Open Source and Services

by havoc

To me open source vs. proprietary isn’t a good vs. evil question, simply
two different things with different costs and benefits. That said,
open source tilts the benefits toward users
over software companies, all else being equal. That’s why open source
evangelism makes sense.

Since the Internet appeared, a
trend in the software industry has been toward “software as a service”; which
can be enterprise-oriented like Salesforce.com or
consumer-oriented like GMail or MySpace. In addition to web sites,
it can include the cable box and cell phone model of
automatically-managed software on a client device.

I don’t think the open source community has changed its thinking as
radically as this trend requires.

First, our standards for
openness lose much of their relevance in the modern world.
Second, products that include both software and
online services are providing much more compelling user experiences
than software alone can offer; leaving open source software at a disadvantage.

GPLv3 – missing the big picture

The FSF is fighting hard for the “no locked down
devices” provision in GPL version
3. GPLv3 says that you can’t have hardware devices which require
software signed by a proprietary key.

But if I think about Richard Stallman’s
printer story, the “locked
down by a proprietary key” case is not the only case to worry
about.

My cable company doesn’t sell me any hardware at
all; they charge me a monthly fee and they put their hardware in
my living room. Have they even distributed the software to me?
Could I install different software on a leased cable box, even if
the software were GPL?

This isn’t some hypothetical situation; I already have a cable box
DVR I don’t own… and while the FSF keeps using TiVo as an example in
GPLv3 conversations, TiVo’s approach is almost the exception to the rule.

Even if it weren’t, in-home hardware devices are a small part of the picture.
Does it really matter whether hardware I don’t own is in my
living room or in some server room?
Can you replace the software on your favorite web-hosted application?
Or even read the source or submit a patch?

In short GPLv3 prohibits one implementation technique for
“software as a service,” because copyright law happens to make
it easy to do so; but GPLv3 has no impact on several other
far more popular implementation techniques in the same spirit such as leased equipment,
web-hosted services, and thin clients. What’s the point?

Addressing hosted services in licenses

The current GPL
v3 draft does have an optional provision 7b4 that gets at this:

terms that require, if a modified version of the material they cover
is a work intended to interact with users through a computer network,
that those users be able to obtain copies of the Corresponding Source
of the work through the same network session

The Open Software
License includes a provision defining external deployments as distribution
(thus the license’s GPL-like requirement to provide source code kicks in):

5) External Deployment. The term “External Deployment” means the use, distribution, or communication of the Original Work or Derivative Works in any way such that the Original Work or Derivative Works may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Work or a Derivative Work as a distribution under section 1(c).

Free passes to web companies

There’s some recognition of the danger, then. But the open source
world isn’t excited about it – let’s take Google as an example.
(Update: Again, Google isn’t the point, just an example.)

Like many tech-savvy type people, I use GMail and GTalk. But while Google supports some open source projects,
if I think “secrecy and proprietary IP used to maximize hype and competitive
advantage,” I think of two companies: Apple and Google.

Google is
not coming down against software patents, and while they are quick
to have open APIs, only a tiny fraction of their coder’s output is open
source.

In spite of their proprietary leanings,
Google gets a mostly free pass from the open source
community. Even
Slashdot comments are positive.

Of course Google does cool stuff and
succeeds in their “don’t be evil” mantra most of the time. I use their
software. But they are not an open source company, and it’s
somewhat odd that people who supposedly care about open source rarely
bring this up.

Do people simply not think of open source principles in connection with web
hosted software?

What to do?

What is the solution? The GPLv3 approach will limit GPLv3
adoption, without addressing the important cases. It’d be
better to drop the “TiVo provision” and be sure the Linux kernel
and other projects widely adopt v3. Then approach
software-as-a-service head-on in a more comprehensive way.

First, we need to recognize that software-as-a-service (whether
the hardware is in your living room or a server room) has huge
advantages for users. I don’t want to buy a whole computer when I only
need a small slice of a server; I don’t want to be a system
administrator just to get email; I appreciate that TiVo systems don’t
get viruses since they won’t run unknown software; and maybe most of
all I love features that involve sharing, collaboration, and socializing.

The open source world has to find a way to provide these
benefits, if it’s going to remain relevant.

Second, there are plenty of aspects of open source that might
apply to hosted or automatically-managed software. A community of
developers and designers; the ability to fork; interoperability with a
range of products vs. “walled gardens” and vendor lock-in.

How does software-as-service change
best licensing practices? Is there an “open service definition”?
How does it change community-building? As a practical matter,
how can open source developers build user experiences that require real infrastructure
such as storage and bandwidth?

There are some great success stories of open services already,
such as Wikipedia.

Issues

Open services pose more questions than answers at this point.

While data becomes part of the
“lock in” of many services, it can’t really be made open if it has any
access controls associated; instead there’s a need for privacy
policies and careful attention to who can access the database.

User-contributed content has gotten
quite a bit of attention from Creative Commons and
others. Content licensing might be at least as important as
software licensing for an online service.

There’s a chance that services will become more commoditized over
time; more generic services like Amazon S3 might allow people to
buy hosting separately from the software. Open source might be able to
speed this up by providing software that runs on such services.

Who knows. But it’s about time to make this issue more prominent. I
wish GPLv3 took it on either more strongly or not at all.

(This post was originally found at http://log.ometer.com/2006-07.html#29)

My Twitter account is @havocp.
Interested in becoming a better software developer? Sign up for my email list and I'll let you know when I write something new.