Why not make Cloudron fully open source again?
-
@ntnsndr said in Why not make Cloudron fully open source again?:
Thanks for raising this question, @jdaviescoates.
I am personally not sure open-sourcing is critical here, as I think the first beneficiaries would be big cloud platforms (AWS, etc) that would then be able to host it and cut out any income for the developers. The current source available arrangement strikes me as probably necessary and appropriate.
I'm increasingly convinced that OSS as such is broken as a means of protecting against corporate exploitation, and it should not be celebrated as an end in itself. Based on my conversations with @girish, I think the single most important fact about Cloudron is that the company is bootstrapping (based on our subscription fees) and not seeking an exit. As long as that's the case, I think the community should support their self-defense through licensing.
Rather than fixating on licensing, it might be more relevant to all of us to discuss the possibility of an "exit to community" for Cloudron, in which ultimately the company we pay into becomes owned by—and accountable to—the people who rely on it. This could help ensure that the company we're paying into, and that is stewarding the code we depend on, doesn't get captured by forces beyond our control.
+1!
Very good points. -
@rmdes said in Why not make Cloudron fully open source again?:
@ntnsndr wait, are you https://twitter.com/ntnsndr ?
It is
I know Nathan uses Cloudron with his students at at the University of Colorado Boulder and so I reached out to him to chime in here
As I mentioned to him in email:
re protecting against corporate exploitation, given it is "specifically designed to ensure cooperation with the community in the case of network server software" my understanding is that the AGPL provides at least some protection against that as per https://www.gnu.org/licenses/agpl-3.0.en.html
@ntnsndr replied:
The AGPL is indeed oriented this way, though from what I understand its protections have proved overly ambiguous and inadequate against the present threats.
So whilst I really love co-ops and 'exit to community stuff' (and I'd fully support, and be really excited by such a future for Cloudron were @nebulon and @girish open to such ideas?) I think my question still stands:
What exactly is it about Cloudron and/or the AGPL that leads @nebulon and @girish to the conclusion that if Cloudron were fully AGPL licensed they would be unable to continue with the existing sustainable business model of selling subscriptions for updates and support?
Given the tech giants are already the most powerful human entities on the planet, ever, with almost unfathomable resources (this visualisation of e.g. just Bezos' personal personal wealth is pretty gut wrenching), I think if they wanted to directly compete with Cloudron they could very easily do so regardless of how the code is licensed: they could just allocate an infinitesimally small percentage of their budget to reverse engineer it. But, really, why would they bother? They already own and run the infrastructure the powers the vast majority of the Internet, including nearly all web and mobile apps.
-
@jdaviescoates said in Why not make Cloudron fully open source again?:
re protecting against corporate exploitation, given it is "specifically designed to ensure cooperation with the community in the case of network server software" my understanding is that the AGPL provides at least some protection against that as per https://www.gnu.org/licenses/agpl-3.0.en.html
Moreover, to outsiders, Cloudron itself looks exactly like the "corporate exploitation" we're supposedly protecting ourselves against with proprietary code: if Docker and the 80+ open source app we can all run on Cloudron weren't themselves open source (and Ubuntu and so much else), well then Cloudron couldn't exist.
I know this isn't strictly true given upstream contributions and the genuine desire of @nebulon & @girish to be able to increase such contributions in the future, but it's nevertheless a valid perspective and criticism to make: Cloudron has built a successly business off the back of open source, just like the tech giants (and basically every business using tech, i.e. basically every business).
And this isn't hypothetical either. If you click in some of the links I included in my OP these are exactly the arguments some people are making against recommending/ using/ promoting Cloudron.
-
Maybe I'm wrong and hopefully @girish @nebulon will find the time to chime in here but I think this issue is related to survival, ability to live from one's work more than anything else.
I may be wrong, I don't know.But this thread here : Open Collective could be a way to do both : securing funds from the community, in full transparency, funds that could even benefit other OSS projects AND at the same time, secure a line of income for those that contribute directly and make the Cloudron project possible.
The argument that X or Y have made a business off the back of open source is valid in the absolute but also worthless until the big tech giants, the entire web has been powered by open-source without ever, society, either in the US/EU etc...ever considering that The Internet is a common good, a public service and that those that built it, from kernel developers to external contributors are in fact creating common value that is largely sucked by big corps and big players, at a scale impossible to compare to what Cloudron staff is taking.
This question is a structural global problem more than a particular approach that concerns only cloudron; its good to have this discussion but it's even better to put those giants that extract wealth in vast orders of magnitude compared to cloudron, in front of the problem.
it's easier to rant and even attack little projects, it's much more complicated to bring this disucssion at european, american, global level and actually find ways to fix this mess from a global perspective.
-
Maybe we should all give it a rest now in trying to tell Girish und Nebulon what do do with their project and their income and trying to nudge them into one direction.
-
@rmdes said in Why not make Cloudron fully open source again?:
The Internet is a common good, a public service and that those that built it, from kernel developers to external contributors are in fact creating common value that is largely sucked by big corps and big players, at a scale impossible to compare to what Cloudron staff is taking.
This is true, but just for devil's advocate's sake it's also true (and often unmentioned) that big corps have actually also been the primary funders/ developers of of lots of open source too e.g. the Linux kernel: I'm not sure of current figures but I remember in the past IBM employees had written something like 70% of the code.
But yeah, I totally want to ensure @girish and @nebulon can continue to work on and get properly paid for working full time on Cloudron. They've created a really amazing product, and in some ways even more impressively have built a really fantastic community around it too. Both of those things are Really Hard (TM) and they've totally nailed it.
I'm also totally up for hearing, and open to being convinced by, arguments that if Cloudron were AGPL again it would somehow make it harder to pay @girish and @nebulon to work on it and to have sustainable livelihoods. I just can't see that myself (I might be blind) and don't think anyone has actually made that case yet?
I'm beginning to sound like a stuck record, but all I can see are positives.
I guess the potential risk isn't really that tech giants would clone and undercut Cloudron at all. The risk is that some random freelancer or agency could potentially do so. This is actually the story of how Sharetribe became proprietary: someone did clone their business and undercut them, cutting into their revenues.
As I understand it (please someone correct me if I'm wrong) AGPL is designed specifically be used to prevent that (well, at the very least to prevent people doing that without also contributing back - but perhaps that's all it does and that's the problem?), but that wasn't the understanding of Sharetribe's developers.
How real is that risk? How many paying customers here would go elsewhere? Given how much we all value the community here, I think very few.
There are loads of GPL premium wordpress plugins out there, many of which can be found for free out in the wild. But in most cases it pays to pay. In the end it's just so much easier to get updates and support in a timely manner by paying.
-
@necrevistonnezr Yeah, the thread should locked, everyone's had their say now. Developer time is precious. Their work, their choice, their freedom to change and change again. I believe in good work more than I believe in good intentions.
-
@marcusquinn said in Why not make Cloudron fully open source again?:
@necrevistonnezr Yeah, the thread should locked, everyone's had their say now. Developer time is precious. Their work, their choice, their freedom to change and change again. I believe in good work more than I believe in good intentions.
Um, actually, the two most important people @girish and @nebulon have not yet had their say.
And nor have most of the other people who have so far packaged apps for Cloudron.
Moreover, the very first response to this thread was @nebulon who said:
Thanks for your elaborate post, we will answer in more detail,
I'm actually as happy as every one else that they are busy spending their time developing instead of replying here, but I'd still really like to hear that more detailed answer at some point!
And I'd still love to hear what other app packaging contributors think too.
I really don't understand this desire to shut down healthy debate and discussion between members of the Cloudron community.
But sure, if either @girish or @nebulon themselves would like to lock this thread they could of course choose to do so.
-
I think this thread is valuable for @girish and @nebulon - because there are people like us who are passionate about open-source and we all have different reasons why we want to develop for and maintain apps for Cloudron and though I don’t have any issue with “semi-open-source” - I know a lot of other developers that do. Which this discussion and girish's / nebulon's reaction to the entire thread of opinions - may be a way to attract new develoeprs: “Cloudron goes fully open source” kind of headline.
I will say tho - if Cloudron became closed source I would stop creating apps for it (and I have 5 apps I have in mind to continue to port already)...okay maybe, I'm 50 / 50 on that (I really like Cloudron ). But I couldn't have created the apps I have now without direct access to their very readable and commented source. Though, they’ve made it decently clear thats not what the developers want to do (close the source entirely).
So yeah, I want to continue to hear people’s passion about their open source software beliefs and how they feel about it in the Cloudron context.
-
@jdaviescoates I went back and read a link you shared, a convo in a Mastodon instance, by someone who seemed to brush away Cloudron's approach and mindset automatically. I wouldn't take that opinion expressed in such a way seriously, especially since they didn't in any way outline exactly how they can see Cloudron managing or limiting access. I mean, the first and most important part of Cloudron is that we host it ourselves on our own servers and backup things to destinations we control.
Somehow the negative viewpoint (not saying this is yours) that Cloudron has benefited off the back of open source projects ignores all that it conversely has done to broaden each projects exposure, without (I assume) asking for financial renumeration from those projects for doing so, nor excluding projects if they won't pay up. I think if Cloudron went that way then a negative view of Cloudron would totally understandable.
I can take a step back and look historically at all the times I tried to self-host something, and got stuck, with minimal help from said-project's forums, and came away with nothing, and remember thinking, "I'd pay some one to help me with this!"... voila, that is the role Cloudron has played. I share your enthusiasm for this project!
Like you (in the mastodon thread), I tried Yunohost and Sandstorm and the like... just too many complicated problems that no help from forums could provide. They always forced me back to doing it myself: I've had a heck of a time trying to get nginx and apache running on the same server; I've never successfully gotten docker or docker-compose to seamlessly add services or apps to an existing two-app setup (mysql and wordpress) even though it is supposed to be so incredibly easy (even with the promised answer of portainer). I can setup and run a basic VPS running LAMP... going beyond that.... I am soo thankful for Cloudron!
I wonder if the licencing can play a role in how much ownership @girish and @nebulon and the Cloudron team feel toward their code and their subsequent "responsibility" to keep it running well. I mean, if it were as open as can be, and others started forking it and running it and offering their own specialized subscriptions for their version of Cloudron, I could see that there would be some run-off of problems and complaints back to the Cloudron team that this or that isn't working on Fork A or Subscription Service D, and then they end up maintaining code for ideological reasons rather than offering and improving a service for productivity and (user-)independence reasons.
-
@scooke thanks for your further input. I agree that some of the commenters on Mastodon were basically just rude and seemingly unable to capture any nuance, others less so.
I think I may try and find and reach out to licensing experts to see to what extent releasing AGPL could protect from (or not) people cloning Cloudron and pulling updates then selling the same service for less (which I guess could be a real risk).
Also, just thinking out load, but I notice loads of premium WordPress plugins are GPL but the manage to keep going without someone buying lifetime updates and the re-selling on the cheap. But thinking about it, in many cases such projects, whilst technically GPL are actually much less open than Cloudron (I guess because they have to be to reduce risk), in that none of their repositories are publicly available.
https://premium.wpmudev.org/ is one such example. And, actually, just searching for 'wpmu GPL' to check I'd remembered correctly that that is how they are licensed the top result for me was actually https://www.gplvault.com/product-category/wordpress-plugins/wpmu-dev/ who are selling their plugins for less (I presume).
I also note that, having subscribed to WPMU in the past, I never actually thought much of their support, whereas Cloudron support is great!
Lots to ponder. Perhaps there are good reasons for Cloudron to not be re-released as AGPL... even though right now I'd still support that
-
@jdaviescoates said in Why not make Cloudron fully open source again?:
I think I may try and find and reach out to licensing experts to see to what extent releasing AGPL could protect from (or not) people cloning Cloudron and pulling updates then selling the same service for less (which I guess could be a real risk).
You also have to remember that for someone to clone Cloudron and re-sell it, they would have to re-write the whole app-store back-end code, which is not open-source / source-available.
So cloning Cloudron would really not be that easy.
-
This thread got so big. I wanted to clarify with Cloudron - is it just the dashboard, and the billing / licensing that is closed off source-wise?
As for Premium Wordpress plugins GPL debacle. There have been attempts to capitalize off the fact they can legally resell the plugins once bought and numerous sites have tried and failed. They never last more than a couple years.
Reason being that people don't buy software off of shady sites that could inject things and they had no way to automatically update like the official licenses allowed. So most of them were dead pretty quickly.
-
@mehdi said in Why not make Cloudron fully open source again?:
You also have to remember that for someone to clone Cloudron and re-sell it, they would have to re-write the whole app-store back-end code, which is not open-source / source-available.
So cloning Cloudron would really not be that easy.I know it's not open source (hence this whole thread), and the scenario I was positing would only apply post-re-open-sourcing.
But I was under the impression everything is already source-available, no?
-
@jdaviescoates No, I mean the app store part (what's installed on the Cloudron.io infrastructure) has never been open-source. And I believe nobody ever asked for it to be. The cloudron dashboard (what's installed on your own server) is what used to be open-source.
-
@marcusquinn said in Why not make Cloudron fully open source again?:
Interesting weekend read: https://plausible.io/blog/open-source-funding
More interesting reading material dated 12 October 2020 from the same source: https://plausible.io/blog/open-source-licenses
So we want a “don’t be evil” license and here’s what we are trying to accomplish with it:
- We want to prevent corporations from taking our code and using it as part of their closed-source proprietary products
- We want to prevent corporations from offering Plausible as a service without contributing to the open source project
We want to prevent corporations from confusing people and making them think that the service they sell is in any shape or form approved by the original team. [...]
Although we don’t want closed source corporations to directly compete with us using our own work, it’s important to leave the space open for forking of the project and incorporating it into other open source works.This is the best way to future-proof the project against bad actors, including ourselves if we become evil at some point. By allowing open source forks and competitors to exist, we are opening ourselves up to healthy competition and accountability from the open source community.
Plausible is now AGPLv3 licensed
So how do we accomplish all that? We do it by changing our license. Plausible Analytics has now changed the license from the MIT to a newer licensing scheme called GNU Affero General Public License V3 (AGPLv3) or any later version. [...]This change makes no difference to any of you who subscribe to Plausible Cloud or who self-host Plausible, but it may upset a few corporations who tried to use our software to directly compete with us without contributing back.
[...]The goal of the AGPL license is to maximize user freedom and to encourage companies to contribute to open source.
What is the GNU AGPLv3 license?
Copyleft license: “If you make a derivative work of this, and distribute it or run it as a service on a server to others then you have to provide the source code under this license”What are the benefits of the AGPLv3?
The AGPL license is identical to the original GPL license with the only additional term being to allow users who interact with the licensed software over a network to receive the source for that program.AGPL is designed to ensure corporations contribute back to the open source community even when running the software as a service in the cloud.
If you used AGPL-licensed code in your web service in the cloud, you are required to open source it. It basically prevents corporations that never had any intention to contribute to open source from profiting from the open source work.
It explicitly prohibits corporations from parasitically competing with an open source project. They won’t be able to take the code, make changes to it and sell it as a competing product without contributing those changes back to the original project.
Here’s that extra paragraph:
“If you run a modified program on a server and let other users communicate with it there, your server must also allow them to download the source code corresponding to the modified version running there”.What are the restrictions with the AGPLv3?
A corporation needs to be clear and provide a prominent mention and link to the original project so people that are considering to use their version of software can be aware of the original sourceIf a corporation modifies the original software, they need to open source and publish their modifications by for instance contributing back to the original project
So how can a corporation commercialize a FOSS project without open sourcing their modified code? They can purchase a commercial license to remove the copyleft restrictions and in that way support the original project.
-
@mehdi said in Why not make Cloudron fully open source again?:
No, I mean the app store part (what's installed on the Cloudron.io infrastructure) has never been open-source.
But all the app packages themselves are open source, no?
I think I'm missing something. Like @Lonk said, be good to get some greater clarity on the status quo.
-
@jdaviescoates Most but not all I don't think (TeamSpeak isn't, right?). Sorry I don't have a lot of time at the moment to contribute much but I think this is a very important conversion. At least in my circle, it's difficult to promote cloudron due to its licensing choice and I would need more info to explain / justify such a choice (and everyone of course wants the dev to get reliable income, people just think a free software license would not endanger the business model).
Anyway, thanks for starting this thread. I will write more on the topic soon