derivative works. So does any other license that doesn't explicitly grant the right to prepare and distribute derivative works, such as the overwhelming majority of commercial/proprietary licenses. The issue is with the overall copyright/legal system, not with the GPL specifically, and given that most entities are comfortable using at least some non-BSD programs it doesn't seem to worry people in practice.
Right, as mentioned in https://news.ycombinator.com/item?id=45096736, simply running GPL programs is probably fine. Input/output that doesn't establish "intimate communication" probably doesn't create a combined work, but "shipping complex data structures back and forth" does, according to the FSF.
There isn't a similar degree of legal risk with MPL 2.0, nor with non-copyleft licenses (which is the subject of this subthread, not proprietary licenses) -- whether or not a plugin counts as a combined work, there are no requirements on you.
> There isn't a similar degree of legal risk with MPL 2.0, nor with non-copyleft licenses (which is the subject of this subthread, not proprietary licenses)
There is a similar degree of legal risk with the overwhelming majority of licenses in use. Yes, using exclusively permissively-licensed software would let you avoid this particular risk - but given that essentially no-one (BSD advocates are, if anything, less scrupulous about avoiding proprietary software than GPL advocates - you rarely hear of BSD-land pushing firmware into a separate nonfree repository or the like) does that, it's clearly not a risk many people care much about.
> Is your position that the FSF is wrong? If so, why trust the licenses that the same FSF wrote?
The FSF says a program that exchanges complex data structures with the covered program "can" be something that requires a license; they don't claim that it always or usually is. My position is that they're correct that it's possible (at least in some jurisdictions) but the risk is low in cases where you're not trying to do a technological end run around something you obviously need a license for.
> In general, businesses acquire commercial licenses for proprietary software, which is a kind of derisking.
Only if the license grants permission to do the thing you're doing! Otherwise you're no better off than if you had no license (and you're worse off than under the GPL, which at least permits you to prepare derivative works freely, only putting conditions on distributing them). Almost every commercial/proprietary license I've seen has a blanket prohibition on preparing or distributing derivative works.
> When is a program and its plug-ins considered a single combined program?
> It depends on how the main program invokes its plug-ins. If the main program uses fork and exec to invoke plug-ins, and they establish intimate communication by sharing complex data structures, or shipping complex data structures back and forth, that can make them one single combined program. A main program that uses simple fork and exec to invoke plug-ins and does not establish intimate communication between them results in the plug-ins being a separate program.
JSON data sent over the wire, particularly data with nested arrays and maps, and especially a bidirectional communication protocol, can reasonably count as "intimate communication" with "complex data structures" shipped "back and forth".
This is nonbinding guidance, but it is from the FSF, and it is legally untested afaik (not a lawyer). There's sufficient legal risk here that I'd be wary of using rich communication protocols with GPL programs, particularly if there isn't an explicit exception for that protocol.
"Intimate communication" here almost certainly refers to shared memory. No one is claiming passing JSON over the wire is the same as linking, or else a GPL webserver could insist that browsers be licensed under the GPL.
> If the main program uses fork and exec to invoke plug-ins
Which limits a lot the relationship between the original program and the "plug-in" concept.
I mean, we literally have binary proprietary blobs used as kernel drivers...
I think the main contribution of Bear at first was centralizing and codifying a certain visual style: minimalistic, with a single narrow column. It's basically "the Medium layout, but indie". And the thing is, that style in itself is not copyrightable. To achieve it, you don't need to use bearblog. You just need a few tens of lines of CSS, which you can very easily write yourself.
Today there's another thing going for Bear: the discovery page. It's gradually becoming a driver of visibility, attracting more authors to Bear to get readers who are there. But I'm wary of these "flywheel" kind of things, even if they have an indie look. To me it still feels better to have my own website, and participate only in those discovery systems that support it, like Reddit or HN.
You can also participate in openring to provide that type of small-web discoverability to other authors you like: https://git.sr.ht/~sircmpwn/openring.
The license doesn’t mention anything about “personal” or “internal” use.
Again, IANAL, but I can see why a company might be cautious about using Bear as a self-hosted blog engine, since companies technically have “users.”
For comparison, the Elastic License v2 - which this license is apparently modeled on - explicitly restricts use by "third parties":
> "You may not provide the software to third parties as a hosted or managed service"
----
The Bear license doesn’t include similar language, which could create uncertainty.
It might help to explicitly clarify that self-hosting for one’s own use is allowed, or to add “third party” wording to the limitations.
I only raise this because (a) licensing is tricky, and (b) if this feedback helps the author clarify their intended license terms, that’s a win for everyone.
But he chose not to use the exact wording from the Elastic Search license, which clearly says "third parties." Instead, he wrote his own license, and now it is not clear if I am allowed to self-host. In my opinion that is a bad decision.
>It hurts to believe in open-source and then be bitten by it.
No, you don't believe in open source, hypocrite.
Open source means anyone can use it, even for commercial purposes, and you knew this from day zero.
Honestly, no sympathy for these people, as this happens over and over again, they actually exploit the very few good intended OSS people. They portray their project as open source initially, to gather sympathy and free work from others, then when they see the $$$ they flip the switch to non-OSS and rub their hands.
In this case it's kind of unbelievable how quickly the flip happened. Their 'manifesto'[0] was published only at the start of the year, where they vowed to be an incorruptible bastion of stability in a selfish society focused on short-term thinking. They want Bear to be around in 50 years.
Then in the last couple weeks or so[1] it seems they saw a bit of a spike, and immediately pulled up the ladder.
They even criticised this sort of behaviour in their manifesto:
>We've seen our fair share of open-source projects become sour (see the recent Wordpress drama) or abandoned entirely. We've seen OpenAI become ClosedAI. There's a common thread here. Trust isn't just a legal structure, but a social contract.
I am actually totally in favor of source available licenses, but in this case it seems counter to all the boasts the developer has made about their platform.[2]
The author released it under a do-anything-you-want license. Then was hurt other people used the code for commercial and competitive reasons. The first paragraph showed the root cause was not thinking through licensing in the first place. Now, they've seriously considered it, decided their goals, and re-released it with a mix of generosity and self-interest.
We should probably remind people that licensing is an agreement between them and the other party deciding what can and can't be done. Make sure you've considered things like profit, competitors, source redistribution, etc ahead of time. Then, pick the license that suits your goals best. For many, that's source-available licenses instead of open source.
I strongly believe that the BuSL [1] "Business Source License" is preferrably. It leaves the code as source-available for now, but eventually the code becomes open-source. It gives you a moat from which you can run a business. Or less of a moat, and more of a time-distorting slow motion field that your competitors are 4 years behind.
This is the license Hashicorp used. It means that abandoned projects never need to die. It means that the source code is publically available now.
> Now, no LLM is currently anywhere near doing that for ElasticSearch.
You could probably feed all of ElasticSearch into an LLM and ask it to "reimplement it" successfully. But why would you even bother? There's already an existing open-source alternative called OpenSearch [1].
His point was that we are quickly entering the land of “Source Available” not really being a shield if someone’s willing to spend some time in claude code.
If you viewed the source and reproduced a software project you don't have a license to redistribute, that's cut and dry copyright violation. If the code looks similar enough you are toast. That's why there's the concept of a "clean room" reimplementation. The same is true if you feed the source into the context of an LLM and asked it to reproduce it. You have done nothing but introduce the possibility of transcription bugs.
I certainly get the hurt feelings, but i'm not clear on the license at all.
>Limitations: You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality.
Where on the spectrum sits an average cookie-cutter VPS provider that comes with an OS package manager that installs the program? Does the VPS provider have to screen the package manager? Does that change if they build a wiki with "1-click-install" that just sends an ssh command to install?
Is this just a requirement to have some theater where an "unaffiliated" third party has to provide the set-up scripts? Or just a rule you can't mention the option during the sales pipeline?
I think users applies to end-users here. So you must not run the software as a service (either paid or for free) for other users. You are free to use it yourself.
Crucially, I think what is banned to offer accounts. Offering turnkey-hosting is probably banned in spirit, but the person offering the turnkey-hosting is not in violation, rather the person booking the turnkey hosting and offering the accounts on the instance to third parties is in violation.
I think the wording is originally against somebody like Amazon hosting e.g. database instances for other people to use, and then giving you an account in that database. It's still OK to rent a VM from them and use the package manager to install it.
In any way, it is really confusing, in a way a license should not be. And I don't really understand why someone builds a blog platform, which is not monetized, open sources it, but doesn't want other people to host it. If I open source my stuff, I want people to use it. If I want to share the code but don't want people to use it I'd just put it somewhere it with no license at all (all rights reserved).
Idk. That's not how I'm reading it. Someone reading my blog is a user of the blog software. So running the blog and letting people read it would fall under that limitation and therefore would be prohibited.
I understand that's probably not what they tried to write, but wouldn't want to defend that understanding in a courtroom.
> It's still OK to rent a VM from them and use the package manager to install it.
Do you open up port 80 to the world? Because then you are hosting the service that offers users access to substantial features or functionality.
> In any way, it is really confusing, in a way a license should not be.
I understand the reasoning and I also understand the interest of still providing the sources. I'm however curious why the MIT license was chosen instead of the AGPL if competition was a concern
I really believe this is the best model or licensing. I care about seeing the code and being able to modify it to suit my own preferences, but I also care about the project being healthy and the maintainer being able to earn from their efforts without worrying about cheap competition.
Even better when a project starts with this model so it doesn't feel like a rug pull or doesn't get messy with forks overshadowing the original product. But I don't feel like Bear had the kind of scale to face this type of reaction.
I use mataroa.blog periodically which is in the same nice and I wish the Bear maintainers fulfillment with their project.
Bear has built a great community, I often find myself looking at blogs on the platform. The trending list is a pretty good news feed of tech-blogger related content: https://bearblog.dev/discover/
If you click on the language name, GitHub should take you to a list of all files in that language in the repo. It looks like the JavaScript is basically all admin type stuff.
> You know something's broken when Microsoft gets to claim to be the biggest backer of open source.
They can say whatever they want. They're just lying. If you spend even a little bit of time looking into it you'll find it's just a marketing strategy.
I spent a little time looking into it, and it turns out that Microsoft owns an outfit named GitHub, which apparently offers free hosting for open source projects and is used by a lot of open source software makers. And Microsoft has around 4k employees with contributions to OS projects on GitHub. So maybe "biggest" is a lie in light of their anti-OS efforts, but it is at least arguable. Can you propose a bigger one?
Red Hat is the biggest supported of Red Hat gaining market share. They are also a big supporter of open source...
I'm not claiming Microsoft is a good actor (and they certainly produce a whole lot of derpy trash along the way), but the argument itself is not particular sound.
You mean the outfit that has misappropriated the code of those hosted projects to train their commercial code generator which is a very clear violation of the spirit if not the letter of the licenses of many of those projects?
What is to prevent someone from cloning this code, and jumping into claude code and saying: "implement an identical system in Elixir?"
LLMs are great at translation from X programming language to Y programming language.
The Google/Oracle Android/Java lawsuit boiled down to whether Google engineers copied source code, or whether they re-implemented things in a clean room without using prior code, right?
Isn't using an LLM to rebuild something a great loophole for this elastic search license?
I see this being a losing battle because the license is only as strong as your ability to enforce it. Bear is probably in a good position because of their network position, but this seems like a losing battle long term.
The compilation database tool (https://github.com/rizsotto/Bear), is extremely helpful. It got CCLS/clangd working for me over multiple in-house build systems at a vfx studio.
It also is super helpful for debugging. I have used it a lot alongside a script which converts a compile_commands.json to a sequence of commands, so I can edit them individually without fiddling with the build system, and then once fixed (such as adding a flag to one TU) try to find the way to do that in the build system.
I got this confused with the Bear note-taking app for a minute (https://bear.app/), since it's in a closely adjacent domain and even has similar value statements. Unfortunate naming collision
> We're entering a new age of AI powered coding, where creating a competing product only involves typing "Create a fork of this repo and change its name to something cool and deploy it on an EC2 instance".
I've been curious about how LLMs would impact open source, I have some theories and this is not the only one.
I don't think it would exactly be "create a fork of this repo", but if a developer invests significant time and effort solving hard problems where the solutions are implemented in the released source, once an LLM model is trained on it, then someone else could quickly and easily have the LLM generate a new program that implements the novel solutions. Whether this is a problem or not may depend on the motivations of the developer, but this potential for IP laundering may very well begin influencing the licenses and methods of distribution that people choose.
(Of course, I suppose at some point AI will be able to analyze and learn from binary executables or obfuscated source...)
Yes. Somebody else using your software is usually the ambition of open source developers but this guy is hurt by it. He's programming for money, not doing charity. It sounds like being open source was just for show to make his business look like a charity.
The open source part is usually the whole point, they work solely on open source projects themselves, not deploying those projects for corporations. They work on things like the Linux kernel, mesa, systemd, distros etc.
I don't know about you, but if I'm going to donate to/work for charity, I'd like to ensure it's for someone who actually needs it rather than the Amazons of the world. I don't feel a pressing need to donate any money or time to them.
That makes no sense at all. Software is not a scarce resource, unlike your money. If you donate money to a charity who gives it to Amazon, you would have good reason to be upset. But if you write a piece of software and Amazon uses it, other (needier) users benefit just as much!
Or to put it in another context, if you went and volunteered for a highway cleanup, would you get mad if Bezos drove on the highway you cleaned? Because that is what your position here is analogous to, and that seems like a poor line of reasoning to me.
> This license is almost identical to the MIT license but with the stipulation that the software cannot be provided as a hosted or managed service
Note that while the original change was an additional clause to the MIT license, it was quickly changed to something completely different.[0] Since it no longer permits sublicensing and restricts "remov[ing] or obscur[ing] any licensing, copyright, or other notices in the Software," I believe it's closer to GPL now?
While I can be sympathetic to the problem. This seems to a be a text only blog. Is the technical part here truly the big barrier to setting up a competing service?
It's always sad when someone removes their project from the free software world.
I'd like to comment further on the permissive license point:
> When I started building Bear I made the code available under an MIT license. I didn't give it much thought at the time
I suspect many people choosing permissive licenses do it in the same spirit. They don't give much thoughts about the license, they just want to share the code with others (which is very nice!), and there was a push some years ago to make permissive licenses the default in many ecosystems (this is not innocent, by the way).
For me, the first lesson from this blog post is: think hard about what you want to really allow.
Given what the author says later:
> It hurts to see something you've worked so hard on for so long get copied and distributed with only a few hours of modification
The permissive license was obviously a bad choice. Not blaming, of course, hindsight is 20/20.
Pick permissive licenses if you are okay to work for free for other entities, and if you are cool with the potential asymmetry of them not sharing their improvements.
I'll preach for my church: when you release something, please consider a strong copyleft license. If it's SaaS, consider AGPL. It still allows people to provide services with your work, but if they need to improve your code, they are required to redistribute the improvements to their users. I don't see many reasons, in most cases, to allow people to get your code and not do the same as you: provide the code to their users; that's unfair to both their users and yourself (a notable exception is if you want to push/promote a format or a standard - then you want to push adoption at "all" costs).
Most of the times, this means you can get these improvements back. By sharing free software under AGPL, it is still possible that you'll work for free for someone else. But at least, you'll be competing on more equal footing. They'll actually need to work to be better than you.
In both cases, your advantage over them is your expertise in your own stuff.
A side effect of the AGPL is that big corps are afraid of it, so you will likely not get competition from them (even though AGPL allows them to do so).
Curious what author would think of separating the service and the core parts and leaving core as open source.
This way someone could create a competing service but they would have to write the entire service layer themselves and a single user would be able to self host the core part.
Also curious what they think about the thiefs not caring about the license and copy pasting it anyway. I don’t think the kind of person that copies your code and tries to sell it would really care about the license
From their GitHub:
Obviously you could self host it (and I guess plenty have figured out how to and even created competitors with the code if they are making this change?), but they discourage hobbyists from trying with this unhelpful statement. So what was the point of even being open source? Their whole statement kind of comes off as disingenuous to me because of this.
"Bear Blog has been built as a platform and not as an individual blog generator. It is more like Substack than Hugo. Due to this it isn't possible to individually self-host a Bear Blog."
What I find amusing is that it's built on top of Django and of course uses a few other dependencies[0], and without them the project wouldn't even exist...
You shouldn't look a gift horse in its mouth. Anything being open-source does not entitle you to be able to easily run it yourself. You are given the source as-is with no warranty. It is up to you to be competent enough to do anything with it and not the responsibility of the authors of the code.
If this doesn't suit you (as in, if this is a project you can't run, let alone maintain yourself), then you should consider paying someone (preferably the authors) to do so. I know this is novel to many people here who are used to exploiting the free labour of open-source maintainers, but it's been a decider in tech choices I make lately.
'Can I/anyone else at the company debug an issue and create a bugfix for this cool new open-source tech I want to introduce?' If no, then we are not qualified to run it without external help.
Well I disagree. My take: they wanted their cake and to eat it too. They wanted to be able to say they were free/open source, but really didn't want anyone to be able to utilize the code in any meaningful way. The hobbyist will be turned off because it doesn't look like there is any way to even try it out themselves on their own VPS or hardware. That seems intentional. And now, they change their license so that anyone smart enough to figure it out and make money with it, they not gonna allow that either now. Feels like we know how they really felt from the start, which is they didn't really want anyone to run this code on their own to begin with, but they wanted to still be able to claim "fully open source." IMO, even “disingenuous” is actually a somewhat kind word to how they come off to me.
It reads perfectly clear. It is designed to be a platform and mit license makes it too easy for other people to create competing services and they don’t want that.
Maybe it was a mistake on their part to make it initially open source or it is bad that there are people looking to steal other people’s work
It depends what it is used for. It is not so simple if they are profiting off it and you start profiting as well by stealing their customers. Maybe it is ok even then, but it sounds like it would be super annoying if the “thief” is just copy pasting the code without adding any value
This really confused the heck out of me. I thought Bear blog was really cool. I saw the GitHub link and had hopes to self-host. Then saw the note that it’s not possible to self-host and closed the tab and never looked back.
So this whole post on HN is confusing as heck.
Why post the code at all if you can’t self-host? But apparently you can self-host?!?
Well, I guess kudos to those that saw the note and downloaded the code anyways and tried to spin it up.
As much as people tend to hate it, I quite like copyleft licenses on the whole and wouldnt mind it at all for Bearblog, but this particular variation seems a bit odd. I mean I havent heard any problems from Elastic with it so I guess it sorts itself out, it just seems more complicated just AGPL
It isn't obvious from the title or the blog post itself, but it looks like this is some blogging software called Bear, not Bear the markdown notes app for macos and ios, which as far as I know isn't open source anyway
Maybe unfairly but quite disappointed at this development.
This sentence crystalises open source:
> "Unfortunately over the years there have been cases of people forking the project in the attempt to set up a competing service."
You make something for everyone. And they may use it as they please. This is what open means. Did the author make something open source with the hope that nobody would actually use the gift that they made?
Mataroa [1] also started with MIT license (directly inspired by bear blog) and it subsequently changed as well but to Affero GPL instead.
I vaguely remember seeing bearblog before. While I can't comment much on the actual article, I do want to applaud how simple it looks. It makes me want to migrate away from ghost to bear or hugo or something without javascript/etc.
This screams of uneducated regret with a sprinkling of greed. How do you make your code open source but then not understand what open source is? Or even read the license?
It could also scream life changes. There are plenty of scenarios in which initially the pros of open source outweighed the cons and that has flipped today.
I can say that if I had spent years working on a blog platform with some decent side hustle income I may want to protect it better if I thought my main income might change, by choice or otherwise.
Nitpick but I accidentally upvoted the article (in the bearblog.dev website itself, the small upvote in the website)
and turns out once you upvote, you can't downvote?
Well, I love minimalist site providers
Its license is AGPL which still technically falls under Open source as to what "OSI?" says.
Source available just have a bad taste in my mouth. Maybe my critique of them isn't based on good intentions but I feel like I am getting really restricted as a user by source available licenses. I understand the pain of developers trying to make money. I just think that AGPL is a better use case and even elastic search went back to agpl and a lot of these source available things are going to agpl
I am sure that big tech might be able to bypass agpl itself somehow and that's why there were things like sspl but I still think that agpl is one of the most rock solid copy left licenses.
Why do people go with MIT over a GPL? Would have just releasing it under GPL in the first place also have prevented this?
Don't get me wrong, I have released libraries under MIT before because I have absolutely no problems with others using it even if they want to commercialize it, but I've also released things under GPL3.
Even AGPL would not have prevented this; it would just have required anyone else offering Bear as a service to contribute back changes. It would have discouraged larger companies with policies against AGPL from doing so, but not everyone.
AGPL is not enough to prevent someone providing competing hosting options. They'd need to provide code if they make changes, but competitors are still free to offer the exact same service and not spend anything in development, which reduces the viability of the original project if hosting was the supposed source of income.
So the original project wants to restrict user freedoms, i.e. they _do not_ want the project to be open source; it's a legit choice, even if I personally prefer free software.
Hot take but in the era of vibe coding, where you can literally one-shot a clone of bearblog, this comes as a surprise that people are trying to set up paid alternatives to this service trying to hurt his baseline..
We open source every line of code we legally can at Distrust, and it has paid off in getting us work, even on forks, many many times.
Source code is cheaper than ever, so if you fail to open source first then an open source clone will be created, and your hard work will be irrelevant. Best to have the first open source mover advantage.
This move just told users you are selfish, and breaking the pay it forward chain of goodwill extended by all the developers of the open source libraries your code relies on.
You also just told everyone to park their content on a platform that now has a bus factor of 1, with no option to export and reimport to a compatible fork hosted elsewhere.
If your ability to make a living hinges on open source code like yours not existing, then you are already on too fragile ground to be sustainable, and this looks desperate and will just make more people leave.
Considering how LLM companies don't respect licenses, and if your livelihood depends on it, I'd go a step further and only make the source available upon request, under strict agreements about how it's used.
There's a lot of "open-source" nowadays that has nothing to do with the spirit of hacking.
Its interesting that they went with the Elastic License. Maybe this is a leaf in the wind that we're going to see more adoption of the license outside of Elastic. I get it's not a "standard" license, but standard licenses become standard through adoption. Someone has to be early to the party.
I don't have experience in the subject but recently listened to a podcast episode discussing the tension between open source and building a sustainable business by Oxide and Friends.
There's a reason why some call MIT/BSD licenses "cuck licenses." If you don't want others to profit off your hard work... don't pick a license that lets other profit off your work...
Have you considered that some people listen to text rather than read it? Do you think screen readers, non-native English speakers, or anyone else listening to these are able to reasonably differentiate between “Open Source” and “open source”?
Most readers won’t notice the difference or disregard it as meaningless and if you have to explain to everyone your position on a matter of communication it’s likely that you are the one who needs improvement with respect to your communication, not the rest of the world.
As one of them, I can tell that I agree with @NiloCK.
Maybe because I'm French so I had to learn even stronger rules, but to me if someone doesn't capitalize proper nouns in English, I'll first think that I misunderstood what they were writing because of my deficiencies, before coming to the conclusion that they didn't capitalize.
Whereas, in French, I'm confident enough to mentally capitalize without even thinking about it.
Apologies if I was unclear, but I'm not worried about being understood. It's rare for me to write on the topic.
My frustration is that I always have to guess at writers intention, and that the broader dialogue is confused by this lack of clarity.
This thread exemplifies it - people accused the BearBlog author of being a hypocrite because he says things like "It hurts to believe in open-source and then be bitten by it."
A more charitable read than the hypocrisy accusation is that the BearBlog author never believed in Open Source as intended by the OSI or MIT license, but rather believes in open source as colloquially used, for purposes of software legibility.
I’d like to see a “no jerks” license. It’d be MIT by default, but call out specific bad actors as being disallowed from using the software. That way your average corporate user wouldn’t need to consult a lawyer before adopting
Presumably the license would, like practically all open source licenses, be irrevocable. You aren't guaranteed new versions will be issued under the same license (short of a contract saying otherwise, just like every other piece of open source software) but the existing license that did not list you as a jerk can't be revoked...
True, but that's still a risk that adds to the risk of the authors switching the license.
BTW, if the jerk list is tied to the license, if the project had external contributors, they all need to agree to add or remove someone from the list, like any license change…
> BTW, if the jerk list is tied to the license, if the project had external contributors, they all need to agree to add [...] someone from the list, like any license change…
Not if you base this off a license like MIT that allows sublicensing under more restrictive terms (not a lawyer, not legal advice)
This software shall not be used for evil. With the exception of IBM, who, together with their partners and minions, are allowed to use this software for evil.
Silly. Globally over half of smartphone users have Android phones. Bear was actually the only thing that kept me in the Apple ecosystem for so long, was really bummed when I switched to Android to have to move to another notes program.
IMO - you are charging money for your app which makes you a business. When you don't listen to the market you forfeit any right to complain when you get your lunch money stolen. Sounds hard but most lessons in business are expensive!
As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
I'd like to see some recognition from this crowd of the "free-ride competition" problem as this author puts it. What Herman is doing is a service to us all, and we should find a term (better than 'source-available', which is cold and doesn't capture community projects accurately) that people can promote themselves under without much weeping and gnashing of teeth.
EDIT from a comment in a thread way down, that summarises my point:
I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software. In fact, having no safeguard against large organisations making money this way is actually hugely detrimental to the mission by enabling these companies to ensnare unsuspecting users in a web of both their own proprietary software as well as all that free and open source software has to offer.
> the stance of the 'Open Source' crowd
The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
The proliferation of "give everything away for free" MIT/BSD/Apache licenses seems to me to have been an intentional campaign by corporate interests to undermine free software ideals
> The proliferation of "give everything away for free" MIT/BSD/Apache licenses seems to me to have been an intentional campaign by corporate interests to undermine free software ideals
As a counterpoint, when I make something open source, I really mean "freedom", which includes the freedom to build a commercial service using the software. I use the MIT license not because of "corporate interests to undermine free software ideals", but because I really want the software to be free as in freedom.
GPL, GPLv3, AGPL and similar license actually restrict the freedom to do anything you want with the software. I'm not saying there is anything wrong with it, just that "free software ideals" could mean different things to different people, and there might not be any "corporate interests".
There are two freedoms of different people (or rather different roles) that are in conflict here: the freedom of developers to do whatever they would like to do with code that they have access to, and the freedom of users to be able to change and control the software they use. MIT/BSD/etc prioritise the former, while GPL prioritises the latter: free software advocates generally believe that proprietary software is immoral, and that _all_ software should be open to users to modify, even if that limits developers freedom to keep it secret. The GPL is an attempt to enforce this as much as can be achieved under current law, not a natural reflection of their wishes (which would compel all software to have source code available for modification).
(There's also a secondary motiviation for using the GPL which seems to be driving this kind of discussion, that of 'paying your part', but this is neither open source nor free software in origin IMO: the desired deal is 'I make the source code available, but I want a cut if you're making money from it'. You can often do this with a version of the GPL that is viewed as sufficiently anti-commercial, and then offering a paid proprietary license, but this is antithetical to the goals of those who wrote the GPL)
The GPL is meant to be viral... it infects other projects so as to open up software ecosystems. The open source movement came out of a time when nearly everything was proprietary and locked up.
Tivo-ization really woke up a lot of people to the dangers of proprietary lock in and abuse. https://en.wikipedia.org/wiki/Tivoization
> The GPL is meant to be viral
But that also makes people not wanna bother with it. People in the middle who doesn't care either way will be very apprehensive of putting in a license virus in their project.
You should always know what patents and licenses are part of your project/product.
This is both true and absurd.
True because that's how the system actually works today.
Absurd because monopolies on ideas -- specifically patents and software licenses as mentioned here -- have absurd durations.
But the point others make is, this type of libertarian free is wide open to the Embrace, Extend, Extinguish strategy. A very successful, repeatable business strategy to own supposedly "open" domains. There's a reason people have debated freedom to and freedom from for centuries. This is the core conundrum/challenge of freedom.
GPL style licenses provide some guarantee you're investing in an ecosystem that is resistant to EEE. Freedom from takeover in exchange for freedom to make any arbitrary business venture. It's a choice, but to conflate libertarian freedom as the only form of freedom is narrow and ignores this centuries old unsettled debate.
Corporate interests != GPL is not on the cards
Amazon offers lots of AGPL software, and they fully respect the license in all cases. Ultimately the GPL is about protecting users' rights at the expense of developers' rights. So as long as AWS can offer a better/cheaper managed version of a software service, while still giving the users all details on how to run the same service if they chose to, then the AGPL is completely achieving its aims, even if the original company goes out of business.
> protecting users' rights at the expense of developers' rights.
Protecting the user's right to compete with the developer is not sustainable.
Protecting the user's right to run the software for free on their own or in their company so long as they don't resell it is perfectly salient and should be enough for anyone. That's really all the freedom a user needs.
If you're asking for more, it's because you want to take the developer's business. That's 100% unfair.
The hyperscalers aren't giving back 1/1,000,000th of what they've taken. Yet we go after "source available" or "fair source" like it's some grave evil.
Where is there opportunity left for software outside of the major trillion dollar companies if we don't start giving developers the benefit of profiting on their work?
I make a point to cheer on every fair source, source available, or open core project I see. It's the sustainable path forward. We shouldn't be taking from each other - we should be finding out how to take back from the hyperscalers.
This is a very business-centric viewpoint. I publish a small number of open-source libraries. They are not a business. I have no interest in making them a business. In fact, the idea of making them a business is repellent. They're just code for doing some tasks more easily than starting from scratch.
I made some of them because I needed them, and had no reason to own them. I made some because I thought another library was poorly designed and I could demonstrate a better way. I didn't make any because I wanted money or recognition. I don't care who uses them, or how. It is literally impossible for a user to do anything with any of them that harms me.
I am deeply suspicious of any world view that declares it bad when people use code I have released for free. I released it so people would use it. Good for them!
To be clear: I am not talking this kind of open source.
Rather, full-time commitment to software of scale. Software that does have business use cases. Software where outages can cost money.
All software meets this criteria to someone
> Protecting the user's right to compete with the developer is not sustainable.
It's only unsustainable when you are interested in keeping "user" and "developer" as distinct sets.
> The hyperscalers aren't giving back 1/1,000,000th of what they've taken. Yet we go after "source available" or "fair source" like it's some grave evil.
No we are going after it when people try to pass it off as open source when it really isn't.
I like open source because it means I'm not beholden to the original developer in any way as long as I pay it forward. I'm OK if this means you can't find a profitable business model.
I can't comprehend this view at all.
I hate open source purism. It's not pragmatic and it's enabled us to be resold a world with ever disappearing rights.
This view is okay with hyperscalers. But it attacks the small developer.
The hyperscalers are removing our freedoms and privacy. Not small developers.
We need leverage against this.
Strongly agree with the view you're responding to. So maybe I can talk about it.
There's just tons of software that you expect people to re-host. Yunohost has a massive catalog of free and open source software that is specifically designed to be spun up in a matter of minutes on open source VMs. To do what you're suggesting for those pieces of software would destroy the ecosystem entirely. The goal is to have multiple providers that are interchangeable that can host the software you need. So if one provider goes down, you can switch.
Meanwhile, MBAs that wanted to make money on their open source software decided that a good way to do that was to host services in charge for them. I agree, but the challenge here is what do you do when Amazon decides to take your software and also make it available to host?
And that's the moment where people abandon free software because it's inconvenient for that particular business model. The bug is not in free software. The bug is in the business model of the companies wanting to claim that they're peddling open source software, while not actually doing so: they want to have a monopoly on providing that software as a service. I understand why, but it's not good for the customer.
A real example that's getting a little long in the tooth, but back in the mid-2010s, I wanted to buy elasticsearch for a geographic search for my startup, and turns out that elasticsearch hosting, which I preferred, didn't actually offer CPU intensive instances suitable for geo-hashing. And I ended up having to switch over to Amazon to get the kinds of memory and CPU allocations that were best for our use case.
I get that you're concerned about the sustainability of these businesses, but introducing a monopoly on hosting has other downsides.
Open source means surrendering your monopoly over commercial exploitation:
https://drewdevault.com/2021/01/20/FOSS-is-to-surrender-your...
The hyperscalers are contributors to FOSS, both in code contributions and funding. They could easily far better though.
> Protecting the user's right to run the software for free on their own or in their company so long as they don't resell it
One company uses the software internally to create more value for a customer of theirs.
A second company uses the software internally to provide a paid service to a customer.
A third company resells software they bought to their customer.
The end result is the same: Company makes money, customer exhanges money for value. Somehow only one or two of those use cases would be legal.
> Protecting the user's right to compete with the developer is not sustainable.
I agree with you, actually - but Richard Stallman and the Free Software movement more generally really don't. They exactly and explicitly believe this right exists and should ideally be a legal right, and the AGPL quite explicitly maintains this right.
Ultimately the Free Software movement is predicated on the concept that ideas can't be owned. They generally oppose both copyright and patents, and not just for software. Their licenses are meant as a stop gap solution. Ideally to them, or at least to some of the more die-hard members, laws would be changed such that what the GPL grants would not be a license predicated on copyright, but instead a legal requirement for all software, while copyright would be entirely abolished.
In addition to their general opposition to copyright and patents, Free Software people also view software as having a special role in terms of privacy and control - that, even more so than books and other copyrightable works, you have a right to know what the software in your house and business is doing, and to modify and fix it if it's doing something you don't like. This is related to privacy rights on one hand, and also anti-monopoly, right to repair concepts on the other hand.
This is all very different from the Open Source movement, even though they basically use the same kinds of licenses. The OpenSource movement is more of an industry group that believes competing on building much foundational software is a waste of resources. Instead, they believe the best way to build this foundational software is in collaboration with other commercial or non-commercial entities, building it in the open such that all may benefit from contributions and add their own contributions. However, the Open Source movement is completely fine with, and even expects, then making a proprietary product on top of this open source base.
To them copyleft licenses are a tool to make sure others don't keep their improvements for themselves, but have the downside of making it harder to build your proprietary stuff on top. Conversely, software that takes your contributions but then doesn't allow you to use it in commercial offerings is completely unacceptable, since the whole goal of the movement is for different companies to build a common infra on which they can then build their own commercial products.
Ultimately, both the Free Software and the Open Source movements will agree that a core part of open source is that anyone should be able to compete on delivering the original software, even if for entirely different ideological reasons.
Agreed. The AGPL does not care at all about those writing the code. It is all about users.
The AGPL makes it so those users can be the same ones as the ones writing code.
As I recall, Open Source was about developers collaborating to make better software. It was a pro-developer philosophy vs the Free Software movement which was all about the rights of users (and developer hostile in my view). GPL and its children are from the Free Software Tradition.
Open Source provides the same “4 freedoms” as Free Software so most Open Source licenses qualify as Free Software as well.
If the goal is developer collaboration, permissive licenses are often the best choice. If you want maximum user entitlement, copyleft licenses limit developer freedom in exchange for a guarantee that future code will also be released as free software.
Cloud hosting was a challenge that did not exist when either philosophy first emerged.
With hosting, you are able to become the preferred source for software without adding much value to the code itself. This is what the author is complaining about.
The AGPL tries to address this in the GPL family but I don’t think it quite gets there. For permissive licenses, we see these “no hosting” exceptions.
If you read the early writings from the Free Software Foundation, they do not care if devs can make a living. The goal is user freedom. I think it is this philosophy that objects to the hosting exceptions.
Perhaps a better solution will be found in the future.
I often think the solution is to move away from crafting a perfect ideology to encapsulate in your license, and just throw out some numbers. If you make more than N* the median income of this or that place, you can't use this software for free (whether that means licensing fees, code contribution, etc can vary). Let the smaller fish grow. If they get big enough, they can give back.
How would that ever be enforced? Do you not run into WinRAR/Sublime problem of "ey you've been using this, pay us, please"?
At 50k USD / year revenue it would be impossible, probably a lot easier at 1m / year. Higher profile use cases are known, and companies tend to comply with licenses rather than pirate software. Just like now, you lose a lot of control as soon as your source is available.
> The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
Not wanting to further widen the schism but wasn't that the free software people rather than the open source people? cf [0], particularly the "not as strict" part.
> In the late 1990's Eric Raymond and others developed the term "open source" as a more business friendly term than "free software", with a more inclusive meaning where licenses that were not as strict about the passing on of modifications would also quality for the term.
[0] https://www.freeopensourcesoftware.org/index.php?title=Eric_...
No, open source was definitely more leaning toward the GPLv2 than the BSD-style licenses.
…until businesses decided that the GPLv2 was legally risky and businesses started to avoid it.
Software businesses. Other businesses do not care.
This is FUD. Some businesses may have a policy of not using GPL software, but all the major enterprises, including Microsoft and Apple, use GPL software.
My comment wasn’t written with enough precision.
Using GPL software: yes. Totally fine. The rise of Linux and all that jazz.
Incorporating any part of GPL software _into_ other products? Pretty much doesn’t happen. Every company I’ve ever worked for has said “do not bring LGPL or GPL software into the codebase.” When it comes to commercial software, be it cloud based, or downloadable, you’re not going to find much that tries to incorporate GPL stuff. You just won’t.
Of course proprietary software products aren’t going to bring in the GPL. They literally can’t.
They _literally_ could.
How does one keep software proprietary while leveraging the GPL (aside from the case of not distributing it)?
There are a few avenues.
1. You incorporate GPL software and hope that no one notices and/or no one challenges. This is the most popular approach, and it’s quite successful, actually. 2. You cease to be a proprietary software company. Less popular, but an option.
Both of these are literally possible.
Apple often goes to great lengths to avoid anything GPL.
>The original stance of the open source crowd.....
>The proliferation of "give everything away for free" MIT/BSD/Apache licenses...
Interesting how the world have changed. The so called GPL preference, or GPL > GPLv3 > AGPL among Open source crowd is a recent thing. Arguably in the last 15 to 20 years. Both BSD and MIT dates back before GPL. And you will see far more people prefer BSD and MIT in the 90s and 00s.
I have also long argued that the license preference among generation has somewhat a linkage to political shift in spectrum. Likely to do with Tech, now known as Big tech taking advantage. And it used to be very cool if your OSS project get used by a big company, until it is not.
> Interesting how the world have changed. The so called GPL preference, or GPL > GPLv3 > AGPL among Open source crowd is a recent thing. Arguably in the last 15 to 20 years. Both BSD and MIT dates back before GPL. And you will see far more people prefer BSD and MIT in the 90s and 00s.
Back when I was getting started in the mid-90s, GPL and LGPL were kind of the default. BSD and MIT were used for certain projects, like the BSDs and X11 of course, but the goal back then was to build up a large library of open source (then, "free software") as viable alternatives to proprietary software, and the GPL was the easiest way to do that and ensure it remained free.
It was the rise of Rails, and the attracting of commercial programmers and startup bros to open source in the '00s, that motivated the historical preference for BSD and MIT licenses.
As a BSD developer from the 90s, that does not reflect my experience.
We wanted our code to be as widely used as possible. It’s really not any more complicated than that.
There was always tension between the folks that shipped GPL software and folks that shipped BSD/MIT software, but the dividing line was not whether or not we were “commercial programmers and startup bros”.
It has always come down to questions of what we believe freedom to mean, how we wanted to contribute utility to the world, and whether we saw the use of our software in commercial projects as a loss to ourselves in a zero sum game.
The rise of “software as a service” has changed that calculus for some, and disadvantaged those that sought to build commercial service entities around their open source software. In the areas that I work, it’s made no material difference.
As for Ruby on Rails, I think it’s outsized presence on hacker news might have given you an inaccurate picture of its influence on the broader open source ecosystem.
> There was always tension between the folks that shipped GPL software and folks that shipped BSD/MIT software, but the dividing line was not whether or not we were “commercial programmers and startup bros”.
> It has always come down to questions of what we believe freedom to mean, how we wanted to contribute utility to the world, and whether we saw the use of our software in commercial projects as a loss to ourselves in a zero sum game.
I remember the shitstorm Zed Shaw caused when he built something on top of MIT/BSD-licensed libraries and released it under GPL. "B-but that's against the spirit of the license!" people said.
This is a very old argument, rooted in differences in how one believes OSS cooperation is best fostered; through social norms and practices, and/or through legal fiat.
BSD/MIT authors see most proprietary use as a feature — it can drive adoption and contributions that wouldn’t exist otherwise, while generally not directly competing with the original project in the open source commons.
It is considered an opportunity to leverage social mechanisms to garner support and contribution that would otherwise not be available.
GPL relicensing is different, in that it creates a direct rival open source commons with inescapable one-way asymmetry.
The license permits it, but since BSD/MIT authors tend to prefer social norms over legal fiat to sustain cooperation, they don’t see hypocrisy in objecting (even if GPL advocates do).
(I’ve tried to be as measured as possible, but obviously, I fall on one side of the debate, and I’m sure that my point of view leaks through.)
> It has always come down to questions of what we believe freedom to mean, how we wanted to contribute utility to the world, and whether we saw the use of our software in commercial projects as a loss to ourselves in a zero sum game.
Very well put! I personally believe that "freedom" must include the freedom to do anything you want with the software, even close off your fork if you choose. And I do not believe that a commercial project using my software harms anyone at all, as my project is still there, still available for all. Accordingly, I have always believed in and used permissive licenses. It has nothing to do with corporate profits, and I find it vexing that people make that bad faith assumption in discussions such as this.
Yep. This tinfoil conspiracy theory about these licenses being a scheme by VC backed startups is insane. Only a relative newbie to the scene could fall for that narrative. If you've been on the scene for 15-20 years, you know this is just the ethos, and these various licenses arose out of specific needs, but not opposing ideologies.
> And it used to be very cool if your OSS project get used by a big company, until it is not.
Working for big companies used to cool, but now they are just all EvilCorps.
I think the companies themselves changed. Google used to be much less evil.
> And it used to be very cool if your OSS project get used by a big company, until it is not.
Yup. Open source advocates would brag about adoption in enterprise. They would incessantly argue about how safe open source is compared to close source and would constantly complain about stupid managers not allowing open source.
Not all of them, but that stance was predominant when I was younger.
> The proliferation of "give everything away for free" MIT/BSD/Apache licenses seems to me to have been an intentional campaign by corporate interests to undermine free software ideals
Is it not because corporations started funding open source projects in a big way (multiple billions of dollars a year big), and they fund projects that have licenses that they can use in their commercial projects.
To me that's a sign of the success of Open Source rather than the opposite.
As someone in the MIT/BSD/Apache camp, no, for me it has nothing to do with corporate interests. When I release code for free I'm doing it altruistically, and to me MIT/BSD/Apache has the most impact as it can be used in the most places now and into the future.
> The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
Expanding on this, the Free Software movement always focused on freedom for users - which, in a world where copyright applies to computer programs, ultimately leads to the licenses you listed to repurpose it.
The Open Source movement usually tries to advocate for open-source as the best development model. As in, writing it in the open and contributing with other people will result in objectively better software in the long term. Others treated it (when the term was coined) as a marketing term for Free Software, making it more palatable to businesses whose people running it don't want to talk about ethics too much.
https://www.gnu.org/philosophy/open-source-misses-the-point....
> The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
s/open source/free software/
None of those licenses prevent Amazon-style freeloading though.
Amazon isn't freeloading anymore than users hosting the software themselves. They are providing a service and getting paid for that. This is only a problem for the original creator because they would rather get paid for the service himself but that desired vendor lock in was never something compatible with an open source license that ensures user freedom.
The original stance of open source is to cater to "free-riding" businesses. That's like, why the term "open source" even exists. You're thinking of the "free software" crowd.
The MIT and BSD licenses predated the GPL. People have a choice as to which ethic to follow ... it's not the result of a corporate conspiracy. (And I'm a social democrat, not a corporate simp.)
I'm not so clear the choice was made consciously. There's a big swing away from the GPL and towards MIT/BSD around the time that Apple starts adopting a bunch of open-source projects for inclusion in MacOS X, and it accelerates when various big companies announced that they would be forbidding GPLv3 adoption. Fast forward to the cloud provider era, and basically no new software is being placed under the GPL (at least in part because Amazon/Google/Facebook/etc are predicating contributions on being GPL-free)
The problem with GPL was "tainting." It was never clear in what cases you could use GPL without it dragging all your code into being freely available. LGPL was supposed to help with that; AGPL made it even worse. The lawyers were terribly confused and recommended you just not use anything with "GPL" in the license.
The reason why MIT/BSD licenses flourished is that they were easy to understand. As long as you didn't sue the original author or try to claim the code was written by you, you were free to do almost anything with it, including mixing it in with other for-profit code.
Whether that's an abomination or a blessing depends on your corporate vs. free software politics.
GPL also gets incredibly ambiguous when it's applied to anything that isn't software written in a language like C for a personal computer. (What does "linking" even mean with respect to a Javascript library, for instance?)
It's only unclear if you are trying to skirt the spirit of the GPL.
People who aren't trying to get freebies from he commons without paying back never had a problem with the GPL.
Just think about the goals of the GPL (software freedom for users), and its easy to see what you should do. Make it practical for a user to obtain and modify the source form (non-minified, non-transpiled, non-concatenated TypeScript/JavaScript/etc) of the library, build the version ran by the web browser, and replace the original with their modified version. Source maps can make part of that easier too. Progressive enhancement helps. Clean frontend/backend separation helps.
The "goals" of the license are irrelevant. What matters from a legal perspective is the text of the license, and every time that text sets legal conditions which reference specific technologies like "linking", "object code", or "interface definition files" which don't apply to all programming languages, a lawyer's blood pressure rises.
Intent is relevant in law, especially when text is insufficient to determine a clear meaning.
> For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work.
So I think it would cover pretty much any JS library usage, except maybe if you just drop in a widget and don’t interact with it in any way.
Exactly. I was building a WASM lib using Emscripten and this was the exact question I could not answer
(All personal opinion, etc.)
I'm not actually sure what a better way to square the circle of not making the large entities that have developed a weird patronage relationship with open source projects run away while also avoiding the kinds of problem that the GPLv3 and AGPL are hoping to deal with, would be. Limiting the virality scope might be beneficial there, but I'm not sure how you would word that in a way that's not gameable.
It feels like we've wound up in a weird position where because so many GPLv2 projects moved to GPLv3, companies were startled into paying attention to the risks involved in a new license with open questions about how it would shake out in actual courts, as well as being jolted to the very real possibility it could happen again, and took the path of risk reduction by moving toward platforms where that couldn't happen.
You might compare it to everyone pointing to Solaris's source closing as a reason to not trust Oracle about MySQL's license remaining GPLv2. (As it turned out, so far, they haven't changed the license, but there was certainly a lot of fearmongering about that at the time.)
So I think I agree that it's not so much a coordinated effort to steer anything as the direct effects of companies avoiding funding that space, as well as the knock-on effect that anyone whose goals involve large companies using their product and leveraging that avoids picking a license that precludes that in turn.
The creation of those licenses, maybe. Their mass popularization, and the pooh-poohing of GPL licenses that often goes with it in related discussions, is much more recent.
Most people have no problem with non-open source software. The gnashing of teeth comes in when projects like Terraform become successful specifically because they're open source, and then the maintainer changes to a closed source license that would have prevented the project from being successful in the first place.
Doubly so when they relicense outside contributors' work with a closed source license because those contributors signed a CLA.
Quite a few people commenting here are having problems with it in the case of Bearblog though, including some pretty wild accusations.
And lets be real here: https://github.com/HermanMartinus/bearblog/graphs/contributo...
Looking at the details of that, the only two (small) substantial code changes from other people are "User can delete their own account" from 2020, and "Use cloudflare online dns api to perform domain check" from 2021.
If we are real, it's also quite clear that contributions are not accepted at least from 2023. And the Readme talked about the project not meant to be self-hosted in the past.
I have no horse in the race, just think that maybe this project is not a good measure of contributions.
> Quite a few people commenting here are having problems with it in the case of Bearblog though, including some pretty wild accusations.
That's why I said "most people" (of which I think HN commenters are not a representative sample) rather than "nobody" :)
The trick is not to get attached to a project name. `Terraform` is a trademark of IBM (previously Hashicorp). Terraform used to refer to an open-source IaC project, but now it doesn't. OpenTofu, https://opentofu.org, is probably the most accurate name for the continuation of that open-source project.
This is of course the correct way to proceed as an affected user but does not mean the bait and switch cannot be criticized.
Sounds like we need a "forever open source" license.
A commitment that any significant derivative retain the original (or some later version) of the original license.
"Free to do whatever as long as it retains this license. A commitment that this license will not change, even by the original author".
No special cases, just a blanket license for all derivatives.
If it exists, what are the barriers to adoption? Why don't we all use it?
> A commitment that this license will not change, even by the original author
Unless you’re entering into a contract with the project maintainer (which you’re not, if you’re just downloading or using it) then such a commitment means nothing.
Applying an open source license to your work means you’ve licensed other people to use it under those terms.
You can make all the commitments you want in the license, but it doesn’t actually commit you to keeping all future work open source as well under the law.
So you could write this license and make the commitment, but if you changed your mind later and decided not to open source future commits to the project that you made then nobody could stop you. Not unless you had entered into a contractual agreement with them and exchanged some consideration (money).
I'm really not a lawyer, but I'm skeptical that such a thing is even possible; is it legally possible to say that you as the copyright owner will never relicense something?
(What I'm given to understand does work is using a copyleft license and taking code from multiple parties without a CLA, because then relicensing requires all the copyright owners to agree, which for a large enough project is impractical.)
> I'm really not a lawyer, but I'm skeptical that such a thing is even possible; is it legally possible to say that you as the copyright owner will never relicense something?
It’s possible to say anything. Without something like a contract with reciprocal commitments to make it binding, the legal effect of saying it is limited (though not necessarily zero, because legal concepts like promissory estoppel exist.)
How about a standard entity "OSI perhaps?!", that commits a file to an early stage of the repository (could this be automated), who then cannot / will not give approval for a relicense?
Love the idea but the thing is, if it's just one file then it's probably easy enough to work that contribution out of the repository.
It is quite fun to try and think of ways that this could work though. Perhaps a bot that code-paraphrases (paracodes?) every accepted PR. Or maybe there's some crypto magic you could do to make the only option a clean room rewrite.
Relicensing still can be done, just keeping that file out. (and reimplementing it the same but with new code, if it was really needed for something important)
I’d suggest the GPL family without a CLA as an approximation of that intent.
> If it exists, what are the barriers to adoption? Why don't we all use it?
My theory is that people in general don’t care that much, or (particularly in the case of corporations) consider permissive licenses to be ”freer” than copyleft.
Maybe this makes more sense as a change to trademark law than a license thing. If a name OpenSourceProject has gotten popular due to being open source then I would say it's in the interest of the public to ensure that OpenSourceProject keeps referring to an open source project an isn't misappropriated for something else. It's a kind of bait and switch fraud that I think should be generally illegal. On the other hand I don't see why we should care about the creator not being allowed to re-license his own work as long as no one has been mislead about what they are getting.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
If you aren't interested in open source, that's your option, but open source has had a clear meaning for decades. You can use/write your software and people that believe in open source can use/write open source. What's the problem?
> If you aren't interested in open source, that's your option, but open source has had a clear meaning for decades.
If I’ve learned anything from reading HN comments, it’s that “open source” means different things to different people, including those who believe themselves to have specific knowledge of the history of the topic.
There are half a dozen different claims about the original meaning of “open source” in this comment section alone. They’re coming from people citing history and notable figures from open source past.
Yeah, and all but one of those claims is incorrect.
"Open source" is not just a turn of phrase which became common over time. The phrase was coined by the founders of the Open Source Initiative, and it has always had a very specific meaning: https://en.m.wikipedia.org/wiki/Open_Source_Initiative
People who seem to think that "open source" has a variety of meanings, are probably confusing it for "free software" which does indeed have a variety of meanings (which was the whole reason the phrase "open source" was created - because "free software" was too vague, and they wanted to create a term with a single, specific definition!)
Not at all. There are some people who want open source to mean something else than it does because they want the positive publicity that comes with the term without the commitments to user freedom. Those people should not be given any weight.
Whether they contribute back their changes to their users.
That's copyleft, something OSI was basically created to not imply.
Then you want free software (a subcategory of open source).
Free Software and Open Source have definitions that are both on their face and in practical application by the bodies responsible for each almost entirely identical. Neither is a subset of the other.
If you are concerned about mandating users provide modifications by a similar license to the one they received material under, what you want is copyleft.
“Free software” means copyleft. The free software foundation manages copyleft licenses. The term open source was explicitly coined to differentiate from the more restrictive free software / copyleft.
All free software licenses are open source licenses. Not all open source licenses are free software licenses.
> “Free software” means copyleft.
No, it doesn't. The FSF uses “Free Software” to refer to a broad class that is essentially identical to the OSI use of “Open Source.”
The term the FSF uses for copyleft is “copyleft”, which is a subset of Free Software.
To underscore the point here: the FSF
1) hasn't/doesn't publish a free software definition that describes copyleft as a precondition to free software
2) hasn't/doesn't claim in any of their non-normative commentary that the definition has that precondition
3) readily and regularly refers to projects published under permissive licenses like the BSD, MIT/X11, and Apache licenses as "free software", despite not being copyleft licenses
4) themselves publish/maintain/govern software projects that are licensed under permissive licenses like the aforementioned non-copyleft licenses
The claim that "'free software' means 'copyleft'" is a pernicious, bizarrely recurring but wildly misinformed claim that only shows up on message boards by people who can't ever have actually read primary sources that explain the positions of the organization they purport to describe, and have instead just, like, decided they understand the topic (through, I dunno, osmosis or something, I guess).
https://www.gnu.org/philosophy/free-sw.html
Linked to from here:
https://www.fsf.org/about/what-is-free-software
Very explicit about open source being different from free software.
Also if what you say is true, there would be no reason for “open source” to exist. It was coined by Christine Peterson explicitly because the term free software conveyed a different ideal than the BSD/MIT license crowd was aiming for.
> nearly all open source programs are in fact free.
You are just wrong, and your first link proves it. The definitions are essentially identical. The philosophies behind them are different.
It's like the "Gulf of America" vs. the "Gulf of Mexico". You are talking about the same territory in either case, just expressing a different viewpoint about it.
This is completely false and ahistorical. The first license associated with the term "open-source" was the MPL, which is a copyleft license.
Open-source never attempted to distinguish itself from free software in terms of licensing or content, and "free software" has always included permissive licenses.
You can find lots of free software licenses which are not copyleft listed on the FSF website, with links to longer commentaries on them. The FSF clearly identifies them as free software licenses, and always has.
https://www.gnu.org/licenses/license-list.html
this page is linked to from FSF.org here:
https://www.fsf.org/licensing/
Take a few minutes reading the publications of the organizations and movements you're misrepresenting. Take a look at the OSI's Open-Source definition as well.
This statement is incorrect.
Indeed it is, but can people please not abuse the flag function for such cases? It's not against the rules to be mistaken, and "flag" is not supposed to be a super downvote.
I never use the flag function.
You are correct ... the other responses to you are not. "Free software" as in the FSF is "free as in freedom, not free as in free beer", which is why copyleft was invented, to establish such a distinction.
No, this is completely wrong. Free/libre software is distinguished from "gratis" software, such as demos or shareware. Any software that is freely available for users to legally modify and redistribute however they see fit, under the same license or some other, is free software.
Examples of non-free software are shareware like WinRar, software only available for non-commercial use like OMNeT++ [0], and (slightly more controversially) things like ElasticSearch or MongoDB.
[0] https://omnetpp.org/intro/license
It's not completely wrong ... how rude. Shareware isn't even open source, generally, and it certainly isn't gratis--you have to pay for it, or at least should, and there are often restrictions or time limits if you don't. Again, the "free" in "free software" refers to freedom, not free beer.
https://www.gnu.org/philosophy/free-sw.html
> “Free software” means software that respects users' freedom and community. Roughly, it means that the users have the freedom to run, copy, distribute, study, change and improve the software. Thus, “free software” is a matter of liberty, not price. To understand the concept, you should think of “free” as in “free speech,” not as in “free beer.” We sometimes call it “libre software,” borrowing the French or Spanish word for “free” as in freedom, to show we do not mean the software is gratis.
And
> “Open source” is something different: it has a very different philosophy based on different values. Its practical definition is different too, but nearly all open source programs are in fact free. We explain the difference in Why “Open Source” misses the point of Free Software.
etc.
That definition, and Richard Stallman himself, completely agree with me. A BSD license also guarantees "that the users have the freedom to run, copy, distribute, study, change and improve the software".
Here is Stallman spelling it out explicitly:
https://www.gnu.org/licenses/bsd.en.html
> The two major categories of free software license are copyleft and non-copyleft. Copyleft licenses such as the GNU GPL insist that modified versions of the program must be free software as well. Non-copyleft licenses do not insist on this. We recommend copyleft, because it protects freedom for all users, but non-copylefted software can still be free software, and useful to the free software community.
> There are many variants of simple non-copyleft free software licenses, such as the Expat license, FreeBSD license, X10 license, the X11 license, and the two BSD (Berkeley Software Distribution) licenses.
So, I stand by my assertion. You are completely wrong in saying that only copy left licenses are free/libre software, even according to Richard Stallman himself.
The BSD license does not offer the same software freedom guarantees as copyleft licenses though, since downstreams can elect to not release the source code. You are right otherwise though.
> Shareware isn't even open source, generally, and it certainly isn't gratis--you have to pay for it, or at least should, and there are often restrictions or time limits if you don't. Again, the "free" in "free software" refers to freedom, not free beer.
Yes. The comment you are replying to already said this: ‘Free/libre software is distinguished from "gratis" software’.
Your earlier comment wasn’t wrong for saying that ‘free software’ refers to freedom; that part was correct. But it was wrong for agreeing with a comment which claimed that ‘free software’ means ‘copyleft’. Copyleft is free software, but free software isn’t always copyleft.
Saying that ‘free software means copyleft’ is like saying that ‘bird means goose’. Goose is a kind of bird, but not every bird is a goose; just like copyleft licences are free, but not every free licence is copyleft. The responses (which you called incorrect) were trying to explain this important difference.
Copyleft licenses don't even need to be free! All copyleft means is that derivative works must use the same license. For example, the Creative Commons BY-NC-SA license [1] wouldn't fulfill freedom 0, since you can't use the material for commercial purposes.
(Granted, Creative Commons licenses are typically not used for software, but the point stands.)
[1] https://creativecommons.org/licenses/by-nc-sa/4.0/
Is that really the case? I’m not outright disputing this, but with the term ‘copyleft’ originating from the free software movement and all, I normally take it to identify free software which protects the freedoms it grants (typically by extending the terms of its licence to derivative works).
I see that a similar mechanism is used by some non-free licences, as you have just shown, but are those really considered ‘copyleft’? Isn’t the term more properly used when said mechanism is used specifically to grant and protect the four freedoms? Both the FSF¹ and Wikipedia² seem to view the freedom aspect as an important part of copyleft, at the very least.
1. https://www.gnu.org/licenses/copyleft.en.html 2. https://en.wikipedia.org/wiki/Copyleft
Hm! The Wikipedia article intro explicitly lists the Creative Commons share-alike license condition in its list of "notable copyleft licenses", but later says that "any copyleft license is automatically a share-alike license but not the other way around". So at the very least I guess it's debatable :)
(I'm not sure I would rely heavily on Wikipedia for this — they only use secondary sources and in practice most of their sources will be GNU-related, so the article is probably biased in that direction.)
[flagged]
[flagged]
[flagged]
People can license their software however they want, but it is worth reflecting on why almost all open source authors go with a permissive license like MIT: because it is basically a "buyer's market." When choosing a database, distributed queue, blogging platform, or whatever, companies usually have a choice of at least several high quality open source options.
If one of those options places restrictions on the users, then those users are probably going to choose one of the other options.
As a result, licensing your project GPL or the like usually means relegating it to obscurity. There are very notable exceptions, including Linux and WordPress, but they are outliers. It's hard to monetize an MIT project, but it is even harder to monetize a project without users.
Whether this is "good" or "bad" is a separate debate (err, usually flame war), but I think many people gloss over that this is a coordination problem and that everyone is acting rationally. For better or worse, software does not seem to be scarce.
I disagree. It will be harder to monetize MIT licensed projects, because any competitor can just grab and run. With AGPLv3, at least legally the competitor needs to publish their modifications as well. This in turn makes it more likely the competitor will not use your code, or if they do, in accordance with the license, which would be fine, and users of the product you build will mostly not care, because they don't even know what the licenses are about.
Sure, but you're skipping the first part where if you make your project AGPLv3 most users will just choose a different project doing the same thing but with an MIT license.
I agree that if you can somehow achieve widespread adoption with a copy left license (like Linux or Wordpress), then that will be better for you. But IME copyleft licenses are a major hurdle to widespread adoption, so such projects remain obscure.
I'm not saying it is a good thing, but I've never worked at a company where we were allowed to bring in copyleft dependencies (even though everything invariably runs on Linux, which is GPLv2).
If it stays obscure, that isn't necessarily too bad. You respect your users and grant them the freedoms, if they seek them, but if not then that's their choice. It is merely geared against competitors taking and running, making a "better" (moaaar features) closed source version.
None of the limitations of open-source licenses apply to the authors themselves. (author = the person or organization whose name appears in the copyright notice). I.e., you can have a MIT/GPL/AGPL licensed project, but have a "premium" fork/derivation/later-version of it that's completely closed source.
I actually see this as a valuable incentive to open-sourcing under MIT -- if a commercial provider of your software emerges, it will help you test/prove that a commercial market for your software exists, after which point you can completely close-source it and pivot to purely commercial competition.
Open-sourcing, then, is basically baiting the waters to see if anyone sees commercial potential in your work. And the minute that's validated, you get funding and start your company.
Close-sourcing a previously open source project is like a deathwish for that project. Will meet much aversion, and if the project is important, people will fork whatever the last open source version was. Then you usually lost all cards and don't have a business at all.
> It will be harder to monetize MIT licensed projects, because any competitor can just grab and run.
Importantly - any competitor can grab it and modify it to make it easier for them to run at scale and keep those changes closed-source.
> People can license their software however they want, but it is worth reflecting on why almost all open source authors go with a permissive license like MIT: because it is basically a "buyer's market." When choosing a database, distributed queue, blogging platform, or whatever, companies usually have a choice of at least several high quality open source options.
> If one of those options places restrictions on the users, then those users are probably going to choose one of the other options.
First, if someone isn’t paying, he’s not buying. ‘Paying’ should be understood broadly, e.g. code as well as money counts. A company paying dollars really doesn’t care that much about the license — plenty of companies pay for proprietarily-licensed products (even ridiculously limited ones, with dongles and high seat prices). OTOH, a company ‘paying’ with code contributions should prefer the GPL, because it knows that its contributions will never be taken away from it.
Second, the GPL does not restrict users; it restricts developers from restricting users.
The GPL family is the right way for individuals and companies to form a software commons in which all can benefit.
Well, many developers publish their code not because they want to specifically make a successful open source project, but because they made something that was useful to themselves, and like the idea behind open source. In that case it makes more sense to do a copyleft license because it will legally require all derivatives to also follow that open source idea.
Yea I think stuff like this is great and will have some impact around the edges. Perhaps particularly in the realm of end-user software, like a window tiling manager.
But once we start talking about the kind of software large corporations (like AWS) will have an interest in, projects have to be successful to be useful. Software requires maintenance so the maintainers need to be able to devote their time to maintaining and improving the project. So this will select for projects that are successful enough that the maintainers can focus on it fully (either because some company hires them to work on their own project, they can charge high consulting fees because of their association with the project, or whatever).
I think "the code" (the thing covered by copyright) in most cases is not as valuable as "the project:" the leadership, the contributors, the users, the norms and practices, the commitment to ongoing maintenance, and so on. So just lots of individuals all putting pieces of their code out there with GPL probably doesn't make a lot of impact (though there is nothing wrong with it), because most users don't want "code" they want a "project" they can rely on.
> once we start talking about the kind of software large corporations (like AWS) will have an interest in
I'm not sure why someone who is spending their limited free time building software to give away for free would want Amazon as a downstream consumer
Do you enjoy spending your nights and weekends dealing with CVE reports, while a high-6-figure BigTech engineer nags you that they need it fixed?
We definitely agree on this point. Different licenses select for different things.
It is an annoying problem to have, but if your goal is to be able to support yourself by working on your open source project full time (not saying this has to be or should be everyone’s goal), then having big tech engineers nagging you is probably a good problem to have.
Honestly haven't seen many open-source maintainers convert a BigTech downstream into recurring revenue. I'm sure it does happen, but its far from the norm
If your project gets adopted by Big Tech then your market rate as an engineer just went way up.
It’s a huge badge of honor and a rare accomplishment. You’re thinking too directly if you can’t imagine how having your OSS project adopted by Big Tech isn’t a career boost.
Maybe it can happen, but ask the people maintaining open source projects long term, how much it helped them pass silly leetcode interviews, which companies insist must be done, even if you have a golden track record.
“Google: 90% of our engineers use the software you wrote (Homebrew), but you can’t invert a binary tree on a whiteboard so fuck off.”
https://twitter.com/mxcl/status/608682016205344768
Please see his follow up comments years later where he reflects on the situation and agrees that he should not have been hired at that time.
He posted that in the heat of the moment while angry, but they didn’t literally reject him for a single LeetCode problem. He admits that he was just not at a point where being hired into a FAANG job would have been a good move.
That one Tweet has fueled years of internet rage from people who didn’t get the whole story, though.
I know people maintaining open source projects long term and getting FAANG adoption is a dream come true. That’s why I posted it.
I’ve also worked at companies where people who write OSS have been recruited with comp packages that would be hard to get even at FAANG because their OSS work was crucial to the company.
Maybe in specific fields this is true, but a lot of folks in Big Tech view open source as where developers who couldn't hack the interviews end up (they also hold a pretty similar view of startup engineers, unless they are ex-FAANG)
> I'm not sure why someone who is spending their limited free time building software to give away for free would want Amazon as a downstream consumer
Are you kidding? This is the dream scenario for many open source projects: Getting adopted by a major company is a claim to fame like none other.
> Do you enjoy spending your nights and weekends dealing with CVE reports, while a high-6-figure BigTech engineer nags you that they need it fixed?
Then don’t? You don’t have to do anything. It’s fine to ignore it you want.
Practically speaking, Amazon engineers aren’t going to sit around and hope the maintainer fixes the thing that unblocks them. If they actually need it, they’ll fix it. They might fork it. They might try to recruit the person.
But nothing obligates you to do anything. This hand-wringing about the idea that someone might find the project useful enough to identify issues and report them is rather ridiculous. Just ignore it if that’s prerogative.
Having been upstream of this problem (I was engineer at Amazon for ~5 years), they will typically not do any of those things.
The amount of paperwork they have to jump through just to send you a patch makes it not worthwhile. They might fork in extremis, but to do that they first have to justify to management that it's worth ongoing effort to support. Hiring a maintainer really only happens for truly foundational projects like the Xen hypervisor.
What they will do is use the public nature of the CVE process to pressure you to patch with the SLA - and that's generally pretty effective. Only a few open source groups (for example, the npm team) have enough public clout to reject CVEs without reputation damage.
AWS doesn't seem to have an issue with using copyleft software.
Which copyleft software does AWS use? Linux, certainly. And MariaDB/MySQL (but also the BSD-like PostgreSQL). I was under the impression that it typically avoids GPL software when there is a BSD- or MIT-licensed alternative.
> In that case it makes more sense to do a copyleft license because it will legally require all derivatives to also follow that open source idea.
That is a matter of opinion. I have put out some open source stuff under the form you mentioned, and it's always BSD or another permissive license. I view it as quite wrong to force my moral choices upon others, so I give others the freedom to use whatever license they like. In my case, that is what makes sense because of my own moral convictions.
Understand your point, but I wouldn't be so sure. People also want to ensure that the software is being supported, the inevitable bugs being worked on, and not abandoned. It is more likely that a commercial project will be supported than a MIT licensed one. So there might not be as many github stars for such project, but on the other hand, as long as it feeds people, it will not disappear.
A MIT licensed project on the other hand, I personally consider like a potential liability more often than not. Not different from any piece of code I could find on stackoverflow. Not something that is serious. Even if it were tied to a big corpo, that would probably become fast unsupported.
> licensing your project GPL or the like usually means relegating it to obscurity
Subjective. Sure if you are talking about percent of market share, but it's a huge market, you don't need to capture even 1% of users to have a viable business.
The vast majority of the GNU ecosystem is GPL. Bash, git, Apache, Gimp, Blender, Libreoffice.
There are also a lot of projects that are dual licensed, allowing commercial software to be charged a fee and non-commercial software to use for free with GPL.
Neither Apache nor LibreOffice is GPL. Apache is permissive whereas LibreOffice is MPL (a sort of middle way between permissive and copyleft).
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source
Isn't this what the AGPL is for? That's an OSI approved "open source" license that places restrictions on people making the software accessible as a network service.
I think the problem that these folks have is that AGPL still allows other people to host the software.
They want to seem altruistic but want to also be the only provider.
GPL would have been a better initial license, and AGPL would have been the next logical step to ensure that changes that hosted services make can come back to the original version.
I'm not entirely sure what they were hoping to get by making an extremely permissive licensed piece of software, but competition doesn't appear to be it.
They care that other people can sell the software, not that other people can use the software, which is why the license they use makes that distinction.
This is a confusing claim. Are you saying the chosen license (<https://github.com/HermanMartinus/bearblog/blob/998e87263248...>) makes the software free to use to offer (e.g. gratis) "hosted or managed service[s]" so long as one does not sell the services? This is trivially confirmed not to be true. It prohibits all use of the software to provide services, not just a prohibition on selling them.
> They want to seem altruistic but want to also be the only provider.
Some people pick the AGPL because the license itself acts like garlic to commons destroying IP vampires and are disappointed that those vampires still found a way to drink their IP milkshake.
Has nothing to do with altruism and everything to do with not wanting to be taken advantage of for free labor and IP by powerful entities that would deny them a glass of water if they were dying from thirst.
Except AWS is not an IP vampire in this case, they are providing a hosting service. There is no conflict between AWS's use and the spirit of the open source license.
The conflict is entirely between the original developer wanting to be the sole service provider and the open source license that lets people host the software themselves. The software as a service business model is the problem here, not AWS hosting.
> They want to seem altruistic but want to also be the only provider.
This is an overly negative take. At the end of the day, they are still providing software and the source code free to use for practically every purpose except directly competing with them.
That's still altruistic while also being sensible in the real world rather than an ideal.
The license disallows use of the software for what it is intended: setting up a multi-user blogging system.
No, the license disallows use of the software for seeing up a multi-user blogging system as a paid service.
You might say, "well wouldn't that be most of what people might want to do with it?" And you might be right, but so what? No one is entitled to build their business on the back of someone else's work, not without their permission anyway.
That certainly makes software like this no longer Free Software. But I'm not religious about it, and maybe that's ok sometimes.
(It also runs afoul of several parts of the OSI Open Source Definition, but maybe that's ok too.)
> No, the license disallows use of the software for seeing up a multi-user blogging system as a paid service
This is incorrect.
https://github.com/HermanMartinus/bearblog/blob/master/LICEN...
> You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality.
It does not make the distinction around a financial transaction.
Not "as a paid service" just "as a service". The license does not allow me to stand up a Bear instance and let people blog on it for free.
Not for practically every purpose. It's a blog platform to be used by services that provide blog hosting, just like his own business does, so any use of it would be directly competing with him. From TFA, he never wanted people to actually use it, just to look at the source code.
I thought so, too, at first. But there's a crucial difference: With the AGPL, Bear's competition can offer the software as as service if they publish the source code they are deploying. With the Bear license, Bear's competition just cannot offer the software as a service. It feels mostly in the spirit of FOSS to me, but Stallman would disagree. He has made it clear that there should be no restrictions on use.
> It feels mostly in the spirit of FOSS to me
From the license at <https://github.com/HermanMartinus/bearblog/blob/998e87263248...>:
"You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality"
Given that the exclusive purpose of the Software in question is to implement a managed service for its users' hosting needs, I'm having trouble understanding how anyone could take the position that this is "mostly in the spirit of FOSS".
The license might as well say, "You just can't use this."
It’s saying that you can use Bear for your own blog, but you can’t launch a service that hosts other people’s blogs using it.
The readme has this to say about hosting your own blog on it:
"Bear Blog has been built as a platform and not as an individual blog generator. It is more like Substack than Hugo. Due to this it isn't possible to individually self-host a Bear Blog."
"It isn't possible" is obviously not true but a plain reading of both that combined with the license would suggest you can't use bear at all for anything.
> It’s saying that you can use Bear for your own blog
Where does it say that?
> Bear's competition just cannot offer the software as a service. It feels mostly in the spirit of FOSS
I don't see how, there is nothing in the spirit of FOSS by doing that.
> With the AGPL, Bear's competition can offer the software as as service if they publish the source code they are deploying.
Technically true, but in practice almost every tech company forbids GPL code. I bet if you re-read your employment contract closely you'll find that you agreed not to introduce any GPL code into the company's codebases.
(Edited for clarity).
This can't possibly be true, since the Linux kernel's code is GPL and approximately every tech company uses Linux.
By "use GPL code" I mean integrate it into a company codebase (which would require the codebase to be licensed as GPL). Edited my original comment to clarify.
Phones contain Linux, TVs contain Linux, cars contain Linux, clouds contain Linux. It is used everywhere.
Companies that follow the law will release their changes to the Linux kernel when they distribute their products to users.
Just using Linux is not enough to say anything built with it is a combined product in the eyes of the GPL, the license is pretty specific about what it considers a derivative work.
For example, you can ship closed source apps and OS on top of Linux so long as you respect the license.
> Companies that follow the law
Those are pretty rare when it comes to the GPL, a lot of hardware companies do not comply with it fully, in some way. Vizio is being made an example of at the moment:
https://sfconservancy.org/copyleft-compliance/vizio.html
Note that this is about source code, not binaries, or nobody would be working with docker (and more.)
Of course a company must forbid copy/paste of GPL code, because that would GPL the codebase and that's hardly what they want. But one should ask the Legal office (and/or other offices) about adding any MIT, BSD or proprietary library: credit must be given (how?), licenses must be available and compatible with the way the software is distributed. There are so many licenses out there, everything should be vetted.
Re: code vs. binaries, it depends on the license. Another commenter has been pointing out that Google forbids any use of AGPL projects, period [1] because its definition of "linking" includes communication over a network.
Of course everything should be vetted, but lawyers have canned advice about common licenses they see often — GPL, MIT, etc.
[1] https://opensource.google/documentation/reference/using/agpl...
I'm self-employed in Germany, and when I was employed, what was in the contract went more in the other direction: it was explicitly allowed to contribute to FOSS projects. Of course, it still would not have been OK to randomly add GPL software to a closed source customer project. If anyone had been stupid (uneducated, really) enough, somebody else on the same project would have noticed.
Yeah, the second sentence is what I meant. This is why I'm writing comments on Hacker News rather than legal contracts :)
I was at a FANG until 2022, and we were allowed to introduce GPL code into the monorepo. There were policies on how to do it correctly, but definitely not prohibited.
(AGPL, however, was nearly impossible to get permission to use)
Companies not wanting GPL code in code bases they want to keep proprietary should not be surprising to anyone. I fail to see how that is relevant to the comment you are replying though.
Some companies subscribe to FUD (aka lawyers covering their ass) and forbid use of AGPL, GPL and sometimes even LGPL software outright even though they allow proprietary sofware that has even more restrictions, but the big elephant in the room that is usually cited for these open source to "proprietary but we still want the publicity of open source" license changes (AWS) is not one of those companies that put fear over profit.
The comment I'm replying to says that the reason companies like Bear choose these licenses over the AGPL is that the AGPL allows other companies to offer competing hosting services. I'm saying that while that's true, in practice most companies will not touch AGPL code.
> With the AGPL, Bear's competition can offer the software as as service if they publish the source code they are deploying
Any examples when AGPL was used successfully by competitors? Typically every company prohibits using this licence.
Why am I silently downvoted?
AGPL doesn't really prevent Amazon from making it an AWS offering unless they want to modify the program and don't want to share the modifications.
Why would I want to stop them making it available as a network service except as a way of circumventing the copyleft by effectively distributing it without actually distributing it (which AIUI the AGPL fixes)? If you want to place restrictions on how people are allowed to use the software then A) I don't see the relevance of AWS as a special case, and B) go ahead but don't imply the "open source crowd" are being unreasonable by not considering it open source.
You'd want to stop them if like in TFA you don't actually want to provide open source software but rather want to sell your software as a service with free marketing from being "open source".
It doesn't in an indirect way. A friend that worked for Amazon about 5 years ago told me they were even allowed to look at AGPL codebases on the clock because the lawyers were so afraid of it.
Another reason is that copyleft licenses are kryptonite in large organizations.
Not a lawyer, but my understanding is there is a strong feeling that AGPL can be roughly ignored if a service provider provides some level of indirection (e.g. a proxy) between the user and the software. Then, the software is somehow not being accessed over a network and thus they are not required to release the source.
I have a strong feeling that speaking to a lawyer might reveal that to be untrue
I have a strong feeling you would be told "we don't know, it's never been tested in court, there's a chance you would win and a chance you would lose on that argument".
Yeah, but lawyers say that about just about everything
Not just a level of indirection. The "substantial features" of the code need to not be directly exposed.
So if you had some AGPL OCR tool you were using, you could use it, but not in a way the user sees that text. Generate audio from it and expose the sound? Probably fine.
My understanding of the theory that they're advocating is that the AGPL requires that when you modify AGPL software you modify it to provide an offer of its source.
And that you can comply with that completely, run the software, and then have a proxy in front that strips that offer without violating the letter of the license.
And if that theory works I think "substantial features" of the code could be directly (but for the indirection of that proxy) exposed.
That would violate the license.
> However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so.
and
> Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License.
"Convey" is the key word there. You _must_ convey the license. Stripping it out, is not conveying it. Why is it automatic? Because under the AGPL, the license is a part of the work itself. You cannot remove it or modify it, without breaking the license, and thus having no right to modify it in the first place.
> Each time you convey a covered work
You didn't convey a covered work by using it to respond to a response or anywhere else in my hypothetical - and indeed that part of the license exactly matches the GPLv3. The relevant portion of the license is rather
> Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph.
So... You know a proxy is not legal... But felt the need to make me explain which facets it would cover...?
Yeah, I'm not continuing this convetsation.
I know nothing of the sort.
I know what section of the license is relevant to network requests, why the section of license you cited is not, and that a proxy stripping offers of source does not seem to violate the text (though it certainly violates the spirit) of the license. I do not know how a court would react to such an attempt.
I agree that I'm done with this conversation though.
Free software ought to not be discriminatory and arbitrarily exclude users. Full stop. Anyone means anyone.
Now, we can agree and talk about unfortunate consequences and possible mitigations.
The AGPL is one possible mitigation: Big corps are usually afraid of it. But they do themselves: the AGPL doesn't forbid them to use the thing.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't...
Freedom 0 is the freedom to run the software for any purpose. You can't deny users this freedom "for their own good", or to spite big corporations, and still be free software.
Subtler issues of power and dependency won't be resolved through licensing alone, and certainly not by compromising on basic software freedom for users.
> What Herman is doing is a service to us all, and we should find a term (better than 'source-available', which is cold and doesn't capture community projects accurately) that people can promote themselves under without much weeping and gnashing of teeth.
People are cold to source-available projects because of their experience of source-available projects. If you want to benefit from the warm reputation that open source has, you need to offer the things that open source offers. If you want to do some novel thing, that's fine, but your novel thing will have to earn its reputation.
I guess I'm in that crowd, and well, I definitely recognise that! Open source is an important term, and I don't want to see it degraded. I think I'd find it annoying if this blog post was trying to claim Bear was still free software, or open source.
That doesn't mean I think everything has to be open source. Bear is a blogging platform trying to make money and it seems fine to me for it not to be open source.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source.
This statement is 100% correct. Open means open for everyone. There's a "but they are providing FOSS as a service on a proprietary platform", which seems like the next step on the LGPL-GPL-AGPL stairway of licenses, but SSPL failed to convince anyone it was a necessary freedom:
- MongoDB Inc obviously had no plans to release their own SaaS platform under SSPL
- AWS source code being released wouldn't have benefited anyone other than maybe other major cloud providers
Why the scare quotes, the first freedom of both Open Source and Free Software is the right to run the software for any purpose. It's not some little unimportant detail. It's arguably the most important property of Open Source.
I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software. In fact, having no safeguard against large organisations making money this way is actually hugely detrimental to the mission by enabling these companies to ensnare unsuspecting users in a web of both their own proprietary software as well as all that free and open source software has to offer.
The base-stealing that comes with the throwing out the term “winner-take-all” is astounding. People claim this all the time on HN without any shred of evidence that it is the case.
The history of technology and markets show this just isn’t true on any significant timescale.
I mean in this specific case we're not talking about AWS or any other large company. We're talking about someone wanting to offer Bear.app hosting in the vein of managed Wordpress. This is good for Open Source. Having multiple commercial entities working off of and invested in the same codebase is exactly what Open Source envisions.
It does take some mental discipline to actually believe in the movement and not view someone using your software to start a business as them "stealing your work." Such a thing doesn't make sense in OSS, you gave it away freely. It's a good thing, the competition is healthy. You don't have to believe, closed-source proprietary software is much easier to run a business off of as evidenced by most businesses operating that way. There's no shame in it. The FOSS folks are the free love "we don't believe in intellectual property mann" hippies of the software world.
> enabling these companies to ensnare unsuspecting users in a web of both their own proprietary software as well as all that free and open source software has to offer.
That’s why the AGPL exists.
Winner-take-all dynamics of the marketplace need to be regulated away with anti-trust law and funding for startups.
Why use the MIT license when the AGPL is the better choice? I don’t understand why developers choose MIT and or Apache license and then figure out that they now have a competitor cloning their product .
A lot of people are scared of GPL and other copyleft licenses, mostly because of how most big corporations treat GPL.
Also, MIT license in particular is much shorter and easier to understand for a non-lawyer, than most other software licenses.
I suspect that any corporation that prohibit GPL will prohibit BearLicence as well. Those usually have a list of approved licenses.
My issue with "source available" as a term has always been that it basically sounds like a synonym to "open source". It's not clear to me why the place to draw the line for what level of restriction constitutes " would be between what's known as " source available" and "true" open source when the question of "can I read the source code for this or not" seems way more intuitive to me than "can I run a cloud-based software service for this without violating the terms of the license".
From what I can tell, the argument against including stuff that's called source available in the category of open source basically boils down to the OSI definition, but it doesn't seem reasonable to me for an organization to claim exclusive rights to a very generic-sounding term with an intuitive definition that clashes with how they want to define it. If there's a concern over the pollution of their brand, they should be trying to trademark it, and if there's not, the constant backlash against anyone using the term in a way that conflicts with their definition is pretty antisocial. I recognize that this battle is probably already lost, but I'm not sure I'll ever understand why as a community we seem to have been happy to police usage of an unintuitive definition through public pressure just to try to make a point that doesn't seem to have nearly as much consensus behind it as the expectation of uniformity would imply.
The history stems from the term “free” software not being very palatable for marketing. There are 4 tenants to free software. Bear is no longer free software.
All of those statements are reasonable, but they don't really change the point I'm making from what I can tell. Having trouble marketing "free software" doesn't justify anything about how an entirely separate term should be used.
I actually put this in the wrong thread. Disregard, I have no clue where the thread I meant to put that was.
Ah, okay, that makes sense. No worries!
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
You don't get to just redefine terms if you find them inconvenient and people are right to push back against such attempts. If you want something else, put in the work to get mind share for your model instead of trying to catch a free ride by taking over an established one.
The weird part is that these companies/individuals will use proprietary software with no qualms of the sort they express for these "source available" licenses.
Because the proprietary software never claimed to be anything but.
Well, Microsoft tried to muddy the waters with "Shared Source". Kind of like Office-Open- wait, Open-Office?-XML.
They also had (for governments) the ability to look at the (supposed) source code.
They couldn't do anything with it (alter or even build iirc), but they could look at it.
https://www.computerworld.com/article/1336859/microsoft-open...
Ha. How times have changed:
> But governments won’t get the ability to alter source code. “This isn’t about developing or supporting customized versions of Windows,” Mundie said. The GSP and other source-code access programs are about “helping build comfort and trust with our key customers on how Windows is deployed, how security is running and how other software is running on top of Windows,” he said.
> Russia’s Federal Agency for Governmental Communication and Information has signed a GSP agreement with Microsoft, and the company says it’s in discussions with about 20 other governments.
There’s no such thing as a “free ride” on software that is given away freely.
It’s a gift. Once you gift it, it is no longer yours, it belongs to the people to whom you have given it to, to do whatever they wish with.
What's wrong with "source-available" ?
Open-source normally means there's no use restrictions, but there could be some requirements in order to do so (like attribution).
Free software normally means there's no use restrictions, but modifications can mandate maintaining the modifications also free to use, retaining the same freedoms.
And if you fray from those, you can call it source-available and the specifics of what usage restrictions exist are per-license.
> we should find a term (better than 'source-available' [...])
That term already exists: it's proprietary software.
If you're going to restrict what users can do with their copies of the program, please do not try to label the program as Free Software / open-source.
Maximalism and lack of nuance aren't going to fix the world. Though, neither is lack of thinking things through. I'm not sure how people, including myself, would feel about the situation if the company using a "Bear-like" license was, say, Oracle or Microsoft.
Using the well-established terms according to their intended definitions is surely not maximalism or lack of nuance.
(I have no objections against the “source available” though - it’s a pretty unambiguous and useful term, that isolates one specific property.)
[flagged]
If it's source available like this then it's clearly not a "community project"
If you look at the commit graph, it’s definitely not a community project.
I think it's more like "a project made for the community", not quite "project made by the community", though the former is definitely usually what's implied.
I don't know what the competing forks are, but it definitely doesn't seem like they are from a big megacorp like Amazon.
Agreed. There was similar discussion around "the free and open web" on this thread some days ago: https://news.ycombinator.com/item?id=45066258
I think some people lose sight of the difference between the theoretical possibility of competing forks/implementations/services and the practical possibility. If a big enough organization gets ahold of something and begins to drive it, the fact that it's nominally open source may not be enough to ensure that people have a practical ability to get out from under that organization. In other words you need not just openness of "information" but actual open space to maneuver in the real world of food and money and markets and so on.
In many cases for-profit companies have taken up (or created) open source tools and made use of them in ways that still benefited the community at large. But it's not clear to me that FOSS licenses as we know them actually guarantee that. It doesn't seem unreasonable to me to want to build safeguards against open source software being weaponized or co-opted for unfree purposes.
One thing that's not clear from the Bearblog dev's post is whether he would be open to small-scale "competitors" who share an ethos similar to his own. In theory such competitors could be granted special license exceptions. If I were in his position I could see myself wanting to exclude big companies (and companies that hope to become big) while allowing small operators. The challenge is to create an enforceable license that encodes that, rather than requiring the author to manually approve or deny each request.
The existence of a "winner-takes-all dynamic" suggests a market failure, not a marketplace.
That is exactly the stance. If there are strings attached that means some people can't use it, it's not really open. (GPL has strings attached if you use it, which is bad in a different way)
I don't think anyone has a problem with the non open source licenses themselves. If you start with a closed source license or whatever, that's fine. It is switching from an open source licenses to something that is not.
A lot of the projects that later switched out of open source would have never gotten any traction if they started with the license they ended up with.
Unfortunately, AWS has invented and legitimized this entirely new class of leeching off of open source work, where they capture the entire economic value of a project by owning the hosting infrastructure; contributing nothing back and forking when the original authors protest. OSS stewards should correct this - in my view disallow cloud vendors beyond a certain size to freeload.
I'd rather those "OSS vendors" would look for a better business model than software as a service.
Having the option for competing service providers (including yourself) is a big advantage of open source.
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
There are factions in open source advocacy, ranging from laissez faire views of freedom to views of freedom as something that needs some limitations to conserve it and prevent abuses/tragedy of the commons/etc.
>What Herman is doing is a service to us all
I don't owe that guy s*it, what are you talking about.
He's actually doing a disservice to the OSS community, as there's now another story of OSS turning non-OSS out of greed, which damages (by a bit, but still) the whole aura that true OSS has built over the past 40 years.
I've long thought there needs to be some sort of "cooperative source" license. With DAOs and whatnot, there's even the possibility of an automated global common fund for contributing and supporting. There's definitely a big opportunity to rethink things in this arena.
I'm not 100% convinced that these licenses actually work. How hard would it be for a BigCo to have an intern to modify the code enough so that it's not an easily detectable violation?
I mean this stuff isn't just theoretical, there have been video games where we only find out they violated the GPL after a major code breach. [1]
[1] https://news.ycombinator.com/item?id=20129285
> we should find a term (better than 'source-available', which is cold and doesn't capture community projects accurately)
it's not copyleft, it's a version of freeware license
> if Amazon can't make it one of their AWS offerings then it isn't true open source
That's because then it isn't. Sorry, but you can't just take terms with an accepted meaning and decide they mean something else, without any conversation or consensus from there people using that term.
The OSI has a specific definition of what "open source" means[0]. Restricting what users of the software can do in this way is in direct opposition to parts of that definition, so no, if you do that, then it is no longer open source.
I'm not saying you aren't entitled to set up your licensing that way. I think it's disgusting when the likes of Amazon decide to take someone's hard work and use their massive oligopolist position to trivially outcompete anything the original author might try to do to make some money.
But that doesn't mean it's open source. I think people need to stop being so afraid to call their software something else. They seem to be really attached to the idea of being an "open source developer", and don't want to drop that moniker even after changing their licensing away from open source.
People also need to stop licensing their software under true OSS licenses, building a community of regular, significant contributors around it, and then changing their licensing (which they can do because they've [IMO shadily] required contributors to reassign copyright). That's a huge bait-and-switch, and people are right to be upset when that happens.
In the case of Bearblog, it seems like the author is really the only significant contributor, so I think what he's doing is totally fine, for the record. Frankly I think he did this the right way: his announcement email is entirely reasonable and sympathetic, and he doesn't try to breathlessly claim that his software is still open source.
[0] https://opensource.org/osd [1]
[1] While I don't love how the OSI folks basically just decided they own the term "open source" and that they get to define it, I think they've been pretty good stewards over time, and having clear-cut definitions of things is a good thing.
Transparent Source?
> the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source
Exactly! As RMS famously put it[0]:
> It is essential, for the sake of true freedom, that every user - including the humble billionaire overlord who owns a rocket factory - has the unfettered right to run the software we, the noble proletariat of unpaid maintainers, lovingly craft in our basements at 3 a.m. Our highest ethical duty is to empower Jeff Bezos to instantiate yet another Kubernetes cluster that bills government agencies by the millisecond, for freedom means all users, especially those with yachts shaped like smaller yachts. Therefore, to deny Amazon the liberty to exploit our software without a cent of reciprocation would be to shackle the very essence of the Four Freedoms, for Freedom Zero is, and always has been, the sacred right of the richest man alive to squeeze the last drops of value from our volunteer patches while whispering “thank you for your contribution” into the abyss of a PR bot.
On a more serious note:
> I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software.
Now, if said software was intended to run on users machines to actually empower the user, we wouldn't be in this pickle, wouldn't we?
I don't see Amazon freeloading off of GNOME, KDE, LibreOffice, Blender or GIMP.
No, I would argue the root cause of the problems here is that bros want to own their users (saas to the moon) and think open source is the way to do it. I say, fork those people!
As the author of Bear put in this very article:
> I wanted the code to be available for people to learn from, and to make it easily auditable so users could validate claims I have made about the privacy and security of the platform.
>
> Unfortunately over the years there have been cases of people forking the project in the attempt to set up a competing service.
Nowhere here is the intent for users to host the blogs themselves. No, he wants uses to use his service, not his software.
Fair enough, but that shouldn't have been open source in the first place. The author is just rectifying a mistake he made previously.
If the author had actually wanted end users to use his software, he wouldn't care who runs it. Look at Hugo, they're doing alright.
> enabling these companies to ensnare unsuspecting users
Well, to me, as a user, Bear is the company that ensnares me unexpectedly, because it tells me it's running open source but the minute I want to run it myself, oh no, I'm freeloading.
Whenever I see a project that requires a Kubernetes cluster to do something people would have in the past done in 15 files of C, I know they don't care about me as an empowered user in the "free software" sense. They see me as "a user" in a drug-addict sense.
F that.
[0] he never said that, obviously
[dead]
edit: I thought this HN thread was about the Bear app never mind
Bear has no VC investors: https://herman.bearblog.dev/manifesto/
Are there any other maintainers? What happens when Herman Martinez is no longer able or willing to keep it going?
https://herman.bearblog.dev/manifesto/
> This is a morbid topic for me to write about: what happens to Bear if something happens to me? I've got that covered too. There's a detailed succession plan in place, including:
Full documentation of all systems and processes Multiple trusted developers with access to the codebase Clear instructions for maintaining the platform So if I were to be incapacitated in any way, the platform will live on.
https://github.com/HermanMartinus/bearblog/graphs/contributo... paints a different story. Looks more like bus factor 1 + hopium.
edit: I thought this HN thread was about the Bear app never mind
If you read the link you just posted you can see that this person invested in a different product called Bear:
> Its portfolio includes Bear, the Apple Design Award winner notes app, …
No one is, just finish reading the sentence (or start - the op)
> Bear, the Apple Design Award winner notes app
Different Bear. https://bear.app/
Which you could have known by spending five seconds on https://lambdalpha.com, or actually reading your own link which calls Bear an "Apple Design Award winner notes app", which doesn't really sound like the Bear blog.
Stop spreading rampant misinformation.
Rampant? Isn't that a pretty extreme response to a mistaken link?
Well, it's edited now, but previously it contained strong accusations, and doubled down even stronger after someone else pointed out they're wrong.
Ah, I was late to the scene. Thanks for the context.
Perhaps a better term would be “limited use open source”
The source is ajar.
That's not open source then.
closen source?
Peeping source
Let's not bring Meta's imaginary source license to violate privacy and Mark Zuckerberg into this.
Wait, you’re saying open source shouldn’t exist just to be free labor for billion dollar companies and hustlers? Or to dump free product on the market to make it impossible to compete with said billion dollar companies?
Has the maintainer looked at fair source? [0] I believe it's superior to source-available (and open core), because it eventually becomes fully open source under DOSP [1], which is great for free and paid users, especially for a blog platform like Bear. There's an FCL [2] fair source license, which aligns pretty well with their current Bear Blog License (namely the non-compete and license key bits from the ELv2). All in all, the term "source-available" is pretty meaningless, because there are too many variables. Fair source tries to tighten that up.
It also aligns quite well with Bear's manifesto [3]. Even if Bear PTY LTD ceases to exist, Bear won't. This can be codified under DOSP.
Disclaimer: I'm involved with fair source and helped write the FCL.
[0]: https://fair.io
[1]: https://opensource.org/dosp
[2]: https://fcl.dev
[3]: https://herman.bearblog.dev/manifesto/
We use a BSL for our product (https://morphik.ai) and usually stay away from calling it anything. We'd just say "repo is public at: https://github.com/morphik-org/morphik-core". I like the term fair source, though.
Is it correct to assume that software than eventually becomes open under something like Apache or MIT is fair source? Or is there more subtlety to it?
> Is it correct to assume that software than eventually becomes open under something like Apache or MIT is fair source? Or is there more subtlety to it?
The concrete definition we came up with and published:
> Fair Source is an alternative to closed source, allowing you to safely share access to your core products. Fair Source Software (FSS):
> - is publicly available to read;
> - allows use, modification, and redistribution with minimal restrictions to protect the producer’s business model; and
> - undergoes delayed Open Source publication (DOSP).
Naive. Guy picks a license that allow anyone to do anything they want with his code. Later realizes that was not appropriate when he's trying make money. Changes to an obscure license that on the surface seems to fix the problem.
Your options are: MIT / BSD, GPL, LGPL, AGPL. All others are unnecessary and create needless incompatibility.
I'd have to agree with this stance. You choose MIT when you are happy to share your source with no strings attached. Some do pick MIT with this intent, but that was not the case here. But rather a case of either miscommunication or wanting to have the pie ("look how altruistic I am") and eating it too ("look how business-minded I am").
I mean, there’s a chance it’s exactly what he said, “I didn't give it much thought at the time, but knew that I wanted the code to be available for people to learn from, and to make it easily auditable so users could validate claims I have made about the privacy and security of the platform.” … it doesn’t have to be some to be some sort of nefarious OSS altruism, it really could be, “maybe people would want to see how this works”… that ends up leading to … oh crap a bunch of people who have never contributed, and will never contribute, are hosting versions of what I created and taking money that I really would like to have to feed my family.
To be unfairly cynical here, the sentence you quoted sounds to me like "I chose to not have a front door. I didn't give it much thought at the time, but knew that I wanted my home to be available for people to learn from my interior design choices and decorations. Then I discovered that people walked in, started to eat out of my fridge, leave dirt everywhere and carry off some of my chairs, and it hurts".
The fault here lies not with the persons who use the maintainer's code exactly in line with the license, no matter what other _intentions_ he might have had.
OP never talked about fault. They made an original decision, and now they've changed their mind. I don't see what the big deal is.
Possibly, but that would be pretty damning. A license isn't something you should YOLO. If he is that laissez-faire about licensing the source code then what other important aspects of the project has he not given sufficient thought.
Misunderstanding or failing to predict the legal ramifications of choosing an extremely popular license is in no way an indicator of programming care or ability. They’re different sets of skills.
Also, something starts off as a nothingburger side project, so you make some decisions based on that. Then it develops a bit, and turns into something you care about and are able to turn into a business. What people want and expect changes over time, and a license on a codebase that is basically developed by one person, isn't a marriage.
MIT & BSD don't include a patent grant, that's a good reason to go with the Apache license.
The Apache license is IMO ok in isolation. But its good to minimize the number of licenses used to enable sharing of code between programs. I also have a serious dislike of the Apache Foundation for their continued "support" of the joke that is OpenOffice and its trademark. That is such a disservice to open source and Free Software that I boycott them.
I think the MPL is a useful license as well, and underrated/underused.
It's less viral than the GPLs when just using the licensed work, and less permissive than MIT / BSD because changes have to be open sourced, when the program using the changed library is distributed.
And IIRC you can convert from MPL to GPL?
I don't think Guy really cares. They made their project, and they want the source to be available, and so chose a license that allows for that.
Naive. Users who think a project that is Open Source will remain Open Source forever.
Authors gave the right to change license to a proprietary one. Users being surprised by this are as equally naive as developers who think you can make money writing Open Source.
Well, the versions that were published as open source will remain open source forever. That's never a guarantee for new updates by the same author, for any licence.
Don't forget MPLv2 and EUPL.
Open Source is not a business model.
Not sure why you're being downvoted, but for the people in the back: "Open source is not a business model!" As RMS has stated on multiple occasions, it's not a business model and has never been a business model. It is a model to enshrine software freedoms. Nothing more, nothing less.
> Unfortunately over the years there have been cases of people forking the project in the attempt to set up a competing service. And it hurts. It hurts to see something you've worked so hard on for so long get copied and distributed with only a few hours of modification. It hurts to have poured so much love into a piece of software to see it turned against you and threaten your livelihood. It hurts to believe in open-source and then be bitten by it.
The free solution to this is Affero GPL. The AGPL ensures that anyone who hosts a program must grant its users the same rights to use, examine, modify and share it that he received. The original author can just download that source and incorporate its changes.
That means that a fork doesn’t hide changes from the original author who ‘poured so much love’ into it.
We as a community have got to stop using the MIT or BSD licenses on our code. Use the AGPL for server code, the GPL for tools and the LGPL for libraries.
>Use the AGPL for server code, the GPL for tools and the LGPL for libraries.
If we are doing it for ideological reasons why not go all in and use AGPLv3 for everything, including libraries? It also has the added benefit that big corporations will not use your code.
Eh? Big players still run AGPL licensed services. The concern is not about the access to source code.
The concern is livelihood. When a big player swoops in, they can completely decimate your business because of shear scale advantages, they can undercut you into bankruptcy. And while sharing the source under even GPL is noble, it's just also kneecapping your ability to make and grow a new business if it's a tool/service that has market traction. The OG author having access to that modified source code does absolutely nothing to help them.
The big players are literally seagulls waiting to steal your current and future customers.
> The concern is not about the access to source code.
That is a big part of the concern, yes. That anyone can copy your work, setup a competitor, and never give anything back. Copyleft licenses, and the AGPL in particular, ensure that those changes are made public, which benefits everyone, including the original project.
> When a big player swoops in, they can completely decimate your business because of shear scale advantages, they can undercut you into bankruptcy.
That's not a guarantee. In fact, many businesses built around copyleft licensed products can thrive, in ways that their competitors cannot. The original authors understand the code base, the product, and their users much better. They have first-mover advantage on any new features, and have full control over the project's direction. They can use these advantages to build a business that is difficult to compete with, even for much larger and more powerful competitors.
In the open source world, the value of a company hinges on the quality of its product and the community around it, not on market hype, speculative valuations, and venture capital. It is more difficult to build unicorns and make investors rich with this approach, but focusing on the user avoids many of the wrong incentives that make most companies user hostile. Many companies fail because the leadership doesn't understand this, nor the philosophy behind open source, and they simply want to use it as a marketing tactic.
I suppose this is the move if you're looking to foreclose all possible competing usages. Kudos for using correct terminology as it is no longer Open Source.
However, I still believe AGPL is a better alternative in most cases and functionally prevents large enterprises from touching your code due to typical internal policies.
Shame on the people who recommend the AGPL to effectively be an OSI-approved source-available license.
This is a grievance against the spirit of open source.
AGPL is exactly the spirit of open source. The license used by bear violates freedom 0. AGPL ensures that freedom 1, 2 and 3 are allowed even in hosted services scenarios.
Freedom 0 the freedom to use the work
Freedom 1 the freedom to study the work
Freedom 2 the freedom to copy and share the work with others
Freedom 3 the freedom to modify the work, and the freedom to distribute modified and therefore derivative works
Gotta love these are zero-indexed. Written by an engineer for engineers.
Its weirdly incorrect to zero index stuff like this. The zero index refers to the start of the first thing, which is not what numbered lists are supposed to indicate.
If I recall correctly, there were originally three freedoms, but then a fourth one was thought of and put at the front to give it prominence, numbering it as zero as not to disturb the original numbering.
Unless you think they'd add a "Freedom -1" in the event that they add a 5th even more important freedom, then this is clearly just selected because 0 indexed lists are cute to programmers
I think it’s most likely a combination of both: Freedom 0 was later added in the first place, and newly numbering the first place with 0 could likely only have been thought of by a programmer.
That is not the spirit of open source, but rather the spirit of free software. The spirit of open source is to effectively have freedom without talking about it.
the corporations who disallow agpl only do so because they want to comply in a way that is against the spirit of open source. When I advocate for the agpl to prevent Amazon and Google using my software, it’s not because of who those companies are, but how they use it.
If Amazon tomorrow turns around and open sources everything that is a derivative work of the code they ever used, I would be more than happy, even proud if they used my software. Today any company which doesn’t deny their users the core software freedoms is already free to do so.
This is not a “hack” to be maliciously compliant OSS; this is the spirit of open source.
Why do you think the GPL has the virality clause in the first place?
Edit: a perhaps reductive, but hopefully instructive summary: MIT/BSD guarantee freedoms of the software developers, GPL guarantees freedoms of the software users.
You are free to choose which you prefer, but they're quite explicit choices, and the AGPL is absolutely squarely in the spirit of the GPL.
(Now if you had said you take issue with the tivoization clause, on the other hand... :) :))
> the corporations who disallow agpl only do so because they want to comply in a way that is against the spirit of open source
believe it or not this is not actually true! the corporations who disallow agpl do so because their lawyers (correctly) tell them that agpl-licensed software has not been adequately tested in relevant courts of law, and that by including agpl-licensed software they are opening themselves up to unknown/unbounded legal liability/risk!
"the spirit of open source" has nothing to do with anything!
the more you know
I’ve heard this one before and if the agpl were two years old I’d buy it. But they had ample opportunity to craft a better license by now, so at this point it’s hard to believe that’s not just a convenient excuse.
Don’t like the agpl wording, but agree with the spirit? Ok, you have the lawyers, write a better agpl that abides by the same spirit and which you trust.
But: nothing. And waiting won’t change that. It may be also true, but it’s just excuse at this point. They’re not chomping at the bit to introduce networked virality of software freedom into their platforms.
you're arguing with the messenger. whether or not you buy anything is completely immaterial, what matters is the actual position of legal depts in corporations. said another way this is not a normative discussion (folks SHOULD be doing X) it is a descriptive discussion (folks ARE doing X)
you're also completely missing the point. it's not on anyone to "fix" the agpl, the point is about whether the agpl as it exists is usable in practice. answer, no, not really. "software freedom" doesn't even enter the discussion.
Your position would be eminently reasonable if this comment thread were kicked off by a blog post called "Evil Corpos are Bad Guys, They Should Accept AGPL! A Treatise Out Of Nowhere."
Corporations are free to do as they choose. They can choose not to use AGPL software. That's ok, they don't owe anyone anything (arguable but let's go with it), and I'd have no leg to stand on.
But that's not what happened here. Look at the quote that kicked off this thread:
> Shame on the people who recommend the AGPL to effectively be an OSI-approved source-available license.
> This is a grievance against the spirit of open source.
Note "Shame" and "the spirit of open source." Someone kicked off this thread painting authors of AGPL software as going against the spirit of open source for promoting a license which they know big corporations shun.
At that point it's a very different context. Remember how corporations don't owe anyone anything? Neither do free software devs. That entire comment is completely wrong, and the entire thread which followed only exists in its context. Not outside. And inside that context, it is absolutely valid to talk about the spirit of open source, to talk about what "should", etc, because that's the context introduced by the comment itself.
"Software freedom" doesn't just "enter" the discussion--it is the discussion.
i replied to the following statement
> the corporations who disallow agpl only do so because they want to comply in a way that is against the spirit of open source
in isolation
"the spirit of open source" is not anything that can even be evaluated by any corporate legal team, much less is it anything that can be complied-with (or not-complied-with) in any kind of way
but i guess we talkin' past each other
It's one of four licenses linked on the front page of the FSF.
And it's the most abused license in the history of open source [0] [1].
[0]: https://keygen.sh/blog/weaponized-open-source/
[1]: https://keygen.sh/blog/whither-open-source/
Skimming your links, it seems you target the AGPL, but you take issue with CLAs.
You should be vocal against CLAs, not the AGPL. CLAs with any license is a risk of seeing the code closed up.
[flagged]
People saying wrong things about the AGPL isn't an AGPL problem, it's an issue of people saying wrong things.
AGPL allows competition. Any free software license does. It's rule 0 of free software.
> it's chosen to to be a non-compete.
Well, too bad for them, because I can still fork this AGPL software and compete. So what's the issue?
The issue would be for contributors contributing for to this code under CLA seeing their contributions closed up. If that's not your thing, don't contribute to software under such CLA. I avoid it myself.
> Well, too bad for them, because I can still fork this AGPL software and compete. So what's the issue?
No legal department will ever allow it due to the FUD. That's the whole fucking point.
The AGPL is supposed to increase user freedom, not the legal department's freedom.
The FSF have never cared even slightly about corporations being happy. Who cares if Google can't enrich themselves further? The point is to protect the users who are free to fork / host the software themselves.
I think one of the big problems is that there are different definitions of freedom, and not everyone agrees.
freedom TO vs freedom FROM
Sorry, but I won't cry for corps big enough to have legal departments because they elected not to benefit from my software. They have too much power for me to worry about looking to accommodate them and their fantasy.
I don't mind them not using my code. They are doing themselves here.
They have the human power to rebuild it anyway and I actually believe it should cost them.
it's actually them who are spreading the FUD, because they don't like the AGPL.
Meanwhile, my goal of providing software freedom to my users is fulfilled.
My point is less about the AGPL license itself and more about the people who choose it.
If the OSI came out and made a statement on the ambiguities in the AGPL, and cleared the FUD in such a way that all companies agreed and could reference it, I'd wager that the AGPL would over time become much, much less popular for commercial open source. But I'd wager that they won't do that, because they win when COSS wins.
But if they did, we'd likely even see a move towards non-OSS licenses, ones that are clear as to their intent and rules -- rather than relying on ambiguity -- because there would no longer be an OSI-approved license that businesses could use to have their cake and eat it too.
Very few COSS business/startup/w/e right now are choosing AGPL for altruistic reasons. This thread and every other COSS licensing thread here are evidence of that.
Few of them care about software freedoms, or know why they chose the AGPL. They have a playbook that says AGPL lets them take advantage of the open source distribution flywheel, while largely protecting them from the risks associated with commercial open source, i.e. competition. They choose AGPL for this, not because it's the best license for users.
I honestly don't get how people don't see the deception under the AGPL right now.
This point of view is new to me to be honest.
Let's say I don't care about the intent of people choosing the AGPL (I do, I wish people did stuff for altruistic reasons, but the economical system in which we live makes it so we can't rely on this).
You say people are choosing the AGPL because they think it lets them do effectively source-available while benefiting from open source washing. Fine. I don't like this. But the effect of this for me is that we actually get actual free software.
What's so bad with this?
I've reread your second text and didn't find what's actually bad with the AGPL.
Now, I wish all the FUD around AGPL was cleared; the FUD is what's bad, but I don't wan't to wait for this to happen before picking the AGPL for my software.
> What's so bad with this?
It's lying. It's an open source project and a business model built on deceit. I guess I care about clear rules, clear intentions, and I care about integrity above all. The AGPL is ambiguity; unclear rules, veiled intentions. And these same people will relicense without a thought, too. I think we should care about these things, otherwise we repeat history over and over again.
> veiled intentions
The intentions behind the AGPL were never veiled. The intent was to close the loophole in the GPL3 that is opened by providing software as a network service. If you were to release software that provides a network service under the GPL3, someone else could use and modify it without sharing their changes, but while also providing it as a service. AGPL3 closes this loophole by ensuring that everyone who can use the software must have access to the source including any changes. I don't see any deceit, and I don't even see any anti-competitiveness.
If you read the conversation higher up, instead of taking what I said out of context, you'd see that I was talking about the author veiling their intentions, i.e. using the AGPL as an effective non-compete while masquerading as "open source."
They (the author aka the startup) wouldn't have chosen the AGPL if not for enterprises/bigtech/competition being scared of it.
They didn't choose AGPL to increase freedom 0 (AGPL's purpose), they chose it to decrease it.
Thus, veiled intentions.
> It's lying.
I don't see how it can do this. The AGPL is a license text. It states what people can do with the licensed code. What is lying in this text?
> I guess I care about clear rules, clear intentions, and I care about integrity
Me too
> The AGPL is ambiguity; unclear rules, veiled intentions
That's where I don't agree: The rules are written in the license text and I see no ambiguity there. Where is the ambiguity in the AGPL text? What is not clear about it? What granted rights are we not sure about?
> veiled intentions
The original intent of the AGPL authors (the FSF) was clear and simple to me: ensure the end user's freedom. It was GPL, but address the SaaS situation where someone can modify networked GPL software, make users use it from the network, without having to redistribute the modification since the program runs remotely and not on the user's machine. And that intent is perfectly align with what I want for my code.
Sure, people with bad intents will use the AGPL, and so what?
People kill with knives, but I'll definitely keep cooking with mine. The AGPL is a tool. It doesn't, by itself, has intents, especially veiled intents.
I'm not going to stop using the AGPL because someone wants to use it to trap users.
This is all abstract, I'd appreciate concrete examples where:
- people have done that, without a CLA (because yeah, I'm convinced AGPL+CLA can be bad).
- the AGPL doesn't work well for someone using it with the original intent in which the AGPL was written.
Here's a thread from a couple hours ago on X: https://x.com/_m27e/status/1962563736142565882. Read the images and follow the quoted posts.
The example comes straight from the mouth of a COSS founder.
Sorry, but this yes-answered AI slop subtly makes no sense, it just reads comfortable to you. You should not delegate writing your opinion to the llm and even less use it to shape your opinion, this is my main takeaway from your screenshot. The AI answered your biased question in a way that pleases you, it's well known that they do this. This stuff is actually scary, and that clever people like you rely on this and don't notice the glaring issues is even more.
The agpl is ambiguous because users may choose not to fully use the freedom they were given? Sorry but this is bullshit. I'm glad I haven't started using this stuff yet (for other reasons). I'm sure I wouldn't notice such issues in topics I'm not at ease with and I can see how easy one can be seduced by this stuff.
Now, I'm convinced AGPL can be misused. What's more, I'm certainly quite happy that a side effect of the AGPL is that Google won't touch it, to mirror the comment you point to (whose author is wrong by the way, the intent behind the AGPL was not to exclude big tech, but to promote/protect user software freedom). All the fud around the AGPL actually comes from companies like Google, so respectfully fuck them all. Nobody could possibly have weaponised the AGPL against them had they not started spreading all the fud in the first place.
But even considering that picking the AGPL to scare big tech away is bad and weaponizes it (which I can hear, and let's assume), I believe you are wrong that nobody chooses the AGPL for the user freedom genuinely. There are a lot of examples of software under AGPL in good faith seemingly to me. Examples: Nextcloud, Joplin, CryptPad, Overleaf, Passbolt, Univention...
I doubt any of these commercial projects from friendly (?) companies choose the AGPL to fuck the world. I don't know the numbers, maybe it's a minority. You may not have numbers as well. Are you against the AGPL when used in good faith? If so, what to you suggest as an alternative?
I'm with you with the wish people were altruistic. But the system we live in doesn't exactly help being altruistic. Not being altruistic is certainly not a trait of people using AGPL, it's virtually everyone in a commercial setting (although some of us try to do their best to be good humans and virtuous). If anything, the AGPL was born from a ideal and that was certainly driven by something like altruism. All this blame towards the AGPL because people are out there to make money really feels weird to me.
Anyway, I don't think we'll reach an agreement here and that's OK. Thanks for the discussion, despite the strong disagreement it is/was stimulating.
Fair enough, but the LLM said nothing incorrect (if it did, please point it out). Regardless, the screenshots don't even matter. You didn't seem to actually read the thread I pointed to, where a VC-backed startup founder admitted to using the AGPL to limit bigtech from using the software, a clear violation of freedom 0. They didn't choose the AGPL for altruistic reasons, rather, it's simply a part of the COSS startup playbook now -- because it works! -- they can use the term "open source" while protecting themselves from competition. Which is my entire point.
Why do they get to use "open source" while effectively violating the freedoms but somebody using the Elastic License, or the Sustainable Use License, or the SSPL, or the BSL, or the FSL, etc. isn't allowed to? They're all doing the same thing, only the latter licenses are saying the quiet part out loud.
Anyways, I agree we do seem to be talking past each other at this point. gl
> You didn't seem to actually read the thread I pointed to
I had mentioned it so you could see I actually read it. I had actually made the effort to load this twitter link despite the PITA it is.
> if it did, please point it out
Already pointed out my main qualm, but Brandolini's law is particularly bad with LLMs, I won't have time to debunk in details each time I run into generated text. I'd rather argue with a human being.
Let's forget this part of the discussion, it was not your point, I should have ignored it, I'm just losing patience with the LLM madness.
> effectively violating the freedoms
They don't. There's a fundamental difference between "the license permits something but someone elects to avoid benefiting from it" (someone = big corps) and "the license actually forbids something". The difference is quite major for the rest of us who are not big corps stupidly afraid of the AGPL, and we are the vast majority.
Which resolves your question:
> Why do they get to use "open source" while effectively violating the freedoms but somebody using the Elastic License, or the Sustainable Use License, or the SSPL, or the BSL, or the FSL, etc. isn't allowed to?
The reason is the Elastic License, or the Sustainable Use License, or the SSPL, or the BSL, or the FSL actually forbid running stuff for some endeavors.
AGPL doesn't. We only have big corps deciding they should stay clear from the AGPL. That's not the AGPL forbidding anything to anyone. It's not a feature of AGPL. It's a feature of big corps.
Now, that some people choose the AGPL because they know big corps stay clear from it, okay. I understand you find this veiled. Fine. But that doesn't make AGPL non open source.
Our main disagreement IMHO is that you would like that we qualify licenses depending on the intent of people using it or on the FUD corps who don't like it (and you too!) spread instead of what they intrinsically allow or not. I can't agree with this.
I'll go further. "Sustainable" and "Fair" are terrible and intentionally misleading qualifiers for these non-free licenses that are sustainable and fair only to the authors of the software under those licenses.
You just need to own the fact that you write proprietary software, and shouldn't bitch on people actually doing open source stuff and find them gotchas. They are not doing some anti-competitive stuff that's unfair to you. If you find AGPL gives unfair advantage because it gets called open source, nothing prevents you from adopting it. I suspect you won't because you know it actually gives more rights than you want to give, which also answers your question.
You guys using proprietary licenses are the ones not respecting software freedom, and you trying to call out people who actually do is quite rich. This really doesn't look great. I'd suggest you quit doing this and focus on the positive things instead.
I've asked you what harm the AGPL actually does and all you have to share is some tweet written in jest answering a low quality LLM generated text tickling the gafam. Not very convincing. Not sure you'll find deep meaning in such low quality interactions on such a low quality platform.
Stop spreading the FUD and own your choices.
But why wouldn’t they change their minds if those big corporations actually changed their ways? Is there a similar sentiment against red hat?
I now understand where you’re coming from but I am not sold on your prediction that the agpl would crater if Google started complying with it. It would mean that Google open sources everything which is derivative work. That sounds like it would buy a lot of good will amongst precisely those people who are mad about how Amazon screwed redis (to put it bluntly).
> In COSS, it's almost never chosen for altruistic reasons, it's chosen to to be a non-compete
Seems like the "COSS" grifters are the problem, not the AGPL or the average person who chooses AGPL.
What specifically is your problem with the AGPL? I read both of your links and while there are a lot of incisive statements ("But the truth is, the AGPL isn't used to increase user freedom — it's used to restrict it, primarily through its legal ambiguities") you never spell out why you believe them.
It is objectively true. AGPL does not meet the definition of free software, because it restricts the use of the software when modified.
The FSF pretends this isn't true by pretending that some uses are actually redistribution. However, this is too clever by half. Redistribution has a well-settled meaning, and allowing interaction over a network—unless it involves downloading the software itself—does not meet that definition.
Let's grant your definition of "redistribution" for the sake of argument. How does the license restrict your use of any modified versions of the software? Like, what specifically are you forbidden from doing?
Your questions seem to be based on unspoken assumptions.
Are you under the impression that a restriction can only take the form of a blanket prohibition?
No assumptions here! You said that the AGPL "restricts the use of the software when modified", so I'm just asking specifically what the restrictions are.
The extra network clause triggers on modification, not redistribution.
[flagged]
> Author's note: the above thoughts are for how the AGPL is used in startup-land alongside a CLA — not for AGPL in general. The AGPL is a fine open source license for libraries and other infrastructure.
The whole piece is about CLAs, the AGPL has absolutely nothing to do with signing over your copyrights. See Canonical for the same behaviour without the AGPL, the AGPL just requires that you allow your users to also see the code they are using, even if it is accessed over a network.
> Many, like Google, have flat out banned the AGPL.
Yeah, but that's because Google hates sharing what they have built on the shoulders of giants.
The first piece is about CLAs, yes, but the second is about the AGPL abuses in COSS et al.
You might take that up with the FSF, which clearly disagrees with you about its "affront".
[flagged]
No offense meant, but what's wrong with y'all today, people? Why so many folks in the comments use words in a way that doesn't match their dictionary-intended meanings and even insist that doing otherwise is something... weird, in a bad way? Am I taking crazy pills?
Save for The Church of Emacs and St. IGNUcius (obvious jokes), FSF is a political and social activism organization - not a religious one. They have foundational principles and manifestos, sure, but those aren't religious dogmas, but rather the views/desires how the society should work.
Labeling FSF as religious implies that it's a cult and thus there's no talking reason to them. But they're no more religious than any other civil rights movement - the beliefs about software freedoms are no different than beliefs in any other social rights.
Using a FOSS license and charging money for an alternative license is not abuse. And those blog posts appear to be FUD spread by a company whose own software is under proprietary licenses with source available.
People are welcome to use and host AGPLed software under its own FOSS terms. If people don't want to do that, and want to pay for alternative terms, that is also a sign that the license is effective. There's no point in restricting things people don't want to do. The GPL restricts something people want to do: make proprietary software. The AGPL restricts something people want to do: host software without distributing the source at all.
Gee I wonder why a proprietary software licensing company would want to disparage the AGPL.
I've probably contributed more to open source than you [0]. I also contribute the source code of my entire company under the open source Apache 2 license via DOSP [1].
I wouldn't be so quick to judge. I love open source. But I also think words and intent matters.
I don't really 'win' by attacking customers/users that use the AGPL.
[0]: https://keygen.sh/open-source/
[1]: https://keygen.sh/license/
I'm sad to see this. I supported Bear because it was open source. As that's no longer the case, I just canceled my membership.
I would love to see this reversed and moved to AGPL instead.
I think this is fair, by both Bear and yourself. He's free to attach any license he likes, you are free to use it or not.
Obviously the goal of Open Source licenses does not include making money. You might, or might not, but it's not a priority.
Equally your goal may be to only support Open Source projects. That's fine. For you removing support for this project makes sense.
Once a project reaches the stage of needing to create an income stream, Open Source licenses are no longer appropriate.
Yes, some developers are naive in thinking Open Source licenses protect their income stream. Yes some users are naive in thinking that projects will remain Open Source forever.
Source-available, or Shipped-with-source of whatever you want to call it is a proprietary license which is just fine. It's not Open Source, nor does it need to be.
Legally it's OK but I think ethically using open source to build up a brand that is then used to sell proprietary software is ethically questionable - just like the free until the competition has been eliminated bait and switch common in tech startups. Not saying this happened in this specific case though.
What is the difference (to you) between open source and source available?
One is altruistic, akin to charity. It deliberately maximizes users’ rights to do anything they want with the software (freedom 0). I’m only in the lucky position I’m in now because of open source, and I want to push for more of that in the world with my wallet and my time.
I’m not going out of my way to support a commercial license. There are a million commercial blog platforms to choose from.
"I released source code under the MIT license and people are now using it to their financial benefit. Who could have possibly seen this coming?"
Why does this keep happening? Why are so may developers blind to this obvious outcome?
MIT was always the easy default that every project used, you just select it from the GitHub dropdown and you are done when setting up a new project. I think you can't really blame people for using it.
Especially when your project is new it's also not often clear that this project will become something more serious later where you have to worry about such things as people cloning your project.
How would GPL change the outcome?
A lot of people say that it can prevent these situations but from working for large enterprises, a lot of the offerings that are created literally don’t even change the code. Thus they have nothing to contribute and have no obligation to release any source code.
GPL also does not prevent the corporation from building software in front of whatever GPL service it is. Kind of like the Linux kernel, why bother changing the kernel when you can build software in front of it and not change anything and thus have nothing to release.
Did you reply to the wrong comment? The posters above never mention GPL.
Why would this be surprising? The MIT license explicitly allows to relicense a project at any point. In this case, the Bear maintainer decided to start off with a permissive license and now exercised their rights to change to a more restrictive license due to changing requirements. To me, this seems actually quite reasonable.
The copyright holder (the author) is solely responsible for choosing how they want their work to be distributed, and is not bound by any other sort of constraint. They can choose any license at any time, and change their mind however often, and it whatever direction they want. Any previous licenses used (MIT here) bear no effect whatsoever. There is no license in the world (and cannot be) that would prohibit the copyright owner from changing it. It makes no sense, the license terms only apply to the licensee, not to the licensor.
Of course, the author cannot retroactively change the license of any previously distributed work. Anyone is free to fork off Bear from its last MIT code and do whatever they want with it.
So no, the MIT license does not "explicitly allow to relicense a project at any point" (emphasis mine). The MIT license allows licensees to license their derived work however they see fit, it has no effect on the relicensing by the licensor (the copyright holder).
Yeah, sorry if my terminology was unclear here: by “relicense” I colloquially meant to say “assign a different license to the project that is applicable for any work from that point onwards”.
> Any previous licenses used (MIT here) bear no effect whatsoever. There is no license in the world (and cannot be) that would prohibit the copyright owner from changing it.
I don’t think it’s that simple. The Bear project appears to have accepted external contributions under the original license, so the project is subject to that license as long as those contributions remain.
It may not be a big practical issue in this case, due to the MIT license being quite permissive, but if the project was e.g. GPL-licensed, the maintainer wouldn’t trivially be able to change the license in “whatever direction they want”. (And by “trivial” I mean without e.g. rewriting or discarding the external contributions.)
It appears that Bear does not accept contributions[1] and the very few contributors it had in the past only contributed a trivial amount of code[2].
But you're right, relicensing requires the approval of all copyright holders, and in general there can be many. Of course many projects require the prospecting contributor sign a CLA where they relinquish their rights to the project in order to be able to contribute. Personally while I have signed some CLAs, such as the Go one where I retained my rights, I'd never sign one which required me to give away my copyright rights, precisely so they wouldn't be able to do a rugpull on me.
I believe that copyright law is the biggest weapon one has against open source rugpulls and one should not give it away.
[1] https://github.com/HermanMartinus/bearblog/blob/master/CONTR...
[2] https://github.com/HermanMartinus/bearblog/graphs/contributo...
Because between 15 and 20 years ago the BSD zealots won that culture war. I would really love to see a simulation where GNU licenses won that culture war and which landscape we would have today.
There are good reasons the so-called "BSD zealots" won the so-called "culture war", such as the definition of a derived work being largely uncharted territory. Did you know that there's a compelling legal argument that the GPL attaches to programs talking to each other via JSON data structures?
I think MPL 2.0 is the ideal kind of copyleft, because of its scope being very clear.
> Did you know that there's a compelling legal argument that the GPL attaches to programs talking to each other via JSON data structures?
The GPL attaches to programs that are legally derivative works. So does any other license that doesn't explicitly grant the right to prepare and distribute derivative works, such as the overwhelming majority of commercial/proprietary licenses. The issue is with the overall copyright/legal system, not with the GPL specifically, and given that most entities are comfortable using at least some non-BSD programs it doesn't seem to worry people in practice.
Right, as mentioned in https://news.ycombinator.com/item?id=45096736, simply running GPL programs is probably fine. Input/output that doesn't establish "intimate communication" probably doesn't create a combined work, but "shipping complex data structures back and forth" does, according to the FSF.
There isn't a similar degree of legal risk with MPL 2.0, nor with non-copyleft licenses (which is the subject of this subthread, not proprietary licenses) -- whether or not a plugin counts as a combined work, there are no requirements on you.
> There isn't a similar degree of legal risk with MPL 2.0, nor with non-copyleft licenses (which is the subject of this subthread, not proprietary licenses)
There is a similar degree of legal risk with the overwhelming majority of licenses in use. Yes, using exclusively permissively-licensed software would let you avoid this particular risk - but given that essentially no-one (BSD advocates are, if anything, less scrupulous about avoiding proprietary software than GPL advocates - you rarely hear of BSD-land pushing firmware into a separate nonfree repository or the like) does that, it's clearly not a risk many people care much about.
Is your position that the FSF is wrong? If so, why trust the licenses that the same FSF wrote?
In general, businesses acquire commercial licenses for proprietary software, which is a kind of derisking.
> Is your position that the FSF is wrong? If so, why trust the licenses that the same FSF wrote?
The FSF says a program that exchanges complex data structures with the covered program "can" be something that requires a license; they don't claim that it always or usually is. My position is that they're correct that it's possible (at least in some jurisdictions) but the risk is low in cases where you're not trying to do a technological end run around something you obviously need a license for.
> In general, businesses acquire commercial licenses for proprietary software, which is a kind of derisking.
Only if the license grants permission to do the thing you're doing! Otherwise you're no better off than if you had no license (and you're worse off than under the GPL, which at least permits you to prepare derivative works freely, only putting conditions on distributing them). Almost every commercial/proprietary license I've seen has a blanket prohibition on preparing or distributing derivative works.
There is no such compelling legal argument. That’s an extraordinary idea with zero precedent or support.
https://www.gnu.org/licenses/gpl-faq.html#GPLPlugins
> When is a program and its plug-ins considered a single combined program?
> It depends on how the main program invokes its plug-ins. If the main program uses fork and exec to invoke plug-ins, and they establish intimate communication by sharing complex data structures, or shipping complex data structures back and forth, that can make them one single combined program. A main program that uses simple fork and exec to invoke plug-ins and does not establish intimate communication between them results in the plug-ins being a separate program.
JSON data sent over the wire, particularly data with nested arrays and maps, and especially a bidirectional communication protocol, can reasonably count as "intimate communication" with "complex data structures" shipped "back and forth".
This is nonbinding guidance, but it is from the FSF, and it is legally untested afaik (not a lawyer). There's sufficient legal risk here that I'd be wary of using rich communication protocols with GPL programs, particularly if there isn't an explicit exception for that protocol.
"Intimate communication" here almost certainly refers to shared memory. No one is claiming passing JSON over the wire is the same as linking, or else a GPL webserver could insist that browsers be licensed under the GPL.
> "Intimate communication" here almost certainly refers to shared memory.
No, shared memory is addressed later within the same answer.
> Using shared memory to communicate with complex data structures is pretty much equivalent to dynamic linking.
The first part of the answer clearly includes programs sending each other "complex data structures", including nested JSON data, over pipes.
And the first part of your quote starts with
> If the main program uses fork and exec to invoke plug-ins
Which limits a lot the relationship between the original program and the "plug-in" concept. I mean, we literally have binary proprietary blobs used as kernel drivers...
GPL wouldn't have changed anything. Or even AGPL, if you had been running an unmodified Bear instance.
I think the main contribution of Bear at first was centralizing and codifying a certain visual style: minimalistic, with a single narrow column. It's basically "the Medium layout, but indie". And the thing is, that style in itself is not copyrightable. To achieve it, you don't need to use bearblog. You just need a few tens of lines of CSS, which you can very easily write yourself.
Today there's another thing going for Bear: the discovery page. It's gradually becoming a driver of visibility, attracting more authors to Bear to get readers who are there. But I'm wary of these "flywheel" kind of things, even if they have an indie look. To me it still feels better to have my own website, and participate only in those discovery systems that support it, like Reddit or HN.
I missed the "discover" before. What a great idea. I've been reading through various blogs this morning, feeling like the internet is small again.
As in https://github.com/knhash/jekyllBear
You can also participate in openring to provide that type of small-web discoverability to other authors you like: https://git.sr.ht/~sircmpwn/openring.
>You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality.
IANAL, but does the above limitation prevent users from hosting bear for their own (or your company’s own) needs?
If so, doesn’t that defeat the whole reason why it’s MIT licensed.
https://github.com/HermanMartinus/bearblog/blob/master/LICEN...
People and companies can host it for personal/internal use.
People and companies cannot host it and offer it as a service to other people or companies.
https://www.elastic.co/licensing/elastic-license/faq
The license doesn’t mention anything about “personal” or “internal” use.
Again, IANAL, but I can see why a company might be cautious about using Bear as a self-hosted blog engine, since companies technically have “users.”
For comparison, the Elastic License v2 - which this license is apparently modeled on - explicitly restricts use by "third parties":
> "You may not provide the software to third parties as a hosted or managed service"
----
The Bear license doesn’t include similar language, which could create uncertainty.
It might help to explicitly clarify that self-hosting for one’s own use is allowed, or to add “third party” wording to the limitations.
I only raise this because (a) licensing is tricky, and (b) if this feedback helps the author clarify their intended license terms, that’s a win for everyone.
https://www.elastic.co/licensing/elastic-license
But he chose not to use the exact wording from the Elastic Search license, which clearly says "third parties." Instead, he wrote his own license, and now it is not clear if I am allowed to self-host. In my opinion that is a bad decision.
>It hurts to believe in open-source and then be bitten by it.
No, you don't believe in open source, hypocrite.
Open source means anyone can use it, even for commercial purposes, and you knew this from day zero.
Honestly, no sympathy for these people, as this happens over and over again, they actually exploit the very few good intended OSS people. They portray their project as open source initially, to gather sympathy and free work from others, then when they see the $$$ they flip the switch to non-OSS and rub their hands.
In this case it's kind of unbelievable how quickly the flip happened. Their 'manifesto'[0] was published only at the start of the year, where they vowed to be an incorruptible bastion of stability in a selfish society focused on short-term thinking. They want Bear to be around in 50 years.
Then in the last couple weeks or so[1] it seems they saw a bit of a spike, and immediately pulled up the ladder.
They even criticised this sort of behaviour in their manifesto:
>We've seen our fair share of open-source projects become sour (see the recent Wordpress drama) or abandoned entirely. We've seen OpenAI become ClosedAI. There's a common thread here. Trust isn't just a legal structure, but a social contract.
I am actually totally in favor of source available licenses, but in this case it seems counter to all the boasts the developer has made about their platform.[2]
[0]: https://herman.bearblog.dev/manifesto/ [1]: https://trends.google.com/trends/explore?date=today%205-y&q=... [2]: https://herman.bearblog.dev/building-software-to-last-foreve...
ironically, Wordpress is still licensed under the GPL even after the kerfuffle.
I guess Herman cried to his friends for help now. Pathetic.
Your evidence is solid, after all, it was the same guy who wrote that just a few months ago.
That post might be gone soon, "smaht" people are inclined to rewrite history to fit their current mood.
Or... maybe they actually need money to keep maintaining the project? Not everyone is out there living a life of leisure.
If open source purists can't accept that, they'll find their cause gradually shrinking into nothing.
He was making money with the project when it was open source already.
[flagged]
The author released it under a do-anything-you-want license. Then was hurt other people used the code for commercial and competitive reasons. The first paragraph showed the root cause was not thinking through licensing in the first place. Now, they've seriously considered it, decided their goals, and re-released it with a mix of generosity and self-interest.
We should probably remind people that licensing is an agreement between them and the other party deciding what can and can't be done. Make sure you've considered things like profit, competitors, source redistribution, etc ahead of time. Then, pick the license that suits your goals best. For many, that's source-available licenses instead of open source.
I strongly believe that the BuSL [1] "Business Source License" is preferrably. It leaves the code as source-available for now, but eventually the code becomes open-source. It gives you a moat from which you can run a business. Or less of a moat, and more of a time-distorting slow motion field that your competitors are 4 years behind.
This is the license Hashicorp used. It means that abandoned projects never need to die. It means that the source code is publically available now.
[1] https://en.wikipedia.org/wiki/Business_Source_License
We are also entering the age of "hey AI, take this repo, reimplement the same functionality".
Now, no LLM is currently anywhere near doing that for ElasticSearch.
But for a project with 4845 lines of Python code? (as per tokei)
Definitely doable, with a bit of handholding and manual fixing.
Would that be a derivative work? Maybe, but that would be a hard legal battle.
> We are also entering the age of "hey AI, take this repo, reimplement the same functionality".
Wouldn't you do this just against the/an API documentation? Interesting thought.
> Now, no LLM is currently anywhere near doing that for ElasticSearch.
You could probably feed all of ElasticSearch into an LLM and ask it to "reimplement it" successfully. But why would you even bother? There's already an existing open-source alternative called OpenSearch [1].
[1]: https://github.com/opensearch-project/opensearch
His point was that we are quickly entering the land of “Source Available” not really being a shield if someone’s willing to spend some time in claude code.
If you viewed the source and reproduced a software project you don't have a license to redistribute, that's cut and dry copyright violation. If the code looks similar enough you are toast. That's why there's the concept of a "clean room" reimplementation. The same is true if you feed the source into the context of an LLM and asked it to reproduce it. You have done nothing but introduce the possibility of transcription bugs.
I certainly get the hurt feelings, but i'm not clear on the license at all.
>Limitations: You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality.
Where on the spectrum sits an average cookie-cutter VPS provider that comes with an OS package manager that installs the program? Does the VPS provider have to screen the package manager? Does that change if they build a wiki with "1-click-install" that just sends an ssh command to install?
Is this just a requirement to have some theater where an "unaffiliated" third party has to provide the set-up scripts? Or just a rule you can't mention the option during the sales pipeline?
I think users applies to end-users here. So you must not run the software as a service (either paid or for free) for other users. You are free to use it yourself.
Crucially, I think what is banned to offer accounts. Offering turnkey-hosting is probably banned in spirit, but the person offering the turnkey-hosting is not in violation, rather the person booking the turnkey hosting and offering the accounts on the instance to third parties is in violation.
I think the wording is originally against somebody like Amazon hosting e.g. database instances for other people to use, and then giving you an account in that database. It's still OK to rent a VM from them and use the package manager to install it.
In any way, it is really confusing, in a way a license should not be. And I don't really understand why someone builds a blog platform, which is not monetized, open sources it, but doesn't want other people to host it. If I open source my stuff, I want people to use it. If I want to share the code but don't want people to use it I'd just put it somewhere it with no license at all (all rights reserved).
> You are free to use it yourself.
Idk. That's not how I'm reading it. Someone reading my blog is a user of the blog software. So running the blog and letting people read it would fall under that limitation and therefore would be prohibited.
I understand that's probably not what they tried to write, but wouldn't want to defend that understanding in a courtroom.
> It's still OK to rent a VM from them and use the package manager to install it.
Do you open up port 80 to the world? Because then you are hosting the service that offers users access to substantial features or functionality.
> In any way, it is really confusing, in a way a license should not be.
On that we agree.
I understand the reasoning and I also understand the interest of still providing the sources. I'm however curious why the MIT license was chosen instead of the AGPL if competition was a concern
AGPL doesn't prevent others from reselling your software no? I thought it only mandated that they also release their own source modifications.
He seems to claim 3rd parties are offering bearblog commercially without modifications (or with useless modifications, like just a changed name).
Presumably it wasn't a concern when they started and became one later; after all, they changed the license.
I really believe this is the best model or licensing. I care about seeing the code and being able to modify it to suit my own preferences, but I also care about the project being healthy and the maintainer being able to earn from their efforts without worrying about cheap competition.
Even better when a project starts with this model so it doesn't feel like a rug pull or doesn't get messy with forks overshadowing the original product. But I don't feel like Bear had the kind of scale to face this type of reaction.
I use mataroa.blog periodically which is in the same nice and I wish the Bear maintainers fulfillment with their project.
Bear has built a great community, I often find myself looking at blogs on the platform. The trending list is a pretty good news feed of tech-blogger related content: https://bearblog.dev/discover/
Does anyone know why this says "No javascript, no stylesheets, no trackers. Just your words."
But when you look at the github repo here: https://github.com/HermanMartinus/bearblog
It says the repo is 40% CSS and 31% Javascript? Am I misinterpreting what this means in this context?
If you click on the language name, GitHub should take you to a list of all files in that language in the repo. It looks like the JavaScript is basically all admin type stuff.
He talks about his blogging software bearblog.
Bear is still here https://github.com/rizsotto/Bear and open source
It's great to see the open source crowd particularly in Europe is finally turning corner here.
You know something's broken when Microsoft gets to claim to be the biggest backer of open source.
Meanwhile they'll break your back and steal all your trust and credibility if they can
> You know something's broken when Microsoft gets to claim to be the biggest backer of open source.
They can say whatever they want. They're just lying. If you spend even a little bit of time looking into it you'll find it's just a marketing strategy.
I spent a little time looking into it, and it turns out that Microsoft owns an outfit named GitHub, which apparently offers free hosting for open source projects and is used by a lot of open source software makers. And Microsoft has around 4k employees with contributions to OS projects on GitHub. So maybe "biggest" is a lie in light of their anti-OS efforts, but it is at least arguable. Can you propose a bigger one?
Microsoft is the biggest supporter of Microsoft gaining market share.
Red Hat is the biggest supported of Red Hat gaining market share. They are also a big supporter of open source...
I'm not claiming Microsoft is a good actor (and they certainly produce a whole lot of derpy trash along the way), but the argument itself is not particular sound.
You mean the outfit that has misappropriated the code of those hosted projects to train their commercial code generator which is a very clear violation of the spirit if not the letter of the licenses of many of those projects?
What is to prevent someone from cloning this code, and jumping into claude code and saying: "implement an identical system in Elixir?"
LLMs are great at translation from X programming language to Y programming language.
The Google/Oracle Android/Java lawsuit boiled down to whether Google engineers copied source code, or whether they re-implemented things in a clean room without using prior code, right?
Isn't using an LLM to rebuild something a great loophole for this elastic search license?
I see this being a losing battle because the license is only as strong as your ability to enforce it. Bear is probably in a good position because of their network position, but this seems like a losing battle long term.
What's preventing someone just ignoring the license?
This isn't bear, the compilation database building cli tool, for those similarly confused.
Almost the same emoticon logo too.
ʕ•ᴥ•ʔ Bear vs. ʕ·ᴥ·ʔ Build EAR
The compilation database tool (https://github.com/rizsotto/Bear), is extremely helpful. It got CCLS/clangd working for me over multiple in-house build systems at a vfx studio.
It also is super helpful for debugging. I have used it a lot alongside a script which converts a compile_commands.json to a sequence of commands, so I can edit them individually without fiddling with the build system, and then once fixed (such as adding a flag to one TU) try to find the way to do that in the build system.
I got this confused with the Bear note-taking app for a minute (https://bear.app/), since it's in a closely adjacent domain and even has similar value statements. Unfortunate naming collision
> We're entering a new age of AI powered coding, where creating a competing product only involves typing "Create a fork of this repo and change its name to something cool and deploy it on an EC2 instance".
I've been curious about how LLMs would impact open source, I have some theories and this is not the only one.
I would love to hear your other theories!
I don't think it would exactly be "create a fork of this repo", but if a developer invests significant time and effort solving hard problems where the solutions are implemented in the released source, once an LLM model is trained on it, then someone else could quickly and easily have the LLM generate a new program that implements the novel solutions. Whether this is a problem or not may depend on the motivations of the developer, but this potential for IP laundering may very well begin influencing the licenses and methods of distribution that people choose.
(Of course, I suppose at some point AI will be able to analyze and learn from binary executables or obfuscated source...)
open source is charity. I believe in it, I contribute to it, but I recognize it is unlikely to lead to a sustainable livelihood
Yes. Somebody else using your software is usually the ambition of open source developers but this guy is hurt by it. He's programming for money, not doing charity. It sounds like being open source was just for show to make his business look like a charity.
There are lots of FOSS consultancies out there doing fairly well, some linked from the FOSSjobs wiki:
https://github.com/fossjobs/fossjobs/wiki/resources
Sure but the open source part is mostly incidental to their work. They solve business needs for corporations.
The open source part is usually the whole point, they work solely on open source projects themselves, not deploying those projects for corporations. They work on things like the Linux kernel, mesa, systemd, distros etc.
I don't know about you, but if I'm going to donate to/work for charity, I'd like to ensure it's for someone who actually needs it rather than the Amazons of the world. I don't feel a pressing need to donate any money or time to them.
That makes no sense at all. Software is not a scarce resource, unlike your money. If you donate money to a charity who gives it to Amazon, you would have good reason to be upset. But if you write a piece of software and Amazon uses it, other (needier) users benefit just as much!
Or to put it in another context, if you went and volunteered for a highway cleanup, would you get mad if Bezos drove on the highway you cleaned? Because that is what your position here is analogous to, and that seems like a poor line of reasoning to me.
> if you went and volunteered for a highway cleanup, would you get mad if Bezos drove on the highway you cleaned?
No, but I would get mad if Bezos made a ton of money charging people to drive on a clean highway after I had cleaned it for free.
The situation is more akin to Bezos charging people to deliver goods via your highway while others can still use it for free though.
> This license is almost identical to the MIT license but with the stipulation that the software cannot be provided as a hosted or managed service
Note that while the original change was an additional clause to the MIT license, it was quickly changed to something completely different.[0] Since it no longer permits sublicensing and restricts "remov[ing] or obscur[ing] any licensing, copyright, or other notices in the Software," I believe it's closer to GPL now?
[0]: https://github.com/HermanMartinus/bearblog/commit/89c3f346ef...
The updated license in the BearBlog repo (https://github.com/HermanMartinus/bearblog/blob/master/LICEN...) doesn't seem to match the Elastic License very well (https://www.elastic.co/licensing/elastic-license).
Have I missed a different source for the license text?
Should have re-licensed to the spite license: https://github.com/voynix/spite-license
While I can be sympathetic to the problem. This seems to a be a text only blog. Is the technical part here truly the big barrier to setting up a competing service?
It's always sad when someone removes their project from the free software world.
I'd like to comment further on the permissive license point:
> When I started building Bear I made the code available under an MIT license. I didn't give it much thought at the time
I suspect many people choosing permissive licenses do it in the same spirit. They don't give much thoughts about the license, they just want to share the code with others (which is very nice!), and there was a push some years ago to make permissive licenses the default in many ecosystems (this is not innocent, by the way).
For me, the first lesson from this blog post is: think hard about what you want to really allow.
Given what the author says later:
> It hurts to see something you've worked so hard on for so long get copied and distributed with only a few hours of modification
The permissive license was obviously a bad choice. Not blaming, of course, hindsight is 20/20.
Pick permissive licenses if you are okay to work for free for other entities, and if you are cool with the potential asymmetry of them not sharing their improvements.
I'll preach for my church: when you release something, please consider a strong copyleft license. If it's SaaS, consider AGPL. It still allows people to provide services with your work, but if they need to improve your code, they are required to redistribute the improvements to their users. I don't see many reasons, in most cases, to allow people to get your code and not do the same as you: provide the code to their users; that's unfair to both their users and yourself (a notable exception is if you want to push/promote a format or a standard - then you want to push adoption at "all" costs).
Most of the times, this means you can get these improvements back. By sharing free software under AGPL, it is still possible that you'll work for free for someone else. But at least, you'll be competing on more equal footing. They'll actually need to work to be better than you.
In both cases, your advantage over them is your expertise in your own stuff.
A side effect of the AGPL is that big corps are afraid of it, so you will likely not get competition from them (even though AGPL allows them to do so).
I didn’t know this was a Django application. Love that. Totally understand the author’s point of view, too.
Curious what author would think of separating the service and the core parts and leaving core as open source.
This way someone could create a competing service but they would have to write the entire service layer themselves and a single user would be able to self host the core part.
Also curious what they think about the thiefs not caring about the license and copy pasting it anyway. I don’t think the kind of person that copies your code and tries to sell it would really care about the license
From their GitHub: Obviously you could self host it (and I guess plenty have figured out how to and even created competitors with the code if they are making this change?), but they discourage hobbyists from trying with this unhelpful statement. So what was the point of even being open source? Their whole statement kind of comes off as disingenuous to me because of this.
"Bear Blog has been built as a platform and not as an individual blog generator. It is more like Substack than Hugo. Due to this it isn't possible to individually self-host a Bear Blog."
What I find amusing is that it's built on top of Django and of course uses a few other dependencies[0], and without them the project wouldn't even exist...
0. https://github.com/HermanMartinus/bearblog/blob/master/requi...
That argument can be made for virtually every piece of software. We all build on top of the work of others.
BearBlog built on top of the work of others. Now you can't build on top of the work of BearBlog.
The argument is that why should I be able to use software for free but do not want mine to be used the same way?
So everything should be open source and no one should be able to write software to sell it?
If you want your projects license agreement to be withheld in future projects there is a license for that. Its called copyleft
That would be great, actually. AGPL for everything.
It can and it should.
You shouldn't look a gift horse in its mouth. Anything being open-source does not entitle you to be able to easily run it yourself. You are given the source as-is with no warranty. It is up to you to be competent enough to do anything with it and not the responsibility of the authors of the code.
If this doesn't suit you (as in, if this is a project you can't run, let alone maintain yourself), then you should consider paying someone (preferably the authors) to do so. I know this is novel to many people here who are used to exploiting the free labour of open-source maintainers, but it's been a decider in tech choices I make lately.
'Can I/anyone else at the company debug an issue and create a bugfix for this cool new open-source tech I want to introduce?' If no, then we are not qualified to run it without external help.
Well I disagree. My take: they wanted their cake and to eat it too. They wanted to be able to say they were free/open source, but really didn't want anyone to be able to utilize the code in any meaningful way. The hobbyist will be turned off because it doesn't look like there is any way to even try it out themselves on their own VPS or hardware. That seems intentional. And now, they change their license so that anyone smart enough to figure it out and make money with it, they not gonna allow that either now. Feels like we know how they really felt from the start, which is they didn't really want anyone to run this code on their own to begin with, but they wanted to still be able to claim "fully open source." IMO, even “disingenuous” is actually a somewhat kind word to how they come off to me.
It reads perfectly clear. It is designed to be a platform and mit license makes it too easy for other people to create competing services and they don’t want that.
Maybe it was a mistake on their part to make it initially open source or it is bad that there are people looking to steal other people’s work
If you don't want your work to be "stolen", and instead want to force the people to contribute back, use the AGPL
It's not possible to steal code, since the original author still has it.
It depends what it is used for. It is not so simple if they are profiting off it and you start profiting as well by stealing their customers. Maybe it is ok even then, but it sounds like it would be super annoying if the “thief” is just copy pasting the code without adding any value
This really confused the heck out of me. I thought Bear blog was really cool. I saw the GitHub link and had hopes to self-host. Then saw the note that it’s not possible to self-host and closed the tab and never looked back.
So this whole post on HN is confusing as heck.
Why post the code at all if you can’t self-host? But apparently you can self-host?!?
Well, I guess kudos to those that saw the note and downloaded the code anyways and tried to spin it up.
I had exactly the same reaction when I looked at the GitHub a few years ago. I was like, ok well that's weird, and didn't think about bearblog anymore
> Unfortunately over the years there have been cases of people forking the project in the attempt to set up a competing service. And it hurts.
I am literally incapable of sympathising with this situation. Seriously, what did you expect to happen?
As much as people tend to hate it, I quite like copyleft licenses on the whole and wouldnt mind it at all for Bearblog, but this particular variation seems a bit odd. I mean I havent heard any problems from Elastic with it so I guess it sorts itself out, it just seems more complicated just AGPL
> It hurts to have poured so much love into a piece of software to see it turned against you and threaten your livelihood.
I'm confused: how is this their livelihood? I don't see any way to pay them directly nor where they monetize the blogs.
Their pain is real, my question is in good faith, and I explicitly am not disparaging the love they have poured into this project.
It isn't obvious from the title or the blog post itself, but it looks like this is some blogging software called Bear, not Bear the markdown notes app for macos and ios, which as far as I know isn't open source anyway
Maybe unfairly but quite disappointed at this development.
This sentence crystalises open source:
> "Unfortunately over the years there have been cases of people forking the project in the attempt to set up a competing service."
You make something for everyone. And they may use it as they please. This is what open means. Did the author make something open source with the hope that nobody would actually use the gift that they made?
Mataroa [1] also started with MIT license (directly inspired by bear blog) and it subsequently changed as well but to Affero GPL instead.
[1] https://github.com/mataroablog/mataroa
I vaguely remember seeing bearblog before. While I can't comment much on the actual article, I do want to applaud how simple it looks. It makes me want to migrate away from ghost to bear or hugo or something without javascript/etc.
Most static site generators offer a Bear Blog theme, including Hugo and Zola.
So you can get a self-hosted site that looks and acts like a Bear Blog, but run it yourself with a free software SSG.
Even better, thanks for the tip! I'll have another go at migrating to Hugo or maybe spend some time checking out other ones that are new to me.
If competition hurts then yeah, you probably didn't want to be open source to begin with
This screams of uneducated regret with a sprinkling of greed. How do you make your code open source but then not understand what open source is? Or even read the license?
It could also scream life changes. There are plenty of scenarios in which initially the pros of open source outweighed the cons and that has flipped today.
I can say that if I had spent years working on a blog platform with some decent side hustle income I may want to protect it better if I thought my main income might change, by choice or otherwise.
Why is there no support for compression?
> Accept-Encoding: deflate, gzip, br, zstd ...That's kind of the point of MIT.
Nitpick but I accidentally upvoted the article (in the bearblog.dev website itself, the small upvote in the website)
and turns out once you upvote, you can't downvote?
Well, I love minimalist site providers Its license is AGPL which still technically falls under Open source as to what "OSI?" says.
Source available just have a bad taste in my mouth. Maybe my critique of them isn't based on good intentions but I feel like I am getting really restricted as a user by source available licenses. I understand the pain of developers trying to make money. I just think that AGPL is a better use case and even elastic search went back to agpl and a lot of these source available things are going to agpl
I am sure that big tech might be able to bypass agpl itself somehow and that's why there were things like sspl but I still think that agpl is one of the most rock solid copy left licenses.
Why do people go with MIT over a GPL? Would have just releasing it under GPL in the first place also have prevented this?
Don't get me wrong, I have released libraries under MIT before because I have absolutely no problems with others using it even if they want to commercialize it, but I've also released things under GPL3.
Even AGPL would not have prevented this; it would just have required anyone else offering Bear as a service to contribute back changes. It would have discouraged larger companies with policies against AGPL from doing so, but not everyone.
Companies in situations like these keep making this blunder when the solution is so right in front of them: use the AGPLv3.
AGPL is not enough to prevent someone providing competing hosting options. They'd need to provide code if they make changes, but competitors are still free to offer the exact same service and not spend anything in development, which reduces the viability of the original project if hosting was the supposed source of income.
So the original project wants to restrict user freedoms, i.e. they _do not_ want the project to be open source; it's a legit choice, even if I personally prefer free software.
I feel like this logo ʕ•ᴥ•ʔ is also sort of just pulled from the open culture and free-ridden as he pleases.
Hot take but in the era of vibe coding, where you can literally one-shot a clone of bearblog, this comes as a surprise that people are trying to set up paid alternatives to this service trying to hurt his baseline..
i need a bear alternative that can support images and video embeddings
https://prose.sh — serve your blog using ssh. It was inspired by bearblog and others in this ecosystem of minimal blog platforms.
https://pico.sh includes a suite of other services (some paid) but the business model doesn’t depend on prose in particular.
We open source every line of code we legally can at Distrust, and it has paid off in getting us work, even on forks, many many times.
Source code is cheaper than ever, so if you fail to open source first then an open source clone will be created, and your hard work will be irrelevant. Best to have the first open source mover advantage.
This move just told users you are selfish, and breaking the pay it forward chain of goodwill extended by all the developers of the open source libraries your code relies on.
You also just told everyone to park their content on a platform that now has a bus factor of 1, with no option to export and reimport to a compatible fork hosted elsewhere.
If your ability to make a living hinges on open source code like yours not existing, then you are already on too fragile ground to be sustainable, and this looks desperate and will just make more people leave.
I am confused, Bear appears to make no money as the hosting is free. So this is about hurt ego, not any financial loss.
He is very much making money with it: https://news.ycombinator.com/item?id=38937143
I suspect it is now probably more than in 2024.
Apparently this holds true today as well: https://news.ycombinator.com/item?id=38937425
Thanks for the bear blog.
Considering how LLM companies don't respect licenses, and if your livelihood depends on it, I'd go a step further and only make the source available upon request, under strict agreements about how it's used.
There's a lot of "open-source" nowadays that has nothing to do with the spirit of hacking.
Its interesting that they went with the Elastic License. Maybe this is a leaf in the wind that we're going to see more adoption of the license outside of Elastic. I get it's not a "standard" license, but standard licenses become standard through adoption. Someone has to be early to the party.
I like the Elastic License. It helps me know which programs to avoid.
It's odd that this blogging system is using a name also in use by a writing tool:
https://bear.app/
I don't have experience in the subject but recently listened to a podcast episode discussing the tension between open source and building a sustainable business by Oxide and Friends.
https://podcasts.apple.com/us/podcast/open-source-and-capita...
https://podcasts.apple.com/us/podcast/open-source-anti-patte...
I'm glad to hear the new
It's funny this all to do about Yet-Another-Simple/Static-Blog generator or whatever
There's a reason why some call MIT/BSD licenses "cuck licenses." If you don't want others to profit off your hard work... don't pick a license that lets other profit off your work...
[flagged]
[flagged]
[flagged]
Have you considered that some people listen to text rather than read it? Do you think screen readers, non-native English speakers, or anyone else listening to these are able to reasonably differentiate between “Open Source” and “open source”?
Most readers won’t notice the difference or disregard it as meaningless and if you have to explain to everyone your position on a matter of communication it’s likely that you are the one who needs improvement with respect to your communication, not the rest of the world.
> non-native English speakers
As one of them, I can tell that I agree with @NiloCK.
Maybe because I'm French so I had to learn even stronger rules, but to me if someone doesn't capitalize proper nouns in English, I'll first think that I misunderstood what they were writing because of my deficiencies, before coming to the conclusion that they didn't capitalize.
Whereas, in French, I'm confident enough to mentally capitalize without even thinking about it.
Apologies if I was unclear, but I'm not worried about being understood. It's rare for me to write on the topic.
My frustration is that I always have to guess at writers intention, and that the broader dialogue is confused by this lack of clarity.
This thread exemplifies it - people accused the BearBlog author of being a hypocrite because he says things like "It hurts to believe in open-source and then be bitten by it."
A more charitable read than the hypocrisy accusation is that the BearBlog author never believed in Open Source as intended by the OSI or MIT license, but rather believes in open source as colloquially used, for purposes of software legibility.
> screen readers
Good screen readers will definitely pronounce capital letters differently by way of emphasis.
Impractical as he is, he is still technically correct, and I suspect, courts would back this stance were it ever to be tried in court.
I’d like to see a “no jerks” license. It’d be MIT by default, but call out specific bad actors as being disallowed from using the software. That way your average corporate user wouldn’t need to consult a lawyer before adopting
It will be as useless in terms of enforcement as "shall be used for good, not evil." https://www.json.org/license.html
I think they're suggesting a license that says "except Apple, Amazon, Google, Huawei, ..." not a license that literally says "no jerks".
The problem of attempting to enumerate the jerks does seem pretty... insurmountable... to me though.
Yeah, and even if you like the idea, this is not dependable. How do you know, as a user, that you'll not end up in the jerk list tomorrow?
Presumably the license would, like practically all open source licenses, be irrevocable. You aren't guaranteed new versions will be issued under the same license (short of a contract saying otherwise, just like every other piece of open source software) but the existing license that did not list you as a jerk can't be revoked...
True, but that's still a risk that adds to the risk of the authors switching the license.
BTW, if the jerk list is tied to the license, if the project had external contributors, they all need to agree to add or remove someone from the list, like any license change…
> BTW, if the jerk list is tied to the license, if the project had external contributors, they all need to agree to add [...] someone from the list, like any license change…
Not if you base this off a license like MIT that allows sublicensing under more restrictive terms (not a lawyer, not legal advice)
Untrue - all that needs to happen is that future work needs to be released with the new list attached.
This software shall not be used for evil. With the exception of IBM, who, together with their partners and minions, are allowed to use this software for evil.
Silly. Globally over half of smartphone users have Android phones. Bear was actually the only thing that kept me in the Apple ecosystem for so long, was really bummed when I switched to Android to have to move to another notes program.
IMO - you are charging money for your app which makes you a business. When you don't listen to the market you forfeit any right to complain when you get your lunch money stolen. Sounds hard but most lessons in business are expensive!
That’s a different product — bear.app. This is about bearblog.dev.
Honestly I was really confused about this too…