From Postfix to GMail

FOSS in the SaaS era

Avishai Ish-Shalom (@nukemberg)

IANAL

My Lawyer insists I put a disclaimer

Free Software

A program is free software if the program's users have the four essential freedoms:

  1. The freedom to run the program any way you want
  2. The freedom to study the program and change it
  3. The freedom to redistribute copies
  4. The freedom to distribute your modified versions to others

 

- Adapted from the GNU philosophy page

Copyright & Copyleft

  • Copyright - the right to control distribution, derivation and licensing
  • Copyleft - a "viral" license based on copyright:
    Any derived work that is distributed must have the same license

 

GPL licenses depend on strong Copyright protection

Derivative work

  • "Derivative work" is not clearly defined
  • "Modification" is the preferred term
  • GPL versions differ on this
  • Generally, we have:
    • Linking (dynamic/static)
    • Changing the code
    • Aggregation (e.g. a distro)

Using GPL software

A very common question: If I use a GPL program to build a larger product, must the product be GPL too?

  • Static linking of a library: Yes
  • A Required dynamic library: Yes
  • An optional dynamic library: Unclear*
  • Use over network: No

 

*Various "linking exceptions" may apply

Let's pause and give thanks to

St. Richard The Hippy

Fast forward to 2007

Software is no longer distributed

SaaS replaces desktop applications

  • Office -> Google Docs/Office 365
  • Outlook -> GMail
  • SugarCRM -> Salesforce

No "distribution"

  • No distribution -> No source released
  • SaaS vendors heavily use OSS but do not contribute back
  • Users are completely dependent on the vendors

 

This is known is "The SaaS loophole"

Affero GPL (AGPL)

  • Basically GPL v3 with one more clause
  • Use over the network is considered "distribution"
  • Not in widespread use

 

Effort to resolve "The SaaS loophole". Largely failed.

The Dual License hack

  1. Release free version under AGPL
  2. Grab modifications from users
  3. Sell proprietary software with commercial license
  4. Profit

 

Example: MongoDB

 

AGPL forces users to release their modifications. But the copyright holder can dual release a commercial/proprietary version 

Why is "The SaaS loophole" bad for FOSS?

SaaS companies love FOSS

  • Infrastructure is not their core business
  • Reduce development costs
  • No vendor lock-in
  • No license fees
  • Can be adapted for internal needs

But SaaS companies don't have to give back

  • Modified software only used internaly
  • No legal requirement to release modifications
  • Some motivations for contributing back:
    • Upstream support
    • PR & recruitement

 

Example: Microsoft Azure Cloud Switch

Various approaches

  • FOSS everything that's not core business (Netflix)
  • FOSS when it makes sense (Facebook)
  • FOSS strategically (Microsoft, Google)
  • FOSS only if no other choice (Oracle)

"Crippleware"

FOSS Crippleware: A FOSS software which cannot be used without proprietary components

3 easy ways to cripple FOSS

  • Move features to SaaS backend
  • Depend on large/proprietary datasets
  • Depend on specific hardware

Android

  • Important functionality in proprietary apps (Google apps)
  • Basebands, drivers not always FOSS
  • Hardware lockdowns

Android Google Apps

  • Most are opensource
  • Some completely useless without the backend
    • Voice Dialer
    • Sync
  • Some only crippled without the backend
    • Calendar
    • Gallery

Who owns the data?

The Waze case

  • Originaly - "freemap" FOSS client
  • But backend was proprietary
  • Data collected from users
    but owned by a private entity
  • Migrated to non FOSS client

Data dependencies

  • Fonts, images
  • Datasets

Often served over CDN, blocking offline use

 

Example: Google Charts

Machine Learning

Data->Learning -> Model -> Application

  • The model is expensive to build
  • Data may be proprietary
  • The Application is useless without the model

 

Example: Voice recognition

The Good

  • SaaS companies use FOSS heavily
  • SaaS companies contribute to FOSS
  • The desktop Linux is finally here (sort of... Android)
  • A working business model for FOSS

The Bad

  • SaaS companies leach FOSS
  • Many FOSS projects become unusable
  • SaaS undermines the FOSS model
  • Nasty hacks around FOSS licenses

The Ugly

  • If you use SaaS, you've lost the FOSS freedoms
  • SaaS companies release FOSS libraries but not products
  • Many FOSS projects are very hard to get working on your setup

Questions?

Made with Slides.com