A model for Open Source/Closed Source co-operation on a single project: Yes Really

Thursday, March 10. 2011

A model for Open Source/Closed Source co-operation on a single project: Yes Really

I was recently reading a posting by Matt Assay on the Register where he is encouraging open sourcers to unite in a campaign against the evil Apple empire and it’s machine of destruction the ~~Deathstar~~ AppStore. In it he asked “Where’s the rage, open sourcerers”

I responded to Matt with a comment to his post:

“Maybe the throngs of developers developing open source solutions also include a large number happy to finally have an outlet where lower pricing and greater reach mean they can work on their own terms and fairly earn from their work. I'm not saying there are no problems with the Mac AppStore, but the ecosystem is a huge boost to the small developer team and I'm sure, on the Mac at least, will be eating into the share of time spent doing open source projects. Perhaps that's why a revolutionary movement hasn't spontaneously erupted. It appears most end users are very happy that commercial software is being marketed at much lower prices than before ” *

*Spelling error corrected (oh the joys of web comments).

Now I have a lot of sympathy with Open Source projects, love my Drupal installations and think contributing to open source projects is a really good idea. But I do also think there is a sizeable group of radicals in the movement and though radicals shake up the status quo, challenge incumbent models etc., (which is good), some of these radicals have a tendency to overextend the areas to which Open Source software provides a good solution. There are some I have spoken to, who tend to think, in the longer term, open source provides the only solution and see anyone who disagrees with them as something to be opposed.

I don’t think it has to be that way. I think Open Source and proprietary commercial solutions can quite happily cohabit even on a single project and indeed greatly strengthen one another, if only a particular model or pattern is followed. And I have come up with a model which I think supports that solution. But before presenting the solution, let me outline what I think is a not inconsiderable problem area for Open Source.

The simple fact is open source projects are often weak when it comes to human factors design. At least where such projects aren’t being bankrolled by an organisation or billionaire space tourist. Things have improved of course. The recently released Drupal 7 for instance, is leaps and bounds ahead of the previous incarnation. But still the suspicion remains that Open Source projects will always lag behind commercial projects in this regard and the gap was, of late, greatly widened thanks to the high standards Apple has set for iOS devices.

Unfortunately, all too often, the co-operative model conspires to subvert the visual and human factors design process and anyone who has had to do graphic design and deal with customers inputting an opinion before a final result is ready, will know precisely why this is the case. The psychology of the design process simply doesn’t map well to co-operative working. Open source product designers (if that is the right term) also have to be good and co-operative citizens but the very best human factors design has rarely, if ever, been created as a result of this co-operative model (there is co-operation of course, but also the chief designer in charge). This is a fascinating topic deserving of it’s own post and I’m sure there will be a project out there somewhere that runs counter to the generalisation. However, I have yet to see such a counter example, and in any case, even if one does exist - unless there are many many such examples - the generalisation still holds.

Mark Shuttleworth agrees on this point too. It is why he has started the Ubuntu Unity project to overhaul the UI and interaction design of Ubuntu. It is why Unity is being defined by a tight knit team under his direction. Shuttleworth has high ambitions for Ubuntu and he knows that if it is to be universally adopted it must match or even exceed an Apple like level of UI design excellence and that is his stated aim. But Unity project is running into resistance within the Open Source community and the reason for this is by attempting to apply the kind of top-down design approach Shuttleworth knows a best in class UI requires, many of the worker bees feel the hive is being invaded by something foreign and unwelcome. Whether they will swarm and attack is yet to be seen.

So the jury is out, Unity, it may not be. Richard Hillesley gives this excellent analysis of the issues if you haven't seen it already.

This set me wondering if there is a middle way. And having pondered the problem a while, I have come up with what I believe is a solution. I believe there is a licensing model which will allow all many of the commercial ecosystem advantages to be found in e.g. the Apple Appstore whilst at the same time benefiting from the profoundly powerful strengths of Open Source.

The trick, I believe, is to create a license which recognises a different status for UI code and back-end code. A model where user interface code can be closed, but back-end code open, and the two can co-habit quite happily and harmoniously provided there are clear cut criteria that can be applied to qualify any given piece of code as one or the other. And the thing is (at least on my analysis), this can be done. Here’s how I think it could work. For convenience I’m going to call this the Open Interface license:

The unique feature of an Open Interface license is that any modules providing a published public API (e.g. machine to machine interface) are irreversibly open. On the other hand any modules that don’t publish an API, but that nevertheless themselves use an Open Interface public API, may remain closed and may be wholly commercially owned but must still irrevocably carry the Open Interface license designating them as part of an Open Interface project.

But surely, it is natural to object, large swathes of development can still be kept closed? If you think about it, the answer is no, they can’t be. It is impossible to develop any major league software solution if you don’t publish API’s. One of the things that has become very clear is that any commercial software more meaningful than the most basic and simple app, has to provide an API. Accounting packages, Facebook, Word, Photoshop, you name a project and you will confirm this statement. Under this proposed license, any modules such an API is dependent on and the API itself, must be open and public.

The key here is to understand any closed modules can only be kept closed if they don’t provide a machine-to-machine interface or are a build (or execution) dependency for other modules which provide such. If you follow the logic through, it becomes clear the only area it will be possible to have closed software is where that software supplies a user interface. It will be possible to have closed API’s below that, only they are not public and not either a mandatory or optional requirement of public published API’s. As soon as an API is published or made public, the commercial entity then no longer has exclusive rights over that code. This definition of closed versus open is then not a technical definition. It is a social one - and this is a big strength.

I’ve executed a SWOT analysis on this proposal and IMHO this license model comes out looking pretty good:

Strengths:

Provides for more significant commercial ownership model that e.g. mere MVC re-skinning would allow and so provides much more certainty for commercial enterprises to be able to exploit and benefit from open source as equal members of the community but without subverting or compromising the open source contribution.

All project members know where they stand with regard to the other members, what is acceptable on the project vis-a-vis commercial interest and what is not (this is a must for commercial and non-commercial to co-exist)

Provides a clear logical definition of what needs to be open sourced and when (and importantly, legally definable)

Allows for a company to provide an “Apple like” level of experience on top of open source software in a way not to dissimilar to how OS X has been built on top of GNU and allows that company to charge for it without fear they may be forced to give away their investment and commercial advantage. However they know the rules of the game and that this applies only to modules without public API’s.

It maintains a clear pool of open source software where it matters the most and provides the most benefit; backend API’s and system level functions

Open source can be seen as a social benefit. Most if not all the social benefit can be preserved on this model. Pure open source UI’s can also be delivered for any given project.

Reduced maintenance costs

Arguably greater security (open source projects are good at finding and patching security holes)

Greater commercial traction will mean business is more regularly co-opted into supporting the open source level of development

Weaknesses:

Loss of opportunity top to bottom proprietary stack acting as a barrier to entry for competitors (reduced hight of barrier to entry)

Unfortunately and undoubtedly there is a significant disadvantage with this proposal. The license may well be incompatible with existing open source licenses, so it is unlikely it could be retrofitted to current Open Source projects (this is akin to the “Fragile Base Class” problem built into some object oriented languages!). It may be possible to start some new developments on top of some existing open source license code if there is not dynamic loading and linking - but controversy still dogs the distinction between the definition of these two things.

No opportunity to charge for lock-in or maintain lock-in (of course this weakness is a strength from the client or customer standpoint but I put it here in the interest of being comprehensive)

Patent ownership will be incompatible with the open modules parts of any Open Interface license (similar to the last point, this will be viewed as a strength by many)

Opportunities:

As of now potential first mover advantage for projects/companies adopting this model

Savings on maintenance costs can be directed into perfecting UI and other projects

Greater leverage for smaller businesses to compete with big business

Commercial companies can forge closer ties with a user community on a productive and non-confrontational platform

Greater opportunity to acquire customers fearful of lock-in and who also want to deal with well-founded commercial concerns

Threats:

Reduced barrier to entry may result in more entrants after a project succeeds (however remember this works two-ways and there may be opportunities also)

Since the distinction between public API’s and private API’s is whether they are publicly published or not, companies may try to cynically exploit this distinction by declaring private API’s and giving a nudge and wink to select customers that they may be used. It should be noted however, this would not provide a powerful basis for an enduring business relationship and would remain a marginal case (or edge case) albeit an unwelcome one. There could be no legally binding contracts around such API’s if they are not declared public. It would be stipulated in the Open Interface agreement that any API’s made subject to a contract with outside parties, would be by definition open and would count as published.

A business may try to cynically exploit the social definition of a public API’s by forming special closed or secret business relationships. The license would need to include a comprehensive definition of the boundaries of a single commercial entity for the purpose of what can be counted as a private versus a public API. There may again be some unwelcome edge cases around this definition because it is almost impossible to legislate for all eventualities. However that such edge cases may exist wouldn’t invalidate the model in any significant way.

Paul Lancefield on Twitter

Posted by Paul Lancefield at 09:55 | Comments (9) | Trackback (1)

3361 hits

< You know you are going into a bubble when VC's queue up to throw millions at Food 2.0 | Google lets you block spamsites >

Trackbacks

Trackback specific URI for this entry

Why Google Really Ban the AGPL
Chris DeBona, Google’s Open Source guru, goes a little limp when confronted with the AGPL. The AGPL license is designed so that ASP’s using AGPL licensed code for web services are required to deliver their code back to the open source community. It it

Weblog: broadstuff
Tracked: Mar 31, 15:59

Comments

Display comments as (Linear | Threaded)

If I understand you correctly, could you not do this already by:

1) Proprietary UI's to LGPL code
2) Proprietary UIs to BSD/MIT/MPL etc. licensed code.
3) A UI for GPL code that runs as a separate process.

I am not sure about 1) because LGPL is used for libraries rather than apps (but it could be used for apps), but there are already applications around which you could do 2) and 3).

A lot of software that we Linux users use (quite a lot of it is cross platform) does either have a command line version, or is a relatively thin GUI wrapper around a library.

I would personally pay a small amount for a better UI for VLC, and quite a lot for Lyx (or an alternative GUI Latex) with the rough edges ironed out.

#1 Graeme (Homepage) on 2011-03-10 10:59 (Reply)

Hi Graeme. Thanks for the comment.

The problem as I see it is there is uncertainty around the definitions of static binding and dynamic binding that raises uncertainty for building commercial software on top of Open Source. But more importantly a crucial difference here, that probably warranted more discussion than I have given it, is I am suggesting all code using this framework has to include the license. So if for that code at any time in the future, a business wants to publish an API - it then must be made public. There is a big discussion that can be had as to whether it is a mandatory requirement for any code at all using the Open API's.

If the license were to be drafted strongly in this way, it may actually be somewhat stronger than existing Open Source licenses in terms of forcing business using the software to adopt an open source model, whilst nevertheless offering a healthy degree of security as to what can be kept closed. I suggest that may make it really attractive to Open Source advocates and help maintain the healthy give and take dynamic such an endeavour requires.

Having thought about it a bit, I think there is a solid core proposal here, thought I'm sure there are angles I haven't thought through yet. I can see many areas where it throws up interesting possibilities that warrant further discussion.

#1.1 Paul Lancefield (Homepage) on 2011-03-10 11:18 (Reply)

Clarifying what is permissible is good, but it only matters if you are talking about software that is GPL licensed AND if you are planning something which falls into a grey area or is not permitted by the GPL.

There is lots of open source software to which you could currently add a closed GUI, but no one does it. If your hypothesis is right, why is no-one taking the opportunity?

#2 Graeme (Homepage) on 2011-03-10 11:36 (Reply)

Four answers:
1. In some cases it is done - but not enough and partially because there is tension (and legal tension) between the two communities (an example is the various commercial add ons to Eclipse)
2. The legal uncertainty on all current open source licenses cause questions to be raised that can affect funding the business
3. This can potentially offer greater security on all sides through ironing and formalising areas where there is currently uncertainties.
4. My reasoning is that this form of a license would be very good in the context of the Ubuntu/Unity "controversy," much better than the current arrangement. However, unfortunately current licenses can't just be rewritten.

Of course any project depends on the endeavours of individuals, so no license is going to provide a magic bullet or can take credit for the sudden creation of the world's best software. I'm just proposing this license would in some cases be a more appropriate tool.

#2.1 Paul Lancefield (Homepage) on 2011-03-10 11:55 (Reply)

Oh and another not inconsiderable benefit is that anyone working on an open source project that uses this kind of license can do so with the comfort and benefit that they are more likely to be able to leverage their knowledge in the context of a commercial venture, one that will continue to be fairly bound to the open source project and will also be highly likely to be an active citizen in the project. They won't feel they are "ripping off their friends."

One of the most important things to do with any co-operative endeavour is to set expectations and stick with the expectations that have been set. The real benefit in terms of motivation and co-operation would come from the fact I think a more balanced and healthy set of expectations would be in place from the outset.

#2.2 Paul Lancefield (Homepage) on 2011-03-10 12:23 (Reply)

It solve point 1, but is that the real problem?

As for point 2, which of the major open source licences other than the GPL has such uncertainties?

Even with the GPL there are lots of cases where it is clearly permissible.

If you really want to be safe run the GPL code and proprietary GUI in separate processes. Write a thin GPL IPC layer around the GPL code.

#3 Graeme (Homepage) on 2011-03-10 13:20 (Reply)

Agreed you can do that Graeme and you have raised some more good points.

In my view strong copy-left licensing is clear and without great uncertainty (just unattractive to business). Also BSD License is clear and without controversy because there is no copyleft encumbrance (but that makes it potentially less attractive to Open Source contributors). It's when there is an attempted definition at "weaker" or watered down copy-left licensing that is more attractive to business that issues and edge-cases start to crop-up and I think the result has been the confusing proliferation of license types that currently besets OSS.

As soon as you move to any copyleft licensing, a logical question arrises with regard linking and derived works and that question becomes a rock in the water when you move to more permissive copy-left license types. That is unless, I submit, you have a social definition along the lines of the one I have proposed. The static v's dynamic linking section of Wikipedia's GPL entry has a good summary of the issues and highlights that it is only one of a range of opinions that they might be avoided. So while you may well be proved right as more case-law gets laid down, I still think it is a real issue for business and business plans that rely on OSS.

I think OSS license proliferation has been somewhat driven by this issue remaining unresolved (or even quite possibly logically unresolvable). I think there is little doubt license proliferation is inhibiting OSS project adoption by commercial parties. I think it also makes participants on all sides less certain where they stand in relation to the project and this results in unnecessary levels of suspicion and mistrust.

What I am proposing, through having a social definition of open and closed - allows for a strong copyleft style license on the Open Source side of any project (few problems with definition there), and a strong customisable commercial license on the commercial side. I submit, using social rules to define when the commercial license will be “overridden” by the requirements of the Open Source license, will result in less tension and controversy and lead ultimately to greater trust and co-operation. The constraint for business is clear and easy to evaluate in advance. The boundary between the two is clear and unmovable.

Thanks for your thoughtful questions (I'm glad you don't seem to be totally writing off the proposal - I'm sure you'll correct me if I'm interpreting that wrongly!) I can see this a topic for another post as clearly the points I'm raising can do with more detailed treatment.

Of course I'm aware there is an irony in the fact I'm suggesting another license whilst also talking about the problem of license proliferation

#3.1 Paul Lancefield (Homepage) on 2011-03-10 15:22 (Reply)

I am not writing off the idea, but I am unconvinced either because you have not explained why we have not seen successful proprietary UIs where it is already legally safe and possible.

I think you could implement this without license proliferation in several ways:

1) Use the LGPL
2) Use the GPL with an exemption for GUIs using a specified API.
3) Use the GPL but provide a way of controlling the back-end from a separate process: like this http://mpd.wikia.com/wiki/Music_Player_Daemon_Wiki but not necessarily over a network protocol

#4 Graeme (Homepage) on 2011-03-18 20:31 (Reply)

Yes there is a lack of data here I think. This looks to be a good subject for further investigation. My starting assumptions are clearly somewhat different to yours.

I believe there is so much value to be had for commercial parties adopting and extending (wrapping) open source solutions, that they would be doing so if they could do so fairly, with the understanding and acceptance of the community, without compromise to the application design and without the accusation of unfair or exploitative business practice causing problems for their brand. Also packaging and distribution can be a big issue for OS based products. An Open Interface license could allow for consolidated packaging and download also.

I believe there must be a disincentive if business is not adopting what are in many cases powerful foundational technologies with thousands of hours of development that are available without a bill attached. I think, despite the suspicion to the contrary, most businesses are generally very concerned not to be seen as cynically exploitative and current OS licensing arrangements would leave them open to that charge. No one wants to spend their day building software on top of the efforts of a community that shuns them and/or hates them. It wouldn't be fun and it would run counter to the image a professional operation wants to build.

A license where the rules and lines of co-operation are built in, would I think remedy this negative dynamic. So a key question is if there is any research data backing-up the reasons businesses are not exploiting open source technologies for delivering proprietary solutions. I've searched but can't find any that is particularly conclusive.

The alternative approach is to write a blog post like this, and put it out there. Whether the proposal ever comes to be adopted also probably provides an answer.

#4.1 Paul Lancefield (Homepage) on 2011-03-22 14:04 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. E-Mail addresses will not be displayed and will only be used for E-Mail notifications To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry
Submitted comments will be subject to moderation before being displayed.