[nickpsecurity]

Open source is about the source being open plus certain benefits. Free and open source software, a la Richard Stallman, is a totally different thing with a philosophy akin to how a virus operates.

A glance at fair.io shows an interesting attempt to provide OSS under a proprietary model. Many businesses are fine with whatever gets the job done with main benefits of OSS being reviewing, extending, or just fixing things. A proprietary license allowing that has real value.

Curious, do you write comments like this whenever Google, Amazon, deep learning, etc closed-source tech with benefits are mentioned on HN? How they're insanity and not worth further discussion because the whole stack isn't FOSS?

[detaro]

Additional counterpoint: Even FAQ below their license explicitly states that it is not an Open Source license... So even its creators don't consider it to be one.

from https://fair.io/:

> We invite the entire coding community to adopt our simple, standardized, proprietary license.

> No. Unlike open source, Fair Source has a Use Limitation built into the license

[nickpsecurity]

It would just be their opinion on the term. They are probably saying it because they know many potential users will have assumptions about what open source means. They wisely avoided going head-to-head with those assumptions to reduce number of negative reactions like seen here in other comments.

I contend that open-source has always been a mix of philosophies which originally included commercial variants. The reason those disappeared probably had a lot to due with the greed of the dominant companies in IT. More utilitarian owners or charters might have had different results. However, there's still companies doing proprietary w/ source code and dual-licensing of proprietary + OSS.

[dragonwriter]

> Open source is about the source being open plus certain benefits. Free and open source software, a la Richard Stallman, is a totally different thing with a philosophy akin to how a virus operates.

This is all wrong. One: Stallman only advocates Free Software, not Open Source, and not "Free and open source". Open Source Software and Free Software are defined very similar in substance (by the OSI and FSF, respectively), what differs most substantially between the respective organization is the philosophy of why they think those definitions are desirable, not the substance of the definition. Virtually all licenses that have been considered by both the FSF and OSI have either been recognized as meeting both definitions, or have been found to be outside of both; there's almost no inconsistency.

"Free and open source software" is a collective term for the common category of software described by the FSF and OSI definitions, typically used by people who are not interested in (when using it) diverting things into a philosophical debate over preferred terminology between "Free Software" and "Open Source".

The license type sometimes described as "viral" espoused by the Stallman and the FSF is copyleft license, which is a kind of Free Software (and/or Open Source) license which has clauses to assure derivative works are licensed under a similar license; the GPL and AGPL are well-known copyleft licenses.

[nickpsecurity]

Another commenter countered me on that and I agreed with the modification here:

https://news.ycombinator.com/item?id=10623006

Any suggestion for what to call (a) software with source included in general that doesn't meet OSI & FSF definitions or (b) paid software w/ key benefits of OSI?

[dragonwriter]

> Any suggestion for what to call (a) software with source included in general that doesn't meet OSI & FSF definitions

"Source disclosed" or "Shared source".

> paid software w/ key benefits of OSI?

Since Open Source (and, for that matter, Free -- which means libre, but not necessarily gratis) software can be paid, if paid software actually has the "key benefits" of Open Source, it is probably because it is Open Source.

[nickpsecurity]

"Shared source"

It's a start.

"if paid software actually has the "key benefits" of Open Source, it is probably because it is Open Source."

You got me thinking on it enough to consult the opensource.org requirements. :) Two jumped out at me immediately:

" Free Redistribution"

"License Must Not Be Specific to a Product"

Many forms of paid software with open-source benefits don't allow this or not for all parties. A license might have to be paid on a per-user, per-product, or per-project basis. Other benefits of OSS can remain. So, it's not traditional definition of OSS but still respects freedoms of paying users to various degrees.

[dragonwriter]

> Many forms of paid software with open-source benefits don't allow this or not for all parties.

I think most people who believe that open source has benefits would disagree that there is software that provides "open-source benefits" without providing this. What specific examples can you point to of these "many forms" of paid software, and what "open-source benefits" do they provide without these?

[nickpsecurity]

I'm talking about licenses/models rather than specific products which come and go in this space outside dual-licensing or proprietary with source as in embedded scene.

To get more specific, you can read the source, you can modify it to suit your needs, you can submit modifications for redistribution by owner, you can fix problems, port to new hardware, often include it in your proprietary software, optional component of OSS software, and optionally fork it as GPL. (optional used to denote some paid, source-shared don't do this) That's really close to OSS software while still being proprietary to support active development and maintenance by full-time people. The dollar amount w/ associated benefits can be as large or small as one likes, even fixed. Provisions can be made for it to go BSD etc if abandoned or unsupported by original owner.

I'm just curious how far a proprietary model can go into increased OSS-style benefits and reduced proprietary-style risks. I'm sure it's way closer than people think with the dual-licensed stuff being most obvious indicators that hybrid models w/ licensing revenue are achievable.

[vitno]

> Curious, do you write comments like this whenever...

Uh.. I actually often do. I would more, but it generally isn't appreciated and is off topic of the main thread. Here, the software license is a key component of the release seeing as it is a unique component of it.

>Open source is about the source being open plus certain benefits.

It's more than that. The key intent of OSS is the right to study, change, and distribute the software to anyone and for any purpose. The source code is just a prereq for that ability.

I did initially use stallman-esque language, since it's terminology most people are familiar with in this field, but I'll approach it from a different point since I personally have problems with strong copy-left licenses.

The primary thing this license doesn't do is allow distribution in the OSS spirit. This is really just a pervasive license, actually in some ways similar to the Stallman-esque virality except with a corporate intent. It simply masquerades as OSS.

[nickpsecurity]

"The key intent of OSS is the right to study, change, and distribute the software to anyone and for any purpose. The source code is just a prereq for that ability."

No, the key intent of open-sourcing software is to let one see the source. That's it. Additional intents are added with licensing terms. This goes back to academic and even proprietary (eg Burrough's 1960's MCP) examples that did this. Many models of it formed with examples ranging from permissive BSD to proprietary OSS like LISP machines (esp Genera) letting customers use the source of OS & supporting libs in applications.

So, OSS is a broader thing than you are describing which supports many models. There is no "spirit" so much as many different ideologies competing and pushing their own licensing schemes with various perceived benefits. Now there's one more.

[yarrel]

This is not Open Source, and trying to ignore the historical meaning of the term doesn't make it so.

[nickpsecurity]

I just cited history rather than ignored it. That included Burrough's and LISP machines as examples past my linked essay in this thread. However, your side is ignoring all historical examples of proprietary OSS and even how non-proprietary OSS operated then vs now. Old model of academia varied from MIT/BSD-style to paid w/ source model.

So, your rendering of open-source history is false both in academia and commercial sector. It's always been a mix with proprietary favoring closed source due to financial incentives, especially lock-in. Nothing precluded more paid OSS strategies aside from culture of organizations involved. As dual-licensed projects and proprietary w/ OSS benefits like this one show.

[davexunit]

You are incorrect. "Open Source" is a well-defined term.

http://opensource.org/osd

[nickpsecurity]

The phrase itself originally came from the free software movement. The practice pre-dated it. Former is philosophical meaning with strings attached, the latter is a literal definition with many forms. I'm using the latter.

I'd be up for considering a new term to avoid confusion. Paid, non-profit or for-profit, models allow for most benefits of OSS if structured correctly. So, the new phrase must allow for that. I've been calling it "proprietary OSS" or "paid OSS."

[davexunit]

>Former is philosophical meaning with strings attached, the latter is a literal definition with many forms. I'm using the latter.

You can't just change the meaning of the term and expect everyone to know you mean this alternate definition. "Open Source" is as defined by the OSI, and not whatever loose definition that you use that includes proprietary software.

>I've been calling it "proprietary OSS" or "paid OSS."

"Proprietary OSS" does not make sense given the definition of OSS! The phrase you should be using is "proprietary software."

[nickpsecurity]

"You can't just change the meaning of the term and expect everyone to know you mean this alternate definition. "Open Source" is as defined by the OSI, and not whatever loose definition that you use that includes proprietary software."

I've already agreed with you and dragonwriter on that. dragonwriter suggested "shared source" as a start. Might go with that temporarily.

""Proprietary OSS" does not make sense given the definition of OSS! The phrase you should be using is "proprietary software.""

Starting now. Proprietary, shared-source software would make sense and can have most benefits of OSS. Just calling it proprietary software, though, instantly conveys the image of something closed source, for money, not allowing modifications, and with tons of risk. So, I can't just call an OSS-like, but paid, model proprietary due to public perception much like I apparently can't use "proprietary OSS" for same reason.

Hence, need for new terms. Especially one that captures the spirit of OSS with change that distribution/use is paid to some degree in some way, either money or code/doc contributions. Will re-write my old essay, though, as you two got to the bottom of one of its problems.

[davexunit]

>Free and open source software, a la Richard Stallman, is a totally different thing with a philosophy akin to how a virus operates.

Copyleft is not a virus. I'm pretty damn tired of this meme.

[nickpsecurity]

It replicates once it attaches to things. This is true even of distributing a large amount of non-free code while someone in organization unknowingly included a tiny amount of copyleft code. Now, FSF etc are usually more reasonable about enforcement and I doubt most would do more than ask it be removed if whole isn't GPL'd.

The image fits the behavior of the code, though. Hence the meme. More accurate description is like an agreement many parties participate in with copyright used to seal the deal for current and future distributions. So, control-freaks enforcing ideology on improvements to what they create rather than virus. ;)

[dragonwriter]

> It replicates once it attaches to things.

No, it doesn't.

> This is true even of distributing a large amount of non-free code while someone in organization unknowingly included a tiny amount of copyleft code.

If a single work is distributed that is based on copyleft code (not a mere aggregation that includes copyleft code and other code), then not licensing the resulting work as specified in the copyleft license is a violation of the license of the copyleft code. But the license doesn't attach on its own to the work.

[nickpsecurity]

Now, it's possible my memory is messing me up again or I bought into a false explanation of the legal issues.

To be clear, your saying that my worry was inaccurate and one person including GPL code into a new, released version of a proprietary app doesn't require the whole, linked source of that app be released under GPL? That happening is very virus-like but if it can't then it wouldn't be virus-like.

[dragonwriter]

> To be clear, your saying that my worry was inaccurate and one person including GPL code into a new, released version of a proprietary app doesn't require the whole, linked source of that app be released under GPL?

If the inclusion suffices to make the app as a whole a derivative work under copyright law (the FSF has a particular opinion on linking, but that opinion is not included in the license), then it would require you to offer the app under the GPL, failure to do so would be a violation of the GPL.

There is nothing "virus-like" here. The license doesn't attach without your knowledge. You may face consequences for the breach if you don't comply with the GPL terms, and releasing the whole work under the GPL may be the most convenient way of dealing with that -- then again, it may not.

[nickpsecurity]

"The license doesn't attach without your knowledge."

It does if one person on a large team did it without others' knowledge. This doesn't occur for most, non-copyleft code. At that point, if it's a derivative work, then your codebase looses its value as it gets GPL'd just because GPL'd code touched it. Preventing that outcome would require both preventative methods and constant vigilance.

Kind of like avoiding getting sick from a virus and spreading it everywhere.

Note: A former Microsoft employee told me in a prior discussion they identified this exact risk and took steps to prevent it. I never knew if it was paranoia or what could legally happen. Interesting to find last year that my hypothetical scenario actually played out to a degree in FOSS's arch-rival of that period.