Thicket data repository for the EEG
anil.recoil.org
1{
2 "id": "http://martin.kleppmann.com/2021/04/14/goodbye-gpl.html",
3 "title": "It's time to say goodbye to the GPL",
4 "link": "http://martin.kleppmann.com/2021/04/14/goodbye-gpl.html",
5 "updated": "2021-04-14T00:00:00",
6 "published": "2021-04-14T00:00:00",
7 "summary": "The trigger for this post is the reinstating of Richard Stallman, a very problematic character, to the board of the Free Software Foundation (FSF). I am appalled by this move, and join others in the call for his removal. This occasion has caused me to reevaluate the position of the...",
8 "content": "<p>The trigger for this post is the\n<a href=\"https://www.fsf.org/news/statement-of-fsf-board-on-election-of-richard-stallman\">reinstating</a>\nof Richard Stallman, a very <a href=\"https://rms-open-letter.github.io/\">problematic character</a>, to the\nboard of the <a href=\"https://www.fsf.org/\">Free Software Foundation</a> (FSF). I am appalled by this move, and\njoin others in the call for his removal.</p>\n\n<p>This occasion has caused me to reevaluate the position of the FSF in computing. It is the steward of\nthe GNU project (a part of Linux distributions,\n<a href=\"https://www.gnu.org/gnu/incorrect-quotation.en.html\">loosely speaking</a>), and of a family of\nsoftware licenses centred around the\n<a href=\"https://en.wikipedia.org/wiki/GNU_General_Public_License\">GNU General Public License</a> (GPL). These\nefforts are unfortunately tainted by Stallman’s behaviour. However, this is not what I actually want\nto talk about today.</p>\n\n<p>In this post I argue that we should move away from the GPL and related licenses (LGPL, AGPL), for\nreasons that have nothing to do with Stallman, but simply because I think they have failed to\nachieve their purpose, and they are more trouble than they are worth.</p>\n\n<p>First, brief background: the defining feature of the GPL family of licenses is the concept of\n<a href=\"https://en.wikipedia.org/wiki/Copyleft\">copyleft</a>, which states (roughly) that if you take some\nGPL-licensed code and modify it or build upon it, you must also make your modifications/extensions\n(known as a “<a href=\"https://en.wikipedia.org/wiki/Derivative_work\">derivative work</a>”) freely available\nunder the same license. This has the effect that the GPL’ed source code cannot be incorporated into\nclosed-source software. At first glance, this seems like a great idea. So what is the problem?</p>\n\n<h2>The enemy has changed</h2>\n\n<p>In the 1980s and 1990s, when the GPL was written, the enemy of the free software movement was\nMicrosoft and other companies that sold closed-source (“proprietary”) software. The GPL intended to\ndisrupt this business model for two main reasons:</p>\n\n<ol>\n <li>Closed-source software cannot easily be modified by users; you can take it or leave it, but you\ncannot adapt it to your own needs. To counteract this, the GPL was designed to force companies to\nrelease the source code of their software, so that users of the software could study it, modify\nit, compile and use their modified version, and thus have the freedom to customise their\ncomputing devices to their needs.</li>\n <li>Moreover, GPL was motivated by a desire for fairness: if you write some software in your spare\ntime and release it for free, it’s understandable that you don’t want others to profit from your\nwork without giving something back to the community. Forcing derivative works to be open source\nensures at least some baseline of “giving back”.</li>\n</ol>\n\n<p>While this made sense in 1990, I think the world has changed, and closed-source software is no\nlonger the main problem. <strong>In the 2020s, the enemy of freedom in computing is cloud software</strong> (aka\nsoftware as a service/SaaS, aka web apps) – i.e. software that runs primarily on the vendor’s\nservers, with all your data also stored on those servers. Examples include Google Docs, Trello,\nSlack, Figma, Notion, and many others.</p>\n\n<p>This cloud software may have a client-side component (a mobile app, or the JavaScript running in\nyour web browser), but it only works in conjunction with the vendor’s server. And there are lots of\nproblems with cloud software:</p>\n\n<ul>\n <li>If the company providing the cloud software goes out of business or decides to\n<a href=\"https://killedbygoogle.com/\">discontinue a product</a>, the software stops working, and you are\nlocked out of the documents and data you created with that software. This is an especially common\nproblem with software made by a startup, which may get\n<a href=\"https://ourincrediblejourney.tumblr.com/\">acquired by a bigger company</a> that has no interest in\ncontinuing to maintain the startup’s product.</li>\n <li>Google and other cloud services may\n<a href=\"https://twitter.com/Demilogic/status/1358661840402845696\">suddenly suspend your account</a> with no\nwarning and <a href=\"https://www.paullimitless.com/google-account-suspended-no-reason-given/\">no recourse</a>,\nfor example if an automated system thinks you have violated its terms of service. Even if your own\nbehaviour has been faultless, someone else may have hacked into your account and used it to send\nmalware or phishing emails without your knowledge, triggering a terms of service violation. Thus,\nyou could suddenly find yourself permanently locked out of every document you ever created on\nGoogle Docs or another app.</li>\n <li>With software that runs on your own computer, even if the software vendor goes bust, you can\ncontinue running it forever (in a VM/emulator if it’s no longer compatible with your OS, and\nassuming it doesn’t need to contact a server to check for a license check). For example, the\nInternet Archive has a collection of\n<a href=\"https://archive.org/details/softwarelibrary\">over 100,000 historical software titles</a> that you\ncan run in an emulator inside your web browser! In contrast, if cloud software gets shut down,\nthere is no way for you to preserve it, because you never had a copy of the server-side software,\nneither as source code nor in compiled form.</li>\n <li>The 1990s problem of not being able to customise or extend software you use is aggravated further\nin cloud software. With closed-source software that runs on your own computer, at least someone\ncould reverse-engineer the file format it uses to store its data, so that you could load it into\nalternative software (think pre-<a href=\"https://en.wikipedia.org/wiki/Office_Open_XML\">OOXML</a> Microsoft\nOffice file formats, or Photoshop files before the\n<a href=\"https://www.adobe.com/devnet-apps/photoshop/fileformatashtml/\">spec</a> was published). With cloud\nsoftware, not even that is possible, since the data is only stored in the cloud, not in files on\nyour own computer.</li>\n</ul>\n\n<p>If all software was free and open source, these problems would all be solved. However, making the\nsource code available is not actually necessary to solve the problems with cloud software; even\nclosed-source software avoids the aforementioned problems, as long as it is running on your own\ncomputer rather than the vendor’s cloud server. Note that the Internet Archive is able to keep\nhistorical software working without ever having its source code: for purposes of preservation,\nrunning the compiled machine code in an emulator is just fine. Maybe having the source code would\nmake it a little easier, but it’s not crucial. The important thing is having a copy of the software\n<strong>at all</strong>.</p>\n\n<h2>Local-first software</h2>\n\n<p>My collaborators and I have previously argued for\n<a href=\"https://www.inkandswitch.com/local-first.html\">local-first software</a>, which is a response to these\nproblems with cloud software. Local-first software runs on your own computer, and stores its data on\nyour local hard drive, while also retaining the convenience of cloud software, such as real-time\ncollaboration and syncing your data across all of your devices. It is nice for local-first software\nto also be open source, but this is not necessary: 90% of its benefits apply equally to\nclosed-source local-first software.</p>\n\n<p>Cloud software, not closed-source software, is the real threat to software freedom, because the harm\nfrom being suddenly locked out of all of your data at the whim of a cloud provider is much greater\nthan the harm from not being able to view and modify the source code of your software. For that\nreason, it is much more important and pressing that we make local-first software ubiquitous. If, in\nthat process, we can also make more software open-source, then that would be nice, but that is less\ncritical. Focus on the biggest and most urgent challenges first.</p>\n\n<h2>Legal tools to promote software freedom</h2>\n\n<p>Copyleft software licenses are a legal tool that attempts to force more software vendors to release\ntheir source code. In particular, the\n<a href=\"https://en.wikipedia.org/wiki/Affero_General_Public_License\">AGPL</a> is an attempt to force providers\nof cloud services to release the source of their server-side software. However, this hasn’t really\nworked: most vendors of cloud software simply refuse to use AGPL-licensed software, and either use\na different implementation with a more permissive license, or re-implement the necessary\nfunctionality themselves, or\n<a href=\"https://www.elastic.co/pricing/faq/licensing\">buy a commercial license</a> that comes without the\ncopyleft clauses. I don’t think the license has caused any source code to become available that\nwouldn’t have been open source anyway.</p>\n\n<p>As a legal tool to promote greater software freedom, I believe copyleft software licenses have\nlargely failed, since they have done nothing to stop the rise of cloud software, and probably not\ndone much to increase the share of software whose source is available. Open source software has\nbecome very successful, but much of this success is in projects with non-copyleft licenses (e.g.\nApache, MIT, or BSD licenses), and even in the GPL-licensed projects (e.g. Linux) I am skeptical\nthat the copyleft aspect was really an important factor in the project’s success.</p>\n\n<p>I believe a much more promising legal tool to promote software freedom is in government regulation.\nFor example, the GDPR includes a\n<a href=\"https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-data-portability/\">right to data portability</a>,\nwhich means that users must be able to move their data from one service to another. Existing\nimplementations of portability, such as\n<a href=\"https://en.wikipedia.org/wiki/Google_Takeout\">Google Takeout</a>, are quite rudimentary (what can you\nreally do with a big zip archive of JSON files?), but we can lobby regulators to\n<a href=\"https://interoperability.news/\">push for better portability/interoperability</a>, e.g. requiring\nreal-time bidirectional sync of your data between two apps by competing providers.</p>\n\n<p>Another promising route I see is pushing\n<a href=\"https://joinup.ec.europa.eu/sites/default/files/document/2011-12/OSS-procurement-guideline%20-final.pdf\">public-sector procurement to prefer open source, local-first software</a>\nover closed-source cloud software. This creates a positive incentive for businesses to develop and\nmaintain high-quality open source software, in a way that copyleft clauses do not.</p>\n\n<p>You might argue that a software license is something that an individual developer can control,\nwhereas governmental regulation and public policy is a much bigger issue outside of any one\nindividual’s power. Yes, but how much impact can you really have by choosing a software license?\nAnyone who doesn’t like your license can simply choose not to use your software, in which case your\npower is zero. Effective change comes from collective action on big issues, not from one person’s\nlittle open source side project choosing one license over another.</p>\n\n<h2>Other problems with GPL-family licenses</h2>\n\n<p>You can force a company to make their source code of a GPL-derived software project available, but\nyou cannot force them to be good citizens of the open source community (e.g. continuing to maintain\nthe features they have added, fixing bugs, helping other contributors, providing good documentation,\nparticipating in project governance). What worth is source code that is just “thrown over the wall”\nwithout genuine engagement in the open source project? At best it’s worthless, and at worst it’s\nharmful because it shifts the burden of maintenance to other contributors of the project.</p>\n\n<p>We need people to be good contributors to the open source community, and this is achieved by setting\nup the right incentives and by being welcoming, not by software licenses.</p>\n\n<p>Finally, a practical problem of GPL-family licenses is their\n<a href=\"http://gplv3.fsf.org/wiki/index.php/Compatible_licenses\">incompatibility with other widely-used licenses</a>,\nmaking it difficult to use certain combinations of libraries in the same project and unnecessarily\nfragmenting the open source ecosystem. Maybe it would be worth putting up with this problem if the\nGPL had other strong advantages, but as I have explained, I don’t think those advantages exist.</p>\n\n<h2>Conclusion</h2>\n\n<p>The GPL and other copyleft licenses are not bad; I just think they’re pointless. They have practical\nproblems, and they are tainted by the behaviour of the FSF, but most importantly, I do not believe\nthey have been an effective contributor to software freedom. The only real use for copyleft nowadays\nis by commercial software vendors\n(<a href=\"https://www.mongodb.com/licensing/server-side-public-license/faq\">MongoDB</a>,\n<a href=\"https://www.elastic.co/pricing/faq/licensing\">Elastic</a>) who want to stop Amazon from providing\ntheir software as a service – which is fine, but it’s motivated purely by business concerns, not by\nsoftware freedom.</p>\n\n<p>Open source software has been tremendously successful, and it has come a long way since the origins\nof the free software movement born from 1990s anti-Microsoft sentiment. I will acknowledge that the\nFSF was instrumental in getting this all started. However, 30 years on, the ecosystem has changed,\nbut the FSF has failed to keep up, and has\n<a href=\"https://r0ml.medium.com/free-software-an-idea-whose-time-has-passed-6570c1d8218a\">become more and more out of touch</a>.\nIt has failed to establish a coherent response to cloud software and other recent threats to\nsoftware freedom, and it just continues to rehash tired old arguments from decades ago. Now, by\nreinstating Stallman and dismissing the concerns about him, the FSF is\n<a href=\"https://lu.is/blog/2021/04/07/values-centered-npos-with-kmaher/\">actively harming</a> the cause of\nfree software. We must distance ourselves from the FSF and their worldview.</p>\n\n<p>For all these reasons, I think it no longer makes sense to cling on to the GPL and copyleft. Let\nthem go. Instead, I would encourage you to adopt a permissive license for your projects (e.g.\n<a href=\"https://opensource.org/licenses/MIT\">MIT</a>, <a href=\"https://opensource.org/licenses/BSD-2-Clause\">BSD</a>,\n<a href=\"https://opensource.org/licenses/Apache-2.0\">Apache 2.0</a>), and then focus your energies on the\nthings that will really make a difference to software freedom:\n<a href=\"https://www.inkandswitch.com/local-first.html\">counteracting</a> the monopolising effects of cloud\nsoftware, developing sustainable business models that allow open source software to thrive, and\npushing for regulation that prioritises the interests of software users over the interests of\nvendors.</p>\n\n<p><em>Thank you to <a href=\"https://ramcq.net/\">Rob McQueen</a> for feedback on a draft of this post.</em></p>\n\n<p><em>Update: <a href=\"https://twitter.com/lexi_lambda/status/1295426437583982592\">related Twitter thread by Alexis King</a></em></p>",
9 "content_type": "html",
10 "author": {
11 "name": "Martin Kleppmann",
12 "email": null,
13 "uri": null
14 },
15 "categories": [],
16 "source": "http://feeds.feedburner.com/martinkl"
17}