Open source gets complicated

2 weeks ago 7

Oh, for the days when “open source” was simply the business-friendly version of “free software.” When we could make believe that the Open Source Definition (OSD) crafted for a world of packaged software shipped on CDs or other physical media would apply equally well to AI or cloud. When the categories of “us” and “them” were clear, and “them” always meant the bad guys. Wasn’t 2023 awesome? Of course, open source has always been much more complicated than some would like to suppose. But this week that complexity exploded, revealing a roiling mess of geopolitics, chip wars, and, of course, AI messiness. Rather than a testament to the inherent weakness of facile understanding of open source, what is emerging from this mess is a reminder at how complicated yet resilient open source has been for decades. Pressure-testing the OSD I’ve been arguing for some time that AI breaks traditional definitions of open source, while pointing out that academic debates about The One True Definition of AI have largely been ignored by developers. They have work to do, after all. What’s new, however, is that some of the most thoughtful, vocal proponents of “open source AI” have, quite recently, acknowledged that “AI and source code are simply too different to be neatly managed side by side. The complexity of AI demands complexity of licensing.” That’s a quote from RedMonk’s Steve O’Grady, who is often right, and is definitely correct here. But his same logic extends beyond AI. When he argues that “AI is inarguably a fundamentally different asset than software alone,” he’s right, but the same thing should be said of cloud. For those who lived through the early attempts to apply the OSD—which was conceived to cover source code—to software services delivered over networks, you’ll remember how contentious and messy that process was. We ended up with a kludge called the Affero General Public License (AGPL) and then mostly tried to ignore the issue for the next decade or so. You can side with O’Grady that “a group of vendors and investors seeking to commercialize open source have attempted to blur that definition to the point of meaninglessness and irrelevance,” or you can recognize that the OSD for AI and cloud simply doesn’t live up to its original ideals. Free software in the shape of a robust GPL, for example, doesn’t exist in cloud, precisely because the same “teeth” that existed for source code don’t exist for source code that is sort of delivered as a service. One can believe there are bad actors, as O’Grady seems to, and still think the OSD isn’t living up to its ideals for AI or cloud. But that’s just one messy area (one that the Linux Foundation is trying to help resolve with some new open source definitions for AI and science). Вы хотите писать программное обеспечение, да? Russia isn’t super well-loved in the United States or Western Europe right now, so perhaps it was just a matter of time before Russian software developers would get booted out of their roles as open source contributors to key projects. For example, roughly one dozen Linux maintainers were relieved of their positions this past week. We’ve seen open source contributors lose their status for a variety of reasons on a project-by-project basis, but this is the first time I can remember a class of contributors expelled from a project due to nationality. Greg Kroah-Hartman, a key Linux kernel leader, notes in a message to the Linux kernel mailing list, “Remove some entries due to various compliance requirements. They can come back in the future if sufficient documentation is provided.” That documentation comes down to proving they don’t work for entities that have been sanctioned by countries as varied as the US, Taiwan, Norway, and New Zealand. At least one maintainer is soon to be reinstated. Though messy and undoubtedly distressing to those affected, this is actually good turmoil. After all, it’s an indication that open source, generally, and Linux, specifically, matters. Roll back the clock even 10 years and the world was only starting to come to terms with open source’s importance thanks to security vulnerabilities like Heartbleed. In the micro sense, this is a problem, but in the macro sense, it’s indicative of positive trends. Never meet your heroes On the not-so-positive side of the open source ledger is the whole WordPress controversy. I guess I follow people of a certain persuasion on X, because according to their commentary, Automattic CEO Matt Mullenweg had become evil incarnate overnight, launching an unprovoked legal broadside against WP Engine. Dig into the details a bit more, as Ivan Mehta has, however, and it’s clear that there’s plenty of blame to go around. Perhaps this is a good place to stop (even without getting into the Arm versus Qualcomm open standards battle). If your view of the open source world is a pristine binary of right and wrong, you probably aren’t paying enough attention. Open source has endured precisely because of messy compromise due to messy reality. That is, after all, why we have the moniker “open source” in the first place: It was a way to placate business interests, which infuriated the binary-visioned free software purists. If you think about it, it is a delicious irony.


View Entire Post

Read Entire Article