I hate (especially in my first posting to your site, and my first comment on one of your blogs) to bring up the tired old quasi-religious war between the GPL and the MIT/BSD/Apache style of licenses. But your plea for giving back forces the question out there.

I believe, from our conversations, that you prefer the BSD style of licensing. But the main argument of GPL proponents is that it makes sure enhancements return to the community.

Naturally, companies build new tools on top of GPL'd code and keep them proprietary. So even if every open source project adopted the GPL, your question about giving back and your plea for helping the community would be relevant.

Furthermore, the whole ASP issues is treated ambiguously by the FSF, and ASPs are permitted (wisely) by GPLv3.

So I suppose good intentions and good faith are always needed, but the question does pertain to licensing too.

http://www.praxagora.com/andyo/

The problem is that a lot of companies who get into open source, get in because they think "sweet I can get something for nothing". They don't understand community collaboration and sharing for the good of the whole. They are simply looking at "saving" the expense of building proprietary software - or so they think. So when the internal open source champion goes back and says we need to give back they are met with "We don't want to give up our innovations". Tt's really like the guy who pays a quarter to get a paper from one of those old school newspaper machines - then takes the whole stack.

doh- here are some related thoughts. http://redmonk.com/jgovernor/2005/03/01/creating-the-contribution-society/

hey guy, isn't it usually pretty clear who really makes contributions and who doesn't? If you just look at the codebases with associated communities and vested goodwill, you see those that make a contribution. strip-mining is not the way forward, but i am not sure blacklisting is either. I think andy oram raises a very salient point about license choices and decisions by those that are desperate for reciprocity.

After reading your article I still have a vague understanding of what you call "abuse". In my opinion the only way to really abuse open source is to redistribute it, freely* or not, without distributing the sources.

* If you do it freely I'd assume you have somehow commercial interest not to release the sources as well

So let's put OSS users in 4 categories:

First, simple users, or user that do modifications for themselves and don't release them. While they doesn't seem to help OSS at all, they don't hurt it either. Also you may consider the simple fact of using it as a value for OSS. The popularity of projects is often a key to the financial success of the non-profit organizations behind them.

Second, users that redistribute their fixes/enhancements or pays developers for support/fixes/enhancement. This is what drives OSS success, and there's always a small portion of corporate users that fall in this category. The contributions to the project usually grow with projects popularity.

Third, users that develops but do all they can to avoid widespread redistribution of their enhancements. Good examples are Linspire and Sveasoft's firmwares. While they're pretty much of no help to OSS they don't hurt it either as long as they don't break the rules. Unfortunately many do at some point and the two mentioned above are no stranger to that.

Fourth category, abusers. Some are purely intentional and evil while others looks more like ignorants (ex. some mp3 encoder using Lame libraries (LGPL) without telling so). I'm guessing that in many cases the code came in without the company knowledge by ignorant or evil-minded employees. Unfortunately these companies are left with products for which they paid the development without legally owning the code.

About Nagios I haven't heard of any copyright infringement so far; if you know any I'd like to hear about them. If you're talking about additional software like configuration front-ends and the like, they're doing so in all legality as long as they're nor redistributing Nagios in binary-only form and are more likely to help Nagios then hurt it.

Thomas

In the open world, you sort of have to earn your wings. But once you do, Participation is bliss...

I just made this today!

http://www.noisecontrolmedia.com/users/Chris/NoiseHawk/NoiseHawk.xpi

Which is a Mozdev program that alters the look and behavior of firefox. They really know their stuff...

Anyway - I built it using an extension written for Firefox called CCK, and I hope they take a liking to it...

Here's a screenshot.

http://www.noisecontrolmedia.com/users/Chris/NoiseHawk/snapshot1.png

whurley, I'm going to take a stab and suggest that most of these folks are going to wind up falling on their swords anyway.

Some folks aren't really adding significant value on top of their open source components and I find that to be the norm. Re-wrapping open source, by itself, has little or no value. Ultimately, you either need to contribute back and enhance the original code or create a completely different abstraction layer/interface that 'hides' the open source and provides additional value (e.g. Zimbra).

In the case of the former, I'm pretty sure that doing the right thing will create it's own reward down the road. In the case of the latter, I'm not certain what the solution is, but I don't think it's a crazy idea to suggest that there be some kind of overt 'rewards' program for folks that contribute back in some way, whether that is a certification, badge or similar is hard to say. Still some way to encourage good behavior and returning to the community seems like a winner to me.

As a potential customer of vendors who re-wrap open source I would definitely be interested in know how much my potential vendor actually supports the open source world!

Open source as a concept often suffers from a strong desire to wish away something innate in (almost?) every human: greed. It's great that so many people are willing to work hard to develop free software, but ultimately most people want to know how it will serve them rather than how they can contribute to the "greater good". Yes, it's true that great free software serves us all well, but we're so used to paying (and being paid) for the things we value that for many people, allocating resources to develop open source solutions doesn't seem like a viable option. Education might help change minds, but maybe there's another way...

Unless you start policing the process, there's no effective method for punishing those who take without giving... nor, in my opinion, should that be the goal. Forget those who won't play by or actively subvert the rules. They will always exist and should be considered irrelevant to the goals of open source.

Maybe I'm delusional, but it seems that there might be a solution in finding a way (other than handing out trophies and giving congratulatory speeches) to reward people who participate and contribute actively. People who work hard could receive some form of remuneration, effectively encouraging those who might not otherwise contribute to give something back.

How would this be implemented? Each project team would have to consider and implement compensation if and how it is appropriate to attain the goals of that specific collective effort. In other words, I have no absolute answer to that question, but it seems worthy of at least some consideration.

Lord knows I'm ignorant of the efforts to this end within the open source community. Maybe this has already been tried and miserably failed. If so, maybe it's just a matter of implementation? Just a thought...

...than folks who take from a community and don't give back are scum who pass off other's work as their own. Scum like this guy: http://www.inetready.net/ . A simple look behind the drapes (http://www.inetready.net/administrator/), and we see 'proprietary' Inetready CMS is opensource Joomla. Why give anything back when you can simply paint over the sign proclaiming 'Opensville' and call it whatever you want. Sheesh!

I think this is an old problem that has crept into the open source movement. You always have the good guys doing the right thing and playing by the rules. The bad guys could give a toss about the rules. If the open source community gives up or tries to restrict the use of their products, the pirates win. Perhaps the focus should be on providing open source for the pure joy of doing it. Those who are taking the movement forward will be the heroes of the open source community for fighting the good fight. In any part of life, there's always jerks. We can't give them the power to get us bent out of shape. That just gives them power over us.

You do have many points, but I think the population is more than zero for many projects, especially the smaller projects.

With smaller projects you usually see a bunch of people come together who want to build something because they don't want to or can't afford to pay someone to make it for them, or they want experience programming, or they want to make a name for themselves, or they like the team or have friends on the team.

When the community is small, and the project is new, is when you have the most contributors and less non-contributors. Once its built and gets popular is when you have more people using it without giving back.

So I think the population is bigger than 0, especially for smaller projects, but I do see what you are pointing at is and can be a problem.

Should I beat my reputation drum here?

tracking and transparency... if we shame them into then perhaps they will participate.

I honestly believe most of those companies could be at least shamed into contributing financial resources.

thanks for the imagery!

Free software is about scratching your own itch, and then enjoying the collateral benefits of sharing.

People don't share code because they are ethical, they do it because they profit from it.

If you don't profit from sharing code, then don't share.

If you profit about sharing code, why care about the freeloaders ? They are the ones who are not really implicated in the actual development and therefore they have no control over the platform.

Be greedy ! Greed is paradoxically the most potent force behind voluntary cooperation.

All things are relative to your current position whether it be the physics of time or your place in the OSS ecosystem. This is a very complicated topic with lots of threads and paths to take - I can't do it justice in the confines of the little comment block here.

The premise of someone stealing/abusing/sucking the blood out of (parasitic) OSS projects comes from the perspective of someone who cares about who is making $$$ from their OSS project. An OSS project where the contributors are just happy writing code for themselves and a group of like minded people will think nothing of these "abuses". The more the merrier. They ignore the "ticks" and "fleas" and let them fend for themselves.

You need to describe what it means to "contribute". Is it code to the core? Is it tests? Can you contribute simply by fixing bugs and submitting patches? Or answering questions for newbies on the mailing lists and forums? Or as somewhat implied, you have to contribute everything you do on top of the OSS project?

So how do you quantify these "contributions" and then determine if someone is acting in the best interests of the community or not? Obviously, there are an awful lot of "barnacles" weighing down any project to some degree (the price of having a successful project is a lot of clueless users/consumers). But even the most capitalist exploiters must know that their core business is built upon a community. If that community were to collapse or fall into disrepair, their business would have to either help fix it up, move to another "Opensville"-like town down the road, or fail itself.

Still, it ultimately depends upon if you care. For businesses trying to benefit from an open source business model, they usually care if some other company comes out and "steals" their code (and business) right out from under them. They want the benefits of the OSS business model but such is the downside.

Similarly, an OSS developer may really not like the idea of people making money off of his/her work. They like the help of a community to build or test or support the software, but they still want some control. Do they really want to be in "Opensville", or would they rather just hang out in "Closedville's" bars and parks with friends and other like-minded people? Or is it that they prefer "SocialistVille" where no one makes any $$$ but no one really cares (somehow all of their needs are taken care of)?

As mentioned before, licensing is one way to deal with this. If you don't want anyone to make money commercially by selling your OSS, then put it in the license. If you don't care, use a BSD/Apache license. Of course, there's the whole issue with license abuse. It's a big problem in the GPL world. How do you force people to comply with your license when you don't track your installed base? A whole other topic...

So maybe your mooch-o-meter should be limited to those who abuse licenses. I just don't know how to define "mooch" in any other way. I suspect that your most famous unnamed "moochers" that inspired you to write this article are fully compliant with their license - at least in technical terms - although perhaps not in the spirit and wishes of the original developers. Maybe they need a new license to be freed of the "fattest ticks". If not that, perhaps they should develop a different attitude and a sense of pride of how many ticks they can support without withering up.

If a project releases their code with a license that allows proprietary redistribution (LGPL, BSD, etc.), and they're complying with the terms of the license, then they aren't abusing anything. Period. If John Q Developer decides to release his project in a more liberal license than the GPL, then he's acknowledging that his code can and will be used by others. If he didn't want that, then he would have used the GPL (or similar).

I agree that people who violate the licenses of OSS are pretty lame. But saying that people and companies who use the licenses properly should be morally obligated to return is ridiculous. The open source movement is about freedom to do what you want with the software. If that means improve it, great. If not, oh well.

This discussion reminds me of the role of advertising back in the primordial days of the web. It's not just technology in flux: entire philosophies and ways of life flow -- and ebb. Open source serves different communities different purposes. For the altruistic, for the adventurous, for the cheap, for the cannily opportunistic: each comes to a different banquet at the OSS table.

People will always abuse what’s provided. The trick is to determine the proper response. A company putting Nagios, for example, under the covers of its proprietary services, so long as it does not take credit for Nagios and leaves the GPL code alone, makes perfect sense. A contributor to Nagios might cry foul, but after all, the code is Open Sourced. So long as the letter of the GPL is not infringed the company may do what it likes.

Open Source is akin to academia’s development of networking and the internet over the past decades. It is the labor of love, and the craving to increase our understanding and ability to create, and to make changes to the society and culture around us. Just as there is government (let’s not knock DARPA!) and academic funding, there is also private funding for new efforts. And, as those who have used government money knows, the golden rule applies: s/he who has the gold makes the rules.

I think open source has a great future. There will always be people generous and altruistic enough to give of their creativity to help the public. Or at least to help their fellow internet users get for free something they would otherwise pay for.

The flip side is the blunt, business side: the more complex a solution the more support it requires, and support is a paid, not free model. FAQs and intelligent wizards cannot replace reaching out and speaking to a competent technician. Moreover, businesses relying on software to generate revenue or curb expense require the security and comfort of an SLA. At my current position we pay for Linux support (RHEL, SLEZ), just as we pay IBM for their OSS implementations on our SANs.

As for the evil ones, those that warp OSS to their, not the common, good: there’s no solid vehicle at the moment to take these folks to court, and no way to ‘compensate’ those impacted. In the long run, bad OSS modifications and the products leveraging them will wither on the vine, while open source standards-based ones will thrive. It’s not a short-term solution, but it is, as I tell my kids, a “natural consequence” to bad behavior.

If population was zero, well it's gone through "explosive growth" :) Our firm had already contributed to 3 OSS projects prior to our public launch -> http://headcaselabs.com Why? We needed to; we had to built or adapt other projects for our own use, but did not want to carry the cost of maintaining that code which was out of our core emphasis. So that went back to the public (under ASL 2.0 licenses).

Meanwhile, we have a different view of "enforcing" more of a balance of participation in the open source community. When we interview for staffing technical positions, one of our first questions is "Name the open source projects in which you have committed code." Funny how that context alters a resume in a hurry. If firms want to abuse open source, then they can certainly keep their cut-rate developers who play along.

sometimes the original code is changed in a way that it is so domain specific, it would be absolutely useless for anyone else to get the code diffs.

It's funny. Author probably is geek to his teeth and never heard of history of communism, economics and so on. You have to accept human biology, evolution and process of "optimisation" in our social world. If you want material life to work - use economics, create company, make licences, introduce polycing and whatever. Moral obligations like "you have to..." is worthless and demoralising. If you run charity, you run without obligations. If you run business/licence - you actually state obligations clear.

Say no to communsim - say yes to achievement orientated + metered relations between people and organisations.

I have to admit my programming skills are not such that I feel qualified to contribute in the form of code...

Which I guess makes me a user... but I prefer on my own account not to consider myself as a parasite... in my own way I try to open up the virtues of open source to others in the hope it will become more generally adopted. Which, I feel is good for everyone, rather than the parasitic nature of certain companies.

But, back to what I think is the point of the text... users that build on the software but don't return anything... Surely this means that those companies stagnate, at best, fail at worst.

If these companies do not integrate their changes into the main trunk of the software code, then their value within that trunk will be lost (shame), however as the trunk moves on and gains from code integrated the company that has not integrated is left behind in the progress of that code. To re-establish their modifications within the base code trunk may require huge investment in time and energy to re-incorporate their own code. in other words expending a lot of time, effort and resources simply to stand still.

Contributors it would seem get the best deal, their contributions evolve as the code base alters, and the direction of that improvement stays instep with what they require the code to do. Any future additions would therefore be a bonus to the original code and not a loss. Either to them or the community.

Likewise they benefit from the contributions of others that are built around their code and not just the base code.

Let me give an example: http://www.consol.com/opensource/nagios
This is the beginning of what i want to build up as the "give-back"-webpage of our company. The utilities one can download here are simple Nagios plugins. They are so simple, i would be ashamed to demand money for them. (well, i did for developing them for a customer). But the feedback i got shows me, they are nonetheless of great value for a lot of people. I get quality control and proposals for enhancements for free from them. So in the end i win, too.

It's not always intentional by any stretch. One of the most common scenarios I have seen is a proof of concept - you lay out an idea and the only way you can convince others it is a good option is to demonstrate it and generally such a demonstration needs to be completed quickly and without expenditures that require approval. So what do you do? Use OSS and modify it to meet your needs. Then you demo it and the powers that be think you are ready to ship.

For me the Open Source sounds like a community of people, working in different organizations, solving different problems they have to solve anyway on their own projects, with or without the open software.

So, besides of things they do on the regular basis, they often want to be recognized by the community, or they want to publish their results, be more visible.

The more different motivations community members have - more healthy the community is. Diversity is a key point.

The decision to use or not to use the open software imho needs to be made in every particular case. If you're the software integrator company for example, you can take advantage of using the open software, of course, together with the risk of its support, but from the other side, it is more controllable comparing to a "black-box" commercial products. It allows you to support your customers with less investments -- that's basically the thing you're making money on as an integrator company.

The other point is that by the Open Source, a companies can advertise their products, make the development process visible, offering something between "100% support for big $" and "free but dangerous".

I'd not separate open source and closed source -- they're should work together.

I believe the OpenSolaris is quite good example of that:
http://www.opensolaris.org

hey, simply consider that the good haven't to pay for the bad. That's all.

I don't believe it matters is companies abuse open source or not. Software does not cost anything to manufacture, only to develop. This means that eventually it will become free. I don't mean all software, but any given software function will become free once it has been around long enough to amortize its development cost.

I am using Ubuntu now. It is pretty much the same as using Windows XP from and every day point of view. So, the cost of all that functionallity has reached zero because it has been around long enough.

Other examples are SQLServer becoming free (not open source yet - maybe another 20 years on that) or when IBM gave away source for file systems to Linux.

Where all this abuse stuff matters is where open source starts to do something that is not old in the non open source world. That means the cost is not amortized. Well - it is a pain if this sort of thing is abused in by copy-right (or left) infringement, otherwise, it is just slowing things down to their natural pace.

AJ
nerds-central.blogspot.com

The answer is simple. You decide the participation you want from people downloading your code choosing the licence of use. Free Software has a large population because it chose well the licences (GPL mainly but also the other). Open Source tried to dilute the concept of freedom in software for seeming more actractive to companies and lost its soul.

Choose carefully the licence and people will be free to not use your code or to be a good citizen in your city. GPL is in general a good choice, a choice for Free Software.

<a href="http://gnuband.org">paolo</a>

To me open source means job security. It means that I can work on any project for any company, and still be allowed to work on it should the ownership or the politics inside the company change. I can't tell you how valuable this has been for me and a close friend of mine. We both founded this little startup, made our code open source, cultivated our own little community over a couple of years, and once we felt we had enough momentum, we brought in a couple of experienced marketing people (Alpha Males) as partners to take charge -- and run with it. And to make a long story short, things went bad -- things went bad really quickly. And if it weren't for the open source nature of our project -- we would have all gone under -- and no one would have been willing to continue working on the code -- for fear of litigation.

I read this blog before as well as work on OpenNMS so......

I thought it was a great blog and I sincerely wish the Nagios people had the money to go after some of the worst license violators.

As long as the license is not violated I guess it's a moral issue.

Opensville is full of people all the time, 24-7, your propoganda assumes people "buy" software (from say BMC.)
Not me, you goofball.

I work for a company that uses Nagios and other open source projects quite a lot. We have contributed back a lot, also, with open, add-on projects for Nagios. However, we also make our own additions to make a rounded out application that works best for us and our clients. Those changes do not always get submitted back to the main project; however, the moment we release to a client, they are as open as anything else under the GPL. If you'd like to see any of those changes rolled into the main projects, all you need to do either pay us to work on the merge, get the code from one of our clients and merge it yourself, or work out some other deal with us or competent software writers to make it happen.

Interesting perspective, but I remain skeptical of the claim that using open software without contributing back is the same as abusing it. In fact, I am always checking out the download counters for my projects, hoping they are as widely used as possible. I would not want to discourage wider acceptance by sending those users on a guilt trip.

You're trying to draw a connection between software pirates and those who use open source without contributing. You're also implying that those who don't contribute are guilty of some sort of 'abuse'. Both of these ideas are incorrect.

Using your example of Nagios: if one million people use Nagios, and only five of them contribute, that's still five more people than the project would have had otherwise. Who is being victimized here? There is no monetary loss of the five who contribute, nor the original author, so the piracy argument is null as well.

I think you're focussing on the wrong side of the (ab)users/contributors spectrum.

You work on Open Source Software because there is some benefit to you. Someone else uses that software because it is of some benifit to them. When you get other people contributing useful features or bug fixes to the software you use, shouldn't that be a time to rejoice and celebrate the true value of Open Source Software?

Every single bug fix that someone else contributes is a bug you didn't have to fix yourself.

New features aren't always a good thing. Otherwise your OSS project ends up turning into bloatware, with six hundred features used by only one entity, but consuming bug-fixing time from all people involved in the project.

Let the abusers keep their messy, untidy bugridden code to themselves.

Not being entirely certain where you draw the line between exploitation and reasonable use, I would suggest a few things.

Those who package for a reasonable fee and acknowledge the source of software they use I do not believe are coloring outside the lines. Building a business using nagios doesn't truly seem to be pillaging the open source community, considering logos, screen, etc. are left intact or reasonably so.

In a weird kind of way, even out and out exploitation probably benefits the OS community in that it gets the software used and seen. People who work for such an organization likely take the name "nagios" with them to other jobs and spread usage in that way, some of which probably benefits nagios directly.

The problem with all of the OS licensing is that license violations when prosecuted revolve around damage actually done. Such damage is expressed in monetary units. It's hard to show damages when the software is free.

None of this is to say that it is ethically or morally proper, or that those who do so are not a bunch of scumbags. They are. The question comes down to a simple "what can be done" and "how much energy must be exerted". As well as, "what damage actually has been done?"

I got into an argument with the founder of GNU early on when the license stated you had to release all source using gcc to the open source community. I told him he could get double damages in a law suit. 2 * 0 = 0.

Open Source needs to allow for commercial use in order to be viable, else it's just a shared grad project.