What happened to “open source” even the promoters “dislike” it?
12 min readWhat happened to “open source” even the promoters “dislike” it?
What happened to “open source” even the promoters “dislike” it?
You may not be familiar with Bruce Perens, but he is the author of OSD (Open Source Definition) and co-founder of OSI (Open Source Initiative).
Take a look at the article “Bruce Perens Two or Three Things: The Real Powerhouse, the Aggressive Life” , and you will find that he has never left open source.
If anyone is qualified to say what is wrong with open source, he is absolutely indispensable.
In fact, he did say so. Since the birth of the GNU Project in 1983, open source (including free software in a broad sense) has gone through nearly forty years.
Is the open source movement a success? What’s the problem? How can we solve it?
At DebCon2020 (Debian Developers Conference), Bruce Perens gave such a speech, analyzing the past and present problems of open source, intending to open the “post-open source era”. Next, this article will sort out the content of the speech, hoping to inspire readers.
After “open source”, what will happen?
01 “Open source” has been around for nearly 40 years, there is both good news and bad news
First, “open source” will continue anyway.
Whatever comes up, “open source” isn’t going to be replaced. Instead, it should be presented in a completely new paradigm. And “open source” will continue in what it is today. After all, if “open source” were to be overthrown, there would be anger.
Second, the open source “successor” will be completely new.
This paradigm will go hand in hand with “open source”, which is neither “open source” as previously defined, nor free software, but a completely new thing that has never existed. This paradigm attempts to achieve what “open source/free software” has tried and failed to achieve.
Finally, it’s time to evaluate the performance of “open source”.
The first manifesto of the GNU movement was on September 27, 1983, 37 years ago! Debian and its Free Software Guide was in June 1997, 23 years ago! OSI (Open Source Initiative) was on February 7, 1998, 22 years ago!
PS. The presentation is in 2020
We’ve developed enough time that it’s time to take stock of what we’ve achieved. In general, “open source” has both good news and bad news.
Among them, the good news is:
1. The domination of “open source” in the software field has reached a staggering degree. All programmers and users cannot avoid exposure to open source software.
2. The development of open source software is unprecedentedly prosperous, with high quality and amazing quantity.
3. Many people already make money from producing open source software.
4. Open source software serves a wide range of industries that are important players in the development of open source. This process replaces the previously existing form of cooperative alliances.
The bad news is:
1. We are turning a blind eye to the damage to open source
“Open source” has been “damaged” in many ways, but over the past decade, we have done nothing to justify these “damages”. Patching “open source” doesn’t solve the problem. Effectiveness is only possible by means of creating a new paradigm that is fundamentally different from “open source”.
2. Is the combination of “open source” and business really so smooth?
The most fundamental purpose of “open source” is to integrate the different forces of business, and business gathers wealth and energy. But as a result, “open source” was successfully integrated into business, but other goals were ignored . These goals can be traced back to what Richard M. Stallman described in 1983 as “free software”, which should be about freedom, about people’s well-being.
However, these good qualities of “open source” have never made an impact on a large scale. But these days, we need those qualities more and more.
3. Does “open source” really help the general public?
Although “open source” is widely used by the general public, most people don’t know about open source, they just use “open source” for their own purposes. For example, exploiting open source devices and services to collect user information for commercial purposes, thereby manipulating users. It’s not their fault that people don’t choose to use “open source”, it’s our failure to meet their needs.
We can do a lot more than we already do when it comes to civil rights. Meeting people’s needs through the distribution and service of software, with full respect for civil rights, is something that business cannot do . Today, however, “open source” is only a small part of it.
Never use the term “non-technical users”, humans themselves are the work of genetic engineers, and this is a different kind of technology.
02 “Open source” has always had “begging problems”
Open source software created by open source developers supports the operation of the entire existing technology world. For that alone, we should be well paid. However, open source developers are in a passive position and are “beggars”. They had to reach for it.
“Please let me get paid to work for your (predatory) company so I can continue writing open source software.”
“Please sponsor me on crowdfunding platforms.”
……
Among them, the most typical example is: OpenSSL carries the vast majority of financial business operations (not only on the Internet), a guy named Ben, he works for OpenSSL, but he has not received a dime.
*OpenSSL is a very popular cryptographic library, known as one of the most important and most-relied open source projects in the world. Ben here should mean Ben Laurie, one of the original OpenSSL team members.
Subsequently, OpenSSL suffered a crisis and nearly went bankrupt, and it was the intervention of the Linux Foundation in 2014 that saved it. Things shouldn’t be like this.
*In 2014, OpenSSL released a major vulnerability “Heartbleed”, the crisis that put the famous open source software in trouble. Subsequently, the Linux Foundation established the Core Infrastructure Initiative (CII, Core Infrastructure Initiative) in a very short period of time, and actively selected important open source projects that lacked funds for funding. OpenSSL was the first project they funded.
The above picture illustrates this problem very vividly: the infrastructure of modern electronic information technology is supported by a small, very weak, very random, very underappreciated, and very unrewarded project and people. dangerous.
Open source and free software have brought considerable wealth to some, but most of the wealth has not flowed to the developers themselves.
It is a good mission to fight for the freedom and wealth of the public. But in order to make Jeff Bezos (Amazon founder, famously rich) richer, freer and more powerful, it obviously doesn’t make much sense. Open source developers, despite their struggles, don’t enjoy the same things as Bezos.
03 “Open Source” is representing powerful corporations, not ourselves!
Who are the Linux Foundation Steering Committees?
Gitlab、Google、AT&T、Facebook、Samsung、Qualcomm、VMWare、Miro Focus、Microsoft、Panasonic、Renesas、Hitachi、IBM、NEC、Fujitsu、Intel、Comcast……
This is simply putting the cart before the horse!
Among them, Qualcomm used to bother me a lot. At that time, I represented OSI (Open Source Intiative) in the ETSI standards organization. Qualcomm had a dispute with OSI because it did not want to pass the open source ETSI royalty-free standard. There has always been a conflict between the stewards of the Linux Foundation and the open source developers, and this is just one example of how the interests of both sides differ.
And, strong companies set our policies.
The Linux Foundation has removed its only “community member” board seat. As I recall, for the past decade or so, there was a company on the Linux Foundation board of directors that had badly infringed the Linux kernel in their main product, and still is.
The Linux Foundation has stopped activities related to compliance education and is divesting the field. However, in most companies, they don’t take compliance seriously without enforcement. For example, SFC ( Software Freedom Conservancy ) was withdrawn for its involvement in a VMWare infringement lawsuit .
*In 2006, Christopher Helwig (famous Linux developer) discovered the use of Linux source code in the VMware ESX bare metal virtual machine (VM) hypervisor in violation of the GPL license. Christopher sued VMware in 2015 with the help of the Society for the Protection of Software Freedom (SFC), and in 2016, a court dismissed the claim, and Christopher appealed, but was ultimately dismissed.
04 New issue: API copyright issue
In the case of Oracle v. Google, the copyright issue of API was brought up. Currently, there are no cases that overturn the “API copyright” claim.
*In 2010, Oracle acquired Sun for $7.4 billion, and Java was subsequently owned by Oracle.
In the same year, Oracle sued Google, claiming that Google violated the copyright on the Java language, and claimed 8.8 billion US dollars.
Among them, 37 Java APIs written by Google themselves are involved. For a while, the question of whether or not an API is copyrighted has been raging.
On April 5, 2021, the U.S. Supreme Court ruled with 6 votes in favor and 2 against, ruling that Google did not infringe.
Since then, the case between Oracle and Google regarding the infringement of the Java source code in the Android system has finally been settled.
The ruling did not directly deny the fact that APIs can be copyrighted, but it made clear that, under the principle of “fair use” in copyright law, API owners cannot arbitrarily prevent other developers from using their APIs to build new programs.
In the famous ALTAI case, (US courts) established a standard in theory as to what is and is not copyrightable.
It also shows that more and more things can be included in the scope of copyright, which provides a reasonable factual basis for API copyright.
*In 1992, CAI (Computer Associates International, Inc.) sued ALTAI (also known as the Altai case), initially the district court found that the defendant infringed the plaintiff’s copyrighted computer program named CA-SCHEDULER, and the defendant did not appeal.
Subsequently, CAI filed a second claim of copyright infringement, and the judge found that Altai’s OSCAR 3.5 procedure was not substantially similar to the portion of CA-SCHEDULER known as ADAPTER, and denied relief.
Finally, the district court concluded that CAI’s state-law trade secret misappropriation claim against Altai had been superseded by federal copyright law.
In this case, the Second Circuit used the “abstract-filter-compare” three-part test (also known as the abstract test, the three-step standard) to analyze non-literal infringement claims in computer software. This newly established method and thought have been used for reference by later generations.
(If the API copyright is established,) the API copyright will restrict our use of those APIs that are owned by the company, which previously could not be held accountable.
Imagine that we can no longer use the C Compiler because the C language is a copyrighted API. With the arrival of the next heavyweight language, this is entirely possible.
In fact, API copyrights make GPL-like licenses more enforceable, especially in areas related to dynamic linking, or software components of any kind. This is not what we expected.
We need to use the API with impunity and freedom, not make the GPL more effective.
05 Software patents still a problem
The quality of US patents won by the “open source movement” in the first decade of the 21st century has been reversed.
The Open Invention Network ( OIN for short ) exists to protect the software patent system from the “open source revolution”, in the same way it protects Linux from software patents.
*The Open Innovation Alliance (OIN) was established in November 2005 with strong support from companies such as Google, IBM, NEC, Philips, Sony, SUSE, and Toyota.
It aims to ensure the patent rights of open source, so that the Linux platform can continue to develop, and it is also expected to improve the quality of patents.
It is the largest patent protection community in history, and supports the key elements of open source software (OSS) Linux. Free development environment.
In recent years, the scope of its members has continued to expand, and my country’s Huawei, Tencent, Xiaomi, Bilibili and other companies have joined.
Organizations that join the OIN community can obtain OIN patent licenses and community member cross-licensing on a royalty-free basis.
Who controls OIN?
The voting members of OIN are some of the largest patent owners in the world: Google, IBM, NEC, PHILIPS, Sony, Toyota… Of course, SUSE is an exception.
The interests of these large corporations are protected by the copyright system, allowing them to benefit from “open source”.
Furthermore, we have little resistance to the threat posed by patents.
1) In the face of these patent monopolies, we cannot establish an effective set of defenses. Even, we can’t apply for a patent with our own invention.
2) OIN cannot provide any effective protection for individuals or teams that do not pursue this set of patents.
3) We also can’t afford to go to court to protect our rights if we don’t “beg” or resort to big legal institutions.
If you want to meet this requirement with a license, you must first ensure that you can effectively implement the license. This means you need to be able to prosecute infringers. Otherwise, you might as well put your software in the public domain, and it will work as it should anyway.
Free/open source software developers cannot afford the cost of this lawsuit.
06 Open source compliance is a mess?
In the paradigm of “open source”, compliance is not emphasized and targeted. As a result, compliance has become expensive to enforce, and quite a few people trying to do it have been turned off.
The compliance tools used by businesses stink.
Tools like WhiteSource don’t bother to identify even a small piece of code from other source code that comes from open source software.
In its marketing philosophy, scan detection is a bad idea.
This tool will not tell you if there is any source code related to open source projects in your project.
*WhiteSource is a one-stop security, licensing and quality solution for managing open source components.
It accurately detects all open source licenses, including library licenses, and automatically enforces license policies on newly added components.
Users can thus block unwanted components from entering their software.
Black Duck and Revenera are better options, but they are quite expensive. From my personal experience, these tools don’t handle the scanning needs of large products well.
* Black Duck is a tool for managing the risk of using open source software; Revenera is a tool for managing open source license compliance and security.
Deploying a Black Duck or Revenera in the company’s software architecture would take a full year, as the scan function would involve software classification, defining open source software, and error-result handling before the day-to-day operation of the scan function.
It takes a year to deploy, but it is very extravagant.
07 Too many licenses
Most of the emerging open source licenses have little value, and none of their value justifies their cost.
Many licenses that have been (OSI) certified or candidate licenses do not stand in the interests of users or open source developers.
Most of them are designed to support a single developer body for the benefit of the company that created it.
License authentication is going in the wrong direction.
Current OSI board policy is expanding open source licenses to “synthetic” source code, with more and more licenses being adopted and certified.
Whose cheese does this represent? I can rant about OSI problems all day, and now all I can say is the worst:
1) OSI accepts so many questionable licenses that they even want to speed up to certify more!
2) OSI established a committee to replace OSD.
3) Replacing such an excellent paradigm as OSD with an independent, completely new one is a bad idea. After 22 years of operation, changing “open source” will disappoint many people and potentially kill the golden name of “open source”.
- *In January 2020, Bruce Perens resigned after finding that OSI did not respect liberty.
In 2019, lawyer Van Lindberg drafted a software license called “Cryptographic Autonomy License (CAL)” on behalf of the distributed development platform HoloChain and submitted it to OSI, the Open Source Promotion Association, for approval. - At the time, there was a debate within OSI over whether to approve the CAL license. The attorney who drafted the CAL, Van, is said to have lobbied OSI directors to approve the CAL privately, in violation of the rules that approval procedures should take place in a public place.
- This incident also became the fuse for Bruce Perens to leave OSI.
A little advice from Bruce Perens
The question of “open source” has grown more and more. Finally, Bruce Perens described to us a very dreamy “open source utopia” – the establishment of Coherent Open Source (LicenseUse.org) to replace OSI as the new push open source.
In his vision, Coherent Open Source should:
1) Only 3 licenses with important characteristics are maintained, and the content of these 3 licenses can only be updated when needed in the future. All The Coherent Licenses are:
- Passed OSI and FSF dual certification;
- compatible with each other;
- Each license contains a clause specific to the patent;
- Each one serves a different business purpose;
- At least two are accepted by commercial companies.
The three licenses that he believes are necessary to stay are: Apache 2.0, LGPL3 and AGPL3. This can reduce the complexity of licenses, make open source licenses compatible with each other, and make compliance operations easier.
2) Keep preaching to accomplish the goals that open source and free software don’t achieve, those beautiful and desirable goals, such as freedom.
3) Decentralized committees, reducing bureaucratic institutions.
4) Let developers make money! It’s not that developers can sue infringers to make money, but to make money on their own behalf without “begging”.
