What comes after open source? Bruce Perens is working on it
'Our licenses aren't working anymore,' says free software pioneer
Interview Bruce Perens, one of the founders of the Open Source movement, is ready for what comes next: the Post-Open Source movement.
"I've written papers about it, and I've tried to put together a prototype license," Perens explains in an interview with The Register. "Obviously, I need help from a lawyer. And then the next step is to go for grant money."
Perens says there are several pressing problems that the open source community needs to address.
I feel that IBM has gotten everything it wants from the open source developer community now, and we've received something of a middle finger from them...
"First of all, our licenses aren't working anymore," he said. "We've had enough time that businesses have found all of the loopholes and thus we need to do something new. The GPL is not acting the way the GPL should have done when one-third of all paid-for Linux systems are sold with a GPL circumvention. That's RHEL."
RHEL stands for Red Hat Enterprise Linux, which in June, under IBM's ownership, stopped making its source code available as required under the GPL.
Perens recently returned from a trip to China, where he was the keynote speaker at the Bench 2023 conference. In anticipation of his conversation with El Reg, he wrote up some thoughts on his visit and on the state of the open source software community.
One of the matters that came to mind was Red Hat.
Red Hat strikes a crushing blow against RHEL downstreamsREAD MORE
"They aren't really Red Hat any longer, they're IBM," Perens writes in the note he shared with The Register. "And of course they stopped distributing CentOS, and for a long time they've done something that I feel violates the GPL, and my defamation case was about another company doing the exact same thing: They tell you that if you are a RHEL customer, you can't disclose the GPL source for security patches that RHEL makes, because they won't allow you to be a customer any longer. IBM employees assert that they are still feeding patches to the upstream open source project, but of course they aren't required to do so.
"This has gone on for a long time, and only the fact that Red Hat made a public distribution of CentOS (essentially an unbranded version of RHEL) made it tolerable. Now IBM isn't doing that any longer. So I feel that IBM has gotten everything it wants from the open source developer community now, and we've received something of a middle finger from them.
"Obviously CentOS was important to companies as well, and they are running for the wings in adopting Rocky Linux. I could wish they went to a Debian derivative, but OK. But we have a number of straws on the Open Source camel's back. Will one break it?"
Another straw burdening the Open Source camel, Perens writes, "is that Open Source has completely failed to serve the common person. For the most part, if they use us at all they do so through a proprietary software company's systems, like Apple iOS or Google Android, both of which use Open Source for infrastructure but the apps are mostly proprietary. The common person doesn't know about Open Source, they don't know about the freedoms we promote which are increasingly in their interest. Indeed, Open Source is used today to surveil and even oppress them."
Free Software, Perens explains, is now 50 years old and the first announcement of Open Source occurred 30 years ago. "Isn't it time for us to take a look at what we've been doing, and see if we can do better? Well, yes, but we need to preserve Open Source at the same time. Open Source will continue to exist and provide the same rules and paradigm, and the thing that comes after Open Source should be called something else and should never try to pass itself off as Open Source. So far, I call it Post-Open."
Post-Open, as he describes it, is a bit more involved than Open Source. It would define the corporate relationship with developers to ensure companies paid a fair amount for the benefits they receive. It would remain free for individuals and non-profit, and would entail just one license.
He imagines a simple yearly compliance process that gets companies all the rights they need to use Post-Open software. And they'd fund developers who would be encouraged to write software that's usable by the common person, as opposed to technical experts.
Pointing to popular applications from Apple, Google, and Microsoft, Perens says: "A lot of the software is oriented toward the customer being the product – they're certainly surveilled a great deal, and in some cases are actually abused. So it's a good time for open source to actually do stuff for normal people."
The reason that doesn't often happen today, says Perens, is that open source developers tend to write code for themselves and those who are similarly adept with technology. The way to avoid that, he argues, is to pay developers, so they have support to take the time to make user-friendly applications.
Companies, he suggests, would foot the bill, which could be apportioned to contributing developers using the sort of software that instruments GitHub and shows who contributes what to which products. Merico, he says, is a company that provides such software.
Perens acknowledges that a lot of stumbling blocks need to be overcome, like finding an acceptable entity to handle the measurements and distribution of funds. What's more, the financial arrangements have to appeal to enough developers.
"And all of this has to be transparent and adjustable enough that it doesn't fork 100 different ways," he muses. "So, you know, that's one of my big questions. Can this really happen?"
- GNU turns 40: Stallman's baby still not ready for prime time, but hey, there's cake
- Oracle pours fuel all over Red Hat source code drama
- Rust Foundation so sorry for scaring the C out of you with trademark crackdown talk
- Open source community split over offer of 'corporate' welfare for critical dev tools
Whether it can or not, Perens argues that the GPL isn't enough. "The GPL is designed not as a contract but as a license. What Richard Stallman was thinking was he didn't want to take away anyone's rights. He only wanted to grant rights. So it's not a contract. It's a license. Well, we can't do that anymore. We need enforceable contract terms."
He's not a fan of licenses like the Commons Clause, which is at the center of a legal battle involving Neo4j.
"Why is the Commons Clause bad?" he writes. "First, there's the Brand Problem. Open Source licenses have a 'brand' which is the understanding of the rights they convey, and of course Open Source has a brand too, which is the understanding of the rights in the Open Source Definition. The Commons Clause appears to use the Open Source license, but doesn't give the same rights at all, thus abusing the license brand for profit.
"The other problem is that the Commons Clause is added to licenses that don't actually allow terms to be added, like the AGPL 3 on Neo4J. AGPL and GPL have two paragraphs that both disallow the addition of terms. So, when a licensor adds the Commons Clause, they create a license with self-contradictory legal language."
"We've been working on the [software-as-a-service] problem for quite a long time," Perens tells The Register. "I remember attending a [Free Software Foundation] meeting, where the question was, 'what do we do about Google?' And the AGPL came out of that meeting."
Perens doesn't think the AGPL or various non-Open Source licenses focus on the right issue in the context of cloud companies.
I think that AI is always plagiarism... When you train the model, you're training the model with other people's copyrighted stuff...
"So AGPL, for example, makes software disclose its own source code in some way," he says. "What we're actually talking about is public performance in software, and public performance is a separate right under copyright, because it was necessary for plays and films. So we have that right under copyright and we can use it. I think those licenses are all sort of trying to reach a goal and are getting partially there because they only tried to make slight changes from open source. And, you know, it's 30 years that we've had open source. We can consider a radical departure."
Asked about the current enthusiasm for the tech which the industry refers to as "AI," Perens expresses disapproval.
"I think that AI is always plagiarism," he says. "When you train the model, you're training the model with other people's copyrighted stuff. And what the AI does is mix and match and output a combination of what was input. We have to consider that. How do we compensate the people whose data was used to train the model? Should we be training it with open source software? I don't think so. But it does more than that. It reads people's websites. It reads the whole of Wikipedia. Nobody on the input side is being compensated fairly for the output. So that's a big question we have to resolve."
As to whether US efforts to withhold technology from China are working, Perens said they have been largely ineffective.
"The Chinese can do, with one or two exceptions that will fall soon enough, everything that we do," he says, noting that while they're behind on advanced chips, they'll catch up. He says he came away from his trip surprised by how similar the people in the US and China are, both in terms of the way people live their lives and in their disinterest in the geopolitical posturing in the South China Sea that adds tension to the US-China relationship.
Maintaining some degree of civility with China also has implications for the open source community due to US export laws, specifically, ITAR, the International Traffic in Arms Restrictions, administered by the Department of State, and EAR, the Export Administration Regulations, overseen by the Department of Commerce.
"Now, space satellites and digital voice CODECs, and some uses of Kraken RF project, and probably hundreds of other Open Source projects, are still on the list of restricted technologies," Perens explains. "As a result of several lawsuits, both ITAR and EAR got carve-outs for 'information in the public domain.' This doesn't mean 'public-domain software,' which is a matter of copyright. It means 'not trade-secret.' So it applies to Open Source and published research.
"Today, a project that is completely disclosed can be operated without restriction under ITAR and EAR. Open Research Institute, a while ago, did the work to get such a project explicitly approved by the Department of State and Department of Commerce. So it's currently possible to run an Open Source project for what might otherwise be a 'munitions' technology, including with nations that would otherwise be restricted under ITAR and EAR. This is something important for us to protect, both for Open Source and for public research. It is always under threat as US politicians are increasingly concerned with such things as 3D-printed guns and many of them want to be more restrictive of technology sharing with China, etc."
"I think that it's very scary that potentially we have strife with this country," says Perens. "But if you look at the people, the people are so much like us today. We really should be having peace together." ®