Open Source Power
I've been trying to write this piece for years, really ever since I finished the first version of Open Source Explained (a v2 will drop early next year). Every time I get started I'm just overwhelmed with paralyzing visions of the commentariat accusing me of WrongThink.
So I drop it, because I'm tired to the bone of debating the minutae of open source definitions when the conversation we ought to be having is about power: who has it? (oligarchs), how did they get it? (monopolies & corruption), why is that a problem? (platform autocracy), and how do we the people take that power back? (protocols and open software).
Understanding ownership is power
It’s important to understand the codes in your life, because your life is made up of them. Once you understand which codes you already have access to and even the right to inspect, you can see more clearly which other codes you ought to have insight into.
Nothing makes me more anxious than writing about open source licensing because nothing brings out more opinion-havers, the vast majority of whom are speaking from a point of privilege-blindess in the western world. The widespread ignorance of the deeper power struggle at play (which we're losing) has brought the free world to the very brink, so I'm pushing past the discomfort to honor the urgency of our moment.
As a life-long advocate of open source methodology - an incredible tool and tactic for pro-social change - licensing is a legitimately painful subject matter. The dialogue is just so profoundly stuck, and it can feel like a lot of software engineers care more for the sanctity of Open Source computer code than human life and wellbeing.
Instead of finding common cause in sustainable cultivation of the digital commons we appear forever doomed to argue semantics and purity tests while the burnout epidemic worsens and the integrity of our shared infrastructure disintegrates beneath our feet.
I'd estimate that 95% of my working-time in software development (>20 years), employed and independent alike, has been spent facilitating & producing open source software. I am Team Open Source. I steadfastly believe in open source praxis as an exceptionally powerful method of permissionless coordination & innovation.
Yet if open source code alone could change the world, it would have happened by now. When Microsoft suddenly turned OSS-friendly in the 2010s we triumphantly proclaimed "open source has won!", but what have we got to show for it? More technology does not on its own correlate with better quality of life.
In hindsight I don't think any reasonable person can say that we're collectively better off. Democracy is losing, and tech is playing an undeniably outsized part in that.
Fact is, the reason companies like Microsoft, Google, Amazon and Facebook warmed up to open source is because they realized they could use it to their advantage by commoditizing their complements.
Joel Spolsky in 2002 identified a major pattern in technology business & economics: the pattern of “commoditizing your complement”, an alternative to vertical integration, where companies seek to secure a chokepoint or quasi-monopoly in products composed of many necessary & sufficient layers by dominating one layer while fostering so much competition in another layer above or below its layer that no competing monopolist can emerge, prices are driven down to marginal costs elsewhere in the stack, total price drops & increases demand, and the majority of the consumer surplus of the final product can be diverted to the quasi-monopolist. No matter how valuable the original may be and how much one could charge for it, it can be more valuable to make it free if it increases profits elsewhere.
Hardware capitalists (hyperscalers) love maximally free-of-charge software. When the only way to monetize software is to run it in the cloud and charge for access to the cloud, owning hardware becomes the only viable business model for software distribution. Anyone who doesn't own hardware must sell their software like an infrastructural subletter at ever-thinning margins as the software product gets commoditized.
Kat Marchán 🐈Preach, Kat!
And for the Silicon Valley startups where open source products have become a common differentiator and market-entry-wedge among many new companies, open source is not a moral imperative or a common good, it's just an effective go-to-market strategy.
Since its inception the free and open source software movement has lacked a theory of change beyond the liberation of computer code. Liberation of human beings by way of a liberatory technology was always a secondary and oftentimes incompatible concern for Open Source, since laborers having agency of their work (and how it may be exploited) is in conflict with the inviolable liberties of an Open Source computer program.
The result has been an ineffectual "open source revolution" that maintains the status quo of our modern day hellscape by facilitating an upwards transfer of wealth and power, amassed by the hyperscalers who are now entering their final, fascistic form. Open source "won" by aiding and abetting the already dominant owner-class.
Amazon and Google are empirically more powerful today than they were 20 years ago. Our prevailing models of software ownership are demonstrably not a threat to the ones using software to eat the free world. We need a change of tactics.
Anti-fascistic software
..is made possible by pro-labor licensing.
After a recent demoing of Roomy to the fine people of Scenius, someone asked the question that always comes up in these nerdy circles, as it should:
"is your project open source"
Well, if you mean is all our source code openly available for other makers to freely use, copy, modify and share-alike?, then yes.
But indiscriminately so? No. There are uses of our freely available code (Roomy, MPLv2 and its underlying Leaf framework, FSL) that we do not tolerate, namely commercial uses of our software that compete with the services we ourselves are commercially operating for the express purpose of keeping ongoing development and maintenance of Roomy sustainable.
Yes, in sacreligious discordance with the holy commandments of the California-based Open Source Initiative, we discriminate, thus violating the 6th principle of the Open Source Definition.
No Discrimination Against Fields of Endeavor
The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
This definition of open source prohibits discriminating against megacorps and nazis.
That's a problem for me. You see, I wanna make my software freely available to everyone in the world except those guys specifically. That very particular bunch of autocratic corpo-states are actively destroying the world I'm trying to pro-socially enrich as a commoner.
Certain open software zealots will defend the innate righteousness of the Open Source Definition with a religious fanaticism indistinguishable from the actual members of faith traditions they love to denigrate as illogical loons.
Yet even Bruce Perens, the original author of the Open Source Definition, acknowledged in 2024 that the class of open source licensing stipulated by the OSD is not sufficient for modern day conditions. He is now championing what he calls Post-Open, which is a fairly long-winded way of saying he's now pretty cool with the notion of licensing code to be "free only for non-commercial use".
Protection against commercial extraction via CC BY-NC licensing is a perfectly normal practice in the open source art community, but for some strange reason when it comes to code this simple defensive maneuver is just not right.
I am an anti-fascist. By plainly stating this I will apparently be marked as a terrorist by the USA, so I guess I'm not visiting again any time soon.
As the former VP of Community at Discourse (GPLv2) I spent half a decade participating in the making of certifiably Free, Open Source Software that got put to use by literal nazis to amplify their organized hate, and all we had to say for ourselves was "well, the license says free for everyone". In the words of Kyle Mitchell, this is the Tyranny of Permissionlessness in action.
If the only correct and righteous way to make Open Source software means strictly making non-discriminatory software stripped of protections for its laborers, consider me out. I've personally made it my job to produce anti-fascistic software, meaning software that decentralizes power by taking it away from autocratic fiefdoms and re-distributing it to the margins of society.
It boggles the mind that in an open software culture whose central ethos is continuous iteration and improvement made possible by openness, our licensing stack and its ingrained principles are apparently immutable.
Even the author of the illuminating "Why Open Source Failed" (from 2018 and a spiritual predecessor to this article) promptly rules out new types of licensing as part of the solution. Instead he appealed to government intervention, which by now is as quaint of a sentiment as they come.
No one is coming down from up high to save us. We can only seize the levers of power that are within our reach. Licensing is a uniquely powerful lever because it is enacted as a bottom-up change at the level of individual agency whilst simultaneously being wielded with the top-down legal authority of nation states.
The intellectual property landscape is grossly outdated and biased towards big business, but the market still depends on the continued rule of law to function. That systemic dependency can be subverted against itself and used in our favor by reformulating acceptable use for the people's software at a grassroots level.
Ethical licensing is hard, but far from impossible. While we cannot easily encode anti-fascism into our licenses, what we can easily do is discriminate against big capital, the underlying engine of fascism and authoritarianism.
That's what defensive licensing tactics for open software makes possible.
While OSI has no right to claim any authority over a term as general as "open source", they've successfully popularized a cultural interpretation of Open Source (Software) in accordance with their neoliberal definition. I'll abide by that interpretation as long as it remains culturally mainstream. With time I do however intend for and expect that interpretation to change.
Rapid-fire Q&A
Are you saying traditionally licensed OSS is bad?
No. Licensing general-purpose libraries as permissively as possible makes total sense. We might say "the arc of progress bends towards permissive software", which is why "Fair Source" licenses like the Functional Source License self-terminates into a permissive license after a 2-year period of protection from capture.
What are you so afraid of?
Last year a company with an open source product got accepted for Y Combinator. Shortly thereafter another company copied their source code, also applied to YC and got accepted!
As an eventually steward-owned company we don't intend to apply for YC, but the prospect of any copy-cat behavior like this is chilling.
And it's not just funded startups that are targeted either. Independent ventures like the Bear blog are just as vulnerable. The kumbaya years of open source are long gone.
What bout AGPL?
It doesn't do anything to protect against commercial capture and extraction by someone with more capital (money & servers) to offer an alternative to your service at no development cost. It merely ensures that whatever code is copied has to remain open.
Are you a proponent of "open core"?
In the wide definition of the term, yes.
The dirty secret of any open-source product company is that in order to be competitively viable it is closing down something, usually some critical piece of service-scaling infrastructure.
You want to know how a “100% open source project” is kept going? Somewhere else, closed code is sold to pay for it. Over the lifetime of an “open source web app” that needs to make money to sustain ongoing development, some kind of closed service inevitably sneaks into the project. WordPress is a prime example of this.
The best way to avoid that is to be incentivized to push 100% of all code into public view, which is advantagous when parts of that public code are commercially licensed because the openness of the code helps the sale of the code (as past labor).
Real World of Open Source
Ursula Franklin's timeless lecture on The Real World of Technology from 1989 should in my humble opinion be required reading in the School of Open Source and Pro-Social Technology.
As I see it, technology has built the house in which we all live. The house is continually being extended and remodelled. More and more of human life takes place within its walls, so that today there is hardly any human activity that does not occur within this house. All are affected by the design of the house, by the division of its space, by the location of its doors and walls. Compared to people in earlier times, we rarely have a chance to live outside this house. And the house is still changing; it is still being built as well as being demolished. In these lectures, I would like to take you through the house, starting with the foundation and then examining with you the walls that have been put up or taken down, the storeys and turrets that have been added, the flow of people through the house — who can come in, who can go into particular spaces.
One needs to look not only at what technology does, but also what it prevents—and whether by the mere presence of technological approach to a social problem, one does not redefine the problem to the detriment of the total situation.
She talked about holistic versus prescriptive technology. With holistic technologies, the worker is in control; with prescriptive technologies, the worker is under control. In the context of sustainability, traditional FOSS can in some cases have a harmfully prescriptive quality to it by limiting code workers to only selling their future work (on condition of employment) and not the works of their past (as an independent).
When talking to the most ardent FOSS-maxers it usually feels like they're not making enough contact with reality at large. Free, Open Source Software does not a social movement make. FOSS ideology operates in a theoretically pure vacuum that doesn't need to interact with the messy reality of daily survival.
The liberties of software are obviously ill-defined if they actively erode the liberties of the people who make it. Open Software as a positive force in the world is entirely contingent on its ability to distribute power. To date it has facilitated the opposite.
Distributing privilege
Making the rich even richer was definitely not part of the original ethos of the open source movement. Most open source software has been built on the backs of people enjoying privileged lives with an abundance of free time to satiate their intellectual curiosities. Volunteer value contribution also helps lessen the guilt induced by being in the group of people who just lucked out with the life-ride we were put on.
That’s not to say sacrifices haven’t been made. Open source is also built on contributor churn; burnout.
We can’t have a movement that grew out of privilege and suffering become an amplifier of more privilege for those who already have the most, and more suffering for the underprivileged! That’s a very bad look for us aspiring movers. And it would make obvious that what we thought of as “solving hard problems” might’ve just been ’pretending to be intellectuals by making up puzzles for ourselves to solve’.
How much of our “progress” is really just little distraction machines that we built to keep our brains from going too quiet and introspective.
We will know our movement is succeeding if we are contributing to privileged wealth being widely and equitably distributed. We will know we have failed if the status quo remains unchanged, and the powers-that-be remain comfortably seated.
In the three and a half years since I wrote this the status-quo has only worsened, and it was already bad enough back then.
Open Source as a Commons
Before the term "Open Source" got marketed as the industry-standard description of open software code in the 90s, open software was being shared as a digital commons in the same way we've practiced commoning of any social technology going back millennia.
The notion of a 'Commons' re-entered the zeitgeist in the late 60s, after a grumpy ecologist called Garret Hardin confabulated a hypothetical "Tragedy of the Commons".
I call it a confabulation because Hardin's unimaginative game-theoretic scenario was purely his own thought experiment with no basis in scientific research.
'Economism' was summed up by Ely Devons, who quipped "If economists wished to study the horse, they wouldn’t go and look at horses. They’d sit in their studies and say to themselves, ‘What would I do if I were a horse?’"
Hardin asked himself, "If I were reliant upon a commons, what would I do?" And, being a realist (that is, an asshole), Hardin decided that he would steal everything from the commons because that's what the other realists would do if he didn't get there first.
Hardin didn't go and look at a commons. But someone else did.
That someone else was Elinor Ostrom, an actual nerd who went out and did actual research and discovered that, actually, the commons is antithecal to social tragedy. Commoning is literally a practice of societal anti-fragility.
While the tragedy of the commons is a fabrication, the free-rider problem is very real, most of all because the biggest free-riders are the largest corporations in the history of our world. That's why our commons have to be actively protected and managed.
Elinor Ostrom's work on Governing the Commons culminated in eight principles on how to best manage a commons together.
The first of those principles is foundational to all the rest:
(1) Commons need to have clearly defined boundaries.
In particular, who is entitled to access to what? Unless there’s a specified community of benefit, it becomes a free for all, and that’s not how commons work.
The original sin of "Open Source" as imagineered by software libertarians was to not only to omit this critical insight from its definition, but actively forbidding any such boundary-drawing by anyone who wanted to consider themselves true advocates of Open Source.
From the revised and expanded principles formulated by a computer nerd:
1A. DEFINE AUTHORIZED USE: The community of those who have the right to use the common resource is clearly defined.
1B. DEFINE COMMONS BOUNDARIES: The boundaries of the commons are clearly defined so as to separate the usage rules from the larger environment.
2A. MAKE COSTS PROPORTIONAL: Costs for using and maintaining the commons are proportional to the benefits that those users receive from the commons.
2B. PAY ALL COSTS: People that use the commons keep costs inside the local system as much as possible. They do not externalize costs either to neighbors or future generations.
This is precisely how we are NOT managing our digital commons.
We need to follow in Ostrom's footsteps and bring in the scientists on this one. Are companies who transitioned some of their products to source-available licensing less pro-socially impactful than the purest operators out there? Is the agency of the product-user meaningfully limited by source-available software?
I posit that in five years we will laugh about how much we fretted and quibbled over the degrees of openness in our "open-source vs shared-source" products when they amount to roughly the exact pro-social impact compared to the domineering dynamics of closed-source black boxes.
There is a singular condition that necessarily precedes all other definitions and principles for free and open software: Source code availability.
Did you ever notice how the four freedoms to run, study and (re)distribute a program keep repeating “Access to the source code is a precondition for this [freedom].”? We just don’t get very far without source code access.
This particular freedom is special:
The freedom to study how the program works, and change it so it does your computing as you wish. Access to the source code is a precondition for this.
Unlike the other ‘freedoms’, insight is not just a legal story, it’s the difference between knowing and not knowing. When we have insight, we have unlocked the possibility to do whatever we want with this code, legal or not.
If running some code would assuredly save a life, I have a moral obligation to run that code, even if I am not legally allowed to run it.
When the source code of an application is available for view, the most important job is done. The black box has been cracked open and added to the permanent archives of The Commons. The conditions may say “for viewing purposes only; no editing, copying, remixing or redistributing allowed”, and we may play along, provided the rules of the game seem fair at the time.
Open source codes exist on a spectrum of openness. We can’t quite seem to agree what openness taken to its logical extreme should ideally look like, but the modest beginning on the other end is simple and clear-cut: Open access to the source code of your thing.
Other conditions may and in many cases should apply.
Re-defining our boundaries
The reigning winners of open source are the megacorporations, and who can blame them. We seem to have collectively agreed (though I would argue by manufactured consent) that drawing clear boundaries around our digital software commons is the one thing we cannot do.
There’s never enough interest in grappling with this looming issue until the system breaks enough that people are being hurt in the form of critical system failure and vast personal expenses of both the psychological and financial kind.
Modern infrastructure initiatives like Vite+ are daring to make source-available code and I think this is a Very Good Thing. It facilitates a rethinking of the social as well as financial contract between open source maintainers and the corporations that to-date have been extracting vastly more value out than they're putting back in.
OpenSSF
Beyond package registries, open source projects also rely on essential systems for building, testing, analyzing, deploying, and distributing software. These also include content delivery networks (CDNs) that offer global reach and performance at scale, along with donated (usually cloud) computing power and storage to support them.
And yet, for all their importance, most of these systems operate under a dangerously fragile premise: They are often maintained, operated, and funded in ways that rely on goodwill, rather than mechanisms that align responsibility with usage.
Despite serving billions (perhaps even trillions) of downloads each month (largely driven by commercial-scale consumption), many of these services are funded by a small group of benefactors. Sometimes they are supported by commercial vendors, such as Sonatype (Maven Central), GitHub (npm) or Microsoft (NuGet). At other times, they are supported by nonprofit foundations that rely on grants, donations, and sponsorships to cover their maintenance, operation, and staffing.
Regardless of the operating model, the pattern remains the same: a small number of organizations absorb the majority of infrastructure costs, while the overwhelming majority of large-scale users, including commercial entities that generate demand and extract economic value, consume these services without contributing to their sustainability.
The top 10 biggest programming languages in the world are collectively responsible for trillions of dollars in generated value. How much of that value is cycling back into the maintenance of these languages and their ecosystems? 0.01% maybe, if even that?
Is it really that crazy to imagine a community-governed and institution-owned package management stack that's licensed such that corporations have to pay their fair share, to the tune of some tens of millions of dollar per year in revenue? Keep in mind that non-profits are welcome to make lots of revenue, it's the excess profits that's a probem.
The Rust-lang package utility crates.io and all of its accompanying infrastructure is licensed as permissively as possible with MIT and Apache v2. Why? Is anyone forking and remixing crates.io for personal use?
Package managers are centrally managed utilities by necessity; we just need the one (on average). No one is pulling in the crates.io package manager itself as a code dependency in their project, so the licensing of that package management code almost exlusively pertains to the usage of crates.io as a package management product, used by individuals and corporations alike.
Alike, but not equally. As the OpenSSF article above makes clear:
Commercial-scale use without commercial-scale support is unsustainable.
What the article doesn't get into is exactly how the corporations will be charged for services rendered. Presumably the utility endpoints themselves like crates.io will receive some much needed changes their Terms of Service as pertaining to corporations.
That'll be a great start, but I believe something more akin to the commercial tempering of Vite+ (specific license TBA) is necessary as an additional protection, otherwise the capital-holders will keep re-drawing the boundaries in their favor.
Case in point, two months ago the Python Software Foundation announced "The PSF has withdrawn a $1.5 million proposal to US government grant program".
They did so because their state-sponsored funding was contingent on compromising their community's commitment to diversity. This is the kind of decision OSS orgs are faced with when they have to ask for money instead of being paid for services rendered. I wonder how many orgs have quietly taken this deal, insidiously eroding their culture of openness and cultural diversity in the process.
Same team, same mission
Alright, now that I got that off my chest.. if you are a FOSS advocate of any kind, you're my kind of people; I love what you do and what you are about. We're playing for the same team.
That's why it's all the more painful when we're failing to meet and prosper together on our vast stretch of common ground, rich with possibility. If you share this sentiment we can talk all about it in the chat, the first of which will happen together with the Scenius community on December 3rd as an 'Open Source Panel', exact time and digital venue TBA.
If the case I'm making for more experimentation and ideological agnosticism isn't tracking for you and you're still not convinced that I'm a well-intentioned cultivator of our digital commons, man, do me a favor and just leave me be for a while instead of telling me how wrong I am.
Let me do my work. I'm so tired of this. Give me a year to just show you rather than telling, and let's talk more then. In the meantime kindly give me the silent treatment.
Thanks for reading, friend (if you still want to be).
Other things I might write about if there's any juice left after this:
- How copyleft discriminates against economic opportunity
- How WordPress' GPL licensing forced Automattic into an ugly legal battle
- Open Source and Post-Growth
- CLAs are good for workers, actually
- Trustworthy software
- Governing acceptable-use by community tribunal
- How non-commercial boundaries incentivizes proper accounting of project contributions.