Changelog Interviews – Episode #558

Open source is at a crossroads

with Steve O'Grady from RedMonk

All Episodes

This week we’re joined by Steve O’Grady, Principal Analyst & Co-founder at RedMonk. The topic today is the definition of open source, the constant pressure on the true definition of the term, and the seemingly small but vocal minority that aim to protect that definition. In Steve’s post Why Open Source Matters, he says “open source is at a crossroads” and there are some seeking to break the definition of open source to one that is more permissive to their desires, and they are closer than ever to achieving that goal. Today’s conversation goes deep on this subject.

Featuring

Sponsors

Convex – Convex is a better type of backend — the full-stack TypeScript development platform that lets you replace your database, server functions, and glue code. Get started at convex.dev

StatsigBuild faster with confidence. Startups to Fortune 500s rely on Statsig to make data-driven decisions. Ship smarter and faster with the unified platform for feature flags, experimentation, and analytics. Our listeners get free white-glove onboarding, migration support, and 5 million free events per month.

Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.

Typesense – Lightning fast, globally distributed Search-as-a-Service that runs in memory. You literally can’t get any faster!

Notes & Links

📝 Edit Notes

Chapters

1 00:00 This week on The Changelog 01:05
2 01:05 Sponsor: Convex 03:20
3 04:24 Start the show! 03:05
4 07:29 Recent events for context 01:35
5 09:04 Do developers even care? 07:34
6 16:39 JSHint project as evidence 04:43
7 21:22 The advantage of being "open soure" 04:58
8 26:19 The good will aspect 04:22
9 30:41 "Truly good coffee" as an analogy 03:56
10 34:37 Sponsor: Statsig 03:25
11 38:06 The open source definition needs to change 04:54
12 43:00 Help us AWS, don't hurt us 06:01
13 49:01 Microsoft's good will 01:47
14 50:48 AI licensing 03:58
15 54:46 Are devs becoming the minority? 02:05
16 56:51 Output is copyrighted? 01:09
17 58:00 30% of my code is AI generated 02:03
18 1:00:03 Microsoft will indemnify Copilot users 03:35
19 1:03:38 Sponsor: Changelog News 01:43
20 1:05:25 Steve on predicting the future 03:10
21 1:08:34 The OSI maintains the definition 05:53
22 1:14:27 How to NOT bait and switch 03:01
23 1:17:28 How does Redmonk maintain credibility? 04:45
24 1:22:13 Wrapping up 01:43
25 1:23:56 Outro 02:18

Transcript

📝 Edit Transcript

Changelog

Play the audio to listen along while you enjoy the transcript. 🎧

So finally, we have Stephen here to talk. Big fans of RedMonk and big fans of the recent posts you’ve put out there. We’re big fans of open source, as you know. We’re big fans to defend what open source is and is not, so that the line is clear. And we think that the line needs to be clear, because it’s just important.

And one thing you said from the “Why open source matters” post you’ve put out there, you said “From the sea of formerly open source, relicensed database”, which we’re aware of, “to Meta’s repeated poor behavior with respect to its open source licenses, to an as yet unannounced, but pending major releasing effort, to even the longtime open source standard bearer, Red Hat, flirting with the limits of license compliance, the definition of open source is besieged.” So let’s start there.

Yeah, so obviously, a lot to unpack there. A couple things off the top - if you wrote code, it’s your truth, it’s your right to decide on the license for that. Now, it’s worth looking at the companies that have relicensed, and it’s worth separating them into two groups. You have one group where 99.9% of the IP is code that they wrote, in which case they have the right to, as I said, license that however they like. It’s certainly legal; I think it violates the spirit of folks that have done this on a community basis, where the code comes from a bunch of different places, and it’s typically permissively licensed; developers from outside of an organization have contributed on that basis, and then that is unilaterally relicensed by a company… Again, they have the right to do that legally; I think it’s a different situation. Certainly, communities tend to react differently to that.

An example to that - so Mongo writes most of their software, they relicense it. Elastic took contributions from a variety of places, and you saw people in that community pretty outraged when they relicensed. So those are slightly different scenarios… But at the end of the day, if the license permits a relicense, then so be it. The thing to me, the sticking point in the piece that you referenced is if you’re relicensing the code to a non-open source license, just don’t call it open source. It’s not complicated. And that’s the thing that is immensely frustrating, because to your point, Adam, we need a line in the sand; we need a “Hey, this is open source, this is something where the code is available, but there’s some restrictions on it”, and those are not the same thing. And so myself, a number of other people that – you’re all familiar with Adam Jacob, and Matt Wilson, and so on… I’ve said this consistently, “Hey, just call it what it is.” And so far, companies are having a tough time doing that.

Yeah. So a few recent events, I think, help inform this conversation. We have Meta’s release of LLaMA 2, which came out with an open source-ish license… That said, pretty much it’s open for both research and commercial use, to do as you please, with this contingency - “As long as you’re not”, and then they put their restriction, which I think it was a certain size of user base. It’s basically like “Our competitors.” So that’s one.

[07:56] Obviously, we have the relicensing of HashiCorp’s open source projects to business source. And I think HashiCorp was clear in the way that they did that, as far as I can tell. So fair. But a major event, TerraForm going non-open source, business source. We have the release of Codecov by Sentry. The codebase for Codecov goes open source-ish, it goes business source, which is “open source eventually”, that’s kind of their phrase… They called it open source in the release announcement, they then changed it, and I believe apologized for using the word flippantly, or without discretion, perhaps… So that happened recently. We have Red Hat doing things… So there’s been a lot going on in this world… And then Matt Asay wrote a piece saying that all of this argumentation about definitions and what really is or is not open source is missing the point, because developers really don’t care, and they’ve shown they don’t care for years. And he actually had some stats that he went out and gathered and provided for that… Maybe we start right there. What do you think about that argument? …because I’m a developer, I’m in the open source world…

…I care.

Well, I’ve kind of come to a place to care, mostly through this podcast, more than I used to care before I was so well informed… Because I was kind of one of the people that just was like “Well, I’ve benefited a lot from open source. I should open source some stuff.” I went and looked at the licenses that they had, it was MIT, I put the MIT license online… But really, what I cared about was freely-available, out there to be seen… Source-available was important to me, because I loved reading source code… Hackability… Like, that kind of stuff. I wasn’t like firmly in the camp of “It must be according to the open source definition.” So Matt’s piece in that way identified me as a developer for many years. I’ve since kind of become more caring than I used to… But what do you think to that point? Like, developers don’t care; so is it just a few ideologues or passionate religious folk who have open source religion that care, and therefore the war is over, or we’re gonna lose? What do you think?

Certainly, that’s the argument. And with all due respect to Matt, who I think is a great guy, I find that argument nonsense, to be honest.

An example that I used in the piece that I wrote up is it’s like climate change. It’s like arguing that because your average citizen doesn’t care about climate change, that climate change doesn’t matter. And I think most people who understand the science and the implications of it would argue “No, actually, it matters quite a bit, regardless of what they think.”

So the fact of the matter is that developers don’t care, in large part because they haven’t had to, because of the definitions that we’ve had. And developers have been able to use this huge variety of open source software, from operating systems, web servers, containers, languages, frameworks… You know, pick them. We have this immense library of software that’s been available, and importantly, has been available under open source terms without arbitrary use restrictions. So it didn’t matter how many users your company had, it didn’t matter how much money your company was making… And that’s the thing, is that the argument from folks behind these licenses is “Oh, it’s not a big deal, the source is available”, which - great. Look, if I had a choice between a source available asset and one that was totally proprietary, I’d pick the source available, for sure. Because you want the right to inspect the code, you want the right to take a look at what’s happening. But the problem is that when you introduce these arbitrary restrictions, which the traditional definition of open source prohibits, all of a sudden things get complicated pretty quickly, because it’s not clear – first of all, if you’re using a bunch of these projects, okay, which restrictions apply to which license? In other cases, if you’re a developer, you may not have access to that. You may not have access, for example, if you work for a startup, to what your actual revenue is. You don’t know that. So how do you ensure that you’re complying with the terms of a license?

[12:12] So at the end of the day, it is – I don’t quibble with the argument that developers don’t care, I just don’t think it’s terribly meaningful. They don’t care because they haven’t had to, because of this definition. And unfortunately, again, kind of like climate change - that benign neglect, if you will, is not doing anybody any favors, in my view, at this point.

I agree that there’s clarity around open source, the definition, but there has been cause for developers to care with regards to selecting a project based on kind of the copyleft versus open source divide, even inside of open source community.

Because if it’s AGPL, for instance, some companies are just like “Well, we can’t use that.” Or if it’s GPL, they say “We can’t use that.” If it’s MIT, BSD, blah, blah… And so to a certain extent, I feel like even as – I was an indie dev, so I was just making decisions based on what was best for my customers, not what my boss at a corporation said… But I still didn’t want to back them into a corner unnecessarily. So I had to care a little bit, and I guess get into the weeds… But you think this is a different distinction than that.

I think it’s a different distinction, for a couple of reasons. First of all – so we obviously have a spectrum of licenses. On the one hand we have “permissive licenses.” You mentioned one of them, MIT, Apache, BSD… There’s a bunch of them. And those impose few, if any restrictions. A lot of times it’s a little more than attribution, in terms of what your responsibilities are in terms of using source code.

At the other end of the spectrum we’ve had copyleft. The most famous and notable example of this is the GPL, which basically says, in plain terms, if you use this, and make changes, and you distribute those changes, then you have to make whatever changes you’ve made available under precisely the same terms. You have to have a reciprocal relationship with the source code. You have to basically share; share and share alike, right? And so obviously it’s not – and then you have the MPL, which sits in the middle, and it’s like “Okay, if you make changes to certain parts, you have to change those parts.” So you have one end of the spectrum, the other end, and then things that sit in the middle.

That being said, those pertain to your responsibilities regarding the source code. The difference with a lot of these arbitrary use restrictions is that they don’t really have anything to do with the code. It’s all about who’s using it. What field are you in? How much money are you making? How many users do you have? And those responsibilities are very different… Because a developer can understand what your responsibilities are with respect to source code, but when we’re talking about arbitrary uses, they either don’t know in some cases, don’t have any control of that in other cases… And just as importantly, we have a couple of decades of understanding, as an industry, “Alright, how do these models like copyleft, or even more aggressive copyleft like AGPL?” So the AGPL closes what’s called the distribution loophole. So in other words, I could run GPL software on a network, for a website, and I’m technically not distribution. AGPL says “Look, if you’re using it in that fashion, you trigger the license, and you have to share your changes.”

So we understand how these work, we have an industry consensus of “Okay, this is how these things work”, and companies have learned to respect that. And really, what we’ve seen recently is a world in which all these arbitrary restrictions are coming up. And like I said, it could be revenue-based, it could be user-based… We saw a push a couple years ago for ethical licenses… So you can’t use this for XYZ fields of endeavor… And those conversations with people are hard, because it’s like, I can support all of these, or at least most of the ethical impulses behind them, and yet, they just don’t work in practice. You’re using the wrong mechanism. The licensing, in my view, is the wrong mechanism for what you’re trying to achieve.

[16:10] So the net of it for me is that there’s a meaningful distinction between the way that open source licenses have typically worked in terms of the copyright and how they handle that, and the arbitrary restrictions that are being introduced by the LLaMA license, the BSL, any of these licenses that are being portrayed explicitly in cases like Meta as open source, and yet or not, and don’t adhere to that definition.

I guess one piece of evidence to this point, is the JSHint project. Adam, do you recall this episode we did years ago with Mike Pennisi…

I do recall this, yes.

…who had to go around… So JSHint was a widely-used JavaScript linter, and it had the MIT license, except for at the end was the phrase “The software shall be used for good, not evil”, which is an ethical kind of a thing. But it was just an addendum, and that was out there. And when Mike Pennisi took the project over, there was lots of trouble where it couldn’t get adoption because that added vagary, or just question marks around the license, even though other than that –because how do you define good and evil, right? And he told us the whole story, how much work he went through in order to get that relicensed; he had to go back and find all the contributors from times past, and get them all to sign a thing… And it was a huge headache. He finally got it all done. That episode is called “You can finally use JSHint for evil”, which I thought was a good way of saying it… But I guess that’s an evidence of if you make it vague and confusing, you really are presenting a lot of challenges for a lot of people.

Yeah. Well, and that’s the thing… One of the things that comes up frequently in these licenses – and the concept, I think the first time I saw it was in the Commons Clause, which is now largely deprecated… It was this idea of “Oh these restrictions against usage don’t kick in unless you compete with me.” And then the obvious question is “Well, who defines that? In what way are we talking about competition?” Because that’s not always as simple as “Hey, we’re in exactly the same business.” If it’s “Hey, we do things that are sort of the same, there’s a little overlap”, now does the license kick in, or does it not? And I’m not a lawyer - I happen to be married to one - but I have spent enough time with lawyers, decades at this point, in this space to understand that basically if you… Let me put it this way - if you have a project that you only ever want individuals to use it… The good versus evil is a good example of this. If you don’t care about usage, license it however you want. But I think it’s difficult to make the argument at this point that usage by businesses has done anything but kick lots of money, and lots of jobs into the ecosystem. And if you have a project and you have wider ambitions for it, then one of the things you have to learn and that lawyers will tell you is that ambiguity just doesn’t fly. No enterprise is going to use a license that says “Yse this for good, not evil.” And a lot of enterprises won’t use it if it’s, as I said, “Hey, you can use this unless you compete with me.” Because I remember when the SSPL came out for Mongo; it was basically aimed at cloud providers. But then you have corner cases like, alright, large Fortune 500 organizations will frequently have kind of internal hosts, for lack of a better term, and they charge back to businesses. So they’ll run the infrastructure for somebody else. Does that apply there? Technically, if you read the license, it probably does.

[19:43] So that’s the thing… A lot of these licenses are ambiguous. The terms are arbitrary in that they vary from project to project, and company to company. And the end state of that is my concern, which is any one of these things, in and of itself, is – it’s not ideal, but it’s just a single project, a single company. But in other words, what we have at present, as we’ve talked about, is this huge wealth of resources that are licensed in a way that makes them available to developers worldwide, without these arbitrary restrictions. If you take the current direction of travel and project that forward, one of the potential outcomes is that we have massive, new, important projects, particularly in the AI space, that now each carry some weird, different license restriction that I now have to keep track of in ways that I never did before. And that is a world where, to the – and we talked about LLaMA at the top… You know, when I talk to people about this, they’re like “Oh, it’s not a big deal. It’s mostly open.” I’m like “Cool, but imagine a world in which Linux, or Kubernetes, or any of these things was usable by Facebook, but not Amazon, or Google, or Microsoft.” And maybe that’s a world that people want, but I tend to believe that we are better off as an industry when we have open source projects that are supported by the bulk of the industry. Not in every case, of course, but… Like, I said, if we fast-forward to a place where all these licenses become more and more common, and they conflict in varying ways, to me that’s a nightmare from a developer standpoint.

There’s an obvious advantage to calling yourself open source. And I think that’s the challenge here; the definition is becoming blurred, besieged even, as you had said, in regards to the advantage you get from being, in quotes, open source. And so some will want to blur the line for their own advantage, whether intentionally or unintentionally. There is an advantage to being open source, and that’s why there’s a desire to be open source, even though you’re not.

Yeah. [laughs] Clearly.

We have this conversation all the time, and I’m trying to remember who it was; I really wish I could remember. Anyway, but there was an exchange on Twitter, and we have that conversation literally all the time, which is “Hey, I’m open sourcing this.” “Cool. Which license?” “Well, it’s this one that we came up with.” Or “It’s an open source license, but we have these additional writers on it.” And we’re like “Okay, cool. That’s not open source”, and they’re like “Okay, but the source is available, so it’s open source.” No, no. There is a definition that’s been clearly established, that means certain things to everybody involved. And they’re like “But what do I call it?” We’re like “There’s a bunch of different terms. You can call it source available, you can call it open-ish, you can call it certain non-compete – you know, pick a term, as long as it’s not open source.” And they come back and say something like “That doesn’t mean open source. And developers like open source.” And I’m like “Exactly.”

[laughs] Exactly…

That term has value for a reason, and the reason it has value is because people have protected it for a long time. This is not the first time, this is not even the 1,000th time that we’ve argued about the definition of open source, and what it means, and so on. And unfortunately, as an industry, it’s a battle that we keep having to fight over and over.

Well, it reminds me of what Josh Padnick said, one of the guys behind OpenTF, when he was on the show a couple of weeks back, about TerraForm and his involvement, and the sentiment from the large group of people who decided to fork it. I asked him – because the bait and switch aspect of what HashiCorp did was a driving factor in their feelings, and I said “Well, what if it would have been business source from the start?” Because then you wouldn’t have the bait and switch, but you would not have had an open source project, you’d have had a business source project from the very beginning. And his statement was “We would have never invested like we did around a business source project.” The fact that it was open source was why they got thousands of developers, and probably tens of thousands of hours of labor put into the project, because of the goodwill that exists with an open source project. Business source is very close. I mean, it’s even open source eventually, as they say… But it’s not the same thing. And so people see the difference. And so they really want it to be the same thing, because yeah, you can have your cake and eat it, too.

[24:06] Yeah. I’m I tend to be very outspoken on this, but the open source aspect of the business source license to me is – that’s just a fop that people throw to themselves to make themselves feel better… Because – you know, when was the last time you talked to a developer and said “Hey, here’s a project. Do you want to go use a version that’s two, or three, or four years old?” No one wants to do that, ever, in which case – I mean, I guess it’s better than nothing, but to me that’s not a meaningful contribution, because no one wants super-old source code. That’s just not the way it works. And really, what we’ve seen from a direction of travel standpoint is that the “bait and switch model” has just become normalized to a degree, in the sense that you use open source to get to a certain point where you’re, for a lack of a better term, too big to fail, and then you sort of rug-pull and switch the license to something else. And the community typically just sort of continues on, because they don’t have an alternative, or in some cases, in extreme cases, like OpenTF, they sort of band together and fork. But the difficulty with that is that the odds are against those forks; they don’t tend to work most of the time. So jury’s out in terms of how that works…

Yeah, we’ll see what happens.

Yeah. But that’s the thing, this is a pattern which has become more and more common at this point. A lot of these companies got where they were, most of the companies, in fact, got where they were because of the permissions and the freedoms afforded by the licenses… And then as soon as it is to their advantage to change those terms, so that they achieve exclusivity, or so that they prevent the competition from certain specific competitors, typically cloud providers, but it could be – you know, Hashi was not pointed to cloud providers, they pointed to other resellers, and so on… They change the terms of the license, and they expect the communities to just kind of be okay with that and a lot of them aren’t.

Well, speaking of Hashi and cloud providers - Google just announced a big managed offering, with a managed TerraForm offering.

They did, yeah.

Yeah, just today, or yesterday. They didn’t mention them in their stance, but they’re definitely probably feeling it from all sides.

I was just gonna echo what you said, was the goodwill aspect. I think there’s a big – I mean, you see that in a lot of aspects, this term goodwill. Like, if you’re in a relationship, marital, friendship, whatever it might be, the goodwill between that relationship is that you’re not intending harm. And then obviously, these companies are building on top of the goodwill of the community. And the goodwill essentially is not just – it’s kind of spear-led in some cases, but it’s as if there’s no harm intended. And whenever you change that definition, or you want to relicense to something else that transitions from a goodwill scenario to a not goodwill scenario… It’s like “Well, as long as it doesn’t hurt me, I’m okay with whatever happens here.” But it can hurt you, because it restricts, in the case of – I’m thinking back to Josh Padnick and OpenTF. Like, I would not have invested in this thing if it were licensed as X, because there was no goodwill towards me. But because it had goodwill initially – and that term, goodwill, I think is key, because that’s the clarifying factor in the whole reason why open source works and why it has its advantages, and why folks want to leverage the term open source, is that that goodwill was present. And then in a non-open source, masquerading as open source license, like BSL, for example, is not goodwill-focused. It’s selfish, right? If you think of it in relatable terms, in relation terms, it’s not goodwill. It’s selfish. It’s narcissistic, in a way, even. Like, as long as it doesn’t hurt me… And I get it; in these cases, they are businesses, and they want to continue to operate and thrive, and they want to use a license that allows their code to be open, allows contributions… But back to what you said, Steve, it’s like, just don’t call it open source, because that’s not what it is. It doesn’t have that goodwill nature that truly is open source thrives upon. And so if it doesn’t have that, it can’t be open source.

[28:16] Well, and I think it’s actually that sort of goodwill, and I would add into that the trust. I think it’s sort of multi-level. Because in other words, we tend to think about it on a purely, on a single, on a per-project or per-company basis. So that’s typically how we look at this, think of this, etc. It’s like “Oh, hey, what does it mean in the context of this project?”

So when we talk to vendors, and I’m pretty sure every vendor that has relicensed has talked to us first - at least to brief us, and say “Hey, here’s what we’re doing.” And one of the things that we hear in those conversations is “Hey, this is not a big deal. Our community will be fine with it”, and so on. Which - that’s not typically how it plays out, but some communities care more than others. But again, as we talked about earlier, it’s selfish in the sense that they’re looking at it purely from the perspective of their company, which - look, you have shareholders to keep happy, and everything else, I get it. It’s this kind of capitalism at work. But the reality is is that in the aggregate, the behavior is extraordinarily problematic. Because basically, if one company does this, it makes it easier for the next company, easier for the next company, easier for the next company… And ultimately, we end up in a world where the stack that you’re gonna be working with is like “Okay, I can’t use that piece, because we might compete with them. I can’t use that piece, because we have too many users. I can’t use that piece because we’re at this revenue level”, or “I can’t use it because I don’t know how many people we have, or I don’t know any of these…” And for me, at least, RedMonk is a firm that we consider our first and foremost responsibility to be looking out for developers, frankly, even on things that they might not care about themselves, to try to say “Hey, look, you’re in the trenches, you’re building things day to day, you are concerned with what you’re building day to day.” You are not saying “Hey, what happens if this–” That’s not what you get paid for.

So that’s kind of our responsibility, is to take a look at “Alright, hey, what’s happening here at scale?” And the way that we put it to developers all the time, it’s like, hey, if you’re in traffic, our job is to kind of orbit the Earth as a satellite and say “Okay, we have traffic over here, we have traffic over there”, because we’re trying to watch these larger patterns. And so yeah, I think it’s certainly a self-motivated behavior, which is, again, sort of understandable from a capitalist standpoint… But a lot of things within capitalism - and I say this as a capitalist - it definitely introduces some problems when you scale up. In the aggregate it’s not a great thing.

The “don’t care” aspect that Matt Asay brought up - I’ve been thinking about this as we’ve been having this conversation, so bear with me if this analogy is not perfectly on, but this is somewhat how I feel about it. And my story is almost like coffee, you know…? I’ve been a coffee drinker my whole life, and the majority of my life, I always wanted to have good coffee. But only until later in my life that I understood what good coffee really was, and began to truly care about how to make good coffee. And so for a while there, I was drinking - and no offense to the Keurig drinkers out there, or even Nespresso… If you’re drinking that, it’s not truly good coffee. It is coffee, but it’s not good coffee. And as a coffee drinker, sometimes you just want to have coffee, right? As a software maker, you sometimes just want to have software. And you can just use it, because it’s open-ish, or it’s source available, or it’s truly open source… And you just don’t care, because you can use it. But only when the rubber meets the road, when you have to have good software, or good coffee… And I’m not sure if good software translates very well in comparison, but the point I’m trying to make is that I didn’t truly care about good coffee until I truly understood what good coffee was. And then I began to care about just-in-time grinding, and I cared about water temperature, and the pH balance of the water… Just the different aspects. Then I began to care. Basically, when the rubber met the road of good coffee, then I cared.

[32:00] So I can kind of understand your sentiment where you have developers who just do their job. And I get it, you want – like Jerod in the past, or Jerod currently, with more care, you want to have access to good software out there, that you can use in ways that benefit you, and those that you’re trying to serve in your job.

And maybe you really don’t necessarily, “care” that it’s open source by definition, but when it really matters, protecting that customer, in Jerod’s case, or the company that you work for, protecting that company. When it truly matters, you do care, and you will care. Just in that moment. It’s sort of delayed care, or - I think you said before, I forget what the word was, but benign concern for essentially this care. Like, you do care, but just not deeply, in that moment… And my analogy really is just good coffee.

You just wanted to talk about good coffee, didn’t you?

Yeah, sure. Why not, right?

I’m down with that… [laughs]

I think, honestly, you just have to remember both ends of this. You have to remember what it was like to be somebody in the trenches as a developer, and then you have to understand “Okay–” In the example that I’ve used for people - very early in my career, I was building a medical records system, so that doctors could sit at home and pull up medical records. And a bunch of these MRIs and CAT scans and everything else were in some really weird, obscure – I think it was tif… Anyway, some weird graphics format, right? Browsers could not display it natively. So it needed a plugin. And I hunted across the internet, I was like “There has to be one.” And I found one, and I was like “Cool! Hey, this does exactly what we want. Here are the images.” And then it goes up to senior management, and like “What’s the licensing for it?” I was like “No, no, you understand. I got these images displayed. Do you know how hard this was?” And they’re like “Yeah, except we’re rolling this out for a customer, and so we have to know what the license is.”

So that was truly an instant for me in my career where it was like “Look, I’m focused on the problem here. This is a super-hard problem to solve. I couldn’t do this; this thing does what I need it to do.” But at the end of the day, from a business standpoint, there has to be somebody in place to say “Yeah, we actually have to care about that.” And we ended up having to get a different one, because - I can’t remember what the licensing complication was, but basically, it was a non-starter. The client was gonna be – like, day one they roll it out, they’re screwed, legally.

So like I said, I have empathy for developers that don’t care, because I’ve been you, I’ve been in your shoes… But I can tell you with the benefit of a little bit of experience between now and then, and like I said, hundreds if not thousands of conversations with lawyers… As much as we might hate it, this stuff matters, and that’s the problem.

Break: [34:30]

So we all agree that if it doesn’t fit the open source definition, it’s not open source. Stephen, what do you say to folks who say “Well, the definition of open source is old, and too constrained, and times have changed. Back when it was written there was no such thing as AWS, there was no such thing as LLaMA, or AI models… And it needs to change with the times. Because we’re trying to be open source, but we’re getting our lunch eaten by large corporations taking our stuff and rehosting it”, or whatever they say, and “we need to expand what open source means, so that we can have a broader tent, and still have clarity, but just have more of us fitting inside of that definition.”

Yeah, so again, there’s a lot to unpack there. So looking at it from a commercial angle, it’s been interesting that a number of times people have argued that “Oh, hey, this cloud stuff is a brand new frontier, and people can pick this up and run with it.” It’s like, it’s happened kind of forever. Commercial entities… I mean, how the – was it the networking stack? I think Windows famously was BSD licensed, right? And so companies have been picking up the stuff forever, and sort of selling it. IBM, for example, picked up and replaced, and basically deprecated their own web server, because they’re like “No, the Apache one is just as good, if not better.”

So these models have been around for a long time, there’s nothing new about that. And from a cloud standpoint, really the argument that I always make is that there are two different ways to look at it. One which is, in the early days in particular - I can’t tell you how many conversations I had with particularly people in the database space. And I was like “Look at the growth here from a managed database standpoint. You have to spin up your own managed database, otherwise other companies are going to do it for you.” And it took some of them a lot longer than it should have. And sure enough, they’ve done that, and guess what - the businesses took off. So in Mongo’s case - I’ll get the numbers probably a little wrong, but it was about 10 years for them to hit a 100-million run rate for their on-prem business. They did it in like two and a half from a services standpoint. So option number one is spin up your own services business, and oh, by the way, you can differentiate your own software in the services business by releasing adjacent features, features that maybe don’t make it back to open source… You can differentiate pretty easily when you do that. So there are easily ways to compete on the cloud front.

And then the other piece of this is that – well, I had a conversation with somebody a while ago, which is “Hey, nobody wants to see their work picked up and just used and repurposed.” And you’re like “That’s what the licenses permit, right?” I mean, that’s just how this works. If you don’t want that, then great; don’t release under that license. It’s pretty straightforward.

[41:26] And the thing that a lot of the companies really don’t want to hear as well is that they want to exclusively monetize an asset… Which - again, you wrote it, you want to capture the maximum profits. But the interesting thing that we hear all the time is “All these companies can’t make money, because they’re competing with cloud.” It’s like, yeah, they’ve gone public; they’re multibillion-dollar companies in many cases, while competing.” When they change licenses, they’re already multibillion-dollar companies. And it’s like, okay, really, what are we talking about? No, they can make money, and in many cases, the de facto anointment of these companies as market leaders – so in other words, if you’re AWS and you pick one of these companies and you spin up your own instance, what you’re telling the market is that “Yeah, we’ve looked at all these databases, search, whatever it might be, we’ve looked at all of them, and we think this is the best and most popular one.” So on the one hand, that sucks if you’re the company that’s being competed with. On the other hand, it is a lot worse to be one of the competitors. Because you’re like “Oh, wait, so I’m not as popular? I’m not the kind of opportunity that AWS is even interested in?”

So that’s the thing, there are ancillary benefits to the cloud companies, competing with these companies. Anyway, you try to have these conversations with a lot of the vendors and they don’t really go that well… Perhaps not surprisingly. And if you talk to the investors, it goes even less well. Those are typically not terribly productive conversations.

What’s stopping a company like that in this scenario, where their database is chosen to be an AWS service that spins up, and it’s like “Wow, we’re blessed by AWS, but now we have to compete”? What’s stopping them from literally going to AWS and saying “Hey, I know you can use this open source software we produce. Thank you so much for believing in our hard work, and deciding to make it an AWS service. But what if you helped us? What if we made a business deal where you could totally go and just use that with no payment to us, no funding to us whatsoever, and you could just do it free and clear, because that’s how open source works? But what if you also respected that ability, but also said “What if we helped fund XYZ company that produces this phenomenal database, that you clearly want to leverage for your customers’ benefit? What if you helped us through a business deal? Our software is still open source, you can totally go and never make this deal with us, but what if you did, so that we can continue to make this software amazing and keep the open source spirit alive?” Is that just a non-conversation happening out there? Is that happening and they’re like “Nah, we’re not gonna do that”?

Honestly, I think it’s mostly politics. It’s mostly the fact that these companies - and in more particular their boards are aiming for exclusivity. They don’t want to share the pool. You could sort of make the argument on paper, like “Hey, look–” Like, to your point, “If you worked in concert, you can have 100% of–” I don’t know, make up numbers; like a $50 million market, or you can have 80% of a $300 billion market. Right? That’s not the conversation that most of them are having.

I think that could change, in the sense that I think you could see some movement on the part of the cloud providers, which are looking at this and saying “Alright, do we really want to maintain forks indefinitely? Do we really want to be at war?” So over the longer term there’s some potential for some changed dynamics there… But for better or for worse, the reality in most cases is – you know, the dynamics of any partnership, set open source and clouds and so on aside, the dynamics of any partnership are complicated, and they’re hard to maintain; there’s a lot of moving pieces, and a lot of times it’s something as simple as you get to the five-yard line with a deal, and then somebody takes a new job. Right? And that partnership is now back to square one.

Yeah. Been there.

It’s the worst.

So there’s nothing on paper that says that that can’t work as an approach, but just the political reality within most organizations at this point is that I think it’ll be a little while before we see that playing out.

One interesting side effect in AWS’es case in particular is that they’ve kind of become this open source villain, to a certain extent. Their reputation in the community is pretty tarnished because of what is completely legal according to the license, and a lot of us just think isn’t in the spirit of open source. Because Adam, your idea is more in the spirit of open source, of like “Contribute back to this thing”, which you’re saying resources as money. “Go ahead and provide your hosted offering and stuff, but contribute back in some sort of way, and we’re all good here.”

[46:07] But so much kind of – it’s not wolf crime, but so much, like you said, Steve, is that these large corporations set themselves up as David versus Goliath in the way they speak about it, and it’s not really the case; it’s like a mini Goliath versus a bigger Goliath is kind of what’s going on… But we still root for the underdog, and we still see what looks like injustice…

And so AWS does have, at least in my opinion, and in the way I hear people talk about it, not the best reputation in open source because of what they’re doing… And I wonder if that would be to the right VP, or to the right C-level executive something that would make them maybe change their approach, to a certain extent. I don’t know.

Yeah. To me, AWS is an interesting case, because they’re not where they need to be. And I think they would, at least privately, sort of say “Hey, there’s always work to be done”, and so on. I will say that the – let me put it this way… The conversations we have around open source today versus 10 years ago are 180 degrees. And I think the reality for AWS for sure, but frankly, Microsoft and Google to a lesser extent - they’re always going to be the bad guy, because they’re the big guy, right?

Sort of. But I think on the other side, Microsoft has repaired its reputation to a certain extent with open source.

Microsoft has done quite a bit, for sure. But in other words, when we’re thinking about the realities of running some of these open source projects at scale… I mean, let me put it this way - Amazon did itself no favors, nor did Elastic, for that matter, in the way that that whole thing went down. And I wrote this at the time, it’s bad for everybody involved, it does damage, and so on. But the difficulty is that, like everything else, from a reputational standpoint, have we seen changes within AWS? For sure. In other words, just purely in terms of staffing, the number of people who are involved in and contributing back to open source is, again, night and day different than it was a while ago. The difficulty is that once your reputation takes a hit - this is true obviously for people, as well as businesses…

…the recovery of that is going to be a process. To your point, Jerod, in terms of Microsoft - that was a decade-plus rehab, right? Because old Microsoft in the Ballmer era… I can’t tell you how many times we talked to folks over there and they’re like “Hey, we’re doing all these things for open source”, and I’m like “Yeah, but every time Ballmer opens his mouth, he sets you back 10 steps.”

[laughs] Yeah…

And you have a new leader in Nadella, and they’ve done the right – not in every case, of course, but they have done better than they have for an extended period of time, and the reputation’s recovered… And jury’s out; will we see that in AWS? Who knows. But could it be better two or three years from now that it is today? I think potentially, yeah.

And they’re still fighting that fight. I mean, they haven’t fully recovered. I mean, they’ve recovered quite a bit, Microsoft-wise, to the dev community… But I would say the one thing they do show - what you’ve just said that they don’t always get right - is they’ve shown goodwill in the relationship of Microsoft to the community of developers. They’ve shown that they have intentions to respect and to play fair, in ways. There’s ways that they don’t play fair, but they’ve shown – I think in this change what has come out is the idea that they intend to be good for everybody.

I think what ultimately matters is that – honestly, I guess I’d less use the word goodwill, than just being smart about how and where you interacted, being sort of upfront. A decade or more ago companies were coming to us and saying, “I don’t understand IBM has a good reputation with open source”, and “Hey, they’re doing these things that we don’t agree with”, and it’s like “Right, but they’re transparent in terms of what they’re doing.” They’re setting expectations upfront, they’re doing things like “Hey, we’re gonna invest a billion dollars in Linux.”

[50:05] So there was no Kumbaya, like – you see companies try this from time to time, it’s like “Oh, we love open source”, and it’s like trying to evoke sentiment and emotion and so on as a company. It’s very difficult to do. The thing that you want to see more from companies these days is “Okay, just understand where open source fits with your business model, do the right thing as much as you can, and try to respect the communities and the projects involved.” And that doesn’t mean that you’re going to do what the community wants every time, it doesn’t mean that you’re going to do what the community wants most of the time. But if you are basically consistent in your approach, and like “Here’s how we’re going to do things”, you set those expectations, more often than not you can keep yourself not out of trouble, but at least at out of major trouble.

When we think about licensing with the data model world in the world of AI, it seems like it’s getting more complicated and different… And I wonder if the open source definition even applies there. I mean, we don’t use it to talk about a novel or an article; we use different kinds of licensing for that kind of stuff. I do follow opensource.org RSS, I do see them talking, they’re having meetings about artificial intelligence. I don’t really read the details there… But are they working on new licenses for this kind of stuff? Because it is kind of a different thing. There’s code involved, but there’s also data just there, and… I don’t know, what are your thoughts on that?

Well, honestly, to me that’s kind of the Wild Wild West. You’ve actually had Luis Villa on before; those are the people that– the people who are lawyers, are trained, I look to folks like that to try to understand. Dan Lindbergh is another guy that I pay a ton of attention to in that space. The AI side of things is, honestly, fractally more complex. Because it’s not just the training data; then you get into the weights. It’s like, “Okay, it’s basically a string of numbers… How do we license that? Is that even licensable?”

That’s one of the fun things from an AI standpoint; we get asked all the time, licensing implications, right? And honestly, it’s like a new question or a new brainteaser every day. I was trying to remember the Supreme Court case which came out; I should know it… But anyhow, it came out recently, and it’s like, now there’s some question as to whether output from AI systems is copyrightable. It’s like, everything, all my focus has been on the inputs. So in other words, is it legal, for example, to consume training data? Is it legal for companies to use these products, these trained products and so on? And have the additional question of “Okay, I use one of these products, and I output something. Can I copyright that? Or is that a transformative?”

So all of which is to say is that AI is going to challenge the assumptions and the basis for a lot of these licenses, and I don’t have any idea how that’s gonna play out. And frankly, the market doesn’t as – you know, one of our standard responses to “Hey, what’s the legalities the system?” I’m like “I don’t know, look at this case. Look at that case. They’re pending. We’ll know more when that’s resolved.” So yeah, the data side of things is – it’s a brand new frontier, let’s put it that way.

Yeah. I wonder if the merging of that world with our world, as software systems get significantly more complex, and they’re probably weaving in and out of them different inferences from models here and there… If that will further muddy the water of what open source is.

Well, I think it might further muddy the water of what open source is, but in other words, at a minimum we’re going to have to come up with new ways to do this. A number of years ago there was a business I was talking to that – I probably shouldn’t say which. Anyway, they had these dramatically oversized memory allocation for a distributed system. And I was like “What the hell’s going on? You don’t need this much memory.” And it turned out that they had two different datasets that they were not allowed to combine, except that their lawyers had determined that when they’re in memory together, they’re not technically combined, because they’re not on a disk. And I was just like “I don’t – yeah, what?!”

[54:09] So I guess my point is I think what we’re gonna see from an AI standpoint – and this is all pre-AI, at least the more recent AI boom… I think what we’re gonna end up seeing is that we’re gonna have to see the evolution of more approaches, and I think what we’ll end up seeing as men think is – well, maybe one possibility is that I think we’ll end up seeing the creation of a new class of licenses or licensing that applies to these AI weights, models, data, training data etc. Because it’s going to have to be its own brand, its own thing.

I’m with you, Jerod. I was considering the same question, like “Does –” Because the AI world is almost mainstream, whereas developers is still sort of niche, you know? AI brings in a lot of people to the room, not just developers. And if the contents of the room gets bigger, and developers become a minority, or those who care about open source, its definition and the whole reason we’re having this conversation because the three of us do care - if because more people come into the space that blur the lines of what open source means, and say “Well, we really need a new definition here”, or whatever it might be. Like “We need a different license”, I just wonder if that influx of folks won’t outweigh us screaming “Hey, it matters! It matters!” Because they just take over in numbers. We become a minority and they’re a majority, because it’s just so much that – AI has just become so mainstream this year, almost in an instant.

Yeah. I mean, my hope is ultimately that we leave those sorts of decisions to policymakers. And I say that reluctantly. But in other words –

Yeah, I’m not sure… Have you seen the questions they ask at these hearings? [laughs]

Yeah. I mean, you need people who are trained, right? I have, obviously, as we’ve hopefully demonstrated over the course of this episode, I have very strong opinions on licensing, and how it should and shouldn’t be done, and definitions and all that. When it comes to AI, I’m still learning. I spent the past couple decades understanding “Alright, how does it apply to source code? What are the mechanisms? What are the levers?” and all that. With AI, it is – so in other words, what I try to do as somebody who is responsible for researching or writing about the field is take a step back, “Okay, what are people who are trained in this, what do they see? What are they thinking? What are their opinions?” And when it comes to your everyday average user of, frankly, any of these generative systems, as an example, whether it’s ChatGPT, or Midjourney, or what have you, my hope is that they don’t try to be lawyers; like, leave the licensing to lawyers… But I don’t know, maybe that’ll play out about as well in AI as it does in source code, so… We’ll see.

The output argument though is an interesting one. Considering the copyrightable nature of the output, I think, is quite compelling, because we have all been focused on the inputs and what makes up the possibility of even the generative, and then not so much what is generated. Because as a user of it, I don’t want to be restricted on what I can do with it, because that’s the whole point of using it in the first place, right?

But at the same time, I understand the inputs - to some degree, or many degrees, obviously - have an implication to what is output. But I think – yeah, it is absolutely a Wild Wild West. I’m just thinking of recent usages, and if I had to somehow adhere to a usage license of what I’ve recently generated through artificial intelligence… But it’s also part of my ideas too, because I’m probing it, and because of its input, what it has available to it… It’s a dance, in a way; it definitely is a new creation. But as a user of it on the daily, I would be pissed and upset and sad if I had to somehow adhere to restrictions or licenses of how I use what I generated with.

[58:01] So a typical developer day says 30 – even just John Evans recently on our show said “30% of my code is now written by Copilot.” And so does that mean he only has a 70% copyright on his finished product? What does that mean? [laughs]

Well, I mean, what does it mean for an individual, but what does it mean for business?

Well, yeah, of course. Totally.

For example, if you’re using it to write high-speed trading algorithms. Do you not own the copyright to that? Like, if somebody takes that and walks out the door, is that fine, because it’s not copyrightable? I don’t know. So yeah, the AI licensing, like I said, is fractally complex. I don’t understand how this is gonna play out. But fortunately, I’m not a lawyer, so I’m not the one who has to figure it out.

At the practical level, where we actually put our license in our projects, for instance, it might play out similar to how we do with creative assets now, where you’re like “Code is licensed under this license. Assets are licensed under this Creative Commons license.” Maybe it’s like “Data models are licensed under this other thing.” And so you just have multiple licenses for like subsections of your system. I’m just thinking about how an open source maintainer might put together their project in the future world where all these things are involved in a piece of software. Maybe that’s just a matter – I know there’s OpenRAIL, and there’s a bunch of other things going on with… And I just subscribed to Luis Villa’s newsletter and hope he can keep me up to date like you, Stephen.

That is excellent. And anybody listening, if the AI license thing is of interest to you, you have to subscribe. What is it, the Open-ish…?

Open-ish Newsletter.

Yeah, .ml, I think… Anyway.

Yeah, something like that. We’ll link to it in the show notes. My only complaint with Luis is that he does not publish enough. Come on, man. We need more.

Poor guy’s got a day job.

I know. He has these very long monthly, or even less than every month, and I’m like “That’s a lot to read.” But I can read smaller chunks, in smaller cadences…

That’s fair.

So that’s me vouching for how good it is, in a weird way.

We should get him back on, it’s been a while.

Yeah. It has.

Yeah, definitely get him on to talk more AI. That was a great episode, I loved that one.

Thank you.

I was trying to search the GitHub blog for this, but I thought I saw recently something about them defending Copilot copyright, or something like that… Does that ring a bell to either of you?

Yes. So Microsoft – I wasn’t briefed, but I saw presumably the same article. Apparently, they are in a position where they’re basically going to indemnify users, which is a big, big deal, at least from my perspective. Because it’s one thing to say “Hey, our lawyers have determined it’s fine for you to use this.” It’s a different thing to basically step up and say “Yeah, if somebody takes you to court, we will indemnify you.” That’s a step change in terms of your level of responsibility for the output. And if nothing else, it’s a signal from the company that they feel pretty good about their legal footing. Because what they don’t want to do is run around and indemnify a ton of customers. That’s not that good business for them. So I won’t gauge the outcomes from a legal standpoint, but I think that’s certainly a pretty strong market signal that they feel good about their chances.

That reminds me, Jerod, of your recent episode on JS Party… Elon Musk, and the licensing, and would you get sued for your tweets? I’m paraphrasing the conversation, but that was hilarious. Headlies or headlines…

Yeah, he guaranteed that he would – what did he say? He says so many things, you can’t keep up with them all. He said something along the lines of they would pay legal fees for people whose bosses are mad at them for their tweets, or something. I think it was just a flippant thing that he said, but another, of course made news…

Yeah. I think, like a lot of things that come out of his mouth, the lawyers somewhere were probably like “Oh my God, no… Please, no…”

[laughs] “Please don’t hold us to this…”

Yeah. Microsoft’s a different deal.

Microsoft - yeah, they probably had a more calculated statement.

So this indemnification… Was that from Microsoft, or was that from GitHub? Because I couldn’t find it on the GitHub blog, so I think it was from Microsoft.

I’d have to go back and look. I believe it’s from Microsoft. That’s my recollection.

[01:02:02.16] So that means that – that’s even blurring the lines between Microsoft and GitHub too, because Copilot is a GitHub product. It’s owned by Microsoft, but it’s a GitHub product.

Yeah, yeah. But Copilot has also surfaced up in Microsoft projects as well.

That’s true.

…and that’s going to be their brand, right?

So Copilot is – frankly, it’s like it is for some…. You know, Google does this with Duet, right? Duet is their brand for their generative AI – or I should say, their conversational interface, right? It’s in all kinds of – like, Workspace, and GCP, and all these other pieces. So yeah… Because in other words Microsoft, if they want to leverage that technology, they have to make a decision “Is this legal or is it not?” And clearly, they’ve come to the – I mean, they have come to the conclusion it was, because otherwise you don’t release that project, and invest in it what they have. But like I said, there’s a difference between “Hey, we’re going to do this and hope it’s legal”, versus “Hey, we’re going to indemnify people.” And you’ve seen this historically in open source… I’m trying to think of an example where customers have said “Okay–” You know, this is like going way back, with the scale license issue with respect to Linux Kernel; one of the questions was like “Hey, will you indemnify us?” And it was really difficult, even for companies that were like “No. Hey, legally we’re on solid footing.” If you were a smaller company at that time, which most of the open source companies were, indemnifications, like - how would you do that, practically speaking? You just don’t have the resources. So the point is is that from a Microsoft standpoint - yeah, when I saw that, that was a pretty big deal.

Break: [01:03:34.15]

So Steve, do you like to predict the future at all? Is that something you do as an industry analyst?

Yeah, so if Brian Cantrell happens to listen to this, he’ll get a chuckle out of this… So for many years I did these predictions at the end of the year, and I did pretty well; it’s like 60%-70%. And Brian noted that my predictions were a little safe… So then I was like “Okay, I’ll take some shots”, and I predicted some things, and my accuracy was not so good.

So then the good news is that I had a kid - she’s gonna turn eight in November, and it was like “Oh, I don’t have the time. I’m so tired. I’m trying to do too many things.”

[laughs]

So it’s been a couple of years since I did predictions, but…

Okay. Well, I’ll allow a safe one here. What I was thinking is one of the things that you say in the post is that open source is at a crossroads. And I thought that was true, and I thought “Hey, it would make a good title for this episode.” We’ll see, when the minds combine between Adam and I, what we come up with. But if it’s at a crossroads, you’re gonna go one way or you’re gonna go the other from a crossroad, so I’m curious what you think the trend is. Where is open source headed? Are we going to have more munging of the term? Are we going to have more things that are open-ish claiming to be open source? Are we gonna have it like resolutely defended, and these things will be clearly delineated that they’re not open source? Where do you think it’s headed, if you had to project a little bit?

Yeah, so let me tease that apart just a bit, in the sense that the direction of travel, I think, from the standpoint of commercial open source licensing is pretty inarguable at this point. We’re gonna see more of this, right? Either the “bait and switch” model, more companies are going to relicense their assets… I don’t think we’ll see companies start with DSL and so on as much, for the reasons that we talked about earlier. I think Adam mentioned this, where it’s like, yeah, I wouldn’t have started if it was licensed that way. Right?

But, in other words, if we’re having this conversation three, four, five years from now, are there going to be more of these companies who have relicensed, the answer to me is – I don’t see how you build the argument otherwise. Which, like I said, I don’t think that’s a great thing for the industry, but again, companies have the right to do what they will.

The bigger question to me is “Does the open source term itself get munged?”, to use your term, Jerod. My hope is no, and at least – I will say this; having put out the piece, I’ve been having a lot of conversations since. I’ve talked to people who didn’t care before, and they don’t care necessarily now, but they at least understand “Hey, okay, I can understand that there may be some issues with that.”

I’ve been in this industry too long to be hopeful about the ethics involved in terms of people getting together to do the right thing from a licensing standpoint, but… Yeah, like I said, I think we’ll see more relicensed assets. And if I had to bet, I would probably bet that the term itself is pretty damaged a couple years from now.

We’ve spent this whole conversation not mentioning the OSI, though. I think if anybody’s going to defend it, they would step up and defend, right? They maintain the list.

Yeah. I mean, the OSI maintains the definition… I’ll put it this way - I think the OSI’s biggest issue for many years has just been staffing and funding. They just haven’t had the resources to do the kinds of campaigns that you need to do. You have individual voices out there, who are basically saying “Hey, this is the problem. Here’s why”, writing pieces like the one that kicked off this particular conversation… But that’s not enough. We need a more systemic campaign.

The OSI has done has been more aggressive on this front recently. I was on, I guess, a webinar with Stefano from the OSI, last month or two months ago, after the LLaMA news broke. I think he’s done a good job trying to uplevel the industry just from a visibility standpoint… But like I said, they’re just not resourced. In other words, when you have a company with the resources of a Meta running around telling fleets of journalists “Hey, I took this thing that’s not open source, and have been calling it open source and the journalists - I don’t blame them. In other words, the tech press is hard-pressed these days. 20 years ago you had people who’d been on the beat for a while, and they knew the industry in many cases as well as analysts did. Now they’re covering way too much, and they can’t keep track of these nuances. And so when you have Meta, companies that size running around, misusing the term, it’s very, very difficult for an organization the size and scope of the OSI to combat that. So my hope is that they’ll get more support from folks that are in the industry, and believe that term matters… But we’ll see how that plays out.

Well, you left us on a dour note, Steve… I don’t know how to – how do we recover from here? [laughs]

That’s the problem… Every one of these conversations I tend to have, people are like “Oh, you don’t seem that optimistic.” I have said this many times, there’s this meme or stereotype as analysts, who are like “Oh no, I know everything, and I know exactly how things could play out.” It’s like, no. Not us, not me. So I’ve been wrong before, I will be wrong again, and hopefully this isn’t one of those times. But as somebody who has been publicly saying the things that I have, and privately – and I can’t tell you how many conversations I have had, individuals, companies, projects, foundations, agitating on just these issues. The direction of travel is – it’s tough to see, because like I said, on the one hand you talk to a company, you talk to an individual, it’s like “Hey, it’s your choice. I totally understand it.” But in the aggregate… Like I said, that’s one of the reasons I use the climate change analogy, where it’s like “Hey, people have got to do what they’ve got to do.” And yet, at least up here in Maine, 9 of the 10 hottest seasons have been in the last decade. That’s probably not great.

I’m in Texas, and it was pretty hot this year. Hotter than Texas should be, that’s for sure. For sustained times. 90 days plus at 100 degrees plus. Now, obviously in the evening it goes down, but peak temperature of the day recorded above 100 degrees for 90 plus days… I mean, my grass is not grass anymore, you know what I mean? It’s crunchy stuff, as they say.

Yup. And meanwhile we have a hurricane poised to hit us this weekend, so…

yeah, that’s very – I’ve been watching that too, and… Yeah. Geez.

Yeah. Good times.

[01:12:05.07] Let’s focus on things we can control. We can’t control the weather necessarily; we can control, to some degree, how we influence the weather, in the aggregate, or maybe individually… If the OSI is important in this ongoing definition of open source, and even the defending of it, what do you know about them that we can do to – we’ve never had anybody from the OSI on this podcast, Jerod. We’ve talked to Josh Simmons, when he was, I think, still part of the OSI, but not in light of the goings on at OSI, by any means. So we’ve never had like a conversation.

Yeah. I’d reached out to Stefano, for sure, and see if he’ll come on. I’m sure he would. And at the end of the day, the difference between – one of the differences, I should say, between climate change and open source is that there are things that every developer can do. So in other words, just to understand and realize that you might not think this matters, but it does. It doesn’t mean you have to do anything… But also, part of it is that hey, maybe you push back when somebody says “Hey, I have this open source license”, and you’re like “Well, what is it?” and it’s like some weird non-commercial derivative. You can say “Oh, cool. Hey, I appreciate the source code, but that’s actually not open source.”
So that’s the thing… What can an individual do about climate change? Probably not a lot. You can make better choices from a household basis, and all that… But there are things that every developer can do. And if developers as a group sort of demonstrate that, again, not that everybody has to license everything in one way, but if they demonstrate that, “Hey, we care. These definitions matter to us”, even companies that are misusing the term will have to stand up and pay attention. So hopefully, that happens. And like I said, Stefano coming on I think would certainly help to that end.

Yeah. Well, they’re a 501(C)3. I don’t know if they do much funding rounds, or like donation rallies, or whatever you might call this call to action. I feel like if they’re understaffed, or undersupported, maybe that’s one way too to not so much be a Meta-size donation, but definitely – which is sort of a nice pun, in a way… That they can get support from everyday folks to provide their time, their attention, and obviously their vote that it does matter.

Yeah. That’s the thing. Yeah. I mean, every developer just sort of giving them attention, and basically acknowledging “Hey, this matters, and it’s something we should care about.” That’s a good thing.

If someone’s listening to this podcast, maybe they’re a CEO, or a founder of said company that may be considering a bait and switch in the future… They’ve got a permissively-licensed commercially open source software costs, that kind of company, whatever, and they’re considering “Man, we’ve really got to get some control here.” What do you personally say to someone in those shoes to consider with this choice? Do they go to RedMonk and say “Can we have you analyze our source code and our community?” What do you personally say to them in regard to this consideration of – they may not mean to do a bait and switch, but if they do the thing it would be, what do you say to them?

Well, that’s where it’s kind of tricky, in the sense that where – because our responsibility is to our client. We have to tell them what’s best for them. I tend to, in most cases, not believe that a bait and switch is the right way to do things. And certainly, I don’t believe it from an industry standpoint, as we’ve talked about. From a company standpoint… Basically my argument – we talked about this a little bit earlier in the show… It was basically “Look at your model.” In many cases, people are trying to solve business model issues with a license. And that’s not typically the way that, at least in my view, things should be solved.

So in other words, if you’re competing, for example, with – or if you’re poised to compete with larger clouds, what can you do to differentiate? Well, there’s lots of things, right? You’re offering your service, you need to offer service first… But then also, you can offer adjacencies, you can offer features that are not present in the open source code… And on the one hand that’s a bummer, because it means less open source, but on the flip side, if you’re still providing the code itself, the core code itself, unencumbered with these sort of complicated licenses, that’s probably a better outcome longer term.

[01:16:19.00] So yeah, there’s no one way to think about it. A lot of it depends on who wrote the IP, what is the precise license that you’re under, what is the nature of your community, what’s the nature of your adoption, what’s the nature of your market, and so on… So a lot of times we sit down with companies, and it’s just going through these and trying to understand “Alright, what’s your exact position, and what makes the best sense for you?” And to the extent that we can steer people away from it, great; we try. And yeah, I think I can say that the majority of companies that have relicensed, customers of ours, we tried to talk them out of it, I think the overwhelming majority of cases. And then once they’d said, “Okay, this is what we’re going to do”, then my job at that point is to try to provide the best advice in terms of minimizing and mitigating the impact on the community. “Okay, if you’re going to do this, here’s what to do.”

So for example when Hashi comes out and relicenses, but it’s very clear, to be upfront and set expectations, “This is not open source”, that is the type of advice that we’d give… Which is “Hey, if you’re gonna do this, there’s a way to do it that is less damaging than the way that some other folks do.” And so it’s a hard, complicated question.

How do you all maintain – and I think you have great credibility. How does RedMonk and you personally maintain such great credibility when at the bottom of your post you say “Disclosure: Amazon, Google, Microsoft and Red Hat are RedMonk customers.” Meta is not. You say that… How do you put such a good point out, that is against clients even? It’s not always for them… How do you maintain that line when you have customers and clients, and then your obvious opinion, as a company and individually?

Yeah, so you know, we decided pretty early on, within the first month, that you can’t go down the pay for play, your opinions for sale model, right? Because once you do that, you just don’t – we were talking about reputation earlier. Once you do that, you just don’t get it back, right? And so we have always tried to be, if anything, honest and transparent. We’re diplomatic about it; we’re not going out and posting hot takes on companies and so on… But in other words, if we think that a company is doing something wrong, we say that “We’re doing it wrong.”

We got an interview years ago, and it was like “Do you think you should be under less scrutiny from a transparency and an honesty, and ethical standpoint, than larger analysts firms?” And we’re like “No.” We’re much smaller. We should be under, if anything, more scrutiny. And they said, “Well, I don’t understand. How does that function?” And it’s pretty simple. We post a sort of list at the bottom, “These are the people who are paying us, and these people aren’t.” Developers, they may or may not care about licenses, but they’re smart. And if we came out and we’re basically consistently saying great things about our customers, and bad things about the people that aren’t paying us, then our reputation is gonna be gone pretty quickly.

So we’re fortunate… Clients are not always thrilled with the things we put out, but they also understand that that’s part of – it’s part of what makes us, hopefully, a trusted asset. We’re not coming out and just like “Hey, this is the greatest thing the world, because so and so paid us.” It’s not a model that works.

So like I said, we have certainly gotten our share of emails, like “What did you just write?” or whatever, and the interesting thing actually is that very frequently we’ll post something critical, and we’ll hear from a whole bunch of people within the company. They’re like “Yes, please keep doing that. Because I’ve been saying this, and no one’s listening…” So yeah, as I said, I’m sure we could make a lot more money if we just sold out, at least for a little while, until your reputation’s shot but that’s not the way we do things.

[01:19:52.23] Well, we feel the pain of toeing that line. We have similar – we’re not analysts, but we do certain examine and question and scrutinize players, you know… And some of those players decide to work with us through sponsorships or promotions, and some don’t… And we always say what we think and how we feel, with tact, of course and respect, regardless of the relationship. And we’re always clear about those things as well. But it’s tough, because like you said, you could make more money if you did x, but then you would have zero satisfaction, and no one would really trust you, and then our listeners wouldn’t really care…

One thing we have around here is “Listeners first.” So every decision we make, it’s listeners first. If our listeners don’t want to hear it, wouldn’t like it, whatever the scrutinizing point might be, then we’re going to reconsider that obviously, or consider it even more closely… Because our ambitions and our desire is for our listeners to always trust and enjoy the content we put out… And then that translates also to the sponsors that we decide to work with. Because sometimes, in most cases, we get the say no just so much as we could say yes. Like, we choose them just as much they choose us. It’s challenging to toe that line.

It’s challenging… I think the one thing else – you know, the longer that you do that, at least in our case… We’ve had a couple clients – we have, frankly, companies that have relicensed, that basically we said, “No, we don’t think you should do this”, and blah, blah, blah, and they’re like “Okay, cool. We’re out of here.” And the interesting thing is that they come back later… Not for that advice, obviously; they’ve already made that. But it’s like, I think if you provide a valuable service, not that you get it right every time, or not certainly that we’re right every time, as we’ve talked about… But I think people will ultimately come to recognize what you stand for. And they may get upset about things from time to time, but I think over the long haul, it’s really the – you know, the better bet is in being honest with your audience… Because like I said, credibility is everything to me in this business.

For sure. It’s not challenging to maintain our morals, by any means… But it is challenging in the fact that just doing business is challenging when you have challenge. I’m like a famous politician in that moment… Anyways, I digress. [laughter] What were you gonna say, Jerod? Anything else? What’s left?

Oh, no, I was just thinking that I literally could have – I said almost the exact same thing Stephen said days ago, to somebody, about this exact same topic… It’s just that I said I think at the end like “Well, we have to sleep –” You know, “We make a lot less money this way, but we do sleep well at night.” So that’s the choice that we continue to make, because we’d rather sleep well than roll around in short-term riches.

For sure.

Well, Steven, I just want to say thanks for coming on the show. It’s kind of a shame it’s been so many years and we’ve never had you on so far… So we’re happy to finally do that. We’ve been fans of your guys’s work for a very long time, and…

Yeah, right back at you.

…voice of reason, and sense… And I always – I’m nodding along all the time whenever I’m reading something that RedMonk is writing… So I appreciate you guys and your voice and the community. I think you’re showing us what we need to do. I think if we do believe that open source matters, and we need to protect it individually, or if we can act collectively, of course… But loud voices of logic and reasoning - more of those I think is kind of… They can’t hurt in this battle to keep the clarity that we currently have and enjoy. So that’d be my parting words. Anything from you guys as we close out?

No. Just a pleasure being on, and I had the pleasure of actually recommending you folks to one of our clients just the other day…

…because it’s a quality show. Happy to be on.

Thank you so much. I like what Jerod said; we’ve been fans for years now, and now that we’re friends to some degree, we’d love to have you back on more frequently, and get more mild takes, hot takes…

Well-reasoned takes… [laughs]

Well, hopefully the news is better next time than it is this time, let’s say that.

Yeah. Thanks, Stephen.

My pleasure.

Changelog

Our transcripts are open source on GitHub. Improvements are welcome. 💚

Player art
  0:00 / 0:00