Displaying posts tagged conservancy
Conservancy Activities: March and Beyond
byon February 19, 2020
Open Source 101 is brought to you by the fine folks who put on All Things Open every fall. Deb will be giving a 90 minute workshop at the locally-focused event titled, Software Licensing and Compliance: It’s All About Community on March 3rd, in Columbia, SC. The number of available tickets is limited, but some are still available here.
Denver is keynoting Git Merge where folks will be celebrating Git's 15th Anniversary! He'll be discussing the History & Future of Git. The sixth annual Git Merge will be hosted at The Majestic Downtown in Los Angeles on March 4th. Ticket proceeds will again be donated to the Software Freedom Conservancy. (Thanks!)
Just a few days later, Bradley will be presenting at the Southern California Linux Expo, aka SCaLE, a long-running FOSS community event in Los Angeles on, What'll We Do When FOSS Licenses Jump the Shark?. Join him on Saturday, March 7th.
Denver and Bradley will be at the Conservancy booth at SCaLE! We love seeing supporters and connecting with new software freedom enthusiasts at community-driven events like this one. Helping us greet folks by volunteering at the booth is a great way to support our work. The expo floor will be open from 2:00pm on Friday, March 6 until 2:00pm on Sunday, March 8. Please write to us about when you can help out.
The next Outreachy round is also coming up! In fact, applications for the May to August 2020 round are due February 25 at 4pm UTC. Feel free to share Outreachy's opportunities with interested folks in your network!
What Free Software Says About Today’s Crises
byon January 14, 2020
I always have a little special appreciation for free software that’s easy to recommend to folks who don’t think or care much about software freedom yet. There are a lot of projects like that, and the one I’ve been talking about the most lately is OsmAnd, a mapping and navigation app using OpenStreetMap data. Whenever I hear people say “I wish Google Maps did X,” OsmAnd almost always does the job with a more discoverable interface. After they’re set up and happy, it’s easy to talk about how OsmAnd doesn’t track your location the same way Google Maps does.
I’ve spent a lot of time over the past few years asking myself whether it’s important to work on free software, or if I should even care about free software, given how pressing so many other problems feel. Climate change, authoritarian governments, antisemitism and white nationalism—these are the problems that are destroying people’s lives by the thousands, today and every day. How is free software even relevant to those problems?
Edward Snowden discussed free software at LibrePlanet 2016 with Conservancy Supporter Daniel Kahn Gillmor. “[The credits of Citizen Four] thank a number of FOSS projects including Debian, Tails, Tor, GnuPG… because what happened in 2013 would not have been possible without free software.” CC BY-SA
I still don’t always have a solid answer to that question. But as I think it through, one thing I keep coming back to is Edward Snowden’s keynote at LibrePlanet a few years ago. His call to action in that talk was to continue working on free software, because the values of free software, like autonomy and privacy, are values most people share. While a lot of people may choose to compromise some of those values to accomplish other things today, proprietary software companies are constantly changing their rules and asking for more. It’s always important and valuable for free software to show and offer an alternative. The most experimental development can help expand the scope of what’s possible, while the smallest documentation patch makes that all accessible to a wider audience.
When the Wikipedia and OpenStreetMap projects began, I’m not sure too many people envisioned that you would have easy access to all that data from a computer in your pocket. But now when people start expressing alarm about how much location data different apps on their phone are getting, and how that data might be used to track protestors, free software has something to say about that, and an alternative to offer in OsmAnd.
When Apple removes an app from their App Store that Hong Kong protestors were using to avoid dangerous areas, free software has something to say about that, and an alternative to offer in F-Droid.
When Facebook says they’ll allow politicians to lie in ads, and Twitter refuses to remove their hatemongering tweets, free software has something to say about that, and an alternative to offer in Mastodon.
Everything Conservancy does aims to make these alternatives more real to more people. Fiscal sponsorship helps fund all kinds of development, from the wildly experimental to the most nuanced polish. License enforcement ensures that people actually have the autonomy over their software and devices that the GPL promises them. Our advocacy and outreach work tells more people about our vision for technology, and how they can join us.
We’re coming up on the final days of our annual fundraiser, with just about $10,000 left to be matched. If you haven’t already, there’s no better time to join us as a Supporter to help us sustain this work. If you are already with us, an extra contribution would go a long way to help ensure we start 2020 strong. I can’t promise I know how every individual task we do addresses the world’s most pressing problems—but I also don’t know what challenges tomorrow will bring. I only know that building a strong foundation now will make sure we’re in the best place to address them when they arise in the future.
Talking with More People about Free Software: Interview with Leslie Hawthorn
byon January 13, 2020
We asked Leslie Hawthorn, one of the excellent humans who are supporting our annual fundraiser, why she’s putting up matching funds. We’ve already raised almost $94,000 and have just about $19,000 left to raise in the next few days in order to meet this year’s ambitious match challenge. Donations help us support and protect free software alternatives and grow a bold software freedom movement where everyone is welcome.
Leslie’s official bio only scratches at the surface of all the reasons she’s had an impressive impact on free software. An internationally known developer relations strategist and community management expert, Leslie Hawthorn has spent the past decade creating, cultivating, and enabling open source communities. She’s best known for creating Google Code-In, the world’s first initiative to involve pre-university students in open source software development, launching Google’s #2 developer blog, and receiving an O’Reilly Open Source Award in 2010. Her career has provided her with the opportunity to develop, hone, and share open source business expertise spanning enterprise to NGOs, including senior roles at Red Hat, Google, the Open Source Initiative, and Elastic.
Q. How does software freedom fit in with the other causes you support?
A. I am a big believer in citizen sovereignty over their own data and personal privacy. Without software freedom, we would not have access to audit how code works and to verify how our data may be captured by various entities.
Q. What kinds of activities do you think will help us get more new people interested in free software?
A. I think we’re in an excellent place to get more folks excited about free software right now! After the various data abuses that have come to light through The Cambridge Analytica scandal, etc., I think that many more people are thinking deeply about their relationship with technology. Imagine if we could let everyone who has never thought about programming know that there are people who do program or work with software projects, who care deeply about their privacy and rights as individuals, and who are there to help them understand the interplay between technology and their everyday experience. One of my dearest friends is a teacher for middle school students who are recent immigrants to the United States; she recently gave me a ring to ask me about all this free software stuff I work on because it now made much more sense to her why these topics are important and what impact they have on her life—she doesn’t even use her computer daily. Exciting times!
Q. Do you talk to family and friends about free software? If so, where do you usually start?
A. Obviously, yes I do. I usually talk a little bit about what I do for work and how it relates to the experience of folks who use technology—that’s everyone!—and do not work in the tech industry. For example, I have asked my loved ones to contact me using Signal so we can have truly private conversations. Most people don’t want to hear a lot more, and that’s OK. If folks do want to learn more about free software, I talk to them about what interests them.
Q. What motivated you to step up as a matcher for Conservancy this year?
A. I deeply value the work done by Conservancy for free software projects, and their fine advocacy work for software freedom. As a big personal fan of the North Bay Python, Outreachy, and Teaching Open Source communities, I am grateful to Conservancy for their support of these initiatives. I am a proud matcher this year to help the Conservancy to assist these communities, and the other 40+ free software projects and communities who call Conservancy their fiscal agent home.
Participate in the match and have your donation doubled through the generosity of folks like Leslie today!
Toward Copyleft Equality for All
byon January 6, 2020
I would not have imagined even two years ago that expansion of copyleft would become such an issue of interest in software freedom licensing. Historically and for good reason, addition of new forms of copyleft clauses has moved at a steady pace. The early 2000s brought network services clauses (such as that in the Affero GPL), which hinged primarily on requiring provision of source to network-remote users. Affero GPL implemented this via copyright-controlled permission of modification. These licenses began as experiments, and were not approved by some license certification authorities until many years later.
Even with the copyleft community's careful and considered growth, there have been surprising unintended consequences of copyleft licenses. The specific outcome of proprietary relicensing has spread widely and — for stronger copyleft licenses like Affero GPL — has become the more common usage of the license.
As the popularity of Open Source has grown, companies have searched for methods to combine traditional proprietary licensing business models with FOSS offerings. Proprietary relicensing, originally pioneered by MySQL AB (now part of Oracle by way of Sun), uses software freedom licenses to compel purchase of proprietary licenses for the same codebase. Companies accomplish this by ensuring they collect all copyright control of a particular codebase, thus being its sole licensor, and offer the FOSS licenses as a loss-leader (often zero-cost) product. Non-commercial users generally are ignored, and commercial users often operate in fear of captious interpretations of the copyleft license. The remedy for their fear is a purchase of a separate proprietary license for the same codebase from the provider. Proprietary relicensing seems to have been the first mixed FOSS/proprietary business model in history.
The toxicity of this business model has only become apparent in hindsight. Initially, companies engaging in this business model did so somewhat benignly — often offering proprietary licenses only to customers who sought to combine the product with other proprietary software, or as supplemental income along with other consulting businesses. This business model (for some codebases), however, became so lucrative that some companies eventually focused exclusively on it. As a result, aggressive copyleft license overreading and inappropriate, unprincipled enforcement typically came from such companies. For most, the business model likely reached its crescendo when MongoDB began using the Affero GPL for this purpose. I was personally told by large companies at the time (late 2000s into early 2010s) that they'd listed Affero GPL as “Never Allowed Here” specifically because of shake-downs from MongoDB.
Copyleft itself is not a moral philosophy; rather, copyleft is a strategy that software freedom activists constructed to advance a particular set of policy goals. Specifically, software copyleft was designed to ensure that all users received complete, corresponding source for all binaries, and that any modifications or improvements made anywhere in the chain of custody of the software were available in source form to downstream users. As orginially postulated, copyleft was a simple strategy to disarm proprietarization as an anti-software-freedom tactic.
The Corruption of Copyleft
Copyleft is a tool to achieve software freedom. Any tool can be fashioned into a weapon when wielded the wrong way. That's precisely what occurred with copyleft — and it happened early in copyleft's history, too. Before even the release of GPLv2, Aladdin Ghostscript used a copyleft via a proprietary relicensing model (which is sometimes confusingly called the “dual licensing” model). This business model initially presented as benign to software freedom activists; leaders declared the business model “barely legitimate”, when it rose to popularity through MySQL AB (later Sun, and later Oracle)'s proprietary relicensing of the MySQL codebase.
In theory, proprietary relicensors would only offer the proprietary license by popular demand to those who had some specific reason for wanting to proprietarize the codebase — a process that has been called “selling exceptions”. In practice, however, every company I'm aware of that sought to engage in “selling exceptions” eventually found a more aggressive and lucrative tack.
This problem became clear to me in mid-2003 when MySQL AB attempted to hire me as a consultant. I was financially in need of supplementary income so I seriously considered taking the work, but the initial conference call felt surreal and convinced me that MySQL AB was engaging in problematic behavior . Specifically, their goal was to develop scare tactics regarding the GPLv2. I never followed up, and I am glad I never made the error of accepting any job or consulting gig when companies (not just MySQL AB, but also Black Duck and others) attempted to recruit me to serve as part of their fear-tactics marketing departments.
Most proprietary relicensing businesses work as follows: a single codebase is produced by a for-profit company, which retains 100% control over all copyright in the software (either via an ©AA or a CLA). That codebase is offered as a gratis product to the marketplace, and the company invests substantial resources in marketing the software to users looking for FOSS solutions. The marketing department then engages in captious and unprincipled copyleft enforcement actions in an effort to “convert” those FOSS users into paying customers for proprietary licensing for the same codebase. (Occasionally, the company also offers additional proprietary add-ons, improvements, or security updates that are not available under the FOSS license — when used this way, the model is often specifically called “Open Core”.)
Why We Must End The Proprietary Relicensing Exploitation of Copyleft
This business model has a toxic effect on copyleft at every level. Users don't enjoy their software freedom under an assurance that a large community of contributors and users have all been bound to each other under the same, strong, and freedom-ensuring license. Instead, they dread the vendor finding a minor copyleft violation and blowing it out of proportion. The vendor offers no remedy (such as repairing the violation and promise of ongoing compliance) other than purchase of a proprietary license. Industry-wide. I have observed to my chagrin that the copyleft license that I helped create and once loved, the Affero GPL, was seen for a decade as inherently toxic because its most common use was by companies who engaged in these seedy practices. You've probably seen me and other software freedom activists speak out on this issue, in our ongoing efforts to clarify that the intent of the Affero GPL was not to create these sorts of corporate code silos that vendors constructed as copyleft-fueled traps for the unwary. Meanwhile, proprietary relicensing discourages contributions from a broad community, since any contributor must sign a CLA giving special powers to the vendor to continue the business model. Neither users nor co-developers benefit from copyleft protection.
The Onslaught of Unreasonable Copyleft
Meanwhile, and somewhat ironically, the success of Conservancy's and the FSF's efforts to counter this messaging about the Affero GPL has created an unintended consequence: efforts to draft even more restrictive software copyleft licenses that can more easily implement the proprietary relicensing business models. We have partially succeeded in convincing users that compliance with Affero GPL is straightforward, and in the backchannels we've aided users who were under attack from these proprietary relicensors like MongoDB. In response, these vendors have responded with a forceful political blow: their own efforts to redefine the future of copyleft, under the guise of advancing software freedom. MongoDB even cast itself as a “victim” against Amazon, because Amazon decided to reimplement their codebase from scratch (as proprietary software!) rather than use the AGPL'd version of MongoDB.
These efforts began in earnest late last year when (against the advice of the license steward) MongoDB forked the Affero GPL to create the SS Public License. I, with the support of Conservancy, rose in opposition of MongoDB's approach, pointing out that MongoDB would not itself agree to its own license (since MongoDB's CLA would free it from the SS Public License terms). If an entity does not gladly bind itself by its own copyleft license (for example, by accepting third-party contributions to its codebases under that license), we should not treat that entity as a legitimate license steward, nor treat that license as a legitimate FOSS license. We should not and cannot focus single-mindedly on interpretation of the formalistic definitions when we recommend FOSS licensing policy. The message of “technically it's a FOSS license, but don't use” is too complicated to be meaningful.
A Copyleft Clause To Restore Equality
My friend and colleague, Richard Fontana, and I are known for our very public and sometimes heated debates on all manner of software freedom policy. We don't always agree on key issues, but I greatly respect Fontana for his careful thought and his inventive solutions. Indeed, Fontana first formulated “inbound=outbound” into that simple phrasing to more easily explain how the lopsided rights and permissions exchanges through CLAs actually create bad FOSS policy like proprietary relicensing. In the copyleft-next project that Fontana began, he further proposed this innovative copyleft clause that could, when Incorporated in a copyleft license, prevent proprietary licensing before it even starts! The clause still needs work, but Fontana's basic idea is revolutionary for copyleft drafting. The essence in non-legalese is this: If you offer a license that isn't a copyleft license, the copyleft provisions collapse and the software is now available to all under a non-copyleft, hyper-permissive FOSS license.
This solution is ingenious in the way that copyleft itself was an ingenious way to use copyright to “reverse” the rights and ensure software freedom. This provision doesn't prohibit proprietary relicensing per se, but instead simply deflates the power of copyleft control when a copyright holder engages in proprietary relicensing activities.
Given the near ubiquity of proprietary relicensing and the promulgation of stricter copylefts by companies who seek to engage (or help their clients engage) in such business models, I've come to a stark policy conclusion: the community should reject any new copyleft license without a clause that deflates the power of proprietary relicensing. Not only can we incorporate such a clause into new licenses (such as copyleft-next), but Conservancy's Executive Director, Karen Sandler, came up with a basic approach to incorporating similar copyleft equality clauses into written exceptions for existing copyleft licenses, such as the Affero GPL. I have received authorization to spend some of my Conservancy time and the time of our lawyers on this endeavor, and we hope to publish more about it in the coming months.
We've finished the experiment. After thirty years of proprietary relicensing, beginning with Aladdin and culminating with MongoDB and their SS Public License, we now know that proprietary relicensing does not serve or extend software freedom, and in most cases has the opposite effect. We must now categorically reject it, and outright reject any new licenses that can be used for it.