Why not make Cloudron fully open source again?
-
I don't agree with you guys. I think it does hinder contributions, but you would not notice it.
It's not like people would decide to not contribute and come say it on the forums or anything. They just... would do nothing.
Like I said earlier, back then I would not have contributed the OpenVPN server if cloudron were not open source. I honestly would not even have considered it as a platform to use. For a lot of people, it's not about what you can or cannot do with the code, it's really a matter of principles.
-
@mehdi said in Why not make Cloudron fully open source again?:
It's not like people would decide to not contribute and come say it on the forums or anything. They just... would do nothing.
And I don't agree with the above
From past experience, if someone is invested enough to make a meaningful contribution they usually try to establish some for of contact with the maintainers before starting work (or at least they should, what if that contribution does not fit with the current scope of the project?). I had plenty of discussions in the past because people did not think that AGPL would be a good fit for them.
-
@mehdi said in Why not make Cloudron fully open source again?:
I don't agree with you guys.
I don't either.
But it's not just about people actually contributing code either, it's about wider uptake.
I already know quite a few people who used to subscribe to Cloudron but no longer do so because it's no longer open source.
@mehdi said in Why not make Cloudron fully open source again?:
For a lot of people, it's not about what you can or cannot do with the code, it's really a matter of principles.
Exactly. I also know people and agencies who won't subscribe nor use it as a matter of principle like @mehdi says.
This is causing needless wheel reinvention as they then go off and try to patch together others tools to create a similar experience to Cloudron, when they could otherwise just contribute to improving Cloudron instead.
There are also quite a few public authorities who would be more likely to adopt it if it were open source.
Whether or not Cloudron being open source would lead to more contributions to the code (I think it would as @mehdi is far from alone in his principles), I feel fairly certain that Cloudron could sell more subscriptions and therefore fund further development if it were open source again.
-
Thanks for raising this question, @jdaviescoates.
I am personally not sure open-sourcing is critical here, as I think the first beneficiaries would be big cloud platforms (AWS, etc) that would then be able to host it and cut out any income for the developers. The current source available arrangement strikes me as probably necessary and appropriate.
I'm increasingly convinced that OSS as such is broken as a means of protecting against corporate exploitation, and it should not be celebrated as an end in itself. Based on my conversations with @girish, I think the single most important fact about Cloudron is that the company is bootstrapping (based on our subscription fees) and not seeking an exit. As long as that's the case, I think the community should support their self-defense through licensing.
Rather than fixating on licensing, it might be more relevant to all of us to discuss the possibility of an "exit to community" for Cloudron, in which ultimately the company we pay into becomes owned by—and accountable to—the people who rely on it. This could help ensure that the company we're paying into, and that is stewarding the code we depend on, doesn't get captured by forces beyond our control.
-
@ntnsndr said in Why not make Cloudron fully open source again?:
Thanks for raising this question, @jdaviescoates.
I am personally not sure open-sourcing is critical here, as I think the first beneficiaries would be big cloud platforms (AWS, etc) that would then be able to host it and cut out any income for the developers. The current source available arrangement strikes me as probably necessary and appropriate.
I'm increasingly convinced that OSS as such is broken as a means of protecting against corporate exploitation, and it should not be celebrated as an end in itself. Based on my conversations with @girish, I think the single most important fact about Cloudron is that the company is bootstrapping (based on our subscription fees) and not seeking an exit. As long as that's the case, I think the community should support their self-defense through licensing.
Rather than fixating on licensing, it might be more relevant to all of us to discuss the possibility of an "exit to community" for Cloudron, in which ultimately the company we pay into becomes owned by—and accountable to—the people who rely on it. This could help ensure that the company we're paying into, and that is stewarding the code we depend on, doesn't get captured by forces beyond our control.
+1!
Very good points. -
@rmdes said in Why not make Cloudron fully open source again?:
@ntnsndr wait, are you https://twitter.com/ntnsndr ?
It is
I know Nathan uses Cloudron with his students at at the University of Colorado Boulder and so I reached out to him to chime in here
As I mentioned to him in email:
re protecting against corporate exploitation, given it is "specifically designed to ensure cooperation with the community in the case of network server software" my understanding is that the AGPL provides at least some protection against that as per https://www.gnu.org/licenses/agpl-3.0.en.html
@ntnsndr replied:
The AGPL is indeed oriented this way, though from what I understand its protections have proved overly ambiguous and inadequate against the present threats.
So whilst I really love co-ops and 'exit to community stuff' (and I'd fully support, and be really excited by such a future for Cloudron were @nebulon and @girish open to such ideas?) I think my question still stands:
What exactly is it about Cloudron and/or the AGPL that leads @nebulon and @girish to the conclusion that if Cloudron were fully AGPL licensed they would be unable to continue with the existing sustainable business model of selling subscriptions for updates and support?
Given the tech giants are already the most powerful human entities on the planet, ever, with almost unfathomable resources (this visualisation of e.g. just Bezos' personal personal wealth is pretty gut wrenching), I think if they wanted to directly compete with Cloudron they could very easily do so regardless of how the code is licensed: they could just allocate an infinitesimally small percentage of their budget to reverse engineer it. But, really, why would they bother? They already own and run the infrastructure the powers the vast majority of the Internet, including nearly all web and mobile apps.
-
@jdaviescoates said in Why not make Cloudron fully open source again?:
re protecting against corporate exploitation, given it is "specifically designed to ensure cooperation with the community in the case of network server software" my understanding is that the AGPL provides at least some protection against that as per https://www.gnu.org/licenses/agpl-3.0.en.html
Moreover, to outsiders, Cloudron itself looks exactly like the "corporate exploitation" we're supposedly protecting ourselves against with proprietary code: if Docker and the 80+ open source app we can all run on Cloudron weren't themselves open source (and Ubuntu and so much else), well then Cloudron couldn't exist.
I know this isn't strictly true given upstream contributions and the genuine desire of @nebulon & @girish to be able to increase such contributions in the future, but it's nevertheless a valid perspective and criticism to make: Cloudron has built a successly business off the back of open source, just like the tech giants (and basically every business using tech, i.e. basically every business).
And this isn't hypothetical either. If you click in some of the links I included in my OP these are exactly the arguments some people are making against recommending/ using/ promoting Cloudron.
-
Maybe I'm wrong and hopefully @girish @nebulon will find the time to chime in here but I think this issue is related to survival, ability to live from one's work more than anything else.
I may be wrong, I don't know.But this thread here : Open Collective could be a way to do both : securing funds from the community, in full transparency, funds that could even benefit other OSS projects AND at the same time, secure a line of income for those that contribute directly and make the Cloudron project possible.
The argument that X or Y have made a business off the back of open source is valid in the absolute but also worthless until the big tech giants, the entire web has been powered by open-source without ever, society, either in the US/EU etc...ever considering that The Internet is a common good, a public service and that those that built it, from kernel developers to external contributors are in fact creating common value that is largely sucked by big corps and big players, at a scale impossible to compare to what Cloudron staff is taking.
This question is a structural global problem more than a particular approach that concerns only cloudron; its good to have this discussion but it's even better to put those giants that extract wealth in vast orders of magnitude compared to cloudron, in front of the problem.
it's easier to rant and even attack little projects, it's much more complicated to bring this disucssion at european, american, global level and actually find ways to fix this mess from a global perspective.
-
Maybe we should all give it a rest now in trying to tell Girish und Nebulon what do do with their project and their income and trying to nudge them into one direction.
-
@rmdes said in Why not make Cloudron fully open source again?:
The Internet is a common good, a public service and that those that built it, from kernel developers to external contributors are in fact creating common value that is largely sucked by big corps and big players, at a scale impossible to compare to what Cloudron staff is taking.
This is true, but just for devil's advocate's sake it's also true (and often unmentioned) that big corps have actually also been the primary funders/ developers of of lots of open source too e.g. the Linux kernel: I'm not sure of current figures but I remember in the past IBM employees had written something like 70% of the code.
But yeah, I totally want to ensure @girish and @nebulon can continue to work on and get properly paid for working full time on Cloudron. They've created a really amazing product, and in some ways even more impressively have built a really fantastic community around it too. Both of those things are Really Hard (TM) and they've totally nailed it.
I'm also totally up for hearing, and open to being convinced by, arguments that if Cloudron were AGPL again it would somehow make it harder to pay @girish and @nebulon to work on it and to have sustainable livelihoods. I just can't see that myself (I might be blind) and don't think anyone has actually made that case yet?
I'm beginning to sound like a stuck record, but all I can see are positives.
I guess the potential risk isn't really that tech giants would clone and undercut Cloudron at all. The risk is that some random freelancer or agency could potentially do so. This is actually the story of how Sharetribe became proprietary: someone did clone their business and undercut them, cutting into their revenues.
As I understand it (please someone correct me if I'm wrong) AGPL is designed specifically be used to prevent that (well, at the very least to prevent people doing that without also contributing back - but perhaps that's all it does and that's the problem?), but that wasn't the understanding of Sharetribe's developers.
How real is that risk? How many paying customers here would go elsewhere? Given how much we all value the community here, I think very few.
There are loads of GPL premium wordpress plugins out there, many of which can be found for free out in the wild. But in most cases it pays to pay. In the end it's just so much easier to get updates and support in a timely manner by paying.
-
@necrevistonnezr Yeah, the thread should locked, everyone's had their say now. Developer time is precious. Their work, their choice, their freedom to change and change again. I believe in good work more than I believe in good intentions.
-
@marcusquinn said in Why not make Cloudron fully open source again?:
@necrevistonnezr Yeah, the thread should locked, everyone's had their say now. Developer time is precious. Their work, their choice, their freedom to change and change again. I believe in good work more than I believe in good intentions.
Um, actually, the two most important people @girish and @nebulon have not yet had their say.
And nor have most of the other people who have so far packaged apps for Cloudron.
Moreover, the very first response to this thread was @nebulon who said:
Thanks for your elaborate post, we will answer in more detail,
I'm actually as happy as every one else that they are busy spending their time developing instead of replying here, but I'd still really like to hear that more detailed answer at some point!
And I'd still love to hear what other app packaging contributors think too.
I really don't understand this desire to shut down healthy debate and discussion between members of the Cloudron community.
But sure, if either @girish or @nebulon themselves would like to lock this thread they could of course choose to do so.
-
I think this thread is valuable for @girish and @nebulon - because there are people like us who are passionate about open-source and we all have different reasons why we want to develop for and maintain apps for Cloudron and though I don’t have any issue with “semi-open-source” - I know a lot of other developers that do. Which this discussion and girish's / nebulon's reaction to the entire thread of opinions - may be a way to attract new develoeprs: “Cloudron goes fully open source” kind of headline.
I will say tho - if Cloudron became closed source I would stop creating apps for it (and I have 5 apps I have in mind to continue to port already)...okay maybe, I'm 50 / 50 on that (I really like Cloudron ). But I couldn't have created the apps I have now without direct access to their very readable and commented source. Though, they’ve made it decently clear thats not what the developers want to do (close the source entirely).
So yeah, I want to continue to hear people’s passion about their open source software beliefs and how they feel about it in the Cloudron context.
-
@jdaviescoates I went back and read a link you shared, a convo in a Mastodon instance, by someone who seemed to brush away Cloudron's approach and mindset automatically. I wouldn't take that opinion expressed in such a way seriously, especially since they didn't in any way outline exactly how they can see Cloudron managing or limiting access. I mean, the first and most important part of Cloudron is that we host it ourselves on our own servers and backup things to destinations we control.
Somehow the negative viewpoint (not saying this is yours) that Cloudron has benefited off the back of open source projects ignores all that it conversely has done to broaden each projects exposure, without (I assume) asking for financial renumeration from those projects for doing so, nor excluding projects if they won't pay up. I think if Cloudron went that way then a negative view of Cloudron would totally understandable.
I can take a step back and look historically at all the times I tried to self-host something, and got stuck, with minimal help from said-project's forums, and came away with nothing, and remember thinking, "I'd pay some one to help me with this!"... voila, that is the role Cloudron has played. I share your enthusiasm for this project!
Like you (in the mastodon thread), I tried Yunohost and Sandstorm and the like... just too many complicated problems that no help from forums could provide. They always forced me back to doing it myself: I've had a heck of a time trying to get nginx and apache running on the same server; I've never successfully gotten docker or docker-compose to seamlessly add services or apps to an existing two-app setup (mysql and wordpress) even though it is supposed to be so incredibly easy (even with the promised answer of portainer). I can setup and run a basic VPS running LAMP... going beyond that.... I am soo thankful for Cloudron!
I wonder if the licencing can play a role in how much ownership @girish and @nebulon and the Cloudron team feel toward their code and their subsequent "responsibility" to keep it running well. I mean, if it were as open as can be, and others started forking it and running it and offering their own specialized subscriptions for their version of Cloudron, I could see that there would be some run-off of problems and complaints back to the Cloudron team that this or that isn't working on Fork A or Subscription Service D, and then they end up maintaining code for ideological reasons rather than offering and improving a service for productivity and (user-)independence reasons.
-
@scooke thanks for your further input. I agree that some of the commenters on Mastodon were basically just rude and seemingly unable to capture any nuance, others less so.
I think I may try and find and reach out to licensing experts to see to what extent releasing AGPL could protect from (or not) people cloning Cloudron and pulling updates then selling the same service for less (which I guess could be a real risk).
Also, just thinking out load, but I notice loads of premium WordPress plugins are GPL but the manage to keep going without someone buying lifetime updates and the re-selling on the cheap. But thinking about it, in many cases such projects, whilst technically GPL are actually much less open than Cloudron (I guess because they have to be to reduce risk), in that none of their repositories are publicly available.
https://premium.wpmudev.org/ is one such example. And, actually, just searching for 'wpmu GPL' to check I'd remembered correctly that that is how they are licensed the top result for me was actually https://www.gplvault.com/product-category/wordpress-plugins/wpmu-dev/ who are selling their plugins for less (I presume).
I also note that, having subscribed to WPMU in the past, I never actually thought much of their support, whereas Cloudron support is great!
Lots to ponder. Perhaps there are good reasons for Cloudron to not be re-released as AGPL... even though right now I'd still support that
-
@jdaviescoates said in Why not make Cloudron fully open source again?:
I think I may try and find and reach out to licensing experts to see to what extent releasing AGPL could protect from (or not) people cloning Cloudron and pulling updates then selling the same service for less (which I guess could be a real risk).
You also have to remember that for someone to clone Cloudron and re-sell it, they would have to re-write the whole app-store back-end code, which is not open-source / source-available.
So cloning Cloudron would really not be that easy.
-
This thread got so big. I wanted to clarify with Cloudron - is it just the dashboard, and the billing / licensing that is closed off source-wise?
As for Premium Wordpress plugins GPL debacle. There have been attempts to capitalize off the fact they can legally resell the plugins once bought and numerous sites have tried and failed. They never last more than a couple years.
Reason being that people don't buy software off of shady sites that could inject things and they had no way to automatically update like the official licenses allowed. So most of them were dead pretty quickly.