OSS Licensing Sucks

3 weeks ago 1

I am working on Eidetica, an OSS project that may one day be a good backend for apps to store data. It is primarily useful as an open library for free software to use but may be valuable enough for companies to use and pay for.

What !%&*-ing license should it have?

I basically want a license that says “use it for free, but if you make money you have to pay for it.” I don’t actually care so much about keeping the source code always available, or forcing all users/forks to share code. Don’t get me wrong, those are all good things and I want them to happen, but it’s not a requirement.

What I do care about is that Amazon can’t take it and make hundreds of millions of dollars off it without giving me a penny.

The reality is that none of the broadly accepted Open Source licenses satisfy that criteria. I understand that technically that wouldn’t be an Open Source license, but the community needs some accepted license that allows software developers to both share code where possible but also keep enough control to make money from it.

Lets analyze the potentials, with my requirements, and compare to see which may fit well.

First we need a lens to view this through. I’m building the following.

  • A decentralized, Peer-to-Peer Database and integrated Object Store.
  • Packaged as a library so you can embed it in your own application.
  • Written in Rust, with bindings for WASM.
  • Plus a self-hostable Synchronization Node with multi-user support.

Fundamentally it is a database that communicates over the network, offered as a library and a binary. It can be embedded into your app, and can communicate with a hosted Sync server or a users private Sync server to assist with replication.

What license should it use? Should the binary be a different license?

The main problem is that I can’t both distribute the core of the library so that others can embed it into their OSS applications and also somehow charge for it.

The value of this thing is in the protocols, the flexibility/modularity of the codebase, and the interoperability of storing all of a user’s data into the same decentralized system.

For example, if a user is using several different applications that all store data in Eidetica, all the user needs to do is run a Sync node on their laptop/desktop/server and all the data from all of those apps will be backed up there. Or pay someone to host that node for them.

Complete user control of their own data. End-to-End-Encrypted too.

Functional Source License (FSL) Link to heading

The Functional Source License (FSL) is a Fair Source license that converts to Apache 2.0 or MIT after two years. It is designed for SaaS companies that value both user freedom and developer sustainability. FSL provides everything a developer needs to use and learn from your software without harmful free-riding.

This is the closest thing to what I want. It allows the use of the code for non-competing purposes, and explicitly allows for non-commercial research, education, and even internal use. Basically, it’s for SaaS companies to release their code under a license that allows all uses except those that undermine their business.

But I don’t have a product I’m selling, and I don’t want to be in the business of selling a SaaS product. Technically I could host a Synchronization Node and sell access, but I don’t think the FSL would be appropriate for the library anyway. What is a “Competing Use” to a free library?

One option to consider is to split the licensing for my library and my binary. License the binary under FSL and the library under something more open, but the reality is that all the goodies live inside the library and not the binary, so that they can be embedded.

I love the idea here, and will fully advocate that anybody developing a SaaS should consider it, but it does not work for Eidetica.

AGPL Link to heading

AGPL is the strongest copyleft license that legally forces anyone using your library and providing access over a network to release all their source code. Technically it doesn’t say that, but it has never been tested in court whether communicating with AGPL-licensed software at all makes your code required to be available. No matter what Free Software advocates may claim, multiple companies with huge legal teams ban it entirely because they are not sure how a court would interpret it.

And that is why a bunch of companies with open source communities and a desire to make money use it. Redis and Matrix/Element just off the top of my head.

They license the code as AGPL plus commercial. So you can use it in OSS software as AGPL software while they also retain the right to sell exceptions. It’s how they manage to make money at all, though in both of those cases they also sell hosted versions.

This is the license and plan I’m currently using, but I am wary.

The issue is that I want OSS projects to use it. And you simply can’t license a library as AGPL because it functionally forces anything depending on it to also be AGPL. OSS projects can’t just change their license easily* (all contributors must agree to the new license), so this makes the library a complete non-starter for most existing projects.

*To clarify, an OSS project could in theory add an AGPL dependency without changing its license, however any resulting binary that contained the library would need to be AGPL. Yes it’s a little confusing.

Because of the uncertainly and hurdles, choosing AGPL will heavily limit adoption, and the value of this is quite literally in the network effects.

Permissive (Apache/MIT/etc) Link to heading

A fully permissive license would place virtually no restrictions on the code except for attribution.

Everybody could use it, everybody could make money off of it, and nobody has to pay for it in any way.

Oh…

Free Software, But Paid Link to heading

And here we get to the real problem: the downside to a permissive license is that there is simply no way to make money off the software.

  • Begging for donations does not work. The number of people who actually earn anything close to a reasonable ROI is approximately zero. I give a good amount of money to the OSS software I use (>$500/year) but most people do not or cannot.
  • Offering consulting/support sounds reasonable, but I’m not sure how widespread this is in reality. It also causes conflicts of interest that can reverberate through OSS communities for years.
  • Grants from OSS software support funds. I’ve seen similar projects get funding through these.
  • Selling it as packaged software isn’t an option, it’s free.
  • Selling a SaaS myself as “the expert who knows how to manage it” is not something I want to do even if I could get paid for it. It will eventually support arbitrary, E2EE data… I’m not going to host that for strangers.

Buuut, I also have a secret power. I don’t really need income to work on this full time. I am retired (FIRE’d), so I do what I want, and what I want now is for this piece of software to exist.

I am a proud Architecture Astronaut, heavily prone to getting nerd-sniped, and with lots of time on my hands.

I like the tech space. I enjoy digging deeply into so many different areas and getting to play with a useful, foundational piece of software. I also see deficiencies in the existing solutions I’ve examined, and I don’t want to go re-architect somebody else’s project to fix those problems.

That said, I also do not actually want to ‘work’ for free, and I don’t want people to make money while relying on this company-sized project that I have built. I will lose interest and move on.

That’s sort of why I’m leaning towards just using Apache 2.0 and then hoping I can beg for enough donations to cover my direct expenses at least. Maybe it leads to more, maybe it’s just fun to work on for a bit.

To be perfectly clear, my expenses just to be an active software developer are in the thousands of dollars per year (home office, fast computer, hosting, developer tools, coffee, etc.). And since I’m effectively working full-time for myself instead of taking a job, the opportunity cost is in the hundreds of thousands per year.

I’ve been getting closer to a minimally viable release, when I will start talking about it more publicly. For now I am the only one having written code for it and fully retain the rights to change the license however I want.

I am leaning towards just placing all this code under Apache 2.0 and calling it a day. More than likely it won’t gain wide usage and I will get bored of quixotically developing a database for nobody and move on to something else. TempleOS is not something to aspire to.

If it does become something that people use, I will however attempt to earn money through shaming people for donations, support contracts, consulting, etc., and be very open about conflicts of interest if they arise.

After looking at this, I gotta say the landscape is bleak for anybody who wants to try to monetize a project that needs to be some form of OSS to gain usage. The only reason I can even consider going the permissive route is that I do not need to worry about paying for food.

I don’t see any licensing route here that would allow broad adoption, monetization, and restricting Amazon from stealing it without paying any money, all while still being “acceptable” to the OSS community.

I do not see how this product could exist without someone donating a large amount of time and effort on developing it. Pay will almost certainly be less than minimum wage for what is high-skill work, and my altruism is not infinite.

Read Entire Article
  1. Homepage
  2. Technology
  3. OSS Licensing Sucks

Related

Glycation-lowering compounds reduce food intake and extend lifespan

Glycation-lowering compounds reduce food intake and extend l...

15 minutes ago 1
Should I Multi-Task?

Should I Multi-Task?

16 minutes ago 1
AI Assisted Coding: Quicker Code Doesn't Mean Higher Velocity

AI Assisted Coding: Quicker Code Doesn't Mean Higher Velocit...

17 minutes ago 1
Hostinger Web Hosting