Thursday, March 29, 2007
GPLv3: the FSF dropped the ball(s)
Last night, I read the last draft of GPLv3 on my cell phone during dinner in Orlando. I went looking for the provision they had in the last draft, the one that closes the GPLv2 ASP loophole that forced me to create HPL. In a nutshell, it is the ability of running GPLv2 software as a service (SaaS) without returning any changes to the community, because distribution of software as a service might not technically be considered distribution of software (therefore circumventing the copyleft clause that made open source what it is today). That is what Google does, making gazillions of dollars thanks to Linux and open source but keeping its secret sauce concealed from the rest of the world (but contributing in many other ways, therefore cleaning its conscience, I guess).
The provision is not there. Gone. They dropped the ball. Actually, it has been made very clear that the ASP loophole is not a loophole anymore. It is perfectly fine to change GPLv3 software and offer it to the public as a service, without returning the changes to the community. Bryan Richard on Linux Magazine, wrote an interesting article on it titled "The GPL has no (networked) future". I agree...
That means 75% of the future software (which is going to be SaaS) could be offered by leeches, that suck the soul of open source for their pure benefit. They make money, while others work for them for free, to make them rich. Rich without returning anything that could benefit the community of whom they are parasites. As you can read in this interview, Google is really happy about the GPLv3 draft. Of course they are!!
I am honestly upset. My feeling is that the Free Software Foundation (FSF) did not have the balls to push this forward. I can understand it, because the special interests involved are big and you need to pick your fight. But they picked the wrong ones. Covering the use of open source in SaaS was the one to fight. You cannot go after TiVo because puts Linux in a box, but not after Google because it puts it behind a firewall. Just because it is Google. The vast majority of software will be run as a service, not in appliances. The world is not going there. The world is going SaaS.
Again, I understand the political reasoning behind the decision (GPLv3 has enough problems to be accepted, adding the SaaS provision would probably have killed it) but I am questioning the merit. The FSF writes:
We have made this decision in the face of irreconcilable views from different parts of our community. While we had known that many commercial users of free software were opposed to the inclusion of a mandatory Afferolike requirement in the body of GPLv3 itself, we were surprised at their opposition to its availability through section 7.I bet they were ;-) That does not mean you give up. You fight. It is a fight on principles. You cannot be a sucker in open source. You have to give back. It is true for TiVo and for Google. There should not be exceptions. Copyleft is the soul of open source. The soul of the FSF. Without it, we would not be were we are now.
In an attempt to give something to the people that agree with me, they added a backward compatibility clause of GPLv3 with Affero (which is a license with an insane requirement to close the ASP loophole and with a vanity name of a company behind it) and claimed they will work with the community to create Affero v2. That means we'll have GPLv3 and GPLv3_with_SaaS, Affero branded. One in favor of the proliferation of licenses, which is the major issue this movement is facing already... Affero is not even OSI approved, but it is the only license backward compatible with GPLv3... Double-insane (and I would be offended being on the OSI board...).
OK, I am really upset. I'll give myself a few days to think about it. I could just hope the FSF will reconsider and add the provision in the last draft, which will never happen... A first step could be to bring HPLv1 in front of OSI. GPLv2 is a good license after all, with just one problem that is fixed by HPL. And we could always create HPLv2 later and merge it with the FSF effort. I really would like that license to be compatible with GPLv3 and work with the FSF on it. License incompatibility is killing us...
The issue with licensing is at the center of open source, and it should not be. We just need to get one license that works in 90% of cases and get over with it. GPLv2 is the closest thing to this goal, and used by the vast majority of the projects out there. GPLv3 simply does not cut it. I am really really sorry about it. But I am not going just to sit and watch the disaster unfold. I am ready to fight.
Posted by Fabrizio Capobianco at 10:46
10 Comments:
Tel said...
The FSF made the right decision not to over-encumber GPLv3. There are a heap of reasons why you don't want to build an ASP blocker into GPLv3.
The prediction of SaaS taking over the world is about three years old and still the impact is minimal. SiaB is growing much faster than SaaS (don't forget to count every mobile phone, PDA, entertainment system, and motor vehicle engine on the SiaB side).
The majority of people are pretty happy with google's business model. Not only do google use Linux but they employ Linux techs ... getting decent money to do creative stuff on a Linux platform is a much better lifestyle than getting paid to reinstall a bunch of MS-Windows boxs once every 6 months as they bog down with virus code and addware.
Implementation of the ASP blocker is difficult. Where do you draw the line? If a company use a MySQL database internally but allow you to check your account balance online do they suddenly have to release all their internal "middleware" business-logic code? Such code would not be general purpose and would only be of interest to directly competing companies. What about a real-estate agent who uses Linux desktops and a MySQL database to track the houses that they have on the books. When you walk in and ask about houses across the desk you still have SaaS happening -- it just has a human interface rather than a machine interface. For that matter, what about information kiosks and library catalog terminals where the end-user interfaces directly with someone else's black box?
Too many fuzzy edges here.
Enforcement is going to be completely hopeless. How do you know what brand of database is sitting behind a web page? If the "middleware" is properly designed the it should be impossible for the end user to probe out the database internals. You might be able to provoke and error message ... maybe. How do you know what operating system is the platform underneath?
Are you suggesting that the FSF run audit teams armed with Anton Pillar orders? That would put them on par with the RIAA.
Having two versions of the GPLv3 could be OK. Getting the primary (less restrictive) version into place should be first priority. After that, time enough to argue out what an ASP blocker should look like and how to knock together a secondary version. It would make sense to make the thing modular (like the CC licenses) so people who want the ASP blocker can slot it into the GPLv3.
Comment Posted at 16:14
Fabrizio said...
Hi tel,
when you say "to the public" you are drawing a pretty clear line, in my opinion. And if you are running a library and making changes on an open source product, you should just give that back. What's wrong with it?
I really do not care about enforcing it, as I do not believe the FSF is enforcing GPL that much today. It is exactly the same thing. Copyleft is based on trust. I trust people will make good use of the technology our community will develop. And that if they will modify anything, they will share it back. Using a loophole (now a tunnel) is going around the goal of copyleft. I do not buy the "enforceability" argument...
BTW, when you say "there will be two GPLv3 licenses", you are implying there is a need for a SaaS-covered case... Enforceable or not, we both agree it is needed.
BTW(2), when you say "It would make sense to make the thing modular", that was exactly what the previous draft of GPLv3 was about. That paragraph in section 7 was optional, not mandatory. It was good enough for me. But it is not there anymore. And we are going to duplicate licenses again, which is a bad idea...
Lastly, the fact that the majority of people are pretty happy with Google business model does not hold water. It reminds me of the Romans... Give the people food and games and they will be happy. The fact that Google pours money on open source does not make them automatically a good open source citizen, in my opinion...
fabrizio
Comment Posted at 17:57
Stefano said...
Fabrizio, IIRC Richard Stallman's reasoning behind the Affero clause is that users of ASP services can never be sure of what code they are running. I use Software as Service from http:www.com/api, based on free-as-in-freedom software. I want access to source code, so I use an Affero-like button to download the source... Richard's comment is: there is no way you can be sure that such code is really the right one, without violating other freedoms (like privacy, for example). Definitely this issue is much more difficult to close with a license than the Novell-MS deal. Your post reminded me that FSF needs to explain this issue better. Thank you.
Comment Posted at 23:27
Fabrizio said...
Hi Stefano,
I dislike the Affero-like button for download, because it is a technicality and not always applicable. For me, saying you have to provide the source code somewhere is more than enough (and BTW, it is the same provision they added in GPLv3 on HW distribution).
I agree with RMS on the fact you cannot violate the freedom of the ASP-provider but I do not agree on the focus on enforceability. How do you know what is inside a box? Yes, you can open it and look inside, but... It is borderline.
I would put the burden on the ASP (as GPLv3 does on the box manufacturer). If they want to violate the GPL, they are free to do it (nobody stops you from stealing software), but they know we can catch them. If I know someone is using my software as an ASP and not returning the changes to the community, I can go after them legally. For me, it is enough. Enforcing should not be the goal.
fabrizio
Comment Posted at 11:05
I think it is a little bit hypocrite to talk about principles here when the real question is about "open source" company’s way of trying to make millions and drying to make your investors happy. This has nothing to do with the open source philosophy.
Now I don’t think there is anything wrong on trying to make money out of your software. Just please don't underestimate the intelligence of your community with nonsense comments like that.
It would be nice to have the best of both worlds (open source and proprietary software). Use the community as free workforce and still make money out of their free labour which is what you are drying to do here. Don't be too greedy and don't get too obvious.
br
Finnish observer
Comment Posted at 23:57
Fabrizio said...
Dear Finnish observer,
I believe you are missing the point.
I am running a company. I am and I will always be a capitalist. Making money is not a bad thing. I am paid to do what I love (open source) and I am very glad about it (so I believe the other fifty people in Funambol).
However, I love and I will always love the open source concept that made it great: copyleft. You make a change, you give it back. Everybody benefits. Great code, great quality, great support came from this. And freedom. And no vendor lock-in.
If you do not like to give back code, in our model you have a way to give back something else (cash). That drives our business. People that do not want to open source their code.
What I hate are people and companies that take advantage of open source and do not return anything back. The leeches. They are bad for open source. They kill open source. They are bad for business too. What's wrong on going after them? Why should you let people take advantage of your work?
You should not, whether you are developing non-commercial open source or commercial open source. Get their code back or get some cash and put it in the project. Even if they run your software as a service. The concept does not change.
fabrizio
Comment Posted at 12:07
肝病类别 肝病 中国肝病网 甲肝肝炎 乙肝 丙肝 肝癌 脂肪肝 肝硬化 纤维肝 肝腹水 中国肿瘤网 肺癌 胃癌 肝癌 中国癌症网 肺癌 胃癌 肝癌 癌症 肺癌 胃癌 肝癌 复方红豆杉胶囊 软坚口服液 臌症丸 食道平散 复方鹿仙草颗粒 蟾乌巴布膏 金龙胶囊 华蟾素片 参一胶囊 清肺散结丸 癌症康复 肺癌 肝癌 胃癌 珍香胶囊 清肺散结丸 抗癌平丸 慈丹胶囊 金复康口服液 消癌平片 西黄丸 食道平散 复方斑蝥胶囊 天芝草胶囊
Comment Posted at 00:11
Vietnam tour operator said...
Exotic Ho Chi Minh City, still referred to as 'Saigon' by many, has preserved its distinctly Asian feel and ancient culture, where monks pray in the numerous pagodas, temples and mosques. The capital Hanoi, is a pleasant and charming city of lakes, shaded boulevards and public parks. The old quarter, built around the Hoan Kiem Lake, is an architectural museum-piece characterised by its narrow streets. Ha Long Bay, with its 3000-plus islands rising from the clear, emerald waters, dotted with beaches and grottoes created by waves, is one of Vietnam's natural marvels.
Comment Posted at 19:06
"Giving back" has never been a requirement of free software. Rather, the idea that one could modify free software, and use it, (so long as it wasn't distributed), was inherent in the original GPL. That is, GPL supported and still supports "trade secret" modifications. And this is vitally important to some areas of development like hardware, cpu's, telephones, embedded applications, etc.
No, we've never been required to "give back". Rather, we've been required to propagate freedoms to anyone to whom we pass the software. But I've never been required to pass the software.
Comment Posted at 14:58
magicien said...
Thank you to speak about FSF.
In france not many people know Linus. We know window 98-Wp and now Vista.
But i think Linus is better.
I'll come back .
Post a Comment