In the 20 years since its inception, open source has turned out to be the most successful model for building software. The world today runs on open-source software (OSS). An ecosystem has been created around OSS. Businesses and software builders use OSS directly or indirectly, while others offer services and products based on OSS.

OSS is perceived as being free, fair and/or ethical. This perception, however, may not be entirely true. That may be counter-intuitive, but it’s at the heart of the debate around OSS. As OSS is growing up, it’s becoming more successful, more complex, and ubiquitous. It seems we are entering a new phase for OSS, and it’s not without growing pains.

Commercial OSS in the cloud

The four essential freedoms are a cornerstone of OSS. They refer to what users can do with the software, but they tell us nothing about the economic cost, or benefit, related to the software. OSS is free as in speech, but not free as in beer. Someone has to build the software, and then someone has to maintain, run, and manage it.

As far as the perception of OSS being fair or ethical goes: it’s just that – a perception. The perception stems from the OSS community ethos, but in reality, the OSS freedoms are at odds with notions of fair or ethical use. Anyone can contribute as much or as little as they please to OSS. Anyone can use OSS for any purpose, regardless of contribution.

This has led to where we are today. Cloud vendors like AWS, Google or Microsoft, have built their infrastructure based on OSS. Each of them also contributes to OSS in many ways, including code and outreach for existing OSS projects, as well as establishing new OSS projects. But use of, or contribution to, each OSS project is not really accounted for.

Recently, the Apache Software Foundation, one of the key OSS institutions, celebrated its 20th anniversary. The ASF claims the value of the software under its auspices is around $20 Billion, by its own estimates. Everyone is entitled to use the software for free, and many do. But the ones who create this value are the ones who contribute to OSS, be it in code or in other ways.

As analyses have shown, many OSS contributors do this because they are intrinsically motivated: the software is interesting to them, they need it, or they feel good about their contribution. In that respect, they are not much different from vendors that have chosen to build OSS products. Those vendors have invested in their OSS, and their ROI depends on it.

Which brings us to cloud vendors. As many pundits note, cloud vendors operate on a whole different plane. If commercial OSS vendors are about taking innovation from 0 to 1, cloud vendors are about taking it from 1 to n. This brings value in and by itself. Cloud vendors also release OSS projects of their own, and contribute to existing ones. Their strategies, however, differ, and this is where things get complicated.

AWS is the leader in the cloud market. The strategy AWS has adopted with regards to OSS, however, has exposed it to criticism. Recently, an independent data-driven analysis was done on GitHub, where OSS code lives. The analysis showed that in terms of code, AWS does not seem to be contributing much to the development of the OSS products it offers as a service.

It’s understandable why vendors building those products are looking to tweak their licenses to disallow AWS from running their software as a service. It’s also understandable why the OSI, which has control over OSS licenses, is pushing back: by introducing those tweaks, the software is no longer OSS.

If this was just a clash of commercial interests, we might be getting our pop corn to watch. But for something with such high value to society at large as OSS, the ramifications are important. Is there a way everyone involved can get a fair share of the profit, and keep contributing to OSS? Let’s hear what 2 CEOs from vendors who build OSS, and work with AWS, have to say.

The co-opetition view: one big act vs. many small ones

Dor Laor is the founder and CEO of ScyllaDB, an OSS vendor with an interesting story. ScyllaDB was built on a contentious premise, as it is a re-implementation of another OSS database: Apache Cassandra. Laor has shared thoughts on OSS license changes, as well as Amazon’s latest move to offer Cassandra as a managed service on AWS cloud.

Our discussion started touching upon ScyllaDB’s latest features. According to Laor, these features (most prominently lightweight transactions) do not just bring parity with Cassandra, but go one step further. Laor expanded on the technical aspects of ScyllaDB’s solution. As these seemed technically sound, yet conceptually simple, the discussion moved to a broader topic.

Laor claimed none of ScyllaDB’s closest matches, namely Apache Cassandra and AWS DynamoDB, have such features. When asked why he thinks that is, given the nature of those features, Laor offered 2 answers.

For Cassandra, he mentioned that for the last few years its former main contributor, namely DataStax, has taken a step back. Naturally, this has stalled Cassandra’s development considerably. As for AWS, Laor noted that AWS has the tendency to offer products that are good enough, but not necessarily the best in their league.

As ScyllaDB is also available on AWS, and Laor was present at AWS’s main event, re:Invent, in 2019, he offered a metaphor to explain this. Laor said there were a number of stages set up for various acts in the re:Invent after party, and he found all of them mediocre. Laor went on to add that he sees that as a metaphor for AWS’ philosophy of going wide, rather than deep in its undertakings. This is a point shared in other OSS vendor strategies, too.

But ScyllaDB went beyond that, to do something no other OSS vendor we know of has done before: offer a compatibility layer for one of AWS’ products, namely DynamoDB. ScyllaDB’s DynamoDB API support will be officially available soon, and it will enable DynamoDB users to migrate to ScyllaDB. Laor said there is a waiting list for this.

This is technically feasible, and legally permissible. Unless things change, there are no restrictions on using APIs, as per the famous Oracle vs. Google case verdict. While some of AWS’ own people questioned this move, Laor claimed users are better off using ScyllaDB. In turn, this opens up some interesting questions. What about ethics, and contribution?

Building a new implementation of an existing API seems cleaner than using someone else’s implementation, but it still means benefiting from a userbase others built. Laor acknowledged that, as well as the fact that ScyllaDB leverages contributions from Amazon, Cassandra, and DataStax. He also pointed out that this spurs innovation and benefits users, and measuring contribution is very hard.

ScyllaDB has an open core strategy. Some features are proprietary, while the OSS core is licensed under AGPL, which Laor said AWS avoids. So far this has worked in deterring AWS from offering ScyllaDB as a service, although it could also be that ScyllaDB has not reached critical mass yet. In any case, as Laor said, these things change.

The collaboration view: balancing OSS makers and takers

Most OSS products fall under one of two categories. Many products are largely driven by a single vendor, whose employees contribute most of the related effort and drive its directions. Other products leverage contributions that cross-cut organizations who employ the contributors; often, OSS work is the main activity for such contributors.

But there is an OSS product in which the vendor commercializing it only contributes 5% of its code while still being the largest contributor. The product is commercially successful, has a community-driven decision making process, and is a distinguished AWS partner, too. And these are not the only reasons why Acquia, the vendor commercializing the Drupal CMS, and Dries Buytaert, its founder, stand out.

Recently, Buytaert shared his thoughts on balancing OSS makers and takers in an elaborate blog post. In our discussion, Buytaert confessed it took him a couple of weeks to put his post together. This is understandable, considering how many aspects of OSS it touches upon.

Drupal started in 2000, while Acquia was founded in 2007. As Buytaert highlighted, Acquia and the Drupal community have a unique relationship, which is formally documented in a charter. The community includes about 80.000 contributors, while Aquia employs about 1.000 people.

Yet, Drupal’s governance is not with Acquia. The community sets Drupal’s roadmap, and elects people in leadership roles. People choose to contribute to areas that matter most to them, and Acquia does this, too. Buytaert said that even when there is a decision Acquia does not agree with, the decision is carried through, if there is substantial backing for it.

Buytaert builds on the notion of OSS as part of the Commons, introducing an important distinction. For end users, OSS projects are public goods; the shared resource is the software. But for OSS companies, OSS projects are common goods; the shared resource is the (potential) customer. Makers invest heavily in the software, takers are mostly interested in customers.

Buytaert, leveraging Elinor Ostrom’s work in addition to his own experience, seems to have gotten to the heart of the issue. Research shows that when the Commons are left unchecked, without governance or rules for contribution, they collapse: shared resources are either engulfed or exhausted.

Organizations like the ASF and the OSI have done a good job in making OSS successful. But now that OSS is successful, without a mechanism for fair reward in place, we have no reason to believe OSS will not have the fate of Commons that preceded it. This is why we wondered whether the OSI should perhaps reconsider. Apparently, we are not the only ones, and the OSI seems to be listening.

Ethical software

First off, there seems to be an ongoing debate within the OSI itself as to what should constitute an OSS license today. This goes to show that what worked 20 years ago is not necessarily what works today. In addition, more and more people seem to be realizing the OSS conundrum, and are sharing ideas to move forward. Buytaert, on his part, offers 3 concrete proposals.

One, don’t just appeal to organizations’ self-interest, but also to their fairness principles. Two, encourage end users to offer selective benefits to Makers. Three, experiment with new licenses. Those points were also backed by Laor, who prompted users to consciously vet their OSS providers for fairness, and pointed to precedents like the Open Invention Network.

One thing is clear: AWS should not be excluded, it’s a vital part of the OSS ecosystem. The fact that this is a complex ecosystem with many actors that need to strike a balance is something many people agree on. This includes Buytaert, Laor, and AWS VP/Distinguished Engineer Matthew Wilson, a self-proclaimed “OSS romantic”, to name but a few.

Buytaert also agreed with Laor that while AWS is a good partner to have, if it decided to start offering ScyllaDB or Drupal as a managed service on its own, there would be nothing they could do to stop it. Buytaert was also clear on something else: making OSS sustainable may require a break with OSS as we know it. But if that’s what it takes, so be it.

This also seems to be the gist of Wilson’s position as stated in a number of Twitter threads: this is how OSS works. If you are not happy with it, do it differently – just don’t call it OSS. This is a fair point, made by others, too. Recently Stephen Walli, principal program manager on the Azure engineering team at Microsoft and an OSS veteran, shared his ideas on Software Freedom in a Post Open Source World.

Walli went through the history of OSS, the four essential freedoms, and the ways and reasons people challenge how OSS works. Walli’s message is along similar lines: “I am happy for people to challenge the ideas that define our software collaborations and culture of outbound sharing. But I want them to be bold. If you want to define a new movement then do so.”

Some people call it Commercial OSS, others Cloud Native OSS. Either way, it’s not just commercial interests that question how OSS works today. It’s also people concerned about the ethical implications of OSS. Although it could be argued that fairness touches upon ethics too, Coraline Ada Ehmke and the Ethical Source Movement (ESM) have a somewhat different angle.

Ehmke, who founded the ESM, is a software engineer, a public speaker, and has been an active OSS participant since the early 2000s. Ehmke, who previously stated that “OSI and FSF are not the real arbiters of what is Open Source and what is Free Software” is now running for the board of directors of the OSI, and the OSI’s VP seems open to engaging with her. The ESM states:

“Today, the same OSS that enriches the commons and powers innovation also plays a critical role in mass surveillance, anti-immigrant violence, protester suppression, racist policing, the deployment of cruel and inhumane weapons, and other human rights abuses all over the world.

We want to do something about this misuse of our software. But as developers we don’t seem to have any recourse, no way to prevent our work from being used to harm others. We want to change that”.

Fair software

The definition of Ethical Software breaks with the four essential freedoms of OSS, creating licenses such as the Hippocratic or the Atmosphere Licenses. This raises questions, including how to enforce such licenses. Though a definite answer is not readily available, for the time being the thinking seems to be that fear of exposure of illegal use should work on a first level. People seem sympathetic to the notion.

Ethical software licenses are not the only OSS variant around, however. There is also the Fair Source License, allowing users to view, download, execute, and modify code free of charge. Up to a certain number of users from an organization can use the code for free, too. After an organization hits that user limit, it will start paying a licensing fee determined by the software publisher.

Fair Source was created by Sourcegraph and drafted by Heather Meeker, a prominent OSS lawyer who also drafted the Commons Clause for RedisLabs. Fair Source got featured on Wired, and received praise from GitLab, but it does not look like it got much traction. The reason is probably that as things stand, Fair Source is also not an OSS compatible license.

This all seems to be pointing somewhere: perhaps we’ve reached the limits of what OSS in its current form can do. People are realizing it, and questioning the status quo. Whether that will lead somewhere, remains to be seen. But some first steps are taken, and the potential seems to be there. OSS was a bold step in its time, too, and its pioneers paved the way.

To wrap up, let us revisit the “quantifying OSS contribution is hard, and it’s not only about code” argument. This is true beyond the shadow of a doubt. But before dismissing quantification as mission impossible, we should consider a few things.

Commercial OSS vendors are building platforms to power today’s data-driven economy. As a 3rd party analysis on GitHub data shows, they -expectedly- seem to be key contributors to their own codebases. While there may be communities of practice built around the products, in most cases we would assume vendors do much of the non-code work too – promotion, support etc.

OSS vendors have people who contribute to these tasks in their payrolls. Presumably, these people leave the digital footprint of their work on all sorts of systems. From OSS code repositories to issue trackers, HR, project management tools and spreadsheets, to social media. Nobody should be more motivated or better positioned to develop a holistic, data-driven model for OSS contribution, than commercial OSS vendors.

Doing this would make their claims much more grounded. To be entirely fair, commercial OSS vendors should also apply this to external contributions, be it from individuals or from organizations such as cloud vendors. And to back claims about putting OSS sustainability and the common good first, changing their status to B Corporation to reflect that might help, too.

To get over the OSS midlife crisis, and make software great again, leadership is paramount. There is no doubt the amount of legal, social, software, and data engineering needed to evolve OSS is staggering. But OSS is so important, that it would be irresponsible to shy away from it. Some OSS leaders are showing the way. Opinions may vary, but the issue is being acknowledged. Who would not want to have ethical, fair, open-source software available on demand in the cloud?

This is a chance for everyone to put their data to good use. Amazon, as well as commercial OSS vendors, are leaders, each in their own way. They have great power, which comes with great responsibility. The way other cloud vendors deal with OSS vendors may not be perfect, but it’s a start. We’d like to see that taken to the next level, and involving the entire industry.

Coming up with a way to fix commercial OSS by measuring and rewarding contribution is something that will not just benefit vendors, but the world at large. So if not them, who? If not now, when?

Originally published on Linked Data Orchestration under CC BY-SA 4.0

The post Make software great again: can open source be ethical and fair? appeared first on P2P Foundation.

Microsoft used every trick in the book to lock users into a dependency on its software. One technique, for example, deliberately underdocumented the technical specifications for software, which made it impossible for non-Microsoft programs to interoperate perfectly with Microsoft Office. Because such performance is unacceptable to many industries and users, Microsoft in effect made its software noncompatible with other systems as a way to protect its market dominance and reap enormous profits.

The irony is that software developers were technically capable of using the Internet to collaborate online to produce office suite software. But this was not widely recognized until developers came together in the 1990s, working outside of large, proprietary software companies, to create Linux and the Apache Web server software. The success of these and other open source projects began to put pressure on many proprietary vendors as consumers and developers realized that they had alternatives. Even many large companies such as IBM and Intel started to see business opportunities in contributing to the development of open source software. The code might be free to everyone, but they could make money by providing technical support and service, as well as custom adaptations of the code.

Securing freedom for end-users of software has been elusive, however. Programmers regularly predicted that the next year would become “the year of the Linux desktop,” in which open source office apps would become popular, but these visions never materialized.

One bright spot, however, was OpenOffice.org, a corporate-controlled word processing program that a corps of dedicated software developers improbably converted into an authentic software commons. The story begins when Sun Microsystems, a company that once was a pioneer of proto-open systems, began to feel competitive pressure from open systems like Linux. With grandiose aims of displacing Microsoft, Sun acquired a German company in 2000 and released an open source version of StarOffice called OpenOffice.org (OOo).

As a corporate-managed open source suite of office software, OOo was not really a commons. Still, OOo was a full-featured office suite that was generally interoperable (with lots of rough edges) with Microsoft’s suite and thus the rest of the world. OOo provided a big incentive for users of nonfree Microsoft and Apple systems to install OOo, save money and learn about open source.¹

But it was unclear from the start how Sun would work with outside developers and whether OOo could break Microsoft’s near-monopoly. Despite Sun’s relatively progressive corporate ethic, it gave itself absolute control over project governance for OOo because it wanted to produce a “shrinkwrap” product. This proved to be a big disincentive to non-Sun developers to participate in improving OOo. In response, non-Sun developers in 2002 began providing their own versions of OOo, which they included in popular distributions of Linux in preference to Sun’s version. It was as if the commoners would not be thwarted in their drive to create a software commons!

Another force driving this effort forward has been Open Document Format (ODF), a major standards effort to produce an open and fully documented set of formats for office applications. The goal has been to ensure that applications from different vendors and communities could interoperate, thereby eliminating a major source of vendor lock-in. OOo was among the first applications to support ODF in 2005.

Microsoft began its own major effort to sabotage the standards process with a competing format, OOXML. It designed its software with proprietary extensions to OOXML, effectively retaining control over its formats as a tool to prevent users from turning to competing vendors.

While Microsoft succeeded in monkey-wrenching the process (see its current profits), ODF has made both technical and policy progress that will enhance its prospects, such as an authentic interoperability among different programs and legal mandates by various public bodies that only ODF-compliant software may be purchased.

Despite Microsoft’s resistance to open formats, OOo went on to become the main alternative to Microsoft, in part through the sheer attrition of proprietary vendors. But Sun, which continued to tightly control OOo development, was by the late 2000s a troubled company with its main server business in tatters due to competition from Linux. The prospects for OOo became even more perilous when the software giant Oracle acquired Sun for its server and Java technology. The writing was on the wall: OOo would not contribute to Oracle’s profits, and would likely be abandoned.

This dismal prospect galvanized the OOo community to take steps to convert OOo from a declining corporate sideline into a robust software commons. They “forked” the project (started a different development pathway for the code) by creating LibreOffice. Nearly all developers outside Oracle and Sun joined the fork, and nearly all communities with Linux distributions made plans to ship LibreOffice (instead of OOo) to users. A German nonprofit, The Document Foundation, was set up to give the project permanent community-oriented governance. Although these events happened very quickly, they were possible only because the groundwork had been laid by nearly a decade of commoning and community that had developed around non-Sun OOo builds and ODF advocacy.

It was no surprise that Oracle then terminated OOo development. But rather than cooperating with the new LibreOffice, Oracle donated the OOo code to the Apache Software Foundation, a trusted nonprofit steward of open source projects. This resulted in unnecessary acrimony between supporters of LibreOffice and the new splinter project, Apache OpenOffice. However, as two open source projects working on largely the same code, there are strong incentives for the two to collaborate – so LibreOffice happily uses code from Apache Open Office.

LibreOffice has clearly won the hearts and minds of the free and open source community by making it as easy as possible for anyone to contribute – and impossible for any one entity to seize control the project’s governance. As a result, LibreOffice’s features, user interface and interoperability with Microsoft‘s quasi-proprietary formats have improved greatly since the fork. This has put it in a better competitive position relative to Microsoft Office than any of its predecessors enjoyed. Its popularity has also been fueled by large-scale adoptions such as the City of Munich, Germany, and other municipalities.

While these developments might normally accelerate LibreOffice’s assault on Microsoft’s near-monopoly, the shift in computing from desktop applications to the cloud and mobile devices is undercutting such gains. Google Docs, for example, has become an essential organizing tool by providing an online office suite that enables real-time collaboration on documents; it runs on Google’s servers and is accessed by individual web browsers. Google Docs does not generate the same sort of near-monopoly profits as Microsoft’s suite of office software, but it does entail a much more direct loss of user control: Google can change the software at any time, and access all files edited and stored online. Microsoft has also produced its own online version of Office, with the same properties as Google Docs – leaving commoners to once again play catch-up with proprietary vendors. LibreOffice Online has existed in prototype form since 2011, but only recently gained a dedicated development team. In 2016 LibreOffice Online should provide a robust alternative to reliance on corporate-controlled proprietary services for collaboration and organizing.

The pattern of a corporate steward of an open source project going bad, followed by a community revolt, plays out over and over. The database program once owned by Sun, MySQL, is the next best-known example. This commons-based, post-Oracle fork of code is known as MariaDB. The example of LibreOffice and ODF standards, however, point to the great potential of open governance, open development processes, and collaborative financing and marketing – and, indeed, the promise of public policy advocacy to provide legal support for commons-generated software. With motivations ranging from local skill development to national security, governments around the world are requiring the evaluation of open source options in software procurement (Italy), banning Windows 8 on government computers (China), and mandating support for open formats (UK).

Patterns of Commoning, edited by Silke Helfrich and David Bollier, is being serialized in the P2P Foundation blog. Visit the Patterns of Commoning and Commons Strategies Group websites for more resources.

Mike Linksvayer (USA) serves on the boards of Software Freedom Conservancy, OpenHatch, and AcaWiki, and is a member of the Open Definition Advisory Council and the steering committee for Snowdrift.coop. From 2003 to 2012 he served as Chief Technology Officer and Vice President of Creative Commons.

Photo by jcorrius

The post Patterns of Commoning: Converting Proprietary Software into a Commons: The LibreOffice Story appeared first on P2P Foundation.