Open Source Licenses: Who Holds the Power?
The COVID-19 pandemic accelerated enterprises’ move to the cloud — and with it, adoption of open source software (OSS), much of which is designed specifically for the cloud.
OSS means the code is freely available and distributed under an Open Source Initiative or OSI approved license. There are loads of reasons to go open source:
- Scale. According to Tidelift, 90% of stacks include open source technologies.
- Competitive advantage. 78% of U.S. IT decision-makers increased their use of OSS over the last 12 months, according to a survey of open source users from the first quarter of this year, by Percona, an open source database support and managed services company.
- Accelerated innovation. In the same Percona survey, 96% of participants agreed that open-source software encourages more innovation when compared to proprietary models.
- No vendor lock-in. With software designed, iterated, and maintained by the community, there’s little risk of being dependent on a provider that might disappear.
But the popularity of OSS brings up a host of concerns about where power lies in the world of open source, according to speakers at May’s PerconaLive online event.
Is the Cloud Hampering Open Source?
Open source thrives during economic downturns, as we already know from our interview with Dries Buytaert, founder of Drupal. Not so much because it’s free but because, with more people on board, an open source project is less likely to go belly up than single-contributor proprietary software organizations.
More people are choosing to open source their code because it seems the clearest path to scale, to lowering friction to new users. But it’s not without its very specific challenges.
In his keynote at PerconaLive, the company’s CEO Peter Zaitsev suggested that the rapid adoption of cloud may actually hinder open source activity.
From the start, the cloud was an enabler of open source, allowing you to spin up instances in the cloud to use for your OSS of choice. This is why Zaitsev believes cloud computing should, like electricity, be treated and regulated like a commodity.
Somewhere along the way, though, he said, the open source cloud became more of an extension of open source, integrated into a platform — which is then accessible through proprietary managed services.
“What really happens in that situation is that it redirects a lot of the revenue stream from the open source developers to the cloud vendors,” Zaitsev said.
In Percona’s 2021 survey, 68% of respondents reported an increase in their organization’s cloud infrastructure costs over the last 12 months.
In addition, 58% of respondents said competition from public cloud companies — who Zaitsev argues use open source projects but don’t contribute back — was one of the biggest challenges open source companies are facing.
“What is interesting for me is, if you see public companies are able to switch from open source to proprietary licenses, that is probably what their boards are very much pushing on and we will likely see more of those changes, even if there are strong forces inside those companies which would like to stick to open source,” Zaitsev said.
These partnerships between cloud vendors and open source companies, he argued, dilute the whole meaning of OSS.
The best way to go, he said, is not in making your software less open, nor in partnering with closed source organizations, but rather to pool resources to build truly open source companies, pointing to Linux as the prime example of this approach. He wants to see this repeated in the open source database community, where the cost is shared among vendors.
Zaitsev held up Drupal and PostGresSQL as exemplary “truly free and open” projects that still generate huge cloud spends without charging users later.
Running a Business Built on OSS
Running a business based on OSS can present unique challenges. Among them: You may be building a tool your competitors can use to crush you.
In tech, you are always trying to build something new, as Canonical CEO Mark Shuttleworth pointed out on the podcast Open Source Underdogs. “And it’s hard enough getting that right,” he said. “With open source, you need to think about enabling your own competition. You’re enabling people to compete with you with the benefit of all the things you’ve done. And that can be both financially and emotionally very daunting.”
- What if someone else takes your code and uses it?
- What if they take your code and make money from it?
- What if they use your code and they make a lot of money from it — and you make nothing or very little?
It’s the last question folks stumble on. But the sixth clause of the open source definition clearly states that you cannot discriminate against fields of endeavor. So it doesn’t matter if people charge for it or if you don’t like the use case; in order to be truly open source, you have to allow them to use it.
“Of course you can exclude other people from using your source code, but, if you do that, your code is proprietary and it’s not open source,” Brock said.
If you do decide to go open source, the challenge becomes getting enterprises to become partners, contributors and hopefully financial sponsors of your project. Because, Brock said, open source is a lot of things — but it’s not inherently a business model.
Pursuing an Open Source Revenue Model
Nobody can afford to run a successful open source community without finding a way to monetize it. Brock pointed to these as the most common revenue models for open source organizations:
- Service-based: The support model, which is hard to scale, but Rancher and Percona follow this model.
- OSaaS: Usually includes support, but bundled with other services like update management. RedHat, bought by IBM two years ago for $34 billion, is the most known example. Brock warned that you have to be close to the technology for this to work.
- Open core: Some of the product is free while there’s either a premium version or add-ons. This model, Brock said, is particularly popular for VC-backed Silicon Valley organizations. She gave Elastic as an example.
- Systems integrators or managed services providers: Will generally provide services across a multitude of products, which Brock said can be all open source or a hodgepodge of proprietary and OSS.
During another PerconaLive talk, the company’s Head of Open Source Matt Yonkovit added a fifth model he refers to as commercial open source (COSS) or the freemium model. This is when you reach a huge user base for an open source project, but then start to add new layers on top, effectively changing to a more restrictive, non-open license. He echoed Zaitsev by saying how much investors like what he referred to as this “hijacked” model.
Brock further grouped open source players as the following, which can apply to any above:
- Single-product open source companies: For example, MongoDB has a very specific focused product, with 99% of that codebase written in-house.
- Multi-product venders: Selling a wide array of open source products, like HashiCorp and Red Hat do. This method requires a critical mass of choices to create customer stickiness.
But then there’s the question if developers who are using the code even care what model it is, so long as they can fork fast. Brock argued that they do, at least in what she refers to as the “bait and switch tactic” — changing licensing models to move toward proprietary. She specifically referenced the Commons Clause and the Server Side Public License (SSPL) as enabling so-called “fauxpen” models. Or what Luis Villa, general counsel for Tidelift, calls “open(ish) licenses.”
A community always has the opportunity to lift the code and move away in a fork. Elastic did this, when it moved to a fully proprietary licensing model, while others have taken over the maintenance of the original open source code.
Brock warned that no matter what route you take, it’s important to remember that, while tensions around open source and its definition are running high, society is dependent upon open source code.
“We must also remember that open source works to make the best software,” she said. “When it comes to business, we must look to business models and the ever-evolving, ever-changing technologies to impact them. Open source will not bend to this, but rather these will have to evolve to let open source thrive.”