As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
I'd like to see some recognition from this crowd of the "free-ride competition" problem as this author puts it. What Herman is doing is a service to us all, and we should find a term (better than 'source-available', which is cold and doesn't capture community projects accurately) that people can promote themselves under without much weeping and gnashing of teeth.
EDIT from a comment in a thread way down, that summarises my point:
I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software. In fact, having no safeguard against large organisations making money this way is actually hugely detrimental to the mission by enabling these companies to ensnare unsuspecting users in a web of both their own proprietary software as well as all that free and open source software has to offer.
swiftcoder · 3h ago
> the stance of the 'Open Source' crowd
The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
The proliferation of "give everything away for free" MIT/BSD/Apache licenses seems to me to have been an intentional campaign by corporate interests to undermine free software ideals
tsimionescu · 2h ago
Amazon offers lots of AGPL software, and they fully respect the license in all cases. Ultimately the GPL is about protecting users' rights at the expense of developers' rights. So as long as AWS can offer a better/cheaper managed version of a software service, while still giving the users all details on how to run the same service if they chose to, then the AGPL is completely achieving its aims, even if the original company goes out of business.
LeFantome · 1h ago
Agreed. The AGPL does not care at all about those writing the code. It is all about users.
zimpenfish · 2h ago
> The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
Not wanting to further widen the schism but wasn't that the free software people rather than the open source people? cf [0], particularly the "not as strict" part.
> In the late 1990's Eric Raymond and others developed the term "open source" as a more business friendly term than "free software", with a more inclusive meaning where licenses that were not as strict about the passing on of modifications would also quality for the term.
No, open source was definitely more leaning toward the GPLv2 than the BSD-style licenses.
apgwoz · 2h ago
…until businesses decided that the GPLv2 was legally risky and businesses started to avoid it.
graemep · 1h ago
Software businesses. Other businesses do not care.
LeFantome · 1h ago
As I recall, Open Source was about developers collaborating to make better software. It was a pro-developer philosophy vs the Free Software movement which was all about the rights of users (and developer hostile in my view). GPL and its children are from the Free Software Tradition.
Open Source provides the same “4 freedoms” as Free Software so most Open Source licenses qualify as Free Software as well.
If the goal is developer collaboration, permissive licenses are often the best choice. If you want maximum user entitlement, copyleft licenses limit developer freedom in exchange for a guarantee that future code will also be released as free software.
Cloud hosting was a challenge that did not exist when either philosophy first emerged.
With hosting, you are able to become the preferred source for software without adding much value to the code itself. This is what the author is complaining about.
The AGPL tries to address this in the GPL family but I don’t think it quite gets there. For permissive licenses, we see these “no hosting” exceptions.
If you read the early writings from the Free Software Foundation, they do not care if devs can make a living. The goal is user freedom. I think it is this philosophy that objects to the hosting exceptions.
Perhaps a better solution will be found in the future.
Zambyte · 2h ago
The original stance of open source is to cater to "free-riding" businesses. That's like, why the term "open source" even exists. You're thinking of the "free software" crowd.
gr4vityWall · 2h ago
> The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
Expanding on this, the Free Software movement always focused on freedom for users - which, in a world where copyright applies to computer programs, ultimately leads to the licenses you listed to repurpose it.
The Open Source movement usually tries to advocate for open-source as the best development model. As in, writing it in the open and contributing with other people will result in objectively better software in the long term. Others treated it (when the term was coined) as a marketing term for Free Software, making it more palatable to businesses whose people running it don't want to talk about ethics too much.
> The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
s/open source/free software/
None of those licenses prevent Amazon-style freeloading though.
jibal · 3h ago
The MIT and BSD licenses predated the GPL. People have a choice as to which ethic to follow ... it's not the result of a corporate conspiracy. (And I'm a social democrat, not a corporate simp.)
swiftcoder · 3h ago
I'm not so clear the choice was made consciously. There's a big swing away from the GPL and towards MIT/BSD around the time that Apple starts adopting a bunch of open-source projects for inclusion in MacOS X, and it accelerates when various big companies announced that they would be forbidding GPLv3 adoption. Fast forward to the cloud provider era, and basically no new software is being placed under the GPL (at least in part because Amazon/Google/Facebook/etc are predicating contributions on being GPL-free)
drob518 · 2h ago
The problem with GPL was "tainting." It was never clear in what cases you could use GPL without it dragging all your code into being freely available. LGPL was supposed to help with that; AGPL made it even worse. The lawyers were terribly confused and recommended you just not use anything with "GPL" in the license.
The reason why MIT/BSD licenses flourished is that they were easy to understand. As long as you didn't sue the original author or try to claim the code was written by you, you were free to do almost anything with it, including mixing it in with other for-profit code.
Whether that's an abomination or a blessing depends on your corporate vs. free software politics.
rincebrain · 2h ago
(All personal opinion, etc.)
I'm not actually sure what a better way to square the circle of not making the large entities that have developed a weird patronage relationship with open source projects run away while also avoiding the kinds of problem that the GPLv3 and AGPL are hoping to deal with, would be. Limiting the virality scope might be beneficial there, but I'm not sure how you would word that in a way that's not gameable.
It feels like we've wound up in a weird position where because so many GPLv2 projects moved to GPLv3, companies were startled into paying attention to the risks involved in a new license with open questions about how it would shake out in actual courts, as well as being jolted to the very real possibility it could happen again, and took the path of risk reduction by moving toward platforms where that couldn't happen.
You might compare it to everyone pointing to Solaris's source closing as a reason to not trust Oracle about MySQL's license remaining GPLv2. (As it turned out, so far, they haven't changed the license, but there was certainly a lot of fearmongering about that at the time.)
So I think I agree that it's not so much a coordinated effort to steer anything as the direct effects of companies avoiding funding that space, as well as the knock-on effect that anyone whose goals involve large companies using their product and leveraging that avoids picking a license that precludes that in turn.
pferde · 3h ago
The creation of those licenses, maybe. Their mass popularization, and the pooh-poohing of GPL licenses that often goes with it in related discussions, is much more recent.
jakelazaroff · 6h ago
Most people have no problem with non-open source software. The gnashing of teeth comes in when projects like Terraform become successful specifically because they're open source, and then the maintainer changes to a closed source license that would have prevented the project from being successful in the first place.
Doubly so when they relicense outside contributors' work with a closed source license because those contributors signed a CLA.
8organicbits · 30m ago
The trick is not to get attached to a project name. `Terraform` is a trademark of IBM (previously Hashicorp). Terraform used to refer to an open-source IaC project, but now it doesn't. OpenTofu, https://opentofu.org, name is probably the most accurate name for the continuation of that open-source project.
arp242 · 5h ago
Quite a few people commenting here are having problems with it in the case of Bearblog though, including some pretty wild accusations.
Looking at the details of that, the only two (small) substantial code changes from other people are "User can delete their own account" from 2020, and "Use cloudflare online dns api to perform domain check" from 2021.
jinzo · 3h ago
If we are real, it's also quite clear that contributions are not accepted at least from 2023. And the Readme talked about the project not meant to be self-hosted in the past.
I have no horse in the race, just think that maybe this project is not a good measure of contributions.
jakelazaroff · 18m ago
> Quite a few people commenting here are having problems with it in the case of Bearblog though, including some pretty wild accusations.
That's why I said "most people" (of which I think HN commenters are not a representative sample) rather than "nobody" :)
_puk · 2h ago
Sounds like we need a "forever open source" license.
A commitment that any significant derivative retain the original (or some later version) of the original license.
"Free to do whatever as long as it retains this license. A commitment that this license will not change, even by the original author".
No special cases, just a blanket license for all derivatives.
If it exists, what are the barriers to adoption? Why don't we all use it?
yjftsjthsd-h · 2h ago
I'm really not a lawyer, but I'm skeptical that such a thing is even possible; is it legally possible to say that you as the copyright owner will never relicense something?
(What I'm given to understand does work is using a copyleft license and taking code from multiple parties without a CLA, because then relicensing requires all the copyright owners to agree, which for a large enough project is impractical.)
_puk · 1h ago
How about a standard entity "OSI perhaps?!", that commits a file to an early stage of the repository (could this be automated), who then cannot / will not give approval for a relicense?
j1elo · 4m ago
Relicensing still can be done, just keeping that file out. (and reimplementing it the same but with new code, if it was really needed for something important)
jaredklewis · 5h ago
People can license their software however they want, but it is worth reflecting on why almost all open source authors go with a permissive license like MIT: because it is basically a "buyer's market." When choosing a database, distributed queue, blogging platform, or whatever, companies usually have a choice of at least several high quality open source options.
If one of those options places restrictions on the users, then those users are probably going to choose one of the other options.
As a result, licensing your project GPL or the like usually means relegating it to obscurity. There are very notable exceptions, including Linux and WordPress, but they are outliers. It's hard to monetize an MIT project, but it is even harder to monetize a project without users.
Whether this is "good" or "bad" is a separate debate (err, usually flame war), but I think many people gloss over that this is a coordination problem and that everyone is acting rationally. For better or worse, software does not seem to be scarce.
zelphirkalt · 2h ago
I disagree. It will be harder to monetize MIT licensed projects, because any competitor can just grab and run. With AGPLv3, at least legally the competitor needs to publish their modifications as well. This in turn makes it more likely the competitor will not use your code, or if they do, in accordance with the license, which would be fine, and users of the product you build will mostly not care, because they don't even know what the licenses are about.
landdate · 2h ago
> licensing your project GPL or the like usually means relegating it to obscurity
Subjective. Sure if you are talking about percent of market share, but it's a huge market, you don't need to capture even 1% of users to have a viable business.
The vast majority of the GNU ecosystem is GPL. Bash, git, Apache, Gimp, Blender, Libreoffice.
There are also a lot of projects that are dual licensed, allowing commercial software to be charged a fee and non-commercial software to use for free with GPL.
umanwizard · 2h ago
Neither Apache nor LibreOffice is GPL. Apache is permissive whereas LibreOffice is MPL (a sort of middle way between permissive and copyleft).
NoahZuniga · 5h ago
Well, many developers publish their code not because they want to specifically make a successful open source project, but because they made something that was useful to themselves, and like the idea behind open source. In that case it makes more sense to do a copyleft license because it will legally require all derivatives to also follow that open source idea.
jaredklewis · 4h ago
Yea I think stuff like this is great and will have some impact around the edges. Perhaps particularly in the realm of end-user software, like a window tiling manager.
But once we start talking about the kind of software large corporations (like AWS) will have an interest in, projects have to be successful to be useful. Software requires maintenance so the maintainers need to be able to devote their time to maintaining and improving the project. So this will select for projects that are successful enough that the maintainers can focus on it fully (either because some company hires them to work on their own project, they can charge high consulting fees because of their association with the project, or whatever).
I think "the code" (the thing covered by copyright) in most cases is not as valuable as "the project:" the leadership, the contributors, the users, the norms and practices, the commitment to ongoing maintenance, and so on. So just lots of individuals all putting pieces of their code out there with GPL probably doesn't make a lot of impact (though there is nothing wrong with it), because most users don't want "code" they want a "project" they can rely on.
swiftcoder · 3h ago
> once we start talking about the kind of software large corporations (like AWS) will have an interest in
I'm not sure why someone who is spending their limited free time building software to give away for free would want Amazon as a downstream consumer
Do you enjoy spending your nights and weekends dealing with CVE reports, while a high-6-figure BigTech engineer nags you that they need it fixed?
jaredklewis · 3h ago
We definitely agree on this point. Different licenses select for different things.
It is an annoying problem to have, but if your goal is to be able to support yourself by working on your open source project full time (not saying this has to be or should be everyone’s goal), then having big tech engineers nagging you is probably a good problem to have.
swiftcoder · 3h ago
Honestly haven't seen many open-source maintainers convert a BigTech downstream into recurring revenue. I'm sure it does happen, but its far from the norm
bachmeier · 5h ago
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
If you aren't interested in open source, that's your option, but open source has had a clear meaning for decades. You can use/write your software and people that believe in open source can use/write open source. What's the problem?
nothrabannosir · 4h ago
Whether they contribute back their changes to their users.
adastra22 · 4h ago
Then you want free software (a subcategory of open source).
dragonwriter · 4h ago
Free Software and Open Source have definitions that are both on their face and in practical application by the bodies responsible for each almost entirely identical. Neither is a subset of the other.
If you are concerned about mandating users provide modifications by a similar license to the one they received material under, what you want is copyleft.
No comments yet
MangoToupe · 3h ago
That's copyleft, something OSI was basically created to not imply.
didibus · 30m ago
What's wrong with "source-available" ?
Open-source normally means there's no use restrictions, but there could be some requirements in order to do so (like attribution).
Free software normally means there's no use restrictions, but modifications can mandate maintaining the modifications also free to use, retaining the same freedoms.
And if you fray from those, you can call it source-available and the specifics of what usage restrictions exist are per-license.
omnicognate · 6h ago
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source
Isn't this what the AGPL is for? That's an OSI approved "open source" license that places restrictions on people making the software accessible as a network service.
happymellon · 6h ago
I think the problem that these folks have is that AGPL still allows other people to host the software.
They want to seem altruistic but want to also be the only provider.
GPL would have been a better initial license, and AGPL would have been the next logical step to ensure that changes that hosted services make can come back to the original version.
I'm not entirely sure what they were hoping to get by making an extremely permissive licensed piece of software, but competition doesn't appear to be it.
tptacek · 6h ago
They care that other people can sell the software, not that other people can use the software, which is why the license they use makes that distinction.
cxr · 2h ago
This is a confusing claim. Are you saying the chosen license (<https://github.com/HermanMartinus/bearblog/blob/998e87263248...>) makes the software free to use to offer (e.g. gratis) "hosted or managed service[s]" so long as one does not sell the services? This is trivially confirmed not to be true. It prohibits all use of the software to provide services, not just a prohibition on selling them.
mynameisvlad · 6h ago
> They want to seem altruistic but want to also be the only provider.
This is an overly negative take. At the end of the day, they are still providing software and the source code free to use for practically every purpose except directly competing with them.
That's still altruistic while also being sensible in the real world rather than an ideal.
passthejoe · 3h ago
The license disallows use of the software for what it is intended: setting up a multi-user blogging system.
kelnos · 2h ago
No, the license disallows use of the software for seeing up a multi-user blogging system as a paid service.
You might say, "well wouldn't that be most of what people might want to do with it?" And you might be right, but so what? No one is entitled to build their business on the back of someone else's work, not without their permission anyway.
That certainly makes software like this no longer Free Software. But I'm not religious about it, and maybe that's ok sometimes.
(It also runs afoul of several parts of the OSI Open Source Definition, but maybe that's ok too.)
foxglacier · 5h ago
Not for practically every purpose. It's a blog platform to be used by services that provide blog hosting, just like his own business does, so any use of it would be directly competing with him. From TFA, he never wanted people to actually use it, just to look at the source code.
ahartmetz · 6h ago
I thought so, too, at first. But there's a crucial difference: With the AGPL, Bear's competition can offer the software as as service if they publish the source code they are deploying. With the Bear license, Bear's competition just cannot offer the software as a service. It feels mostly in the spirit of FOSS to me, but Stallman would disagree. He has made it clear that there should be no restrictions on use.
"You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality"
Given that the exclusive purpose of the Software in question is to implement a managed service for its users' hosting needs, I'm having trouble understanding how anyone could take the position that this is "mostly in the spirit of FOSS".
The license might as well say, "You just can't use this."
rafram · 2h ago
It’s saying that you can use Bear for your own blog, but you can’t launch a service that hosts other people’s blogs using it.
No comments yet
happymellon · 6h ago
> Bear's competition just cannot offer the software as a service. It feels mostly in the spirit of FOSS
I don't see how, there is nothing in the spirit of FOSS by doing that.
jakelazaroff · 6h ago
> With the AGPL, Bear's competition can offer the software as as service if they publish the source code they are deploying.
Technically true, but in practice almost every tech company forbids GPL code. I bet if you re-read your employment contract closely you'll find that you agreed not to introduce any GPL code into the company's codebases.
(Edited for clarity).
pmontra · 4h ago
Note that this is about source code, not binaries, or nobody would be working with docker (and more.)
Of course a company must forbid copy/paste of GPL code, because that would GPL the codebase and that's hardly what they want. But one should ask the Legal office (and/or other offices) about adding any MIT, BSD or proprietary library: credit must be given (how?), licenses must be available and compatible with the way the software is distributed. There are so many licenses out there, everything should be vetted.
jakelazaroff · 19m ago
Re: code vs. binaries, it depends on the license. Another commenter has been pointing out that Google forbids any use of AGPL projects, period [1] because its definition of "linking" includes communication over a network.
Of course everything should be vetted, but lawyers have canned advice about common licenses they see often — GPL, MIT, etc.
This can't possibly be true, since the Linux kernel's code is GPL and approximately every tech company uses Linux.
jakelazaroff · 6h ago
By "use GPL code" I mean integrate it into a company codebase (which would require the codebase to be licensed as GPL). Edited my original comment to clarify.
ahartmetz · 6h ago
I'm self-employed in Germany, and when I was employed, what was in the contract went more in the other direction: it was explicitly allowed to contribute to FOSS projects. Of course, it still would not have been OK to randomly add GPL software to a closed source customer project. If anyone had been stupid (uneducated, really) enough, somebody else on the same project would have noticed.
jakelazaroff · 6h ago
Yeah, the second sentence is what I meant. This is why I'm writing comments on Hacker News rather than legal contracts :)
fsflover · 4h ago
> With the AGPL, Bear's competition can offer the software as as service if they publish the source code they are deploying
Any examples when AGPL was used successfully by competitors? Typically every company prohibits using this licence.
echoangle · 6h ago
AGPL doesn't really prevent Amazon from making it an AWS offering unless they want to modify the program and don't want to share the modifications.
omnicognate · 6h ago
Why would I want to stop them making it available as a network service except as a way of circumventing the copyleft by effectively distributing it without actually distributing it (which AIUI the AGPL fixes)? If you want to place restrictions on how people are allowed to use the software then A) I don't see the relevance of AWS as a special case, and B) go ahead but don't imply the "open source crowd" are being unreasonable by not considering it open source.
Arrowmaster · 4h ago
It doesn't in an indirect way. A friend that worked for Amazon about 5 years ago told me they were even allowed to look at AGPL codebases on the clock because the lawyers were so afraid of it.
jdxcode · 6h ago
Another reason is that copyleft licenses are kryptonite in large organizations.
cinericius · 6h ago
Not a lawyer, but my understanding is there is a strong feeling that AGPL can be roughly ignored if a service provider provides some level of indirection (e.g. a proxy) between the user and the software. Then, the software is somehow not being accessed over a network and thus they are not required to release the source.
barnabee · 6h ago
I have a strong feeling that speaking to a lawyer might reveal that to be untrue
gpm · 6h ago
I have a strong feeling you would be told "we don't know, it's never been tested in court, there's a chance you would win and a chance you would lose on that argument".
swiftcoder · 3h ago
Yeah, but lawyers say that about just about everything
pxc · 3h ago
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't...
Freedom 0 is the freedom to run the software for any purpose. You can't deny users this freedom "for their own good", or to spite big corporations, and still be free software.
Subtler issues of power and dependency won't be resolved through licensing alone, and certainly not by compromising on basic software freedom for users.
jraph · 6h ago
Free software ought to not be discriminatory and arbitrarily exclude users. Full stop. Anyone means anyone.
Now, we can agree and talk about unfortunate consequences and possible mitigations.
The AGPL is one possible mitigation: Big corps are usually afraid of it. But they do themselves: the AGPL doesn't forbid them to use the thing.
benrutter · 6h ago
I guess I'm in that crowd, and well, I definitely recognise that! Open source is an important term, and I don't want to see it degraded. I think I'd find it annoying if this blog post was trying to claim Bear was still free software, or open source.
That doesn't mean I think everything has to be open source. Bear is a blogging platform trying to make money and it seems fine to me for it not to be open source.
digdugdirk · 31m ago
I've long thought there needs to be some sort of "cooperative source" license. With DAOs and whatnot, there's even the possibility of an automated global common fund for contributing and supporting. There's definitely a big opportunity to rethink things in this arena.
Illniyar · 52m ago
That is exactly the stance. If there are strings attached that means some people can't use it, it's not really open.
(GPL has strings attached if you use it, which is bad in a different way)
I don't think anyone has a problem with the non open source licenses themselves. If you start with a closed source license or whatever, that's fine. It is switching from an open source licenses to something that is not.
A lot of the projects that later switched out of open source would have never gotten any traction if they started with the license they ended up with.
zitterbewegung · 4h ago
Why use the MIT license when the AGPL is the better choice? I don’t understand why developers choose MIT and or Apache license and then figure out that they now have a competitor cloning their product .
vova_hn · 46m ago
A lot of people are scared of GPL and other copyleft licenses, mostly because of how most big corporations treat GPL.
Also, MIT license in particular is much shorter and easier to understand for a non-lawyer, than most other software licenses.
I think some people lose sight of the difference between the theoretical possibility of competing forks/implementations/services and the practical possibility. If a big enough organization gets ahold of something and begins to drive it, the fact that it's nominally open source may not be enough to ensure that people have a practical ability to get out from under that organization. In other words you need not just openness of "information" but actual open space to maneuver in the real world of food and money and markets and so on.
In many cases for-profit companies have taken up (or created) open source tools and made use of them in ways that still benefited the community at large. But it's not clear to me that FOSS licenses as we know them actually guarantee that. It doesn't seem unreasonable to me to want to build safeguards against open source software being weaponized or co-opted for unfree purposes.
One thing that's not clear from the Bearblog dev's post is whether he would be open to small-scale "competitors" who share an ethos similar to his own. In theory such competitors could be granted special license exceptions. If I were in his position I could see myself wanting to exclude big companies (and companies that hope to become big) while allowing small operators. The challenge is to create an enforceable license that encodes that, rather than requiring the author to manually approve or deny each request.
orthoxerox · 3h ago
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source.
This statement is 100% correct. Open means open for everyone. There's a "but they are providing FOSS as a service on a proprietary platform", which seems like the next step on the LGPL-GPL-AGPL stairway of licenses, but SSPL failed to convince anyone it was a necessary freedom:
- MongoDB Inc obviously had no plans to release their own SaaS platform under SSPL
- AWS source code being released wouldn't have benefited anyone other than maybe other major cloud providers
supriyo-biswas · 6h ago
The weird part is that these companies/individuals will use proprietary software with no qualms of the sort they express for these "source available" licenses.
DaSHacka · 6h ago
Because the proprietary software never claimed to be anything but.
ahartmetz · 5h ago
Well, Microsoft tried to muddy the waters with "Shared Source". Kind of like Office-Open- wait, Open-Office?-XML.
trelane · 4h ago
They also had (for governments) the ability to look at the (supposed) source code.
They couldn't do anything with it (alter or even build iirc), but they could look at it.
> But governments won’t get the ability to alter source code. “This isn’t about developing or supporting customized versions of Windows,” Mundie said. The GSP and other source-code access programs are about “helping build comfort and trust with our key customers on how Windows is deployed, how security is running and how other software is running on top of Windows,” he said.
> Russia’s Federal Agency for Governmental Communication and Information has signed a GSP agreement with Microsoft, and the company says it’s in discussions with about 20 other governments.
heavyset_go · 1h ago
> As far as I understand it, the stance of the 'Open Source' crowd is that if Amazon can't make it one of their AWS offerings then it isn't true open source, and they'll get very upset at you if you claim it is.
There are factions in open source advocacy, ranging from laissez faire views of freedom to views of freedom as something that needs some limitations to conserve it and prevent abuses/tragedy of the commons/etc.
4ndrewl · 3h ago
The existence of a "winner-takes-all dynamic" suggests a market failure, not a marketplace.
thayne · 5h ago
I don't know what the competing forks are, but it definitely doesn't seem like they are from a big megacorp like Amazon.
singpolyma3 · 4h ago
If it's source available like this then it's clearly not a "community project"
sarlalian · 3h ago
If you look at the commit graph, it’s definitely not a community project.
Melonai · 3h ago
I think it's more like "a project made for the community", not quite "project made by the community", though the former is definitely usually what's implied.
type0 · 4h ago
> we should find a term (better than 'source-available', which is cold and doesn't capture community projects accurately)
it's not copyleft, it's a version of freeware license
gr4vityWall · 6h ago
> we should find a term (better than 'source-available' [...])
That term already exists: it's proprietary software.
If you're going to restrict what users can do with their copies of the program, please do not try to label the program as Free Software / open-source.
ahartmetz · 5h ago
Maximalism and lack of nuance aren't going to fix the world. Though, neither is lack of thinking things through. I'm not sure how people, including myself, would feel about the situation if the company using a "Bear-like" license was, say, Oracle or Microsoft.
drdaeman · 4h ago
Using the well-established terms according to their intended definitions is surely not maximalism or lack of nuance.
(I have no objections against the “source available” though - it’s a pretty unambiguous and useful term, that isolates one specific property.)
tombert · 1h ago
I'm not 100% convinced that these licenses actually work. How hard would it be for a BigCo to have an intern to modify the code enough so that it's not an easily detectable violation?
I mean this stuff isn't just theoretical, there have been video games where we only find out they violated the GPL after a major code breach. [1]
> if Amazon can't make it one of their AWS offerings then it isn't true open source
That's because then it isn't. Sorry, but you can't just take terms with an accepted meaning and decide they mean something else, without any conversation or consensus from there people using that term.
The OSI has a specific definition of what "open source" means[0]. Restricting what users of the software can do in this way is in direct opposition to parts of that definition, so no, if you do that, then it is no longer open source.
I'm not saying you aren't entitled to set up your licensing that way. I think it's disgusting when the likes of Amazon decide to take someone's hard work and use their massive oligopolist position to trivially outcompete anything the original author might try to do to make some money.
But that doesn't mean it's open source. I think people need to stop being so afraid to call their software something else. They seem to be really attached to the idea of being an "open source developer", and don't want to drop that moniker even after changing their licensing away from open source.
People also need to stop licensing their software under true OSS licenses, building a community of regular, significant contributors around it, and then changing their licensing (which they can do because they've [IMO shadily] required contributors to reassign copyright). That's a huge bait-and-switch, and people are right to be upset when that happens.
In the case of Bearblog, it seems like the author is really the only significant contributor, so I think what he's doing is totally fine, for the record. Frankly I think he did this the right way: his announcement email is entirely reasonable and sympathetic, and he doesn't try to breathlessly claim that his software is still open source.
[1] While I don't love how the OSI folks basically just decided they own the term "open source" and that they get to define it, I think they've been pretty good stewards over time, and having clear-cut definitions of things is a good thing.
brookst · 4h ago
Perhaps a better term would be “limited use open source”
yencabulator · 3h ago
That's not open source then.
rzzzt · 4h ago
closen source?
WesolyKubeczek · 3h ago
Peeping source
Spivak · 6h ago
Why the scare quotes, the first freedom of both Open Source and Free Software is the right to run the software for any purpose. It's not some little unimportant detail. It's arguably the most
important property of Open Source.
cinericius · 6h ago
I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software. In fact, having no safeguard against large organisations making money this way is actually hugely detrimental to the mission by enabling these companies to ensnare unsuspecting users in a web of both their own proprietary software as well as all that free and open source software has to offer.
monocularvision · 3h ago
The base-stealing that comes with the throwing out the term “winner-take-all” is astounding. People claim this all the time on HN without any shred of evidence that it is the case.
The history of technology and markets show this just isn’t true on any significant timescale.
Spivak · 6h ago
I mean in this specific case we're not talking about AWS or any other large company. We're talking about someone wanting to offer Bear.app hosting in the vein of managed Wordpress. This is good for Open Source. Having multiple commercial entities working off of and invested in the same codebase is exactly what Open Source envisions.
It does take some mental discipline to actually believe in the movement and not view someone using your software to start a business as them "stealing your work." Such a
thing doesn't make sense in OSS, you gave it away freely. It's a good thing, the competition is healthy. You don't have to believe, closed-source proprietary software is much easier to run a business off of as evidenced by most businesses operating that way. There's no shame in it. The FOSS folks are the free love "we don't believe in intellectual property mann" hippies of the software world.
api · 6h ago
Wait, you’re saying open source shouldn’t exist just to be free labor for billion dollar companies and hustlers? Or to dump free product on the market to make it impossible to compete with said billion dollar companies?
moralestapia · 3h ago
>What Herman is doing is a service to us all
I don't owe that guy s*it, what are you talking about.
He's actually doing a disservice to the OSS community, as there's now another story of OSS turning non-OSS out of greed, which damages (by a bit, but still) the whole aura that true OSS has built over the past 40 years.
wahnfrieden · 6h ago
edit: I thought this HN thread was about the Bear app never mind
> This is a morbid topic for me to write about: what happens to Bear if something happens to me? I've got that covered too. There's a detailed succession plan in place, including:
Full documentation of all systems and processes
Multiple trusted developers with access to the codebase
Clear instructions for maintaining the platform
So if I were to be incapacitated in any way, the platform will live on.
wahnfrieden · 6h ago
edit: I thought this HN thread was about the Bear app never mind
jakelazaroff · 6h ago
If you read the link you just posted you can see that this person invested in a different product called Bear:
> Its portfolio includes Bear, the Apple Design Award winner notes app, …
eviks · 6h ago
No one is, just finish reading the sentence (or start - the op)
Which you could have known by spending five seconds on https://lambdalpha.com, or actually reading your own link which calls Bear an "Apple Design Award winner notes app", which doesn't really sound like the Bear blog.
Stop spreading rampant misinformation.
leakycap · 3h ago
Rampant? Isn't that a pretty extreme response to a mistaken link?
ezekg · 6h ago
Has the maintainer looked at fair source? [0] I believe it's superior to source-available (and open core), because it eventually becomes fully open source under DOSP [1], which is great for free and paid users, especially for a blog platform like Bear. There's an FCL [2] fair source license, which aligns pretty well with their current Bear Blog License (namely the non-compete and license key bits from the ELv2). All in all, the term "source-available" is pretty meaningless, because there are too many variables. Fair source tries to tighten that up.
It also aligns quite well with Bear's manifesto [3]. Even if Bear PTY LTD ceases to exist, Bear won't. This can be codified under DOSP.
Disclaimer: I'm involved with fair source and helped write the FCL.
Is it correct to assume that software than eventually becomes open under something like Apache or MIT is fair source? Or is there more subtlety to it?
the_mitsuhiko · 59m ago
> Is it correct to assume that software than eventually becomes open under something like Apache or MIT is fair source? Or is there more subtlety to it?
The concrete definition we came up with and published:
> Fair Source is an alternative to closed source, allowing you to safely share access to your core products. Fair Source Software (FSS):
> - is publicly available to read;
> - allows use, modification, and redistribution with minimal restrictions to protect the producer’s business model; and
> - undergoes delayed Open Source publication (DOSP).
threemux · 6h ago
I suppose this is the move if you're looking to foreclose all possible competing usages. Kudos for using correct terminology as it is no longer Open Source.
However, I still believe AGPL is a better alternative in most cases and functionally prevents large enterprises from touching your code due to typical internal policies.
ezekg · 6h ago
Shame on the people who recommend the AGPL to effectively be an OSI-approved source-available license.
This is a grievance against the spirit of open source.
happymellon · 6h ago
AGPL is exactly the spirit of open source. The license used by bear violates freedom 0. AGPL ensures that freedom 1, 2 and 3 are allowed even in hosted services scenarios.
Freedom 0
the freedom to use the work
Freedom 1
the freedom to study the work
Freedom 2
the freedom to copy and share the work with others
Freedom 3
the freedom to modify the work, and the freedom to distribute modified and therefore derivative works
levkk · 2h ago
Gotta love these are zero-indexed. Written by an engineer for engineers.
Skunkleton · 1h ago
Its weirdly incorrect to zero index stuff like this. The zero index refers to the start of the first thing, which is not what numbered lists are supposed to indicate.
nothrabannosir · 4h ago
the corporations who disallow agpl only do so because they want to comply in a way that is against the spirit of open source. When I advocate for the agpl to prevent Amazon and Google using my software, it’s not because of who those companies are, but how they use it.
If Amazon tomorrow turns around and open sources
everything that is a derivative work of the code they ever used, I would be more than happy, even proud if they used my software. Today any company which doesn’t deny their users the core software freedoms is already free to do so.
This is not a “hack” to be maliciously compliant OSS; this is the spirit of open source.
Why do you think the GPL has the virality clause in the first place?
Edit: a perhaps reductive, but hopefully instructive summary: MIT/BSD guarantee freedoms of the software developers, GPL guarantees freedoms of the software users.
You are free to choose which you prefer, but they're quite explicit choices, and the AGPL is absolutely squarely in the spirit of the GPL.
(Now if you had said you take issue with the tivoization clause, on the other hand... :) :))
kiitos · 52m ago
> the corporations who disallow agpl only do so because they want to comply in a way that is against the spirit of open source
believe it or not this is not actually true! the corporations who disallow agpl do so because their lawyers (correctly) tell them that agpl-licensed software has not been adequately tested in relevant courts of law, and that by including agpl-licensed software they are opening themselves up to unknown/unbounded legal liability/risk!
"the spirit of open source" has nothing to do with anything!
the more you know
tptacek · 6h ago
It's one of four licenses linked on the front page of the FSF.
ezekg · 6h ago
And it's the most abused license in the history of open source [0] [1].
Skimming your links, it seems you target the AGPL, but you take issue with CLAs.
You should be vocal against CLAs, not the AGPL. CLAs with any license is a risk of seeing the code closed up.
ezekg · 6h ago
The thing is that the AGPL is abused even without a CLA -- as is evident from this very thread. Just look at all the comments saying the AGPL prevents competition! It has so much FUD around it that it's effectively, to most, an OSI-approved source-available license with or without a CLA. In COSS, it's almost never chosen for altruistic reasons, it's chosen to to be a non-compete.
jraph · 6h ago
People saying wrong things about the AGPL isn't an AGPL problem, it's an issue of people saying wrong things.
AGPL allows competition. Any free software license does. It's rule 0 of free software.
> it's chosen to to be a non-compete.
Well, too bad for them, because I can still fork this AGPL software and compete. So what's the issue?
The issue would be for contributors contributing for to this code under CLA seeing their contributions closed up. If that's not your thing, don't contribute to software under such CLA. I avoid it myself.
ezekg · 6h ago
> Well, too bad for them, because I can still fork this AGPL software and compete. So what's the issue?
No legal department will ever allow it due to the FUD. That's the whole fucking point.
jraph · 6h ago
Sorry, but I won't cry for corps big enough to have legal departments because they elected not to benefit from my software. They have too much power for me to worry about looking to accommodate them and their fantasy.
I don't mind them not using my code. They are doing themselves here.
They have the human power to rebuild it anyway and I actually believe it should cost them.
it's actually them who are spreading the FUD, because they don't like the AGPL.
Meanwhile, my goal of providing software freedom to my users is fulfilled.
ezekg · 6h ago
My point is less about the AGPL license itself and more about the people who choose it.
If the OSI came out and made a statement on the ambiguities in the AGPL, and cleared the FUD in such a way that all companies agreed and could reference it, I'd wager that the AGPL would over time become much, much less popular for commercial open source. But I'd wager that they won't do that, because they win when COSS wins.
But if they did, we'd likely even see a move towards non-OSS licenses, ones that are clear as to their intent and rules -- rather than relying on ambiguity -- because there would no longer be an OSI-approved license that businesses could use to have their cake and eat it too.
Very few COSS business/startup/w/e right now are choosing AGPL for altruistic reasons. This thread and every other COSS licensing thread here are evidence of that.
Few of them care about software freedoms, or know why they chose the AGPL. They have a playbook that says AGPL lets them take advantage of the open source distribution flywheel, while largely protecting them from the risks associated with commercial open source, i.e. competition. They choose AGPL for this, not because it's the best license for users.
I honestly don't get how people don't see the deception under the AGPL right now.
nothrabannosir · 4h ago
But why wouldn’t they change their minds if those big corporations actually changed their ways? Is there a similar sentiment against red hat?
I now understand where you’re coming from but I am not sold on your prediction that the agpl would crater if Google started complying with it. It would mean that Google open sources everything which is derivative work. That sounds like it would buy a lot of good will amongst precisely those people who are mad about how Amazon screwed redis (to put it bluntly).
jraph · 5h ago
This point of view is new to me to be honest.
Let's say I don't care about the intent of people choosing the AGPL (I do, I wish people did stuff for altruistic reasons, but the economical system in which we live makes it so we can't rely on this).
You say people are choosing the AGPL because they think it lets them do effectively source-available while benefiting from open source washing. Fine. I don't like this. But the effect of this for me is that we actually get actual free software.
What's so bad with this?
I've reread your second text and didn't find what's actually bad with the AGPL.
Now, I wish all the FUD around AGPL was cleared; the FUD is what's bad, but I don't wan't to wait for this to happen before picking the AGPL for my software.
ezekg · 5h ago
> What's so bad with this?
It's lying. It's an open source project and a business model built on deceit. I guess I care about clear rules, clear intentions, and I care about integrity above all. The AGPL is ambiguity; unclear rules, veiled intentions. And these same people will relicense without a thought, too. I think we should care about these things, otherwise we repeat history over and over again.
jraph · 2h ago
> It's lying.
I don't see how it can do this. The AGPL is a license text. It states what people can do with the licensed code. What is lying in this text?
> I guess I care about clear rules, clear intentions, and I care about integrity
Me too
> The AGPL is ambiguity; unclear rules, veiled intentions
That's where I don't agree: The rules are written in the license text and I see no ambiguity there. Where is the ambiguity in the AGPL text? What is not clear about it? What granted rights are we not sure about?
> veiled intentions
The original intent of the AGPL authors (the FSF) was clear and simple to me: ensure the end user's freedom. It was GPL, but address the SaaS situation where someone can modify networked GPL software, make users use it from the network, without having to redistribute the modification since the program runs remotely and not on the user's machine. And that intent is perfectly align with what I want for my code.
Sure, people with bad intents will use the AGPL, and so what?
People kill with knives, but I'll definitely keep cooking with mine. The AGPL is a tool. It doesn't, by itself, has intents, especially veiled intents.
I'm not going to stop using the AGPL because someone wants to use it to trap users.
This is all abstract, I'd appreciate concrete examples where:
- people have done that, without a CLA (because yeah, I'm convinced AGPL+CLA can be bad).
- the AGPL doesn't work well for someone using it with the original intent in which the AGPL was written.
The example comes straight from the mouth of a COSS founder.
jraph · 37m ago
Sorry, but this yes-answered AI slop subtly makes no sense, it just reads comfortable to you. You should not delegate writing your opinion to the llm and even less use it to shape your opinion, this is my main takeaway from your screenshot. The AI answered your biased question in a way that pleases you, it's well known that they do this. This stuff is actually scary, and that clever people like you rely on this and don't notice the glaring issues is even more.
The agpl is ambiguous because users may choose not to fully use the freedom they were given? Sorry but this is bullshit. I'm glad I haven't started using this stuff yet (for other reasons). I'm sure I wouldn't notice such issues in topics I'm not at ease with and I can see how easy one can be seduced by this stuff.
Now, I'm convinced AGPL can be misused. What's more, I'm certainly quite happy that a side effect of the AGPL is that Google won't touch it, to mirror the comment you point to (whose author is wrong by the way, the intent behind the AGPL was not to exclude big tech, but to promote/protect user software freedom). All the fud around the AGPL actually comes from companies like Google, so respectfully fuck them all. Nobody could possibly have weaponised the AGPL against them had they not started spreading all the fud in the first place.
But even considering that picking the AGPL to scare big tech away is bad and weaponizes it (which I can hear, and let's assume), I believe you are wrong that nobody chooses the AGPL for the user freedom genuinely. There are a lot of examples of software under AGPL in good faith seemingly to me. Examples: Nextcloud, Joplin, CryptPad, Overleaf, Passbolt, Univention...
I doubt any of these commercial projects from friendly (?) companies choose the AGPL to fuck the world. I don't know the numbers, maybe it's a minority. You may not have numbers as well. Are you against the AGPL when used in good faith? If so, what to you suggest as an alternative?
I'm with you with the wish people were altruistic. But the system we live in doesn't exactly help being altruistic. Not being altruistic is certainly not a trait of people using AGPL, it's virtually everyone in a commercial setting (although some of us try to do their best to be good humans and virtuous). If anything, the AGPL was born from a ideal and that was certainly driven by something like altruism. All this blame towards the AGPL because people are out there to make money really feels weird to me.
Anyway, I don't think we'll reach an agreement here and that's OK. Thanks for the discussion, despite the strong disagreement it is/was stimulating.
throwaway38477 · 55m ago
> In COSS, it's almost never chosen for altruistic reasons, it's chosen to to be a non-compete
Seems like the "COSS" grifters are the problem, not the AGPL or the average person who chooses AGPL.
jakelazaroff · 6h ago
What specifically is your problem with the AGPL? I read both of your links and while there are a lot of incisive statements ("But the truth is, the AGPL isn't used to increase user freedom — it's used to restrict it, primarily through its legal ambiguities") you never spell out why you believe them.
happymellon · 6h ago
> Author's note: the above thoughts are for how the AGPL is used in startup-land alongside a CLA — not for AGPL in general. The AGPL is a fine open source license for libraries and other infrastructure.
The whole piece is about CLAs, the AGPL has absolutely nothing to do with signing over your copyrights. See Canonical for the same behaviour without the AGPL, the AGPL just requires that you allow your users to also see the code they are using, even if it is accessed over a network.
> Many, like Google, have flat out banned the AGPL.
Yeah, but that's because Google hates sharing what they have built on the shoulders of giants.
ezekg · 6h ago
The first piece is about CLAs, yes, but the second is about the AGPL abuses in COSS et al.
tptacek · 6h ago
You might take that up with the FSF, which clearly disagrees with you about its "affront".
arccy · 6h ago
the FSF is a religious organization that can barely be reasoned with.
drdaeman · 3h ago
No offense meant, but what's wrong with y'all today, people? Why so many folks in the comments use words in a way that doesn't match their dictionary-intended meanings and even insist that doing otherwise is something... weird, in a bad way? Am I taking crazy pills?
Save for The Church of Emacs and St. IGNUcius (obvious jokes), FSF is a political and social activism organization - not a religious one. They have foundational principles and manifestos, sure, but those aren't religious dogmas, but rather the views/desires how the society should work.
Labeling FSF as religious implies that it's a cult and thus there's no talking reason to them. But they're no more religious than any other civil rights movement - the beliefs about software freedoms are no different than beliefs in any other social rights.
JoshTriplett · 1h ago
Using a FOSS license and charging money for an alternative license is not abuse. And those blog posts appear to be FUD spread by a company whose own software is under proprietary licenses with source available.
People are welcome to use and host AGPLed software under its own FOSS terms. If people don't want to do that, and want to pay for alternative terms, that is also a sign that the license is effective. There's no point in restricting things people don't want to do. The GPL restricts something people want to do: make proprietary software. The AGPL restricts something people want to do: host software without distributing the source at all.
phkahler · 6h ago
Naive. Guy picks a license that allow anyone to do anything they want with his code. Later realizes that was not appropriate when he's trying make money. Changes to an obscure license that on the surface seems to fix the problem.
Your options are: MIT / BSD, GPL, LGPL, AGPL. All others are unnecessary and create needless incompatibility.
mottosso · 4h ago
I'd have to agree with this stance. You choose MIT when you are happy to share your source with no strings attached. Some do pick MIT with this intent, but that was not the case here. But rather a case of either miscommunication or wanting to have the pie ("look how altruistic I am") and eating it too ("look how business-minded I am").
sarlalian · 3h ago
I mean, there’s a chance it’s exactly what he said, “I didn't give it much thought at the time, but knew that I wanted the code to be available for people to learn from, and to make it easily auditable so users could validate claims I have made about the privacy and security of the platform.” … it doesn’t have to be some to be some sort of nefarious OSS altruism, it really could be, “maybe people would want to see how this works”… that ends up leading to … oh crap a bunch of people who have never contributed, and will never contribute, are hosting versions of what I created and taking money that I really would like to have to feed my family.
themerone · 4h ago
MIT & BSD don't include a patent grant, that's a good reason to go with the Apache license.
bruce511 · 3h ago
Naive. Users who think a project that is Open Source will remain Open Source forever.
Authors gave the right to change license to a proprietary one. Users being surprised by this are as equally naive as developers who think you can make money writing Open Source.
Vinnl · 2h ago
Well, the versions that were published as open source will remain open source forever. That's never a guarantee for new updates by the same author, for any licence.
hellcow · 6h ago
I'm sad to see this. I supported Bear because it was open source. As that's no longer the case, I just canceled my membership.
I would love to see this reversed and moved to AGPL instead.
bruce511 · 3h ago
I think this is fair, by both Bear and yourself. He's free to attach any license he likes, you are free to use it or not.
Obviously the goal of Open Source licenses does not include making money. You might, or might not, but it's not a priority.
Equally your goal may be to only support Open Source projects. That's fine. For you removing support for this project makes sense.
Once a project reaches the stage of needing to create an income stream, Open Source licenses are no longer appropriate.
Yes, some developers are naive in thinking Open Source licenses protect their income stream. Yes some users are naive in thinking that projects will remain Open Source forever.
Source-available, or Shipped-with-source of whatever you want to call it is a proprietary license which is just fine. It's not Open Source, nor does it need to be.
lispisok · 3h ago
"I released source code under the MIT license and people are now using it to their financial benefit. Who could have possibly seen this coming?"
Why does this keep happening? Why are so may developers blind to this obvious outcome?
jotaen · 44m ago
Why would this be surprising? The MIT license explicitly allows to relicense a project at any point. In this case, the Bear maintainer decided to start off with a permissive license and now exercised their rights to change to a more restrictive license due to changing requirements. To me, this seems actually quite reasonable.
dewey · 3h ago
MIT was always the easy default that every project used, you just select it from the GitHub dropdown and you are done when setting up a new project. I think you can't really blame people for using it.
Especially when your project is new it's also not often clear that this project will become something more serious later where you have to worry about such things as people cloning your project.
darkwater · 3h ago
Because between 15 and 20 years ago the BSD zealots won that culture war.
I would really love to see a simulation where GNU licenses won that culture war and which landscape we would have today.
sunshowers · 3h ago
There are good reasons the so-called "BSD zealots" won the so-called "culture war", such as the definition of a derived work being largely uncharted territory. Did you know that there's a compelling legal argument that the GPL attaches to programs talking to each other via JSON data structures?
I think MPL 2.0 is the ideal kind of copyleft, because of its scope being very clear.
kstrauser · 41m ago
There is no such compelling legal argument. That’s an extraordinary idea with zero precedent or support.
> When is a program and its plug-ins considered a single combined program?
> It depends on how the main program invokes its plug-ins. If the main program uses fork and exec to invoke plug-ins, and they establish intimate communication by sharing complex data structures, or shipping complex data structures back and forth, that can make them one single combined program. A main program that uses simple fork and exec to invoke plug-ins and does not establish intimate communication between them results in the plug-ins being a separate program.
JSON data sent over the wire, particularly data with nested arrays and maps, and especially a bidirectional communication protocol, can reasonably count as "intimate communication" with "complex data structures" shipped "back and forth".
This is nonbinding guidance, but it is from the FSF, and it is legally untested afaik (not a lawyer). There's sufficient legal risk here that I'd be wary of using rich communication protocols with GPL programs, particularly if there isn't an explicit exception for that protocol.
kstrauser · 9m ago
"Intimate communication" here almost certainly refers to shared memory. No one is claiming passing JSON over the wire is the same as linking, or else a GPL webserver could insist that browsers be licensed under the GPL.
sunshowers · 4m ago
> "Intimate communication" here almost certainly refers to shared memory.
No, shared memory is addressed later within the same answer.
> Using shared memory to communicate with complex data structures is pretty much equivalent to dynamic linking.
The first part of the answer clearly includes programs sending each other "complex data structures", including nested JSON data, over pipes.
orthoxerox · 3h ago
GPL wouldn't have changed anything. Or even AGPL, if you had been running an unmodified Bear instance.
alberth · 1h ago
>You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality.
IANAL, but does the above limitation prevent users from hosting bear for their own (or your company’s own) needs?
If so, doesn’t that defeat the whole reason why it’s MIT licensed.
The license doesn’t mention anything about “personal” or “internal” use.
Again, IANAL, but I can see why a company might be cautious about using Bear as a self-hosted blog engine, since companies technically have “users.”
For comparison, the Elastic License v2 - which this license is apparently modeled on - explicitly restricts use by "third parties":
> "You may not provide the software to third parties as a hosted or managed service"
----
The Bear license doesn’t include similar language, which could create uncertainty.
It might help to explicitly clarify that self-hosting for one’s own use is allowed, or to add “third party” wording to the limitations.
I only raise this because (a) licensing is tricky, and (b) if this feedback helps the author clarify their intended license terms, that’s a win for everyone.
Bear has built a great community, I often find myself looking at blogs on the platform. The trending list is a pretty good news feed of tech-blogger related content: https://bearblog.dev/discover/
athrowaway3z · 6h ago
I certainly get the hurt feelings, but i'm not clear on the license at all.
>Limitations: You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality.
Where on the spectrum sits an average cookie-cutter VPS provider that comes with an OS package manager that installs the program? Does the VPS provider have to screen the package manager? Does that change if they build a wiki with "1-click-install" that just sends an ssh command to install?
Is this just a requirement to have some theater where an "unaffiliated" third party has to provide the set-up scripts? Or just a rule you can't mention the option during the sales pipeline?
captainmuon · 4h ago
I think users applies to end-users here. So you must not run the software as a service (either paid or for free) for other users. You are free to use it yourself.
Crucially, I think what is banned to offer accounts. Offering turnkey-hosting is probably banned in spirit, but the person offering the turnkey-hosting is not in violation, rather the person booking the turnkey hosting and offering the accounts on the instance to third parties is in violation.
I think the wording is originally against somebody like Amazon hosting e.g. database instances for other people to use, and then giving you an account in that database. It's still OK to rent a VM from them and use the package manager to install it.
In any way, it is really confusing, in a way a license should not be. And I don't really understand why someone builds a blog platform, which is not monetized, open sources it, but doesn't want other people to host it. If I open source my stuff, I want people to use it. If I want to share the code but don't want people to use it I'd just put it somewhere it with no license at all (all rights reserved).
I understand the reasoning and I also understand the interest of still providing the sources. I'm however curious why the MIT license was chosen instead of the AGPL if competition was a concern
didibus · 42m ago
AGPL doesn't prevent others from reselling your software no? I thought it only mandated that they also release their own source modifications.
He seems to claim 3rd parties are offering bearblog commercially without modifications (or with useless modifications, like just a changed name).
tptacek · 6h ago
Presumably it wasn't a concern when they started and became one later; after all, they changed the license.
johntash · 1h ago
I vaguely remember seeing bearblog before. While I can't comment much on the actual article, I do want to applaud how simple it looks. It makes me want to migrate away from ghost to bear or hugo or something without javascript/etc.
passthejoe · 26m ago
Most static site generators offer a Bear Blog theme, including Hugo and Zola.
So you can get a self-hosted site that looks and acts like a Bear Blog, but run it yourself with a free software SSG.
simjnd · 6h ago
I really believe this is the best model or licensing. I care about seeing the code and being able to modify it to suit my own preferences, but I also care about the project being healthy and the maintainer being able to earn from their efforts without worrying about cheap competition.
Even better when a project starts with this model so it doesn't feel like a rug pull or doesn't get messy with forks overshadowing the original product. But I don't feel like Bear had the kind of scale to face this type of reaction.
I use mataroa.blog periodically which is in the same nice and I wish the Bear maintainers fulfillment with their project.
redwood · 6h ago
It's great to see the open source crowd particularly in Europe is finally turning corner here.
You know something's broken when Microsoft gets to claim to be the biggest backer of open source.
Meanwhile they'll break your back and steal all your trust and credibility if they can
jorams · 6h ago
> You know something's broken when Microsoft gets to claim to be the biggest backer of open source.
They can say whatever they want. They're just lying. If you spend even a little bit of time looking into it you'll find it's just a marketing strategy.
delichon · 5h ago
I spent a little time looking into it, and it turns out that Microsoft owns an outfit named GitHub, which apparently offers free hosting for open source projects and is used by a lot of open source software makers. And Microsoft has around 4k employees with contributions to OS projects on GitHub. So maybe "biggest" is a lie in light of their anti-OS efforts, but it is at least arguable. Can you propose a bigger one?
yencabulator · 3h ago
Microsoft is the biggest supporter of Microsoft gaining market share.
jen20 · 2h ago
Red Hat is the biggest supported of Red Hat gaining market share. They are also a big supporter of open source...
I'm not claiming Microsoft is a good actor (and they certainly produce a whole lot of derpy trash along the way), but the argument itself is not particular sound.
the_duke · 3h ago
We are also entering the age of "hey AI, take this repo, reimplement the same functionality".
Now, no LLM is currently anywhere near doing that for ElasticSearch.
But for a project with 4845 lines of Python code? (as per tokei)
Definitely doable, with a bit of handholding and manual fixing.
Would that be a derivative work? Maybe, but that would be a hard legal battle.
noinsight · 3h ago
> We are also entering the age of "hey AI, take this repo, reimplement the same functionality".
Wouldn't you do this just against the/an API documentation? Interesting thought.
gkbrk · 3h ago
> Now, no LLM is currently anywhere near doing that for ElasticSearch.
You could probably feed all of ElasticSearch into an LLM and ask it to "reimplement it" successfully. But why would you even bother? There's already an existing open-source alternative called OpenSearch [1].
His point was that we are quickly entering the land of “Source Available” not really being a shield if someone’s willing to spend some time in claude code.
ahdanggit · 4h ago
> We're entering a new age of AI powered coding, where creating a competing product only involves typing "Create a fork of this repo and change its name to something cool and deploy it on an EC2 instance".
I've been curious about how LLMs would impact open source, I have some theories and this is not the only one.
simmons · 3h ago
I would love to hear your other theories!
I don't think it would exactly be "create a fork of this repo", but if a developer invests significant time and effort solving hard problems where the solutions are implemented in the released source, once an LLM model is trained on it, then someone else could quickly and easily have the LLM generate a new program that implements the novel solutions. Whether this is a problem or not may depend on the motivations of the developer, but this potential for IP laundering may very well begin influencing the licenses and methods of distribution that people choose.
(Of course, I suppose at some point AI will be able to analyze and learn from binary executables or obfuscated source...)
doublextremevil · 2h ago
Companies in situations like these keep making this blunder when the solution is so right in front of them: use the AGPLv3.
riffraff · 49m ago
AGPL is not enough to prevent someone providing competing hosting options. They'd need to provide code if they make changes, but competitors are still free to offer the exact same service and not spend anything in development, which reduces the viability of the original project if hosting was the supposed source of income.
So the original project wants to restrict user freedoms, i.e. they _do not_ want the project to be open source; it's a legit choice, even if I personally prefer free software.
jilles · 6h ago
I didn’t know this was a Django application. Love that. Totally understand the author’s point of view, too.
ozgrakkurt · 6h ago
Curious what author would think of separating the service and the core parts and leaving core as open source.
This way someone could create a competing service but they would have to write the entire service layer themselves and a single user would be able to self host the core part.
Also curious what they think about the thiefs not caring about the license and copy pasting it anyway. I don’t think the kind of person that copies your code and tries to sell it would really care about the license
Fordec · 2h ago
Its interesting that they went with the Elastic License. Maybe this is a leaf in the wind that we're going to see more adoption of the license outside of Elastic. I get it's not a "standard" license, but standard licenses become standard through adoption. Someone has to be early to the party.
jraph · 6h ago
It's always sad when someone removes their project from the free software world.
I'd like to comment further on the permissive license point:
> When I started building Bear I made the code available under an MIT license. I didn't give it much thought at the time
I suspect many people choosing permissive licenses do it in the same spirit. They don't give much thoughts about the license, they just want to share the code with others (which is very nice!), and there was a push some years ago to make permissive licenses the default in many ecosystems (this is not innocent, by the way).
For me, the first lesson from this blog post is: think hard about what you want to really allow.
Given what the author says later:
> It hurts to see something you've worked so hard on for so long get copied and distributed with only a few hours of modification
The permissive license was obviously a bad choice. Not blaming, of course, hindsight is 20/20.
Pick permissive licenses if you are okay to work for free for other entities, and if you are cool with the potential asymmetry of them not sharing their improvements.
I'll preach for my church: when you release something, please consider a strong copyleft license. If it's SaaS, consider AGPL. It still allows people to provide services with your work, but if they need to improve your code, they are required to redistribute the improvements to their users. I don't see many reasons, in most cases, to allow people to get your code and not do the same as you: provide the code to their users; that's unfair to both their users and yourself (a notable exception is if you want to push/promote a format or a standard - then you want to push adoption at "all" costs).
Most of the times, this means you can get these improvements back. By sharing free software under AGPL, it is still possible that you'll work for free for someone else. But at least, you'll be competing on more equal footing. They'll actually need to work to be better than you.
In both cases, your advantage over them is your expertise in your own stuff.
A side effect of the AGPL is that big corps are afraid of it, so you will likely not get competition from them (even though AGPL allows them to do so).
mzajc · 6h ago
> This license is almost identical to the MIT license but with the stipulation that the software cannot be provided as a hosted or managed service
Note that while the original change was an additional clause to the MIT license, it was quickly changed to something completely different.[0] Since it no longer permits sublicensing and restricts "remov[ing] or obscur[ing] any licensing, copyright, or other notices in the Software," I believe it's closer to GPL now?
open source is charity. I believe in it, I contribute to it, but I recognize it is unlikely to lead to a sustainable livelihood
foxglacier · 5h ago
Yes. Somebody else using your software is usually the ambition of open source developers but this guy is hurt by it. He's programming for money, not doing charity. It sounds like being open source was just for show to make his business look like a charity.
rbren · 6h ago
I’d like to see a “no jerks” license. It’d be MIT by default, but call out specific bad actors as being disallowed from using the software. That way your average corporate user wouldn’t need to consult a lawyer before adopting
I think they're suggesting a license that says "except Apple, Amazon, Google, Huawei, ..." not a license that literally says "no jerks".
The problem of attempting to enumerate the jerks does seem pretty... insurmountable... to me though.
jraph · 6h ago
Yeah, and even if you like the idea, this is not dependable. How do you know, as a user, that you'll not end up in the jerk list tomorrow?
gpm · 6h ago
Presumably the license would, like practically all open source licenses, be irrevocable. You aren't guaranteed new versions will be issued under the same license (short of a contract saying otherwise, just like every other piece of open source software) but the existing license that did not list you as a jerk can't be revoked...
jraph · 5h ago
True, but that's still a risk that adds to the risk of the authors switching the license.
BTW, if the jerk list is tied to the license, if the project had external contributors, they all need to agree to add or remove someone from the list, like any license change…
gpm · 5h ago
> BTW, if the jerk list is tied to the license, if the project had external contributors, they all need to agree to add [...] someone from the list, like any license change…
Not if you base this off a license like MIT that allows sublicensing under more restrictive terms (not a lawyer, not legal advice)
jen20 · 1h ago
Untrue - all that needs to happen is that future work needs to be released with the new list attached.
nickpsecurity · 1h ago
The author released it under a do-anything-you-want license. Then was hurt other people used the code for commercial and competitive reasons. The first paragraph showed the root cause was not thinking through licensing in the first place. Now, they've seriously considered it, decided their goals, and re-released it with a mix of generosity and self-interest.
We should probably remind people that licensing is an agreement between them and the other party deciding what can and can't be done. Make sure you've considered things like profit, competitors, source redistribution, etc ahead of time. Then, pick the license that suits your goals best. For many, that's source-available licenses instead of open source.
bodge5000 · 4h ago
As much as people tend to hate it, I quite like copyleft licenses on the whole and wouldnt mind it at all for Bearblog, but this particular variation seems a bit odd. I mean I havent heard any problems from Elastic with it so I guess it sorts itself out, it just seems more complicated just AGPL
beanjuiceII · 59m ago
seems like a really easy to replicate project, feels like just an attention seeking thing
indigodaddy · 6h ago
From their GitHub:
Obviously you could self host it (and I guess plenty have figured out how to and even created competitors with the code if they are making this change?), but they discourage hobbyists from trying with this unhelpful statement. So what was the point of even being open source? Their whole statement kind of comes off as disingenuous to me because of this.
"Bear Blog has been built as a platform and not as an individual blog generator. It is more like Substack than Hugo. Due to this it isn't possible to individually self-host a Bear Blog."
edu · 6h ago
What I find amusing is that it's built on top of Django and of course uses a few other dependencies[0], and without them the project wouldn't even exist...
That argument can be made for virtually every piece of software. We all build on top of the work of others.
KolmogorovComp · 3h ago
The argument is that why should I be able to use software for free but do not want mine to be used the same way?
andoando · 2h ago
So everything should be open source and no one should be able to write software to sell it?
If you want your projects license agreement to be withheld in future projects there is a license for that. Its called copyleft
gkbrk · 3h ago
BearBlog built on top of the work of others. Now you can't build on top of the work of BearBlog.
ozgrakkurt · 6h ago
It reads perfectly clear. It is designed to be a platform and mit license makes it too easy for other people to create competing services and they don’t want that.
Maybe it was a mistake on their part to make it initially open source or it is bad that there are people looking to steal other people’s work
preisschild · 4h ago
If you don't want your work to be "stolen", and instead want to force the people to contribute back, use the AGPL
phoronixrly · 6h ago
You shouldn't look a gift horse in its mouth. Anything being open-source does not entitle you to be able to easily run it yourself. You are given the source as-is with no warranty. It is up to you to be competent enough to do anything with it and not the responsibility of the authors of the code.
If this doesn't suit you (as in, if this is a project you can't run, let alone maintain yourself), then you should consider paying someone (preferably the authors) to do so. I know this is novel to many people here who are used to exploiting the free labour of open-source maintainers, but it's been a decider in tech choices I make lately.
'Can I/anyone else at the company debug an issue and create a bugfix for this cool new open-source tech I want to introduce?' If no, then we are not qualified to run it without external help.
indigodaddy · 4h ago
Well I disagree. My take: they wanted their cake and to eat it too. They wanted to be able to say they were free/open source, but really didn't want anyone to be able to utilize the code in any meaningful way. The hobbyist will be turned off because it doesn't look like there is any way to even try it out themselves on their own VPS or hardware. That seems intentional. And now, they change their license so that anyone smart enough to figure it out and make money with it, they not gonna allow that either now. Feels like we know how they really felt from the start, which is they didn't really want anyone to run this code on their own to begin with, but they wanted to still be able to claim "fully open source." IMO, even “disingenuous” is actually a somewhat kind word to how they come off to me.
moralestapia · 3h ago
>It hurts to believe in open-source and then be bitten by it.
No, you don't believe in open source, hypocrite.
Open source means anyone can use it, even for commercial purposes, and you knew this from day zero.
Honestly, no sympathy for these people, as this happens over and over again, they actually exploit the very few good intended OSS people. They portray their project as open source initially, to gather sympathy and free work from others, then when they see the $$$ they flip the switch to non-OSS and rub their hands.
rozab · 3h ago
In this case it's kind of unbelievable how quickly the flip happened. Their 'manifesto'[0] was published only at the start of the year, where they vowed to be an incorruptible bastion of stability in a selfish society focused on short-term thinking. They want Bear to be around in 50 years.
Then in the last couple weeks or so[1] it seems they saw a bit of a spike, and immediately pulled up the ladder.
They even criticised this sort of behaviour in their manifesto:
>We've seen our fair share of open-source projects become sour (see the recent Wordpress drama) or abandoned entirely. We've seen OpenAI become ClosedAI. There's a common thread here. Trust isn't just a legal structure, but a social contract.
I am actually totally in favor of source available licenses, but in this case it seems counter to all the boasts the developer has made about their platform.[2]
ironically, Wordpress is still licensed under the GPL even after the kerfuffle.
moralestapia · 2h ago
I guess Herman cried to his friends for help now. Pathetic.
Your evidence is solid, after all, it was the same guy who wrote that just a few months ago.
That post might be gone soon, "smaht" people are inclined to rewrite history to fit their current mood.
archagon · 3h ago
Or... maybe they actually need money to keep maintaining the project? Not everyone is out there living a life of leisure.
If open source purists can't accept that, they'll find their cause gradually shrinking into nothing.
moralestapia · 2h ago
Betrayal is the deepest circle of hell for a reason.
You can always pull the rug under someone and get away with it, no consequences and even no remorse. You may even think of yourself as being the "smaht" one on that dynamic.
But some of us were cut from a different cloth and we can see the kind of person you are @archagon, from miles away.
No comments yet
accelbred · 6h ago
This isn't bear, the compilation database building cli tool, for those similarly confused.
upboundspiral · 2h ago
I don't have experience in the subject but recently listened to a podcast episode discussing the tension between open source and building a sustainable business by Oxide and Friends.
Nitpick but I accidentally upvoted the article (in the bearblog.dev website itself, the small upvote in the website)
and turns out once you upvote, you can't downvote?
Well, I love minimalist site providers
Its license is AGPL which still technically falls under Open source as to what "OSI?" says.
Source available just have a bad taste in my mouth. Maybe my critique of them isn't based on good intentions but I feel like I am getting really restricted as a user by source available licenses. I understand the pain of developers trying to make money. I just think that AGPL is a better use case and even elastic search went back to agpl and a lot of these source available things are going to agpl
I am sure that big tech might be able to bypass agpl itself somehow and that's why there were things like sspl but I still think that agpl is one of the most rock solid copy left licenses.
singpolyma3 · 4h ago
If competition hurts then yeah, you probably didn't want to be open source to begin with
sciencesama · 3h ago
i need a bear alternative that can support images and video embeddings
qudat · 3h ago
https://prose.sh — serve your blog using ssh. It was inspired by bearblog and others in this ecosystem of minimal blog platforms.
https://pico.sh includes a suite of other services (some paid) but the business model doesn’t depend on prose in particular.
xvrqt · 4h ago
It's funny this all to do about Yet-Another-Simple/Static-Blog generator or whatever
joshcsimmons · 4h ago
Silly. Globally over half of smartphone users have Android phones. Bear was actually the only thing that kept me in the Apple ecosystem for so long, was really bummed when I switched to Android to have to move to another notes program.
IMO - you are charging money for your app which makes you a business. When you don't listen to the market you forfeit any right to complain when you get your lunch money stolen. Sounds hard but most lessons in business are expensive!
jolux · 4h ago
That’s a different product — bear.app. This is about bearblog.dev.
noduerme · 1h ago
My God, why does a thing like this even HAVE a license? And what's with the wailing and gnashing of teeth about it being someone's life's work? Who would want or need to clone it? This blog is 2.7k. It appears to have exactly two features: upvoting (unfortunately, we learn too late, without the ability to undo) and indexing posts. It looks like garbage. It would probably take an hour to code from scratch if you were high.
jhack · 18m ago
This screams of uneducated regret with a sprinkling of greed. How do you make your code open source but then not understand what open source is? Or even read the license?
I'd like to see some recognition from this crowd of the "free-ride competition" problem as this author puts it. What Herman is doing is a service to us all, and we should find a term (better than 'source-available', which is cold and doesn't capture community projects accurately) that people can promote themselves under without much weeping and gnashing of teeth.
EDIT from a comment in a thread way down, that summarises my point:
I argue that the natural winner-take-all dynamics of the marketplace are not beneficial to the the mission of free and open source software. In fact, having no safeguard against large organisations making money this way is actually hugely detrimental to the mission by enabling these companies to ensnare unsuspecting users in a web of both their own proprietary software as well as all that free and open source software has to offer.
The original stance of the open source crowd was more along the lines of the GPL -> GPLv3 -> AGPL, which expressly prevents this kind of thing.
The proliferation of "give everything away for free" MIT/BSD/Apache licenses seems to me to have been an intentional campaign by corporate interests to undermine free software ideals
Not wanting to further widen the schism but wasn't that the free software people rather than the open source people? cf [0], particularly the "not as strict" part.
> In the late 1990's Eric Raymond and others developed the term "open source" as a more business friendly term than "free software", with a more inclusive meaning where licenses that were not as strict about the passing on of modifications would also quality for the term.
[0] https://www.freeopensourcesoftware.org/index.php?title=Eric_...
Open Source provides the same “4 freedoms” as Free Software so most Open Source licenses qualify as Free Software as well.
If the goal is developer collaboration, permissive licenses are often the best choice. If you want maximum user entitlement, copyleft licenses limit developer freedom in exchange for a guarantee that future code will also be released as free software.
Cloud hosting was a challenge that did not exist when either philosophy first emerged.
With hosting, you are able to become the preferred source for software without adding much value to the code itself. This is what the author is complaining about.
The AGPL tries to address this in the GPL family but I don’t think it quite gets there. For permissive licenses, we see these “no hosting” exceptions.
If you read the early writings from the Free Software Foundation, they do not care if devs can make a living. The goal is user freedom. I think it is this philosophy that objects to the hosting exceptions.
Perhaps a better solution will be found in the future.
Expanding on this, the Free Software movement always focused on freedom for users - which, in a world where copyright applies to computer programs, ultimately leads to the licenses you listed to repurpose it.
The Open Source movement usually tries to advocate for open-source as the best development model. As in, writing it in the open and contributing with other people will result in objectively better software in the long term. Others treated it (when the term was coined) as a marketing term for Free Software, making it more palatable to businesses whose people running it don't want to talk about ethics too much.
https://www.gnu.org/philosophy/open-source-misses-the-point....
s/open source/free software/
None of those licenses prevent Amazon-style freeloading though.
The reason why MIT/BSD licenses flourished is that they were easy to understand. As long as you didn't sue the original author or try to claim the code was written by you, you were free to do almost anything with it, including mixing it in with other for-profit code.
Whether that's an abomination or a blessing depends on your corporate vs. free software politics.
I'm not actually sure what a better way to square the circle of not making the large entities that have developed a weird patronage relationship with open source projects run away while also avoiding the kinds of problem that the GPLv3 and AGPL are hoping to deal with, would be. Limiting the virality scope might be beneficial there, but I'm not sure how you would word that in a way that's not gameable.
It feels like we've wound up in a weird position where because so many GPLv2 projects moved to GPLv3, companies were startled into paying attention to the risks involved in a new license with open questions about how it would shake out in actual courts, as well as being jolted to the very real possibility it could happen again, and took the path of risk reduction by moving toward platforms where that couldn't happen.
You might compare it to everyone pointing to Solaris's source closing as a reason to not trust Oracle about MySQL's license remaining GPLv2. (As it turned out, so far, they haven't changed the license, but there was certainly a lot of fearmongering about that at the time.)
So I think I agree that it's not so much a coordinated effort to steer anything as the direct effects of companies avoiding funding that space, as well as the knock-on effect that anyone whose goals involve large companies using their product and leveraging that avoids picking a license that precludes that in turn.
Doubly so when they relicense outside contributors' work with a closed source license because those contributors signed a CLA.
And lets be real here: https://github.com/HermanMartinus/bearblog/graphs/contributo...
Looking at the details of that, the only two (small) substantial code changes from other people are "User can delete their own account" from 2020, and "Use cloudflare online dns api to perform domain check" from 2021.
I have no horse in the race, just think that maybe this project is not a good measure of contributions.
That's why I said "most people" (of which I think HN commenters are not a representative sample) rather than "nobody" :)
A commitment that any significant derivative retain the original (or some later version) of the original license.
"Free to do whatever as long as it retains this license. A commitment that this license will not change, even by the original author".
No special cases, just a blanket license for all derivatives.
If it exists, what are the barriers to adoption? Why don't we all use it?
(What I'm given to understand does work is using a copyleft license and taking code from multiple parties without a CLA, because then relicensing requires all the copyright owners to agree, which for a large enough project is impractical.)
If one of those options places restrictions on the users, then those users are probably going to choose one of the other options.
As a result, licensing your project GPL or the like usually means relegating it to obscurity. There are very notable exceptions, including Linux and WordPress, but they are outliers. It's hard to monetize an MIT project, but it is even harder to monetize a project without users.
Whether this is "good" or "bad" is a separate debate (err, usually flame war), but I think many people gloss over that this is a coordination problem and that everyone is acting rationally. For better or worse, software does not seem to be scarce.
Subjective. Sure if you are talking about percent of market share, but it's a huge market, you don't need to capture even 1% of users to have a viable business.
The vast majority of the GNU ecosystem is GPL. Bash, git, Apache, Gimp, Blender, Libreoffice.
There are also a lot of projects that are dual licensed, allowing commercial software to be charged a fee and non-commercial software to use for free with GPL.
But once we start talking about the kind of software large corporations (like AWS) will have an interest in, projects have to be successful to be useful. Software requires maintenance so the maintainers need to be able to devote their time to maintaining and improving the project. So this will select for projects that are successful enough that the maintainers can focus on it fully (either because some company hires them to work on their own project, they can charge high consulting fees because of their association with the project, or whatever).
I think "the code" (the thing covered by copyright) in most cases is not as valuable as "the project:" the leadership, the contributors, the users, the norms and practices, the commitment to ongoing maintenance, and so on. So just lots of individuals all putting pieces of their code out there with GPL probably doesn't make a lot of impact (though there is nothing wrong with it), because most users don't want "code" they want a "project" they can rely on.
I'm not sure why someone who is spending their limited free time building software to give away for free would want Amazon as a downstream consumer
Do you enjoy spending your nights and weekends dealing with CVE reports, while a high-6-figure BigTech engineer nags you that they need it fixed?
It is an annoying problem to have, but if your goal is to be able to support yourself by working on your open source project full time (not saying this has to be or should be everyone’s goal), then having big tech engineers nagging you is probably a good problem to have.
If you aren't interested in open source, that's your option, but open source has had a clear meaning for decades. You can use/write your software and people that believe in open source can use/write open source. What's the problem?
If you are concerned about mandating users provide modifications by a similar license to the one they received material under, what you want is copyleft.
No comments yet
Open-source normally means there's no use restrictions, but there could be some requirements in order to do so (like attribution).
Free software normally means there's no use restrictions, but modifications can mandate maintaining the modifications also free to use, retaining the same freedoms.
And if you fray from those, you can call it source-available and the specifics of what usage restrictions exist are per-license.
Isn't this what the AGPL is for? That's an OSI approved "open source" license that places restrictions on people making the software accessible as a network service.
They want to seem altruistic but want to also be the only provider.
GPL would have been a better initial license, and AGPL would have been the next logical step to ensure that changes that hosted services make can come back to the original version.
I'm not entirely sure what they were hoping to get by making an extremely permissive licensed piece of software, but competition doesn't appear to be it.
This is an overly negative take. At the end of the day, they are still providing software and the source code free to use for practically every purpose except directly competing with them.
That's still altruistic while also being sensible in the real world rather than an ideal.
You might say, "well wouldn't that be most of what people might want to do with it?" And you might be right, but so what? No one is entitled to build their business on the back of someone else's work, not without their permission anyway.
That certainly makes software like this no longer Free Software. But I'm not religious about it, and maybe that's ok sometimes.
(It also runs afoul of several parts of the OSI Open Source Definition, but maybe that's ok too.)
From the license at <https://github.com/HermanMartinus/bearblog/blob/998e87263248...>:
"You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality"
Given that the exclusive purpose of the Software in question is to implement a managed service for its users' hosting needs, I'm having trouble understanding how anyone could take the position that this is "mostly in the spirit of FOSS".
The license might as well say, "You just can't use this."
No comments yet
I don't see how, there is nothing in the spirit of FOSS by doing that.
Technically true, but in practice almost every tech company forbids GPL code. I bet if you re-read your employment contract closely you'll find that you agreed not to introduce any GPL code into the company's codebases.
(Edited for clarity).
Of course a company must forbid copy/paste of GPL code, because that would GPL the codebase and that's hardly what they want. But one should ask the Legal office (and/or other offices) about adding any MIT, BSD or proprietary library: credit must be given (how?), licenses must be available and compatible with the way the software is distributed. There are so many licenses out there, everything should be vetted.
Of course everything should be vetted, but lawyers have canned advice about common licenses they see often — GPL, MIT, etc.
[1] https://opensource.google/documentation/reference/using/agpl...
Any examples when AGPL was used successfully by competitors? Typically every company prohibits using this licence.
Freedom 0 is the freedom to run the software for any purpose. You can't deny users this freedom "for their own good", or to spite big corporations, and still be free software.
Subtler issues of power and dependency won't be resolved through licensing alone, and certainly not by compromising on basic software freedom for users.
Now, we can agree and talk about unfortunate consequences and possible mitigations.
The AGPL is one possible mitigation: Big corps are usually afraid of it. But they do themselves: the AGPL doesn't forbid them to use the thing.
That doesn't mean I think everything has to be open source. Bear is a blogging platform trying to make money and it seems fine to me for it not to be open source.
I don't think anyone has a problem with the non open source licenses themselves. If you start with a closed source license or whatever, that's fine. It is switching from an open source licenses to something that is not.
A lot of the projects that later switched out of open source would have never gotten any traction if they started with the license they ended up with.
Also, MIT license in particular is much shorter and easier to understand for a non-lawyer, than most other software licenses.
I think some people lose sight of the difference between the theoretical possibility of competing forks/implementations/services and the practical possibility. If a big enough organization gets ahold of something and begins to drive it, the fact that it's nominally open source may not be enough to ensure that people have a practical ability to get out from under that organization. In other words you need not just openness of "information" but actual open space to maneuver in the real world of food and money and markets and so on.
In many cases for-profit companies have taken up (or created) open source tools and made use of them in ways that still benefited the community at large. But it's not clear to me that FOSS licenses as we know them actually guarantee that. It doesn't seem unreasonable to me to want to build safeguards against open source software being weaponized or co-opted for unfree purposes.
One thing that's not clear from the Bearblog dev's post is whether he would be open to small-scale "competitors" who share an ethos similar to his own. In theory such competitors could be granted special license exceptions. If I were in his position I could see myself wanting to exclude big companies (and companies that hope to become big) while allowing small operators. The challenge is to create an enforceable license that encodes that, rather than requiring the author to manually approve or deny each request.
This statement is 100% correct. Open means open for everyone. There's a "but they are providing FOSS as a service on a proprietary platform", which seems like the next step on the LGPL-GPL-AGPL stairway of licenses, but SSPL failed to convince anyone it was a necessary freedom:
- MongoDB Inc obviously had no plans to release their own SaaS platform under SSPL
- AWS source code being released wouldn't have benefited anyone other than maybe other major cloud providers
They couldn't do anything with it (alter or even build iirc), but they could look at it.
https://www.computerworld.com/article/1336859/microsoft-open...
Ha. How times have changed:
> But governments won’t get the ability to alter source code. “This isn’t about developing or supporting customized versions of Windows,” Mundie said. The GSP and other source-code access programs are about “helping build comfort and trust with our key customers on how Windows is deployed, how security is running and how other software is running on top of Windows,” he said.
> Russia’s Federal Agency for Governmental Communication and Information has signed a GSP agreement with Microsoft, and the company says it’s in discussions with about 20 other governments.
There are factions in open source advocacy, ranging from laissez faire views of freedom to views of freedom as something that needs some limitations to conserve it and prevent abuses/tragedy of the commons/etc.
it's not copyleft, it's a version of freeware license
That term already exists: it's proprietary software.
If you're going to restrict what users can do with their copies of the program, please do not try to label the program as Free Software / open-source.
(I have no objections against the “source available” though - it’s a pretty unambiguous and useful term, that isolates one specific property.)
I mean this stuff isn't just theoretical, there have been video games where we only find out they violated the GPL after a major code breach. [1]
[1] https://news.ycombinator.com/item?id=20129285
That's because then it isn't. Sorry, but you can't just take terms with an accepted meaning and decide they mean something else, without any conversation or consensus from there people using that term.
The OSI has a specific definition of what "open source" means[0]. Restricting what users of the software can do in this way is in direct opposition to parts of that definition, so no, if you do that, then it is no longer open source.
I'm not saying you aren't entitled to set up your licensing that way. I think it's disgusting when the likes of Amazon decide to take someone's hard work and use their massive oligopolist position to trivially outcompete anything the original author might try to do to make some money.
But that doesn't mean it's open source. I think people need to stop being so afraid to call their software something else. They seem to be really attached to the idea of being an "open source developer", and don't want to drop that moniker even after changing their licensing away from open source.
People also need to stop licensing their software under true OSS licenses, building a community of regular, significant contributors around it, and then changing their licensing (which they can do because they've [IMO shadily] required contributors to reassign copyright). That's a huge bait-and-switch, and people are right to be upset when that happens.
In the case of Bearblog, it seems like the author is really the only significant contributor, so I think what he's doing is totally fine, for the record. Frankly I think he did this the right way: his announcement email is entirely reasonable and sympathetic, and he doesn't try to breathlessly claim that his software is still open source.
[0] https://opensource.org/osd [1]
[1] While I don't love how the OSI folks basically just decided they own the term "open source" and that they get to define it, I think they've been pretty good stewards over time, and having clear-cut definitions of things is a good thing.
The history of technology and markets show this just isn’t true on any significant timescale.
It does take some mental discipline to actually believe in the movement and not view someone using your software to start a business as them "stealing your work." Such a thing doesn't make sense in OSS, you gave it away freely. It's a good thing, the competition is healthy. You don't have to believe, closed-source proprietary software is much easier to run a business off of as evidenced by most businesses operating that way. There's no shame in it. The FOSS folks are the free love "we don't believe in intellectual property mann" hippies of the software world.
I don't owe that guy s*it, what are you talking about.
He's actually doing a disservice to the OSS community, as there's now another story of OSS turning non-OSS out of greed, which damages (by a bit, but still) the whole aura that true OSS has built over the past 40 years.
> This is a morbid topic for me to write about: what happens to Bear if something happens to me? I've got that covered too. There's a detailed succession plan in place, including:
Full documentation of all systems and processes Multiple trusted developers with access to the codebase Clear instructions for maintaining the platform So if I were to be incapacitated in any way, the platform will live on.
> Its portfolio includes Bear, the Apple Design Award winner notes app, …
> Bear, the Apple Design Award winner notes app
Which you could have known by spending five seconds on https://lambdalpha.com, or actually reading your own link which calls Bear an "Apple Design Award winner notes app", which doesn't really sound like the Bear blog.
Stop spreading rampant misinformation.
It also aligns quite well with Bear's manifesto [3]. Even if Bear PTY LTD ceases to exist, Bear won't. This can be codified under DOSP.
Disclaimer: I'm involved with fair source and helped write the FCL.
[0]: https://fair.io
[1]: https://opensource.org/dosp
[2]: https://fcl.dev
[3]: https://herman.bearblog.dev/manifesto/
Is it correct to assume that software than eventually becomes open under something like Apache or MIT is fair source? Or is there more subtlety to it?
The concrete definition we came up with and published:
> Fair Source is an alternative to closed source, allowing you to safely share access to your core products. Fair Source Software (FSS):
> - is publicly available to read;
> - allows use, modification, and redistribution with minimal restrictions to protect the producer’s business model; and
> - undergoes delayed Open Source publication (DOSP).
However, I still believe AGPL is a better alternative in most cases and functionally prevents large enterprises from touching your code due to typical internal policies.
This is a grievance against the spirit of open source.
Freedom 0 the freedom to use the work
Freedom 1 the freedom to study the work
Freedom 2 the freedom to copy and share the work with others
Freedom 3 the freedom to modify the work, and the freedom to distribute modified and therefore derivative works
If Amazon tomorrow turns around and open sources everything that is a derivative work of the code they ever used, I would be more than happy, even proud if they used my software. Today any company which doesn’t deny their users the core software freedoms is already free to do so.
This is not a “hack” to be maliciously compliant OSS; this is the spirit of open source.
Why do you think the GPL has the virality clause in the first place?
Edit: a perhaps reductive, but hopefully instructive summary: MIT/BSD guarantee freedoms of the software developers, GPL guarantees freedoms of the software users.
You are free to choose which you prefer, but they're quite explicit choices, and the AGPL is absolutely squarely in the spirit of the GPL.
(Now if you had said you take issue with the tivoization clause, on the other hand... :) :))
believe it or not this is not actually true! the corporations who disallow agpl do so because their lawyers (correctly) tell them that agpl-licensed software has not been adequately tested in relevant courts of law, and that by including agpl-licensed software they are opening themselves up to unknown/unbounded legal liability/risk!
"the spirit of open source" has nothing to do with anything!
the more you know
[0]: https://keygen.sh/blog/weaponized-open-source/
[1]: https://keygen.sh/blog/whither-open-source/
You should be vocal against CLAs, not the AGPL. CLAs with any license is a risk of seeing the code closed up.
AGPL allows competition. Any free software license does. It's rule 0 of free software.
> it's chosen to to be a non-compete.
Well, too bad for them, because I can still fork this AGPL software and compete. So what's the issue?
The issue would be for contributors contributing for to this code under CLA seeing their contributions closed up. If that's not your thing, don't contribute to software under such CLA. I avoid it myself.
No legal department will ever allow it due to the FUD. That's the whole fucking point.
I don't mind them not using my code. They are doing themselves here.
They have the human power to rebuild it anyway and I actually believe it should cost them.
it's actually them who are spreading the FUD, because they don't like the AGPL.
Meanwhile, my goal of providing software freedom to my users is fulfilled.
If the OSI came out and made a statement on the ambiguities in the AGPL, and cleared the FUD in such a way that all companies agreed and could reference it, I'd wager that the AGPL would over time become much, much less popular for commercial open source. But I'd wager that they won't do that, because they win when COSS wins.
But if they did, we'd likely even see a move towards non-OSS licenses, ones that are clear as to their intent and rules -- rather than relying on ambiguity -- because there would no longer be an OSI-approved license that businesses could use to have their cake and eat it too.
Very few COSS business/startup/w/e right now are choosing AGPL for altruistic reasons. This thread and every other COSS licensing thread here are evidence of that.
Few of them care about software freedoms, or know why they chose the AGPL. They have a playbook that says AGPL lets them take advantage of the open source distribution flywheel, while largely protecting them from the risks associated with commercial open source, i.e. competition. They choose AGPL for this, not because it's the best license for users.
I honestly don't get how people don't see the deception under the AGPL right now.
I now understand where you’re coming from but I am not sold on your prediction that the agpl would crater if Google started complying with it. It would mean that Google open sources everything which is derivative work. That sounds like it would buy a lot of good will amongst precisely those people who are mad about how Amazon screwed redis (to put it bluntly).
Let's say I don't care about the intent of people choosing the AGPL (I do, I wish people did stuff for altruistic reasons, but the economical system in which we live makes it so we can't rely on this).
You say people are choosing the AGPL because they think it lets them do effectively source-available while benefiting from open source washing. Fine. I don't like this. But the effect of this for me is that we actually get actual free software.
What's so bad with this?
I've reread your second text and didn't find what's actually bad with the AGPL.
Now, I wish all the FUD around AGPL was cleared; the FUD is what's bad, but I don't wan't to wait for this to happen before picking the AGPL for my software.
It's lying. It's an open source project and a business model built on deceit. I guess I care about clear rules, clear intentions, and I care about integrity above all. The AGPL is ambiguity; unclear rules, veiled intentions. And these same people will relicense without a thought, too. I think we should care about these things, otherwise we repeat history over and over again.
I don't see how it can do this. The AGPL is a license text. It states what people can do with the licensed code. What is lying in this text?
> I guess I care about clear rules, clear intentions, and I care about integrity
Me too
> The AGPL is ambiguity; unclear rules, veiled intentions
That's where I don't agree: The rules are written in the license text and I see no ambiguity there. Where is the ambiguity in the AGPL text? What is not clear about it? What granted rights are we not sure about?
> veiled intentions
The original intent of the AGPL authors (the FSF) was clear and simple to me: ensure the end user's freedom. It was GPL, but address the SaaS situation where someone can modify networked GPL software, make users use it from the network, without having to redistribute the modification since the program runs remotely and not on the user's machine. And that intent is perfectly align with what I want for my code.
Sure, people with bad intents will use the AGPL, and so what?
People kill with knives, but I'll definitely keep cooking with mine. The AGPL is a tool. It doesn't, by itself, has intents, especially veiled intents.
I'm not going to stop using the AGPL because someone wants to use it to trap users.
This is all abstract, I'd appreciate concrete examples where:
- people have done that, without a CLA (because yeah, I'm convinced AGPL+CLA can be bad).
- the AGPL doesn't work well for someone using it with the original intent in which the AGPL was written.
The example comes straight from the mouth of a COSS founder.
The agpl is ambiguous because users may choose not to fully use the freedom they were given? Sorry but this is bullshit. I'm glad I haven't started using this stuff yet (for other reasons). I'm sure I wouldn't notice such issues in topics I'm not at ease with and I can see how easy one can be seduced by this stuff.
Now, I'm convinced AGPL can be misused. What's more, I'm certainly quite happy that a side effect of the AGPL is that Google won't touch it, to mirror the comment you point to (whose author is wrong by the way, the intent behind the AGPL was not to exclude big tech, but to promote/protect user software freedom). All the fud around the AGPL actually comes from companies like Google, so respectfully fuck them all. Nobody could possibly have weaponised the AGPL against them had they not started spreading all the fud in the first place.
But even considering that picking the AGPL to scare big tech away is bad and weaponizes it (which I can hear, and let's assume), I believe you are wrong that nobody chooses the AGPL for the user freedom genuinely. There are a lot of examples of software under AGPL in good faith seemingly to me. Examples: Nextcloud, Joplin, CryptPad, Overleaf, Passbolt, Univention...
I doubt any of these commercial projects from friendly (?) companies choose the AGPL to fuck the world. I don't know the numbers, maybe it's a minority. You may not have numbers as well. Are you against the AGPL when used in good faith? If so, what to you suggest as an alternative?
I'm with you with the wish people were altruistic. But the system we live in doesn't exactly help being altruistic. Not being altruistic is certainly not a trait of people using AGPL, it's virtually everyone in a commercial setting (although some of us try to do their best to be good humans and virtuous). If anything, the AGPL was born from a ideal and that was certainly driven by something like altruism. All this blame towards the AGPL because people are out there to make money really feels weird to me.
Anyway, I don't think we'll reach an agreement here and that's OK. Thanks for the discussion, despite the strong disagreement it is/was stimulating.
Seems like the "COSS" grifters are the problem, not the AGPL or the average person who chooses AGPL.
The whole piece is about CLAs, the AGPL has absolutely nothing to do with signing over your copyrights. See Canonical for the same behaviour without the AGPL, the AGPL just requires that you allow your users to also see the code they are using, even if it is accessed over a network.
> Many, like Google, have flat out banned the AGPL.
Yeah, but that's because Google hates sharing what they have built on the shoulders of giants.
Save for The Church of Emacs and St. IGNUcius (obvious jokes), FSF is a political and social activism organization - not a religious one. They have foundational principles and manifestos, sure, but those aren't religious dogmas, but rather the views/desires how the society should work.
Labeling FSF as religious implies that it's a cult and thus there's no talking reason to them. But they're no more religious than any other civil rights movement - the beliefs about software freedoms are no different than beliefs in any other social rights.
People are welcome to use and host AGPLed software under its own FOSS terms. If people don't want to do that, and want to pay for alternative terms, that is also a sign that the license is effective. There's no point in restricting things people don't want to do. The GPL restricts something people want to do: make proprietary software. The AGPL restricts something people want to do: host software without distributing the source at all.
Your options are: MIT / BSD, GPL, LGPL, AGPL. All others are unnecessary and create needless incompatibility.
Authors gave the right to change license to a proprietary one. Users being surprised by this are as equally naive as developers who think you can make money writing Open Source.
I would love to see this reversed and moved to AGPL instead.
Obviously the goal of Open Source licenses does not include making money. You might, or might not, but it's not a priority.
Equally your goal may be to only support Open Source projects. That's fine. For you removing support for this project makes sense.
Once a project reaches the stage of needing to create an income stream, Open Source licenses are no longer appropriate.
Yes, some developers are naive in thinking Open Source licenses protect their income stream. Yes some users are naive in thinking that projects will remain Open Source forever.
Source-available, or Shipped-with-source of whatever you want to call it is a proprietary license which is just fine. It's not Open Source, nor does it need to be.
Why does this keep happening? Why are so may developers blind to this obvious outcome?
Especially when your project is new it's also not often clear that this project will become something more serious later where you have to worry about such things as people cloning your project.
I think MPL 2.0 is the ideal kind of copyleft, because of its scope being very clear.
> When is a program and its plug-ins considered a single combined program?
> It depends on how the main program invokes its plug-ins. If the main program uses fork and exec to invoke plug-ins, and they establish intimate communication by sharing complex data structures, or shipping complex data structures back and forth, that can make them one single combined program. A main program that uses simple fork and exec to invoke plug-ins and does not establish intimate communication between them results in the plug-ins being a separate program.
JSON data sent over the wire, particularly data with nested arrays and maps, and especially a bidirectional communication protocol, can reasonably count as "intimate communication" with "complex data structures" shipped "back and forth".
This is nonbinding guidance, but it is from the FSF, and it is legally untested afaik (not a lawyer). There's sufficient legal risk here that I'd be wary of using rich communication protocols with GPL programs, particularly if there isn't an explicit exception for that protocol.
No, shared memory is addressed later within the same answer.
> Using shared memory to communicate with complex data structures is pretty much equivalent to dynamic linking.
The first part of the answer clearly includes programs sending each other "complex data structures", including nested JSON data, over pipes.
IANAL, but does the above limitation prevent users from hosting bear for their own (or your company’s own) needs?
If so, doesn’t that defeat the whole reason why it’s MIT licensed.
https://github.com/HermanMartinus/bearblog/blob/master/LICEN...
People and companies cannot host it and offer it as a service to other people or companies.
https://www.elastic.co/licensing/elastic-license/faq
Again, IANAL, but I can see why a company might be cautious about using Bear as a self-hosted blog engine, since companies technically have “users.”
For comparison, the Elastic License v2 - which this license is apparently modeled on - explicitly restricts use by "third parties":
> "You may not provide the software to third parties as a hosted or managed service"
----
The Bear license doesn’t include similar language, which could create uncertainty.
It might help to explicitly clarify that self-hosting for one’s own use is allowed, or to add “third party” wording to the limitations.
I only raise this because (a) licensing is tricky, and (b) if this feedback helps the author clarify their intended license terms, that’s a win for everyone.
https://www.elastic.co/licensing/elastic-license
>Limitations: You may not provide the Software as a hosted or managed service that offers users access to substantial features or functionality.
Where on the spectrum sits an average cookie-cutter VPS provider that comes with an OS package manager that installs the program? Does the VPS provider have to screen the package manager? Does that change if they build a wiki with "1-click-install" that just sends an ssh command to install?
Is this just a requirement to have some theater where an "unaffiliated" third party has to provide the set-up scripts? Or just a rule you can't mention the option during the sales pipeline?
Crucially, I think what is banned to offer accounts. Offering turnkey-hosting is probably banned in spirit, but the person offering the turnkey-hosting is not in violation, rather the person booking the turnkey hosting and offering the accounts on the instance to third parties is in violation.
I think the wording is originally against somebody like Amazon hosting e.g. database instances for other people to use, and then giving you an account in that database. It's still OK to rent a VM from them and use the package manager to install it.
In any way, it is really confusing, in a way a license should not be. And I don't really understand why someone builds a blog platform, which is not monetized, open sources it, but doesn't want other people to host it. If I open source my stuff, I want people to use it. If I want to share the code but don't want people to use it I'd just put it somewhere it with no license at all (all rights reserved).
Bear is still here https://github.com/rizsotto/Bear and open source
He seems to claim 3rd parties are offering bearblog commercially without modifications (or with useless modifications, like just a changed name).
So you can get a self-hosted site that looks and acts like a Bear Blog, but run it yourself with a free software SSG.
Even better when a project starts with this model so it doesn't feel like a rug pull or doesn't get messy with forks overshadowing the original product. But I don't feel like Bear had the kind of scale to face this type of reaction.
I use mataroa.blog periodically which is in the same nice and I wish the Bear maintainers fulfillment with their project.
You know something's broken when Microsoft gets to claim to be the biggest backer of open source.
Meanwhile they'll break your back and steal all your trust and credibility if they can
They can say whatever they want. They're just lying. If you spend even a little bit of time looking into it you'll find it's just a marketing strategy.
I'm not claiming Microsoft is a good actor (and they certainly produce a whole lot of derpy trash along the way), but the argument itself is not particular sound.
Now, no LLM is currently anywhere near doing that for ElasticSearch.
But for a project with 4845 lines of Python code? (as per tokei)
Definitely doable, with a bit of handholding and manual fixing.
Would that be a derivative work? Maybe, but that would be a hard legal battle.
Wouldn't you do this just against the/an API documentation? Interesting thought.
You could probably feed all of ElasticSearch into an LLM and ask it to "reimplement it" successfully. But why would you even bother? There's already an existing open-source alternative called OpenSearch [1].
[1]: https://github.com/opensearch-project/opensearch
I've been curious about how LLMs would impact open source, I have some theories and this is not the only one.
I don't think it would exactly be "create a fork of this repo", but if a developer invests significant time and effort solving hard problems where the solutions are implemented in the released source, once an LLM model is trained on it, then someone else could quickly and easily have the LLM generate a new program that implements the novel solutions. Whether this is a problem or not may depend on the motivations of the developer, but this potential for IP laundering may very well begin influencing the licenses and methods of distribution that people choose.
(Of course, I suppose at some point AI will be able to analyze and learn from binary executables or obfuscated source...)
So the original project wants to restrict user freedoms, i.e. they _do not_ want the project to be open source; it's a legit choice, even if I personally prefer free software.
This way someone could create a competing service but they would have to write the entire service layer themselves and a single user would be able to self host the core part.
Also curious what they think about the thiefs not caring about the license and copy pasting it anyway. I don’t think the kind of person that copies your code and tries to sell it would really care about the license
I'd like to comment further on the permissive license point:
> When I started building Bear I made the code available under an MIT license. I didn't give it much thought at the time
I suspect many people choosing permissive licenses do it in the same spirit. They don't give much thoughts about the license, they just want to share the code with others (which is very nice!), and there was a push some years ago to make permissive licenses the default in many ecosystems (this is not innocent, by the way).
For me, the first lesson from this blog post is: think hard about what you want to really allow.
Given what the author says later:
> It hurts to see something you've worked so hard on for so long get copied and distributed with only a few hours of modification
The permissive license was obviously a bad choice. Not blaming, of course, hindsight is 20/20.
Pick permissive licenses if you are okay to work for free for other entities, and if you are cool with the potential asymmetry of them not sharing their improvements.
I'll preach for my church: when you release something, please consider a strong copyleft license. If it's SaaS, consider AGPL. It still allows people to provide services with your work, but if they need to improve your code, they are required to redistribute the improvements to their users. I don't see many reasons, in most cases, to allow people to get your code and not do the same as you: provide the code to their users; that's unfair to both their users and yourself (a notable exception is if you want to push/promote a format or a standard - then you want to push adoption at "all" costs).
Most of the times, this means you can get these improvements back. By sharing free software under AGPL, it is still possible that you'll work for free for someone else. But at least, you'll be competing on more equal footing. They'll actually need to work to be better than you.
In both cases, your advantage over them is your expertise in your own stuff.
A side effect of the AGPL is that big corps are afraid of it, so you will likely not get competition from them (even though AGPL allows them to do so).
Note that while the original change was an additional clause to the MIT license, it was quickly changed to something completely different.[0] Since it no longer permits sublicensing and restricts "remov[ing] or obscur[ing] any licensing, copyright, or other notices in the Software," I believe it's closer to GPL now?
[0]: https://github.com/HermanMartinus/bearblog/commit/89c3f346ef...
The problem of attempting to enumerate the jerks does seem pretty... insurmountable... to me though.
BTW, if the jerk list is tied to the license, if the project had external contributors, they all need to agree to add or remove someone from the list, like any license change…
Not if you base this off a license like MIT that allows sublicensing under more restrictive terms (not a lawyer, not legal advice)
We should probably remind people that licensing is an agreement between them and the other party deciding what can and can't be done. Make sure you've considered things like profit, competitors, source redistribution, etc ahead of time. Then, pick the license that suits your goals best. For many, that's source-available licenses instead of open source.
"Bear Blog has been built as a platform and not as an individual blog generator. It is more like Substack than Hugo. Due to this it isn't possible to individually self-host a Bear Blog."
0. https://github.com/HermanMartinus/bearblog/blob/master/requi...
If you want your projects license agreement to be withheld in future projects there is a license for that. Its called copyleft
Maybe it was a mistake on their part to make it initially open source or it is bad that there are people looking to steal other people’s work
If this doesn't suit you (as in, if this is a project you can't run, let alone maintain yourself), then you should consider paying someone (preferably the authors) to do so. I know this is novel to many people here who are used to exploiting the free labour of open-source maintainers, but it's been a decider in tech choices I make lately.
'Can I/anyone else at the company debug an issue and create a bugfix for this cool new open-source tech I want to introduce?' If no, then we are not qualified to run it without external help.
No, you don't believe in open source, hypocrite.
Open source means anyone can use it, even for commercial purposes, and you knew this from day zero.
Honestly, no sympathy for these people, as this happens over and over again, they actually exploit the very few good intended OSS people. They portray their project as open source initially, to gather sympathy and free work from others, then when they see the $$$ they flip the switch to non-OSS and rub their hands.
Then in the last couple weeks or so[1] it seems they saw a bit of a spike, and immediately pulled up the ladder.
They even criticised this sort of behaviour in their manifesto:
>We've seen our fair share of open-source projects become sour (see the recent Wordpress drama) or abandoned entirely. We've seen OpenAI become ClosedAI. There's a common thread here. Trust isn't just a legal structure, but a social contract.
I am actually totally in favor of source available licenses, but in this case it seems counter to all the boasts the developer has made about their platform.[2]
[0]: https://herman.bearblog.dev/manifesto/ [1]: https://trends.google.com/trends/explore?date=today%205-y&q=... [2]: https://herman.bearblog.dev/building-software-to-last-foreve...
Your evidence is solid, after all, it was the same guy who wrote that just a few months ago.
That post might be gone soon, "smaht" people are inclined to rewrite history to fit their current mood.
If open source purists can't accept that, they'll find their cause gradually shrinking into nothing.
You can always pull the rug under someone and get away with it, no consequences and even no remorse. You may even think of yourself as being the "smaht" one on that dynamic.
But some of us were cut from a different cloth and we can see the kind of person you are @archagon, from miles away.
No comments yet
https://podcasts.apple.com/us/podcast/open-source-and-capita...
https://podcasts.apple.com/us/podcast/open-source-anti-patte...
and turns out once you upvote, you can't downvote?
Well, I love minimalist site providers Its license is AGPL which still technically falls under Open source as to what "OSI?" says.
Source available just have a bad taste in my mouth. Maybe my critique of them isn't based on good intentions but I feel like I am getting really restricted as a user by source available licenses. I understand the pain of developers trying to make money. I just think that AGPL is a better use case and even elastic search went back to agpl and a lot of these source available things are going to agpl
I am sure that big tech might be able to bypass agpl itself somehow and that's why there were things like sspl but I still think that agpl is one of the most rock solid copy left licenses.
https://pico.sh includes a suite of other services (some paid) but the business model doesn’t depend on prose in particular.
IMO - you are charging money for your app which makes you a business. When you don't listen to the market you forfeit any right to complain when you get your lunch money stolen. Sounds hard but most lessons in business are expensive!