By any chance are you familiar with Little Free Library (https://littlefreelibrary.org/), those public boxes for people to take or leave books? How would you feel if someone took ALL the books, repeatedly, and then sold them? Would you just shrug and say "well that's totally fine, why is it free in the first place?"
This behavior is antisocial, and completely destroys the offering/concept for everyone.
I have a bootstrapped software company with an open-core product. Meanwhile, a VC-backed startup that has raised over $100m of funding decided to use one of my core open source libraries (which they haven't contributed to in any way) for a critical component of their commercial product, which also overlaps with my product's functionality in some ways.
In response, I eventually made the difficult decision to archive that library's repo and moved its functionality into my main product in a way that prevented external use. So then this startup created a hostile fork of my library, and started to implement functionality that is only present in my own commercial product.
After that, I had to waste several months of unpaid time just to make their fork of my own library no longer easily compatible with recent versions of my own product. Some time later, finally the startup decided to abandon use of my library altogether and wrote their own similar library (which was undoubtedly much easier for them, being able to see all the edge cases my library already handled).
My lesson from all this: I will never create another new large open source product ever again. Too many sociopaths out there for the system to work at all. If I ever decide to make something source-available, I will consider BSL.
And before someone says "why not AGPL?", it is because many companies don't touch AGPL software with a ten-foot pole. My sense is that adopting AGPL for a brand new product typically causes the product to be dead on arrival. That said, I would honestly love to be wrong here.
If there are a lot of AGPL open core / commercial FOSS companies that have been successful, please share examples, I say this genuinely and without snark.
> How would you feel if someone took ALL the books, repeatedly, and then sold them?
Books are rivalrous and excludable goods. If you take all the books, then others can't enjoy them. Open source software is non-rivalrous and (mostly) non-excludable. This is the thing that makes free software possible. And it's also the thing that makes it unlike the book example.
> decided to use one of my core open source libraries (which they haven't contributed to in any way) for a critical component of their commercial product, which also overlaps with my product's functionality in some ways.
This is really terrible, and I'm sorry to hear that it happened to you. But as far as I'm aware this has always been the whole point of "permissive" licenses. Licenses like MIT and (Berkeley) BSD subsidize the private sector with work done by the universities. The core idea, at least compared to GPL licenses, is to allow businesses to profit off of donated work. So while I sympathize with you, it seems like you deliberately chose a license that allowed and encouraged exactly the behavior you saw.
> And before someone says "why not AGPL?", it is because many companies don't touch AGPL software with a ten-foot pole.
This is presumably because businesses don't want to use software that creates in them obligations to give back. But you do want them to give back, or at least you don't want them to take too much. So I feel like there's a fundamental tension here. You're trying to make your project appealing to businesses by telling them they can take it for free and give nothing back. But you're also saying that behavior is "antisocial" and "completely destroys the offering/concept for everyone."
> If you take all the books, then others can't enjoy them.
Sure, and if your company takes a bootstrapped commercial open source product that it didn't develop or contribute to, and then pays several employees a salary to do things which actively reduce that product's ability to develop a sustainable revenue stream, then you definitely risk permanently destroying that open source product.
On a macro level, if many companies do this, the entire ecosystem of open source begins to falter. Hence all the moves to BSL, SSPL, Commons Clause, etc.
I was making an analogy to that. If some people keep taking all the books and selling them, the system falls apart, and people stop putting free books in the box.
> it seems like you deliberately chose a license that allowed and encouraged exactly the behavior you saw.
"Allowed", yes. But nothing in the license I chose (Apache License v2) actively "encourages" the behavior of using a project in a way that actively destroys the project. (Nor does it discourage it either.)
> You're trying to make your project appealing to businesses by telling them they can take it for free and give nothing back. But you're also saying that behavior is "antisocial" and "completely destroys the offering/concept for everyone."
I have no problems with businesses using a project for free and giving nothing back, on its own. I do have a problem with businesses taking a project, and profiting off it while also directly competing with it and/or forking the project in a way that directly kneecaps the project's revenue stream. That is what I am calling antisocial and destructive.
Given the lengths you say you went to to actively stop and sabotage licenced (by you) usage I have to question why you even picked an open source license in the first place?
When I started developing my main product, I didn't know if it would be successful, especially since it involved a paradigm shift in how most people thought of the workflow involved (database schema changes / migrations). So I made it open source to encourage adoption and experimentation.
Meanwhile I put some of the core logic (database schema introspection and diff'ing) in a separate library and repo, since it could be re-used for other applications in case my original product didn't get traction.
Fast forward many years, and the product has been fairly successful. The open source edition of the product has been used by many hundreds of companies and has been downloaded 1.2 million times. And in terms of the paradigm shift, the push/pull schema change semantics that I invented have been copied by several much larger projects, such as Prisma.
The separate library was used by a few companies too (e.g. by Canonical for one notable case), but mostly for internal use-cases, not things that directly competed with my product. I think most folks had enough moral fiber or common sense to understand that using the library in a competitive way would result in the library being killed off. What other choice did I have? I wasn't going to let my business be killed by a hostile fork of my own library.
Yes, you chose the wrong license without understanding its implications.
> My sense is that adopting AGPL for a brand new product typically causes the product to be dead on arrival.
It may hinder adoption (in the corporate world) but not contribution to the source. And if you want to promote the spirit of opensource and make money too, dual licensing with xGPL is the best way to go. MySQL is a successful example of this licensing and business model.
It's pretty telling that you listed only a single example product, and one which was first released twenty-eight years ago, and also one which raised venture capital.
Just because dual-licensing has been successful in a very limited number of exceptional situations, does not mean that it is a reproducible path towards building a sustainable software business.
Also keep in mind:
* MySQL hasn't been an independent business for over 15 years. AFAIK there is no public information on its revenue or profitability.
* Much of Oracle's recent work on the product has been on MySQL Heatwave, which is only available as a managed service.
* Most MySQL Community Edition commits come from Oracle.
* Meanwhile the company behind MariaDB, arguably a more "open" fork of MySQL, is having financial problems and may well end up having its stock de-listed soon.
* The non-open-source Business Source License was originally created by MariaDB for their MaxScale product. The license's existence is fully backed by Monty Widenius, original creator of MySQL.
To be clear, I'm not saying any of the above to criticize Oracle or MariaDB. Rather, just pointing out that a general statement of "dual licensing with xGPL is the best way to go" is not really backed by the facts on the ground.
I must ask, do you run a commercial open source business yourself?
MySQL is a successful product that was sold to Sun / Oracle for a BILLION dollars. MariaDB and Percona Server are good examples of competing businesses produced from a commercially successful GPL opensource software (MySQL):
The commercial success of a product totally depends on the business model you come up with, whatever be its opensource (or not) license.
Corporates have a vested interest in promoting the propaganda that only a non-xGPL opensource license can be commercialised successfully simply because they cannot freely steal the source code of a competing xGPL licensed software.
The real value of an FSF license, like the AGPL, is that it is designed to protect the copyright holders, and its users, "right to repair". And thus, it cannot be closed source by anyone (apart from the original copyright holders) once released under the said license (even if future versions are closed source, the old version under xGPL remain opensource perpetually). Other open source license (that are less stringent) are prioritised to increase developer contribution. Source code under such license can thus be closed-source even from the original copyright holder.
But again, commercial success totally depends on the business model you come up with, irrespective of your license. The right license and the right business model will empower each other. Or cripple your business.
> MySQL is a successful product that was sold to Sun / Oracle for a BILLION dollars
"Successful exit" is not the same thing as a sustainable product or business model. I mentioned several key concerns in my previous reply, which you didn't address here at all. Specifically, if dual-licensed GPL was the best way to go, it wouldn't be the case that entities outside of MySQL/Oracle (e.g. AWS) were capturing a huge amount of MySQL's value/revenue, possibly exceeding that of the product's own revenue. Why else would development be shifted to the managed-service-only, closed-source MySQL Heatwave product?
> MariaDB and Percona Server are good examples of competing businesses
Yes, I'm very familiar with the MySQL ecosystem (click my profile). I mentioned several concerns specifically about MariaDB in my previous reply and you did not address those at all.
You also didn't answer my question about whether you've ever run a commercial open source business, so I must conclude that you haven't. I do, and frankly I don't appreciate when other people -- who seemingly don't havie direct personal experience in this area -- attempt to confidently lecture me about how I supposedly chose the wrong license.
Listing Red Hat in your reply also seems a bit ridiculous, given all the latest contention in that space over Red Hat threatening to cancel customer subscriptions if they republish RHEL's sources. If GPL-based software was the panacea you claim, things like this wouldn't be happening with ever-increasing frequency over the past couple years.
> ... if dual-licensed GPL was the best way to go, it wouldn't be the case that entities outside of MySQL/Oracle (e.g. AWS) were capturing a huge amount of MySQL's value/revenue ... Why else would development be shifted to the managed-service-only, closed-source MySQL Heatwave product?
And do you realise that you are comparing corporates with two completely different philosophies and business model? It's absolutely in character for Oracle to use the loophole in the older GPL (that has since been fixed by the AGPL) to try to make MySQL closed-source again by offering it through a SaaS infrastructure. Oracle has never been a champion of the opensource movement, while the original owners of MySQL were. It is the same with IBM, who are now the owners of Red Hat Linux. And that shows in how they ran / run their business.
We are discussing about opensource software business models only. Not open-source and closed-source ones (it should be a no-brainer that closed-source software business models are the most successful and profitable ones).
> I mentioned several concerns specifically about MariaDB in my previous reply and you did not address those at all.
Simply because it is irrelevant to our discussion. The success or failures of MySQL or MariaDB or Oracle's MySQL was/is not just solely because of its license and there are many other factors behind it (for example, MariaDB earned a lot of scorn from open source developers because they felt betrayed after its original source - MySQL - ended up in Oracle's hand). Nevertheless, MySQL is a great example of a commercially successful example of a dual-licensed GPL product.
I have enough business experience, and a good understanding of open source software to understand its strength and limitation in a commercial setting. Honestly, you do need a lecture for not being able to see the obvious:
1. As per your own confessions, a competitor was able to use your open source code without sharing subsequent work on the codebase. This would obviously have never happened with the AGPL license, as the license compels others who distribute the software (even as SaaS) to share the source code.
2. You tried to change the codebase and / or license to make it more difficult for them to fork your code and use it. This shows your own confusion regarding the open source philosophy and your business model. Your code was used by others in the spirit of the open source license you chose. And yet, you continue to assert you are the wronged party?
3. It is also easy to see that you (wrongly) chose a permissive opensource license out of self-interest to your business (hoping to attract more developer contributions and then close source the product later when it becomes profitable, just as your competitor did) than out of an equal commitment to the open source philosophy. Your competitor outwitted you because you weren't knowledgable about licenses, your own business goals and business model.
> Honestly, you do need a lecture for not being able to see the obvious
You are making a ton of reading comprehension errors, as well as completely incorrect assumptions about the situation I described. And then lecturing me about those incorrect assumptions. Cool cool.
> a competitor was able to use your open source code without sharing subsequent work on the codebase.
No, that's not what I said at all. I described how a company used one of my open source libraries in a way which directly competed with my primary product. The problem here is they did share their changes, and those changes included functionality which was already present only in the enhanced paid closed source edition of my product.
This is why I said it was a "hostile fork" of my library: users could combine the open source edition of my product with the hostile fork of my library to get functionality for free that normally is only in my paid product.
I absolutely understood that this situation was possible with a permissive license. I just did not expect a company to do this so soon after my paid product launched, especially as the product wasn't even financially successful yet by that time.
> This would obviously have never happened with the AGPL license
I can say with absolute certainty, if my product had an AGPL license, it would not have succeeded in any form. Many of my largest users do not adopt AGPL software under any circumstances.
> You tried to change the codebase and / or license to make it more difficult for them to fork your code and use it.
The former, not the latter. I never tried to change the license, nor said anything about that here. I changed the codebase so that the previously-external library was now an internal package instead of a standalone repo, and refactored things to prevent compatibility with the hostile fork.
> Your code was used by others in the spirit of the open source license you chose. And yet, you continue to assert you are the wronged party?
My code was used in a way which negatively impacted the revenue stream which would pay for further development of that code. As I've said elsewhere in this subthread at https://news.ycombinator.com/item?id=37084057, the license is entirely neutral about that topic: it neither encourages nor discourages such use. However, I assert that common sense should typically discourage people from such antisocial behavior, because you can reasonably expect that kneecapping the revenue stream for a project can result in that project either getting killed off or radically changing shape in response.
> you (wrongly) chose a permissive opensource license out of self-interest to your business (hoping to attract more developer contributions
I never said anything about "hoping to attract more developer contributions" and that has never been my motivation for open sourcing this work. I described why I chose an open source license directly in a sibling subthread here: https://news.ycombinator.com/item?id=37083698
> and then close source the product later when it becomes profitable, just as your competitor did
You're just completely inventing false details here out of thin air!
My product has two editions, a FOSS one and an enhanced paid one; the latter is closed-source. Both editions already existed at the time of the events I'm describing here. Both are still actively developed and supported, and today they're widely used by companies you are definitely familiar with.
The library in question was one component of this product, not the product itself.
Meanwhile the startup that made the hostile fork of the library runs a managed service (SaaS).
> Your competitor outwitted you because you weren't knowledgable about licenses, your own business goals and business model.
I guess it's easy to conclude whatever offensive thing you'd like when you just make up all the details instead of reading the thread or asking questions about the situation!
Anyway this is completely off the rails of my original point, which is that there are multiple kinds of "freeloaders". Some of them actively destroy the thing they're taking for free, which was why I made the Little Free Library analogy. Just because something is "free" (as in beer) doesn't mean there should be an expectation that the thing will continue to exist in that form once abusive bad actors exploit the free-ness of the offering.
We're seeing this play out over and over again across many FOSS projects, and my prediction is this trend will only accelerate.
> The real value of an FSF license, like the AGPL, is that it was designed to protect the copyright holders, and its users, “right to repair”. And thus, it cannot be closed source by anyone (apart from the original copyright holders) once released under the said license
17 USC Sec. 203 suggests that may not be strictly true in the US.
Thanks for the post. I’m sorry you went through this with bad actors in open-source.
I agree fully with your *GPL point of view and have seen that in practice many time.
It is in the written guidance for open-source in the company I work for, along the lines “for GPL-like licenses, that’s a ‘no’ by default, unless you follow this very complicated process to get approvals from many people”.
This behavior is antisocial, and completely destroys the offering/concept for everyone.
I have a bootstrapped software company with an open-core product. Meanwhile, a VC-backed startup that has raised over $100m of funding decided to use one of my core open source libraries (which they haven't contributed to in any way) for a critical component of their commercial product, which also overlaps with my product's functionality in some ways.
In response, I eventually made the difficult decision to archive that library's repo and moved its functionality into my main product in a way that prevented external use. So then this startup created a hostile fork of my library, and started to implement functionality that is only present in my own commercial product.
After that, I had to waste several months of unpaid time just to make their fork of my own library no longer easily compatible with recent versions of my own product. Some time later, finally the startup decided to abandon use of my library altogether and wrote their own similar library (which was undoubtedly much easier for them, being able to see all the edge cases my library already handled).
My lesson from all this: I will never create another new large open source product ever again. Too many sociopaths out there for the system to work at all. If I ever decide to make something source-available, I will consider BSL.
And before someone says "why not AGPL?", it is because many companies don't touch AGPL software with a ten-foot pole. My sense is that adopting AGPL for a brand new product typically causes the product to be dead on arrival. That said, I would honestly love to be wrong here.
If there are a lot of AGPL open core / commercial FOSS companies that have been successful, please share examples, I say this genuinely and without snark.