[toomuchtodo]

Ideology is great until people need to eat. That’s what revenue is for.

High level, times have changed. Source should be (my two cents, ymmv) about a mutually beneficial partnership between builders and users, not “give it all away for free or you’re not legit.” Users get to understand and extend what they’re running (via source), while the project steward/maintainer/owner can continue to do so.

It is a balance to be maintained in tension, not an equilibrium to be reached.

[version_five]

> Ideology is great until people need to eat. That’s what revenue is for

That sounds like what the GP comment is saying. If someone said "turns out open source doesn't work for our business model" it's hard to argue with. If instead they talk about "evolving open source models" and whatnot, it feels like they want the best of both worlds. It's been happening a lot recently that companies pretend they are "open sourcing" something for the PR but really use a much more restrictive license.

[toomuchtodo]

I argue the window is moving as to what “open source” means out of survival. Source available is the new open source, and what young technologists will grow up grinding on. You’ll have folks complain about it during the transition (as happens with any Overton window sort of event), but they’ll move on eventually and a new crop of tech industry will grow up with this as the new normal. Change is inevitable, broadly speaking.

[JoshTriplett]

> I argue the window is moving as to what “open source” means

Only if we let it, and stop shouting about it and finding alternatives every time a company does this.

This isn't a new thing; companies have been trying to play "almost open source" games for decades, and they'll continue playing those games as long as it either works or doesn't have sufficiently large penalties for trying. (Much as companies will continue violating copyleft licenses as long as they either get away with it or the penalties for trying are simply an expected part of the risk.)

The best possible response to a company doing this is that someone forks the code, starts or expands a competitor, and the original company's revenue drops massively as a deterrent.

[toomuchtodo]

> The best possible response to a company doing this is that someone forks the code, starts or expands a competitor, and the original company's revenue drops massively as a deterrent.

Example of the last time this worked?

[riffraff]

Jenkins/Hudson?

Oracle decided to make Hudson commercial, it was forked and Jenkins is still around but Hudson is dead.

[pjmlp]

Meanwhile Cloudbees has several product to sell you on.

Turns out Jenkins development needs to be sponsored somehow.

[yjftsjthsd-h]

I don't know what the impact was on their revenue, but pretty much anything Oracle has ever touched.

[toomuchtodo]

But still wildly profitable!

https://investor.oracle.com/investor-news/news-details/2023/...

[gkbrk]

ElasticSearch? A lot of people moved to open source forks.

[BoorishBears]

I hate OpenSearch with a passion, an absolutely horrid lagging project that can't get basic autocomplete working (https://github.com/opensearch-project/OpenSearch-Dashboards/...)

but still manages to suck the air out of the room when you want Elasticsearch because AWS already has the company's billing details and no one wants to figure out paying another provider.

[pjmlp]

From where I am standing, no one cares they exist.

[pessimizer]

> I argue the window is moving as to what “open source” means out of survival.

I don't think this is happening at all. Open source means the same thing it's always meant. Some people are just retreating from open source. Which is fine, they should be writing Free Software anyway if they want the world to have it, or use proprietary licenses if they don't. Otherwise very wealthy people will live on your back.

[JohnFen]

I agree. But there are an awful lot of younger devs who really do seem to confuse "open source" with "source available". It's worth educating people about this.

[sanderjd]

So, I don't think this is a generational thing. I think most people of all ages and generations have mostly just not thought about this. But the reason more people are thinking about it now is that the distribution model has changed on a way that has highlighted an existential weakness with this model.

[JohnFen]

I lack data, so I cannot say anything broadly. But in the devs that I know, this is 100% a generational thing. It may be different in different circles.

[dragonwriter]

The OSI Open Source Definition and the FSF Free Software Definition are for most practical purposes identical (and most licenses meet both or neither); historically, the Open Source and Free Software communities have somewhat different reasons for preferring the same thing, but the things are the same.

[hkt]

Not so: open source licenses tend not to have any clauses requiring reciprocation, free software licenses do. Think MIT or BSD vs GPL.

[account42]

That distinction is what makes copyleft licenses. Free software is just as overarching as open source, see e.g. the FSF's list of free software licenses: https://www.gnu.org/licenses/license-list.html

[dragonwriter]

MIT, BSD, and GPL are all on both OSI’s list of Open Source licenses and the FSF’s list of Free Software licenses.

Yes, the FSF has a general preference that people use copyleft licenses like the GPL, but they recognize that permissive licenses meet the Free Software Definition.

[pxc]

GPL is an open-source license, and MIT-licensed software is free software.

The difference between free software and open-source is a matter of marketing. Open-source is a way of presenting free software to businesses and investors. Free software is an unabashedly political movement, openly concerned first and foremost with the public good. But the licenses themselves and the software itself, those things are identical.

[davidgerard]

I urge you to look up the open source definition at OSI. It doesn't say that at all.

[sanderjd]

My perspective is more like the parent's. As someone who has grown up along with open source, I've found it surprising recently how up in arms people are about how critical the ability for anyone to commercialize a project is for the definition of open source. To me, I care a lot about whether I can see how software is implemented, and modify it for my own use, but it has never really occurred to me that I need to have the right to commercialize any arbitrary project.

But :shrug: I guess different people care about different things, is what I've realized watching these discussions unfold.

But I do think this purist perspective on open source is just going to result in more Snowflakes and fewer Hashicorps, because why bother with this fight?

[orra]

> But I do think this purist perspective on open source is just going to result in more Snowflakes and fewer Hashicorps, because why bother with this fight?

Orgs like Hashicorp clearly think they benefit by pretending to be open source.

They could simply stop being disingenuous about their source available proprietary software, and nobody would stop them.

[sanderjd]

First of all, as is probably clear if you read my comments on this, I personally think it would be better if the definition of "open source" did not exclude this kind of re-sale limitation. I don't think it's intuitive at all that this is required to fit the definition of "open source". It seems to me like a tacked on ideological stance from the gatekeeper of the definition, that isn't present in or implied by the words themselves.

But while that's what I think, it isn't at all the view espoused here by Hashicorp. They aren't claiming this is open source. They are accepting the OSI definition and not claiming their new license falls within it.

They aren't being disingenuous. You're putting words in their mouth, and then getting mad at them about those words they didn't say.

[davidgerard]

> why bother with this fight?

Because companies keep bringing this fight.

[sanderjd]

No, companies keep making services with code I can read and modify for my own use, and people in the community keep bringing this fight to them because they're peeved that other companies can't commercialize that software that they didn't build.

Companies will naturally conclude they should just make proprietary software, which doesn't require a big fight. And I think that's a shame.

[umanwizard]

“Free software” and “open source” mean the same thing.

[riffraff]

The window can't move, as there is an official version of what "open source" means, the Open Source Definition, which does not restrict you from reselling stuff.

We've had "source available" for a long time, which means something else.

I don't disagree that people may still use SA software more as time goes by, but I would argue that when possible people will prefer open source controlled by entities that keep it such.

[sanderjd]

This is not how language works. The phrase "open source" will mean what people think it means. An organization with a lot of credibility and mindshare can affect that meaningfully by maintaining and explaining the official definition from their perspective, but they can never be guaranteed success in convincing people that their definition is what those words will mean forever.

[cjaybo]

“The window can’t move”

I’d kill for your confidence

[davidgerard]

> I argue the window is moving as to what “open source” means

This has been the case since the 2000s, as companies want the branding without the openness. This is extremely well worn by now.

I argue that companies who want it both ways are continuing to throw up chaff. But we know this chaff extremely well.

None of this discussion is new. "open core" has always been a euphemism for "proprietary."

[pxc]

> "open core" has always been a euphemism for "proprietary."

Yes. And in some ways, source available licensing is a nicer model for proprietary software than open core. At least with the former you can actually see all of the code to inspect how it works when something is broken.

Bleh. Every business wants to build on software freedom but they don't really want to see others freely build on their own software.

[version_five]

I agree except I think it's our of short term greed plus arrogance rather than survival. Maybe in some cases that's not true, but when companies like Meta are championing pretend open source, it's not existential for them, it's trying to push for a world where they have more control. Like I said, I don't have a problem with closed source business models, it's the deliberate conflation that's troubling, especially when it's leveraged to get community contributions.

On the other hand, if popular software becomes faux-pen source (I read that somewhere recently) and community members stop contributing, it's a loss too because it means we all become takers on whatever company's terms.

Your almost certainly right about the window shifting, I'm going to keep complaining anyway.

[toomuchtodo]

I encourage you to continue to complain. Sometimes it’s the only way the rest of us have signal we might be wrong.

[seneca]

This is what these companies want you to believe, that it's a fait accompli and you just have to accept it. That's not actually reality, and giving up words and communities to people who want to corrupt them is not the right reaction.

[ImPostingOnHN]

> I argue the window is moving as to what “open source” means

perhaps according to Hashicorp's marketing team, otherwise I haven't seen any evidence this is the case

[094459]

Yup this is how I see things evolving too. It’s a long game though and I suspect there will be a few twists yet to come.

[cmiles74]

As they mentioned, this is what the AGPL license is for. No one is suggesting that the people at HashiCorp should not be paid for their work.

https://fossa.com/blog/open-source-software-licenses-101-agp...

[asymmetric]

If they made their tools AGPL, they themselves couldn’t build a cloud offering with additional, closed-source features.

[MattJ100]

That's not true. As the copyright holder they are not bound by the licence that they release it to others under.

The reason AGPL isn't being adopted in these situations is that it doesn't sufficiently protect against someone doing what e.g. AWS repeatedly does - turning open-source projects into services and then dominating the market while continuing to benefit from the upstream project. See the ElasticSearch licence change for a prominent example.

[ZiiS]

I am not sure being closed source is much comfort if AWS decide they want to crush you.

[n42]

Isn’t that precisely what AGPL is for?

[mperham]

A license controls what OTHERS can do with your source. You, the copyright holder, can do anything you want.

[asymmetric]

Thanks, I stand corrected. How does this play with third-party contributions? Others might be the copyright-holders of a sub-section of the code.

[duckmysick]

Projects can have a Contributor License Agreement (CLA). It gives the owner of the project a right to republish (or copyright) the contributions. You can't contribute to the project without signing it.

[m4rtink]

This might also prevent a lot of people from contributing due to the added paperwork.

[JimDabell]

You ask contributors to sign a copyright assignment before accepting their changes.

[deno]

Only if you accept contributions without a license grant CLA.

[_msw_]

And this is why I think people who love Software Freedom should think twice about signing a CLA for their copyleft licensed contributions. [1]

inbound=outbound license terms is a good norm for FOSS. Why should a software vendor play by different rules than everyone else when it comes to things like copyleft compliance?

[1] https://meshedinsights.com/2021/06/14/legally-ignoring-the-l...

[bawolff]

From a pragmatic perspective, it is much easier to enforce an open source license with a lawsuit if you own 100% of it.

[_msw_]

This is true. The question to me is: does the party to whom you give the rights and authority subscribe to community-oriented FOSS license compliance principles? [1]

[1] https://sfconservancy.org/copyleft-compliance/principles.htm...

[Macha]

You're free to decide open source isn't working for you. (Well, assuming you're not using any open source software that has decided on viral licenses because that's the payment _they_ expect)

You're not free to decide your source available model is open source and reap the marketing benefits of open source without the costs.

[pydry]

I think these projects should just dual license as AGPL and BPL/EPL.

That way all the "it's not really technically open source" complainers couldn't day that its not technically open source.

It wouldnt substantively change anything of course, but that's somewhat the point. BPL/EPL/SSPL was always fully within the spirit of open source, it just pissed off the same large corporations who also can't stand the AGPL.

[Macha]

I'm way more fine with AGPL (without CLA). That's perfectly within the spirit of open source, as it doesn't privilege one group of users over another.

BPL, EPL, SSPL are all "not open source", and AGPL+CLA is "we're setting up for a bait and switch with not open source versions".

[pydry]

I find it curious that Microsoft doesnt get more shit for demanding a CLA, especially given that embrace, extend, extinguish is in their DNA.

[JimDabell]

Even GNU projects ask people to sign a CLA.

[pxc]

Assigning copyright to something like the FSF or the Free Qt Foundation is not at all like assigning copyright to Hashicorp or Microsoft or Oracle.

[teddyh]

GNU projects assign the FSF as the copyright holder. The FSF is inherently trustworthy. (Since the FSF controls the GPL.)

[bawolff]

> AGPL+CLA is "we're setting up for a bait and switch with not open source versions".

Which is fine imo as long as the moment they pull the bait/switch they stop calling it open source (and others can fork at that point)

[Macha]

I think I'd be fine _using_ an AGPL+CLA product, but not contributing.

[pydry]

Thats exactly the point.

[davidgerard]

> BPL/EPL/SSPL was always fully within the spirit of open source

It literally is not, and they only exist in order to not be.

[pydry]

They exist so that you can continue to use hashicorp tools in your business for free and look at/change their source code like you would any other software.

The one restriction is that you can't compete with their hosted services using their software. Which 99% of people who use their software have zero interest in.

The "it's not fair! it's not real open source!" narrative is pumped up by companies like Amazon that feel entitled to use their monopoly power to leech value from these companies by selling paid versions of their products.

[aragilar]

No, Open Source has always required that usage be unrestricted (Either Freedom 0 or OSD/DFSG points 5 and 6). Allowing any restrictions on usage tends to get political, as people use the license to push their specific issue, making it much harder to share and use code without issues.

[pydry]

It's a freedom that does not affect 99% of users.

It does affect the the richest, most abusive corporations though.

[mfer]

Looking at the public data [1], Hashicorp looses money every quarter. At some point they need to stop burning cash because they have yet to figure out how to run a sustainable business.

I don't know enough about their operations to have good suggestions on how to become sustainable. But, I don't like this move. There are many sustainable open source companies. Moving to source available from open source will likely never be a move I like.

[1] https://www.google.com/finance/quote/HCP:NASDAQ

[PoachedEggs]

> There are many sustainable open source companies.

What are some examples?

[pcthrowaway]

SUSE, Canonical, Prisma (though their dashboard is closed source), Gitlab, pretty much every crypto company in the blockchain/web3 space.

And Hashicorp + Red Hat managed to make it work as open source companies for >10 years also

There are many more "open core" companies, like TimescaleDB, Docker, etc, who then sell proprietary services on top of the open source software

[oblio]

> SUSE, Canonical, Prisma (though their dashboard is closed source), Gitlab, pretty much every crypto company in the blockchain/web3 space.

SUSE is a niche player that was bought out in various forms a number of times.

Canonical is largely a billionaire's toy and hasn't published financial numbers in half a decade. They were losing money last time I looked at them.

Don't know Prisma.

Gitlab is losing money.

For the crypto companies, let's hold off on any of that in terms of "sustainability".

Look at the top 20 software companies. How many of them have open source their core product, their main revenue source?

[pxc]

> Gitlab is losing money.

GitLab (Enterprise) is also proprietary software.

[sebastianz]

Why do you think "open core", which most of those are, is somehow better than BSL?

> pretty much every crypto company in the blockchain/web3 space

The entire "space" has yet to prove to be sustainable. Most of these are hype-driven borderline scams, I would not list them in a _sustainable open source business_ context :)

[pcthrowaway]

> Why do you think "open core", which most of those are, is somehow better than BSL?

Firstly, I don't have a problem with BSL. I do think in general it's a bit of a slap in the face to build a business on the backs of volunteer contributors, and then close-source all your codebases which are comprised of their work.

Sure, when people contributed, they signed a CLA which gives Hashicorp the right to relicense the work (which has legitimate uses outside of killing open source, such as giving them the ability to make that software available under other terms in addition to their open source offering)

But when as little as a year ago they promised "We remain committed that the core of our technology will always remain open source." (https://web.archive.org/web/20220703202305/https://www.hashi...)

it gives whiplash to the people who contributed based on that promise.

Actually, I don't even know if this is legal, but even if it is, it's a huge violation of the trust of outside contributors to their software products.

> The entire "space" has yet to prove to be sustainable.

I agree that it's unproven, but this downturn has made apparent that so are the majority of software companies which have not IPOed and shown a sustained profit for 5+ years.

I'd give Uniswap pretty good odds of outliving the majority of YC startups.

[sebastianz]

> I'd give Uniswap pretty good odds of outliving the majority of YC startups.

The majority of YC startups are definitely not sustainable.

Probably even most of the successful ones are not sustainable, they make empty sustainability promises hoping to get bought by <BIGCORP> and end up on "our amazing journey" lists.

[re-thc]

Prisma isn't making money.

> And Hashicorp managed to make it work as open source companies for >10 years also

You mean they lived off VC money for >10 years?

> There are many more "open core" companies, like TimescaleDB, Docker, etc, who then sell proprietary services on top of the open source software

As above. Since when is Docker making lots of money?

[candiddevmike]

If this doesn't move the needle expect more increases to their licensing. Though I don't know how it could become more expensive.

[ZiiS]

What is so frustraiting is their model seems sound; they just had rediculusly high pricing.

[_ea1k]

> Ideology is great until people need to eat. That’s what revenue is for.

It isn't just the need to eat. There's also the issue of keeping investors happy and their continual drive to maintain growth or earnings at stratospheric levels.

Strict IP laws are the only safe way to do that, and that is why so much software has leveraged them over the years. The internet era felt like an aberration for a while, but things seem to be shifting back to high double digit margins as the only desirable goal.