Make Software Great Again: Can Open Source be Ethical and Fair?

Is there a way to go beyond open source, and have ethical, fair software in a cloud-first world? This is what some people in the open source community think.

OSS is perceived as being free, fair and/or ethical. This perception, however, may not be entirely true. That may be counter-intuitive, but it’s at the heart of the debate around OSS. As OSS is growing up, it’s becoming more successful, more complex, and ubiquitous. It seems we are entering a new phase for OSS, and it’s not without growing pains.

Commercial OSS in the cloud

The four essential freedoms are a cornerstone of OSS. They refer to what users can do with the software, but they tell us nothing about the economic cost, or benefit, related to the software. OSS is free as in speech, but not free as in beer. Someone has to build the software, and then someone has to maintain, run, and manage it.

As far as the perception of OSS being fair or ethical goes: it’s just that – a perception. The perception stems from the OSS community ethos, but in reality, the OSS freedoms are at odds with notions of fair or ethical use. Anyone can contribute as much or as little as they please to OSS. Anyone can use OSS for any purpose, regardless of contribution.

Which brings us to cloud vendors. As many pundits note, cloud vendors operate on a whole different plane. If commercial OSS vendors are about taking innovation from 0 to 1, cloud vendors are about taking it from 1 to n. This brings value in and by itself. Cloud vendors also release OSS projects of their own, and contribute to existing ones. Their strategies, however, differ, and this is where things get complicated.
AWS is the leader in the cloud market. The strategy AWS has adopted with regards to OSS, however, has exposed it to criticism. Recently, an independent data-driven analysis was done on GitHub, where OSS code lives. The analysis showed that in terms of code, AWS does not seem to be contributing much to the development of the OSS products it offers as a service.
It’s understandable why vendors building those products are looking to tweak their licenses to disallow AWS from running their software as a service. It’s also understandable why the OSI, which has control over OSS licenses, is pushing back: by introducing those tweaks, the software is no longer OSS.

If this was just a clash of commercial interests, we might be getting our pop corn to watch. But for something with such high value to society at large as OSS, the ramifications are important. Is there a way everyone involved can get a fair share of the profit, and keep contributing to OSS? Let’s hear what 2 CEOs from vendors who build OSS, and work with AWS, have to say.

The co-opetition view: one big act vs. many small ones

Our discussion started touching upon ScyllaDB’s latest features. According to Laor, these features (most prominently lightweight transactions) do not just bring parity with Cassandra, but go one step further. Laor expanded on the technical aspects of ScyllaDB’s solution. As these seemed technically sound, yet conceptually simple, the discussion moved to a broader topic.

ScyllaDB exemplifies the complexity of open source software: built on existing software and APIs, while being open source itself. Image: ScyllaDB

Laor claimed none of ScyllaDB’s closest matches, namely Apache Cassandra and AWS DynamoDB, have such features. When asked why he thinks that is, given the nature of those features, Laor offered 2 answers.
For Cassandra, he mentioned that for the last few years its former main contributor, namely DataStax, has taken a step back. Naturally, this has stalled Cassandra’s development considerably. As for AWS, Laor noted that AWS has the tendency to offer products that are good enough, but not necessarily the best in their league.
As ScyllaDB is also available on AWS, and Laor was present at AWS’s main event, re:Invent, in 2019, he offered a metaphor to explain this. Laor said there were a number of stages set up for various acts in the re:Invent after party, and he found all of them mediocre. Laor went on to add that he sees that as a metaphor for AWS’ philosophy of going wide, rather than deep in its undertakings. This is a point shared in other OSS vendor strategies, too.
But ScyllaDB went beyond that, to do something no other OSS vendor we know of has done before: offer a compatibility layer for one of AWS’ products, namely DynamoDB. ScyllaDB’s DynamoDB API support will be officially available soon, and it will enable DynamoDB users to migrate to ScyllaDB. Laor said there is a waiting list for this.

Building a new implementation of an existing API seems cleaner than using someone else’s implementation, but it still means benefiting from a userbase others built. Laor acknowledged that, as well as the fact that ScyllaDB leverages contributions from Amazon, Cassandra, and DataStax. He also pointed out that this spurs innovation and benefits users, and measuring contribution is very hard.

ScyllaDB has an open core strategy. Some features are proprietary, while the OSS core is licensed under AGPL, which Laor said AWS avoids. So far this has worked in deterring AWS from offering ScyllaDB as a service, although it could also be that ScyllaDB has not reached critical mass yet. In any case, as Laor said, these things change.

The collaboration view: balancing OSS makers and takers

Most OSS products fall under one of two categories. Many products are largely driven by a single vendor, whose employees contribute most of the related effort and drive its directions. Other products leverage contributions that cross-cut organizations who employ the contributors; often, OSS work is the main activity for such contributors.

But there is an OSS product in which the vendor commercializing it only contributes 5% of its code while still being the largest contributor. The product is commercially successful, has a community-driven decision making process, and is a distinguished AWS partner, too. And these are not the only reasons why Acquia, the vendor commercializing the Drupal CMS, and Dries Buytaert, its founder, stand out.
Recently, Buytaert shared his thoughts on balancing OSS makers and takers in an elaborate blog post. In our discussion, Buytaert confessed it took him a couple of weeks to put his post together. This is understandable, considering how many aspects of OSS it touches upon.

If makers and takers in the open source ecosystem can’t be balanced, the ecosystem won’t be sustainable. Image: Dries Buytaert

Drupal started in 2000, while Acquia was founded in 2007. As Buytaert highlighted, Acquia and the Drupal community have a unique relationship, which is formally documented in a charter. The community includes about 80.000 contributors, while Aquia employs about 1.000 people.

Yet, Drupal’s governance is not with Acquia. The community sets Drupal’s roadmap, and elects people in leadership roles. People choose to contribute to areas that matter most to them, and Acquia does this, too. Buytaert said that even when there is a decision Acquia does not agree with, the decision is carried through, if there is substantial backing for it.

Buytaert builds on the notion of OSS as part of the Commons, introducing an important distinction. For end users, OSS projects are public goods; the shared resource is the software. But for OSS companies, OSS projects are common goods; the shared resource is the (potential) customer. Makers invest heavily in the software, takers are mostly interested in customers.
Buytaert, leveraging Elinor Ostrom’s work in addition to his own experience, seems to have gotten to the heart of the issue. Research shows that when the Commons are left unchecked, without governance or rules for contribution, they collapse: shared resources are either engulfed or exhausted.

Ethical software

One, don’t just appeal to organizations’ self-interest, but also to their fairness principles. Two, encourage end users to offer selective benefits to Makers. Three, experiment with new licenses. Those points were also backed by Laor, who prompted users to consciously vet their OSS providers for fairness, and pointed to precedents like the Open Invention Network.
One thing is clear: AWS should not be excluded, it’s a vital part of the OSS ecosystem. The fact that this is a complex ecosystem with many actors that need to strike a balance is something many people agree on. This includes Buytaert, Laor, and AWS VP/Distinguished Engineer Matthew Wilson, a self-proclaimed “OSS romantic”, to name but a few.

Buytaert also agreed with Laor that while AWS is a good partner to have, if it decided to start offering ScyllaDB or Drupal as a managed service on its own, there would be nothing they could do to stop it. Buytaert was also clear on something else: making OSS sustainable may require a break with OSS as we know it. But if that’s what it takes, so be it.

This also seems to be the gist of Wilson’s position as stated in a number of Twitter threads: this is how OSS works. If you are not happy with it, do it differently – just don’t call it OSS. This is a fair point, made by others, too. Recently Stephen Walli, principal program manager on the Azure engineering team at Microsoft and an OSS veteran, shared his ideas on Software Freedom in a Post Open Source World.

Walli went through the history of OSS, the four essential freedoms, and the ways and reasons people challenge how OSS works. Walli’s message is along similar lines: “I am happy for people to challenge the ideas that define our software collaborations and culture of outbound sharing. But I want them to be bold. If you want to define a new movement then do so.”

“Today, the same OSS that enriches the commons and powers innovation also plays a critical role in mass surveillance, anti-immigrant violence, protester suppression, racist policing, the deployment of cruel and inhumane weapons, and other human rights abuses all over the world.

We want to do something about this misuse of our software. But as developers we don’t seem to have any recourse, no way to prevent our work from being used to harm others. We want to change that”.

Fair software

Ethical software licenses are not the only OSS variant around, however. There is also the Fair Source License, allowing users to view, download, execute, and modify code free of charge. Up to a certain number of users from an organization can use the code for free, too. After an organization hits that user limit, it will start paying a licensing fee determined by the software publisher.
Fair Source was created by Sourcegraph and drafted by Heather Meeker, a prominent OSS lawyer who also drafted the Commons Clause for RedisLabs. Fair Source got featured on Wired, and received praise from GitLab, but it does not look like it got much traction. The reason is probably that as things stand, Fair Source is also not an OSS compatible license.
Fair Source is another variant on Open Source, but adoption remains low.

This all seems to be pointing somewhere: perhaps we’ve reached the limits of what OSS in its current form can do. People are realizing it, and questioning the status quo. Whether that will lead somewhere, remains to be seen. But some first steps are taken, and the potential seems to be there. OSS was a bold step in its time, too, and its pioneers paved the way.

To wrap up, let us revisit the “quantifying OSS contribution is hard, and it’s not only about code” argument. This is true beyond the shadow of a doubt. But before dismissing quantification as mission impossible, we should consider a few things.

Commercial OSS vendors are building platforms to power today’s data-driven economy. As a 3rd party analysis on GitHub data shows, they -expectedly- seem to be key contributors to their own codebases. While there may be communities of practice built around the products, in most cases we would assume vendors do much of the non-code work too – promotion, support etc.

OSS vendors have people who contribute to these tasks in their payrolls. Presumably, these people leave the digital footprint of their work on all sorts of systems. From OSS code repositories to issue trackers, HR, project management tools and spreadsheets, to social media. Nobody should be more motivated or better positioned to develop a holistic, data-driven model for OSS contribution, than commercial OSS vendors.

Doing this would make their claims much more grounded. To be entirely fair, commercial OSS vendors should also apply this to external contributions, be it from individuals or from organizations such as cloud vendors. And to back claims about putting OSS sustainability and the common good first, changing their status to B Corporation to reflect that might help, too.
To get over the OSS midlife crisis, and make software great again, leadership is paramount. There is no doubt the amount of legal, social, software, and data engineering needed to evolve OSS is staggering. But OSS is so important, that it would be irresponsible to shy away from it. Some OSS leaders are showing the way. Opinions may vary, but the issue is being acknowledged. Who would not want to have ethical, fair, open-source software available on demand in the cloud?

Coming up with a way to fix commercial OSS by measuring and rewarding contribution is something that will not just benefit vendors, but the world at large. So if not them, who? If not now, when?

read original article here