FUSE for macOS: Why a popular open source library became closed source and commercially licensed

Maintainer: 'Most companies were reluctant to support the project their product depends on because it is available for free'

Interview In May this year, users of popular open source project FUSE for macOS noticed the source code for the latest update was missing. The project had become closed source and was no longer free for commercial use. But as The Reg discovered when we had a talk with its maintainer, there was a very good reason for that – and it's not a good look for the many companies that used it.

FUSE stands for File System in Userspace and lets developers create a custom filesystem without writing code for the kernel. If you have a database or a cloud storage system, for example, and you want it to appear to the operating system as just another set of files and folders, you can use FUSE.

FUSE has a long history. It was created for Linux and ported to other Unix-like operating systems including FreeBSD and OpenSolaris. In 2007, Google released a port for Mac OS X as open source. In 2011 this was forked to become osxfuse, later renamed FUSE for macOS.

Then, seven months ago, users observed that the latest update's source code was missing, though the compiled binary was posted. "That's on purpose", said maintainer Benjamin Fleischer. "If you are using FUSE for macOS for a commercial software project, feel free to contact me."

A further complication facing developers thinking of forking the last open source version is that running FUSE on macOS requires a kernel extension signing certificate. "That's not the standard Developer ID certificate every registered developer gets," said Fleischer.

A tale of exposure bucks: How to lose a dev in 8 years

"I started working on FUSE in 2011. I was studying computer science and working on FUSE started out as a hobby. I was relying on NTFS-3G, a popular FUSE file system, and wanted to use Mac OS X Snow Leopard's new 64-bit kernel. MacFUSE, as the project was originally called, had already been abandoned for some time and it did not support 64-bit kernels, so I started tinkering with the code," Fleischer told The Register.

"A lot of time has passed since then and the number of applications relying on FUSE for macOS has grown rapidly. Today FUSE for macOS is used by many big internet companies, among them cloud storage and infrastructure-as-a-service providers and even popular social networks."

The problem? Fleischer was doing most of the development work for free. In May 2016, he asked for support. "In order to take FUSE for OS X to the next level, I would like to spend more time working on it, but this won't be possible without being compensated for my work," he explained at the time.

"My post did not produce the hoped-for results," Fleischer told us. "Then I altered my strategy and tried contacting companies directly, that are using FUSE, and asked for their support.

"I tried to advocate that having one project, that everyone contributes to, instead of many closed source forks without pushing fixes and improvements upstream, would benefit everybody. I was able to convince one or two companies to support my work financially. However most companies were reluctant to support the project that their product depends on because it is available for free. This in itself is kind of ironic. Almost as if something that is available for free has no perceived value."

He looked into other options for financing, since "abandoning the project has never been an option for me."

Among the issues, he told us, is that "FUSE is not an end user product. Most of the time FUSE is installed silently by third-party applications that expose a virtual file system. Many end users are not aware they are using FUSE or know which service it provides. Asking for donations for a component of an application that users already paid for is not the right approach."

This was the reason why Fleischer stopped releasing the source code and also changed the licence. "FUSE for macOS 3.9 can still be freely bundled with commercial software. Then in July of 2019, I released FUSE for macOS 3.10 with support for macOS Catalina under the new, less permissive licence, that requires specific written permission to bundle FUSE with commercial software," he told The Reg.

How is this possible? "Most of the FUSE for macOS source code is released under the BSD licence. However, libfuse, for example, is released under the LGPL. I did what other developers of closed source FUSE forks have been doing for some time. The BSD licence has no copyleft, which means that no one is required to push changes upstream or make them available. As libfuse is covered under the LGPL, changes to it need to be made available, while changes to the kernel code can be kept closed," Fleischer explains.

The outcome? "After the licence change I have been contacted by several companies and negotiated some licence agreements. In this very regard closing the source code of FUSE was a success. In the very least it helped to raise awareness to the difficulties of sustainable open source software development," he said.

Fleischer added that: "I do not like continuing working on FUSE as a closed source project. It has been a hard decision and I have been thinking about it for a very long time, but I stand by it and it seemed to be the only option left to raise awareness and ensure the project's future."

He acknowledges though that: "I have not been very transparent about the licence change."

A recent discussion on Hacker News shows how "opinion are obviously very divided," he said.

That said, many of the responses are sympathetic. "I hope we see more of this in the future: developers realising that the work they do has value and that they're not required to spend their lives giving it away for free. So they take control of their work product and start capturing some of that value for themselves," said one.

What will happen in future? "As long as I'm the maintainer of the FUSE for macOS project, FUSE will always be free for non-commercial use," he told El Reg. "Should it ever come to the point I decide to stop maintaining FUSE, and I highly doubt it will come to this in the foreseeable future, I will release the source code under the BSD licence and step aside to let someone else take control over the osxfuse organisation on GitHub."

It is also possible of course that Apple could change its rules – it has said that kernel extensions will be restricted in future releases of macOS – or that the company might build something like FUSE into the macOS kernel itself.

Irrespective, Fleischer's experience shows how difficult it can be to sustain open-source development, even for projects that are widely used. ®

Similar topics

Broader topics

Other stories you might like

  • Robotics and 5G to spur growth of SoC industry – report
    Big OEMs hogging production and COVID causing supply issues

    The system-on-chip (SoC) side of the semiconductor industry is poised for growth between now and 2026, when it's predicted to be worth $6.85 billion, according to an analyst's report. 

    Chances are good that there's an SoC-powered device within arm's reach of you: the tiny integrated circuits contain everything needed for a basic computer, leading to their proliferation in mobile, IoT and smart devices. 

    The report predicting the growth comes from advisory biz Technavio, which looked at a long list of companies in the SoC market. Vendors it analyzed include Apple, Broadcom, Intel, Nvidia, TSMC, Toshiba, and more. The company predicts that much of the growth between now and 2026 will stem primarily from robotics and 5G. 

    Continue reading
  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading

Biting the hand that feeds IT © 1998–2022