Why not make Cloudron fully open source again?

marcusquinn

I'm a fan of open source and certainly encourage it with my team - but it comes with overhead and responsibilities beyond working on the actual product, so it's not something to take on lightly or without expectation for the time-costs in managing that.

On the flip-side open-source is infinite almost free referral marketing.

From a business point of view, I would think that hosts themselves should be the primary target for sponsorship since the more that can offer Cloudron, the broader their potential customer-base and those customers subscription to their resources.

If Cloudron.io were able to Terraform the Cloudron instances to popular hosts and then the cloudron.io site was the only way to manage multiple hosts with a subscription, I could see value in that because the subscription costs is still less than the time-costs being saved.

I'm fine with hybrid models, we can hire developers to fix issues if they have a higher priority for us than you guys but also it is important to me that the platform commitments we make have a sustainable business model to remain motivated and evolving as needs arise.

Your work, your choice, either way big kudos for what you've already done and thanks for saving me a ton of time and money already!

plusone-nick

We are all a pretty tight community at this point, but putting aside the reddit and mastodon "external" comments for a minute... Ive been a cloudron user, customer & supporter since the beta & was mainly drawn to the platform for its Open Source solution....when that changed I understood the reasoning, calculated the positives & they simply outweighed the negatives. Has that move been "BAD" ? maybe in terms of some "adoption" but my point is that I would have and always will pay for the value @girish & @nebulon are providing!! So, YES it would be ideal for Cloudron to be fully open source...For me its a matter of "Principal"... The amount of people who would actually roll out their own implementation without support are far and in-between. Myself & others I am sure are literally going out of our way to sell this platform/solution for both of our sake... Personally I would prefer that we go with the Red Hat model over the SFDC model. Regardless I'm here for the ride & appreciate everything ya'll are doing. +1

marcusquinn

Some notes to add on this:

• GPL v3 covers commercial interests nicely and ensure any additions or modifications must also remain open and therefore available back to yourself to choose to include or not as you wish without cost or consequence.
• Include your website link and email in your copyright notice, since the licence specifies that the copyright notice must always remain in-tact and included, to make sure every copy and version links back to yourselves as the originator.

fbartels

@marcusquinn said in Why not make Cloudron fully open source again?:

GPL v3 covers commercial interests nicely

Yes, but only when the other party offers downloads of the product. Not when it's only hosted publicly (the installed product). In the latter case agpl would ensure that code is being made available.

But usually and honesty a lot people (if they contribute or not) only care about the freedom aspect, and there gpl or agpl are not sufficient enough for some people.

In essence, the type of license should also be dependent on the audience of developers you want to attract by at.

ruihildt

The value of Cloudron and why we pay a license is the appstore. So my naive person think that changing the platform code back to free software wouldn't affect negatively Cloudron business model.

It seems to me part of the reasoning to the license change was there wasn't much contribution to the platform anyway. I believe the same argument can be used to change it back to free software.

I'm sad not to be able to recommend Cloudron as the best open source paas since the license change.
It has in effect changed my relation to the project, from an invested advocate to a simple client.

Moving Cloudron back to free software would bring much needed positivity to 2020.

mehdi

@ruihildt said in Why not make Cloudron fully open source again?:

I'm sad not to be able to recommend Cloudron as the best open source paas since the license change.
It has in effect changed my relation to the project, from an invested advocate to a simple client.

I totally agree with this part. More than that, I would never have picked up Cloudron at all at the beginning if it weren't open source.

And as to contributions, I am the author of one of these rare contributions ^^ (to make the platform compatible with the OpenVPN app), and I would definitely not have contributed if it were not open source.

TLDR: I am 100% in favor of switching back to an open source licence.

(As for the precise licence, I do not really care, be it MIT, Apache, GPL, AGPL ... whatever.)

marcusquinn

Given the nature of the responsibility of the Cloudron system, security is the biggest aspiration for me from open-source, along with a security reporting process that allows for private communication of any issues found.

I recommend including this somewhere on your site:

https://www.zerodayinitiative.com/advisories/disclosure_policy/

My page own open-source on our own platform (WP&Woo stack) for interest:

https://brandlight.org/i/transparency/proudly-open-source/

Although we haven't open-sourced that whole stack yet, it's planned.

nebulon

As for security issues to have a private conversation, please see https://cloudron.io/security.html

Also as mentioned earlier, we do share the view that it is useful to introspect the code to see what is happening on your server, this is already achieved by our source-available policy, so feel free to audit that in the git repo.

Lonkle

As could probably be gleaned from my previous posts, I’d love to contribute to the code. Adding an option for disabling unsafe backup notifications, adding support for inter-app network communication (so my OpenVPN Client Cloudron app I’m building’s network can be used by any Cloudron app with a quick restart of the app), adding multiple domains for Wordpress Multisite, etc.

I do feel a little bound to the main developers roadmap when I’m loving Cloudron more and more with each update. Some fixes are just mere nice-to-have (the option to disable unsafe backup notifications), but some are necessary features I need. I’m no stranger to building what I need for myself and then letting others benefit from it. But a pull request for these features is impossible if it’s now closed / proprietary. Which, by the way, I totally understand. I just wish I could contribute to the project my main features so the developers don’t have to do so (eventually) and I can get what I need as soon as I need it.

I honestly didn’t know there was a GIT somewhere for Cloudron so I can at least start browsing the code to get familiar with it.

mehdi

@Lonk Here's the code : https://git.cloudron.io/cloudron/box

I think the cloudron team still accepts Merge Requests, even if it's not Open Source, as long as you sign a contributor's agreement (https://cla.cloudron.io/)

Lonkle

@mehdi Thanks for being so active in this community and on my posts. You’ve been very helpful and insightful! I’ll sign up for the contributors agreement now. Thanks again! ️

marcusquinn

Everyone contributing in the forums, codebase and apps are heroes!

I wish I could get more involved on that side but the next best I can do is keep telling every developer I work with and know online about it to try it, and get you more developer users — because I think we all can see the value in both the platform and this community.

I shudder to think of doing all that Cloudron does any other way now, and have been through pretty much every way of doing Sys Admin in 20+ years of tech.

Lonkle

@marcusquinn I love being a developer user myself. Contributing to the code that I'm using to run my web apps (custom or otherwise) I find very fulfilling. I followed @mehdi's advice and submitted the contributors agreement so I hope to contribute to Cloudron in a meaningful way. ️

marcusquinn

@Lonk Nice. I work with a team of 10 devs, mostly WP & Woo but inevitably the full stack & dev-ops. They have a good 1,000+ ticket backlog from me on feature development but I've been introducing Cloudron for peripherals apps for now, like Bitwarden, PrivateBin, NextCloud, Email etc.

We'll definitely be getting more involved, the incentive I always try to work with is that all our team owns the codebase, so everyone benefits from the collective. I always try to make what we do portable, so anyone could fork & run with it at any time but the greater incentive to collaborate is in the experience of the team.

As a separate project I'm looking at starting an open-source tech fund looking to invest in things like this directly or indirectly with sponsored development. Just matching investors to their tech appetites, returns expectations, and overall business models we have as users of the stuff we develop among our team and with other communities.

Recommend following Sahil, on Twitter the creator of Gumroad, he has lots of experience and commentary on this subject.

marcusquinn

Just a thought for the business-model side of open-source because as much as I love and promote open-source, I always look at what the business model is behind it. Any software choice is a long-term commitment and I want to know that progress is motivated and sustainable.

---

Partner programs / subscription levels. Odoo has a good example of this. The return on investment for the Partners being implementation referrals.

• https://www.odoo.com/become-a-partner

---

Sponsored development.

• https://forum.cloudron.io/topic/2798/sponsored-app-creation

---

Affiliate deals

• https://vivaldi.com/blog/vivaldi-business-model/

---

Hosts referral revenue share

• https://www.hetzner.com/news/07-20-referral-programm/

---

Hosting service
Many of the FOSS apps included with Cloudron use this model.

As I say, just thoughts, with the utmost respect for all that the team here do and it's their work to do with as they see best and whatever works for the schedules they have and generously share with us.

scooke

The replies seem to be coming more from developers lately, people who have skills enough to contribute, who also hold strong beliefs about open source. This is good, and by and large it is pleasant to see an overall positive approach to Cloudron.

I am a non-developer, but am also someone who likes the idea and principle of open source. I want to get away from proprietary apps and data lock-in. From my perspective, Cloudron has been an incredible way for me to learn about and access a plethora of open source apps, the delivery of which just works! I hope the various principled devs out there can appreciate a users perspective like mine, and just how radical Cloudron is. I've tried other open source attempts, and frankly they are all lacking in deliverability; checking out their forums reveals not even the devs can figure out what went wrong when something does; and rarely it seems are the project heads in the forums, like the Cloudron Team is, since the resolution of any problem relies on the upstream devs pushing fixes that may or may not come in time. What a mess for a user like myself, and I think there are many many users like myself. I think we are one mid-layer that will help make open source more understandable, reachable, and friendly, to all our non-techy families and friends, they who think only of Skype, Word, Facebook, but themselves are increasingly becoming disgruntled. They will never read certain /r/ nor news.ycombinator.com articles, but they will listen to me when I set up an open source chat instance, using a vanity domain, with email, on Cloudron, and it just works!

Another positive aspect of Cloudron's approach is that they don't try to cloak the open sources apps they offer as though they are something the Cloudron team created. I've come across a few such endeavours, and it worries me when I think there are regions and countries that think ****blog, *****forms, *****pad are all made by *****soft! It verges on deception, even though, after some digging, a user can find out that the software is actually made by other open source efforts. I hope this means that as more people hear about Mastodon, or Element, or booktype, etc., and look for options, they will be led to Cloudron. I for one came because I couldn't for the life of me get Rocket.Chat, Taiga and SOGo all running on the same server, by hand. Not a problem for Cloudron!!

Keep it up!!

Lonkle

Love your testimony. I am a developer-user (well, just developer for now - but I could see me running this for production) and I'll 100% commit myself to the Cloudron ecosystem as long as the current closed-source sections (like Dashboard access) stays un-obfuscated post installation. So far, neither have the developers have spoken into if that was intentional (not obfscating the code). But, I hope it was.

Lonkle

I'll work around the closed source stuff for now; seems silly to make it harder for us to contribute - but I understand why it became partly close-source, and as long as I can sort of work around that (at least I'm trying to); I'll be happy.

Lonkle

But make no mistake - if either of the founders / creators (girish and nebulon) of this app tell us they'd make it completely open-source if they had time to do [insert x code thing here]. I'd offer to do that in a heartbeat to make it fully open source.

marcusquinn

Interesting weekend read: https://plausible.io/blog/open-source-funding

jdaviescoates

@marcusquinn said in Why not make Cloudron fully open source again?:

Interesting weekend read: https://plausible.io/blog/open-source-funding

Didn't think that was the best article to be honest.

It mentions charging for support, but not the good ol' charge for support + updates model which has proven successful for loads of open source projects, including the first ever billion dollar open source company Red Hat. But also think of the vast majority of the WordPress premium plugins and themes ecosystem.

jdaviescoates

@jdaviescoates said in Who here has actually already packaged an app that is already in the Cloudron App store?:

@girish and @nebulon, obviously. Who else?

EDIT: I just realised I could do an Advanced search for "most of the packaging work" in Announcements to find lots of them (although not all, as e.g. that didn't find Moodle).

In no particular order:

• @atrilahiji did much of the work for the Moodle
• @doodlemania2 did most of the packaging work for Pixelfed and Apache Guacamole
• @jimcavoli did most of the packaging work for Metabase, Grafana, Snipe-IT and Grav CMS
• @thetomester13 did most of the packaging work for Firefly III and PrivateBin
• @fbartels did most of the packagingwork for Statping
• @ultraviolet did most of the packaging work for Vault, Trilium Notes and Apache Guacamole
• @msbt did most of the packaging work for TeamSpeak, YOURLS, Alltube Download, Bookstack and helped with Matrix/Riot
• @syn did most of the packaging work for Mastodon
• @Felix and @iamthefij did much of the heavy lifting for Bitwarden
• @murgero did the initial ground work for Directus
• @cve-random did the majority of the work for Jellyfin with the help of @mehdi
• @mehdi also implemented OpenVPN
• @sumacinitiative helped out with LimeSurvey and SearX
• @BrutalBirdie did most of the work for Greenlight
• @erics packaged dolibarr

I did a few other searches too and think I've likely got most of them now, but who is still missing?

Anyone?

Hey everyone tagged above.

First of all: THANK YOU!

Second of all: as people who've actually contributed apps to Cloudron, I'd really appreciate your input in this thread

jdaviescoates

Hey @marcusquinn @yusf @murgero @d19dotca @fbartels @will @necrevistonnezr @mehdi @msbt @Lonk @doodlemania2 @imc67 @ruihildt @JOduMonT @atrilahiji @scooke @heliostatic @jimcavoli @Hillside502 @robi @thetomester13

As valued contributors to this forum, if you've not chimed in here already, please do so!

To all those on both lists above: HUGE RESPECT (and I really want to hear from you)

marcusquinn

@jdaviescoates Woop - jeez - didn't know I could get stars for being so distracting

I'm in the good idea but not in a hurry camp - FOSS comes with admin work - and for now, I can see development progress is pretty healthy.

I've equally worked on a stack that should and will eventually be OS - but when I can commit the time to supporting the community expectations on top of our own needs, so I see both sides.

It may only a matter of time - but for now, in source available I think we all trust. So yes, but patiently

fbartels

@marcusquinn said in Why not make Cloudron fully open source again?:

in source available I think we all trust

Exactly. Changing licenses only really makes sense if the current license really hinders meaningful external contributions. And I have not yet seen this.

A Former User

I'm with fbartels on this one. Its not like its really hindering anything right now and I find the current model more than reasonable considering the effort @girish and @nebulon put into this platform and community.

mehdi

I don't agree with you guys. I think it does hinder contributions, but you would not notice it.

It's not like people would decide to not contribute and come say it on the forums or anything. They just... would do nothing.

Like I said earlier, back then I would not have contributed the OpenVPN server if cloudron were not open source. I honestly would not even have considered it as a platform to use. For a lot of people, it's not about what you can or cannot do with the code, it's really a matter of principles.

fbartels

@mehdi said in Why not make Cloudron fully open source again?:

It's not like people would decide to not contribute and come say it on the forums or anything. They just... would do nothing.

And I don't agree with the above

From past experience, if someone is invested enough to make a meaningful contribution they usually try to establish some for of contact with the maintainers before starting work (or at least they should, what if that contribution does not fit with the current scope of the project?). I had plenty of discussions in the past because people did not think that AGPL would be a good fit for them.

jdaviescoates

@mehdi said in Why not make Cloudron fully open source again?:

I don't agree with you guys.

I don't either.

But it's not just about people actually contributing code either, it's about wider uptake.

I already know quite a few people who used to subscribe to Cloudron but no longer do so because it's no longer open source.

@mehdi said in Why not make Cloudron fully open source again?:

For a lot of people, it's not about what you can or cannot do with the code, it's really a matter of principles.

Exactly. I also know people and agencies who won't subscribe nor use it as a matter of principle like @mehdi says.

This is causing needless wheel reinvention as they then go off and try to patch together others tools to create a similar experience to Cloudron, when they could otherwise just contribute to improving Cloudron instead.

There are also quite a few public authorities who would be more likely to adopt it if it were open source.

Whether or not Cloudron being open source would lead to more contributions to the code (I think it would as @mehdi is far from alone in his principles), I feel fairly certain that Cloudron could sell more subscriptions and therefore fund further development if it were open source again.

ntnsndr

Thanks for raising this question, @jdaviescoates.

I am personally not sure open-sourcing is critical here, as I think the first beneficiaries would be big cloud platforms (AWS, etc) that would then be able to host it and cut out any income for the developers. The current source available arrangement strikes me as probably necessary and appropriate.

I'm increasingly convinced that OSS as such is broken as a means of protecting against corporate exploitation, and it should not be celebrated as an end in itself. Based on my conversations with @girish, I think the single most important fact about Cloudron is that the company is bootstrapping (based on our subscription fees) and not seeking an exit. As long as that's the case, I think the community should support their self-defense through licensing.

Rather than fixating on licensing, it might be more relevant to all of us to discuss the possibility of an "exit to community" for Cloudron, in which ultimately the company we pay into becomes owned by—and accountable to—the people who rely on it. This could help ensure that the company we're paying into, and that is stewarding the code we depend on, doesn't get captured by forces beyond our control.

necrevistonnezr

@ntnsndr said in Why not make Cloudron fully open source again?:

Thanks for raising this question, @jdaviescoates.

I am personally not sure open-sourcing is critical here, as I think the first beneficiaries would be big cloud platforms (AWS, etc) that would then be able to host it and cut out any income for the developers. The current source available arrangement strikes me as probably necessary and appropriate.

I'm increasingly convinced that OSS as such is broken as a means of protecting against corporate exploitation, and it should not be celebrated as an end in itself. Based on my conversations with @girish, I think the single most important fact about Cloudron is that the company is bootstrapping (based on our subscription fees) and not seeking an exit. As long as that's the case, I think the community should support their self-defense through licensing.

Rather than fixating on licensing, it might be more relevant to all of us to discuss the possibility of an "exit to community" for Cloudron, in which ultimately the company we pay into becomes owned by—and accountable to—the people who rely on it. This could help ensure that the company we're paying into, and that is stewarding the code we depend on, doesn't get captured by forces beyond our control.

+1!
Very good points.

marcusquinn

@ntnsndr wise words!

rmdes

@ntnsndr wait, are you https://twitter.com/ntnsndr ?
if yes, it's really nice to have you here, I was sensing some "social coop" approach to your comment and I think it's really great to have you here

jdaviescoates

@rmdes said in Why not make Cloudron fully open source again?:

@ntnsndr wait, are you https://twitter.com/ntnsndr ?

It is

I know Nathan uses Cloudron with his students at at the University of Colorado Boulder and so I reached out to him to chime in here

As I mentioned to him in email:

re protecting against corporate exploitation, given it is "specifically designed to ensure cooperation with the community in the case of network server software" my understanding is that the AGPL provides at least some protection against that as per https://www.gnu.org/licenses/agpl-3.0.en.html

@ntnsndr replied:

The AGPL is indeed oriented this way, though from what I understand its protections have proved overly ambiguous and inadequate against the present threats.

So whilst I really love co-ops and 'exit to community stuff' (and I'd fully support, and be really excited by such a future for Cloudron were @nebulon and @girish open to such ideas?) I think my question still stands:

What exactly is it about Cloudron and/or the AGPL that leads @nebulon and @girish to the conclusion that if Cloudron were fully AGPL licensed they would be unable to continue with the existing sustainable business model of selling subscriptions for updates and support?

Given the tech giants are already the most powerful human entities on the planet, ever, with almost unfathomable resources (this visualisation of e.g. just Bezos' personal personal wealth is pretty gut wrenching), I think if they wanted to directly compete with Cloudron they could very easily do so regardless of how the code is licensed: they could just allocate an infinitesimally small percentage of their budget to reverse engineer it. But, really, why would they bother? They already own and run the infrastructure the powers the vast majority of the Internet, including nearly all web and mobile apps.

jdaviescoates

@jdaviescoates said in Why not make Cloudron fully open source again?:

re protecting against corporate exploitation, given it is "specifically designed to ensure cooperation with the community in the case of network server software" my understanding is that the AGPL provides at least some protection against that as per https://www.gnu.org/licenses/agpl-3.0.en.html

Moreover, to outsiders, Cloudron itself looks exactly like the "corporate exploitation" we're supposedly protecting ourselves against with proprietary code: if Docker and the 80+ open source app we can all run on Cloudron weren't themselves open source (and Ubuntu and so much else), well then Cloudron couldn't exist.

I know this isn't strictly true given upstream contributions and the genuine desire of @nebulon & @girish to be able to increase such contributions in the future, but it's nevertheless a valid perspective and criticism to make: Cloudron has built a successly business off the back of open source, just like the tech giants (and basically every business using tech, i.e. basically every business).

And this isn't hypothetical either. If you click in some of the links I included in my OP these are exactly the arguments some people are making against recommending/ using/ promoting Cloudron.

rmdes

Maybe I'm wrong and hopefully @girish @nebulon will find the time to chime in here but I think this issue is related to survival, ability to live from one's work more than anything else.
I may be wrong, I don't know.

But this thread here : Open Collective could be a way to do both : securing funds from the community, in full transparency, funds that could even benefit other OSS projects AND at the same time, secure a line of income for those that contribute directly and make the Cloudron project possible.

The argument that X or Y have made a business off the back of open source is valid in the absolute but also worthless until the big tech giants, the entire web has been powered by open-source without ever, society, either in the US/EU etc...ever considering that The Internet is a common good, a public service and that those that built it, from kernel developers to external contributors are in fact creating common value that is largely sucked by big corps and big players, at a scale impossible to compare to what Cloudron staff is taking.

This question is a structural global problem more than a particular approach that concerns only cloudron; its good to have this discussion but it's even better to put those giants that extract wealth in vast orders of magnitude compared to cloudron, in front of the problem.

it's easier to rant and even attack little projects, it's much more complicated to bring this disucssion at european, american, global level and actually find ways to fix this mess from a global perspective.

necrevistonnezr

Maybe we should all give it a rest now in trying to tell Girish und Nebulon what do do with their project and their income and trying to nudge them into one direction.

jdaviescoates

@rmdes said in Why not make Cloudron fully open source again?:

The Internet is a common good, a public service and that those that built it, from kernel developers to external contributors are in fact creating common value that is largely sucked by big corps and big players, at a scale impossible to compare to what Cloudron staff is taking.

This is true, but just for devil's advocate's sake it's also true (and often unmentioned) that big corps have actually also been the primary funders/ developers of of lots of open source too e.g. the Linux kernel: I'm not sure of current figures but I remember in the past IBM employees had written something like 70% of the code.

But yeah, I totally want to ensure @girish and @nebulon can continue to work on and get properly paid for working full time on Cloudron. They've created a really amazing product, and in some ways even more impressively have built a really fantastic community around it too. Both of those things are Really Hard (TM) and they've totally nailed it.

I'm also totally up for hearing, and open to being convinced by, arguments that if Cloudron were AGPL again it would somehow make it harder to pay @girish and @nebulon to work on it and to have sustainable livelihoods. I just can't see that myself (I might be blind) and don't think anyone has actually made that case yet?

I'm beginning to sound like a stuck record, but all I can see are positives.

I guess the potential risk isn't really that tech giants would clone and undercut Cloudron at all. The risk is that some random freelancer or agency could potentially do so. This is actually the story of how Sharetribe became proprietary: someone did clone their business and undercut them, cutting into their revenues.

As I understand it (please someone correct me if I'm wrong) AGPL is designed specifically be used to prevent that (well, at the very least to prevent people doing that without also contributing back - but perhaps that's all it does and that's the problem?), but that wasn't the understanding of Sharetribe's developers.

How real is that risk? How many paying customers here would go elsewhere? Given how much we all value the community here, I think very few.

There are loads of GPL premium wordpress plugins out there, many of which can be found for free out in the wild. But in most cases it pays to pay. In the end it's just so much easier to get updates and support in a timely manner by paying.

marcusquinn

@necrevistonnezr Yeah, the thread should locked, everyone's had their say now. Developer time is precious. Their work, their choice, their freedom to change and change again. I believe in good work more than I believe in good intentions.

jdaviescoates

@marcusquinn said in Why not make Cloudron fully open source again?:

@necrevistonnezr Yeah, the thread should locked, everyone's had their say now. Developer time is precious. Their work, their choice, their freedom to change and change again. I believe in good work more than I believe in good intentions.

Um, actually, the two most important people @girish and @nebulon have not yet had their say.

And nor have most of the other people who have so far packaged apps for Cloudron.

Moreover, the very first response to this thread was @nebulon who said:

Thanks for your elaborate post, we will answer in more detail,

I'm actually as happy as every one else that they are busy spending their time developing instead of replying here, but I'd still really like to hear that more detailed answer at some point!

And I'd still love to hear what other app packaging contributors think too.

I really don't understand this desire to shut down healthy debate and discussion between members of the Cloudron community.

But sure, if either @girish or @nebulon themselves would like to lock this thread they could of course choose to do so.

Lonkle

I think this thread is valuable for @girish and @nebulon - because there are people like us who are passionate about open-source and we all have different reasons why we want to develop for and maintain apps for Cloudron and though I don’t have any issue with “semi-open-source” - I know a lot of other developers that do. Which this discussion and girish's / nebulon's reaction to the entire thread of opinions - may be a way to attract new develoeprs: “Cloudron goes fully open source” kind of headline.

I will say tho - if Cloudron became closed source I would stop creating apps for it (and I have 5 apps I have in mind to continue to port already)...okay maybe, I'm 50 / 50 on that (I really like Cloudron ). But I couldn't have created the apps I have now without direct access to their very readable and commented source. Though, they’ve made it decently clear thats not what the developers want to do (close the source entirely).

So yeah, I want to continue to hear people’s passion about their open source software beliefs and how they feel about it in the Cloudron context.

scooke

@jdaviescoates I went back and read a link you shared, a convo in a Mastodon instance, by someone who seemed to brush away Cloudron's approach and mindset automatically. I wouldn't take that opinion expressed in such a way seriously, especially since they didn't in any way outline exactly how they can see Cloudron managing or limiting access. I mean, the first and most important part of Cloudron is that we host it ourselves on our own servers and backup things to destinations we control.

Somehow the negative viewpoint (not saying this is yours) that Cloudron has benefited off the back of open source projects ignores all that it conversely has done to broaden each projects exposure, without (I assume) asking for financial renumeration from those projects for doing so, nor excluding projects if they won't pay up. I think if Cloudron went that way then a negative view of Cloudron would totally understandable.

I can take a step back and look historically at all the times I tried to self-host something, and got stuck, with minimal help from said-project's forums, and came away with nothing, and remember thinking, "I'd pay some one to help me with this!"... voila, that is the role Cloudron has played. I share your enthusiasm for this project!

Like you (in the mastodon thread), I tried Yunohost and Sandstorm and the like... just too many complicated problems that no help from forums could provide. They always forced me back to doing it myself: I've had a heck of a time trying to get nginx and apache running on the same server; I've never successfully gotten docker or docker-compose to seamlessly add services or apps to an existing two-app setup (mysql and wordpress) even though it is supposed to be so incredibly easy (even with the promised answer of portainer). I can setup and run a basic VPS running LAMP... going beyond that.... I am soo thankful for Cloudron!

I wonder if the licencing can play a role in how much ownership @girish and @nebulon and the Cloudron team feel toward their code and their subsequent "responsibility" to keep it running well. I mean, if it were as open as can be, and others started forking it and running it and offering their own specialized subscriptions for their version of Cloudron, I could see that there would be some run-off of problems and complaints back to the Cloudron team that this or that isn't working on Fork A or Subscription Service D, and then they end up maintaining code for ideological reasons rather than offering and improving a service for productivity and (user-)independence reasons.

jdaviescoates

@scooke thanks for your further input. I agree that some of the commenters on Mastodon were basically just rude and seemingly unable to capture any nuance, others less so.

I think I may try and find and reach out to licensing experts to see to what extent releasing AGPL could protect from (or not) people cloning Cloudron and pulling updates then selling the same service for less (which I guess could be a real risk).

Also, just thinking out load, but I notice loads of premium WordPress plugins are GPL but the manage to keep going without someone buying lifetime updates and the re-selling on the cheap. But thinking about it, in many cases such projects, whilst technically GPL are actually much less open than Cloudron (I guess because they have to be to reduce risk), in that none of their repositories are publicly available.

https://premium.wpmudev.org/ is one such example. And, actually, just searching for 'wpmu GPL' to check I'd remembered correctly that that is how they are licensed the top result for me was actually https://www.gplvault.com/product-category/wordpress-plugins/wpmu-dev/ who are selling their plugins for less (I presume).

I also note that, having subscribed to WPMU in the past, I never actually thought much of their support, whereas Cloudron support is great!

Lots to ponder. Perhaps there are good reasons for Cloudron to not be re-released as AGPL... even though right now I'd still support that

mehdi

@jdaviescoates said in Why not make Cloudron fully open source again?:

I think I may try and find and reach out to licensing experts to see to what extent releasing AGPL could protect from (or not) people cloning Cloudron and pulling updates then selling the same service for less (which I guess could be a real risk).

You also have to remember that for someone to clone Cloudron and re-sell it, they would have to re-write the whole app-store back-end code, which is not open-source / source-available.

So cloning Cloudron would really not be that easy.

Lonkle

This thread got so big. I wanted to clarify with Cloudron - is it just the dashboard, and the billing / licensing that is closed off source-wise?

As for Premium Wordpress plugins GPL debacle. There have been attempts to capitalize off the fact they can legally resell the plugins once bought and numerous sites have tried and failed. They never last more than a couple years.

Reason being that people don't buy software off of shady sites that could inject things and they had no way to automatically update like the official licenses allowed. So most of them were dead pretty quickly.

jdaviescoates

@mehdi said in Why not make Cloudron fully open source again?:

You also have to remember that for someone to clone Cloudron and re-sell it, they would have to re-write the whole app-store back-end code, which is not open-source / source-available.
So cloning Cloudron would really not be that easy.

I know it's not open source (hence this whole thread), and the scenario I was positing would only apply post-re-open-sourcing.

But I was under the impression everything is already source-available, no?

mehdi

@jdaviescoates No, I mean the app store part (what's installed on the Cloudron.io infrastructure) has never been open-source. And I believe nobody ever asked for it to be. The cloudron dashboard (what's installed on your own server) is what used to be open-source.

necrevistonnezr

@marcusquinn said in Why not make Cloudron fully open source again?:

Interesting weekend read: https://plausible.io/blog/open-source-funding

More interesting reading material dated 12 October 2020 from the same source: https://plausible.io/blog/open-source-licenses

So we want a “don’t be evil” license and here’s what we are trying to accomplish with it:

• We want to prevent corporations from taking our code and using it as part of their closed-source proprietary products
• We want to prevent corporations from offering Plausible as a service without contributing to the open source project

We want to prevent corporations from confusing people and making them think that the service they sell is in any shape or form approved by the original team. [...]
Although we don’t want closed source corporations to directly compete with us using our own work, it’s important to leave the space open for forking of the project and incorporating it into other open source works.

This is the best way to future-proof the project against bad actors, including ourselves if we become evil at some point. By allowing open source forks and competitors to exist, we are opening ourselves up to healthy competition and accountability from the open source community.

Plausible is now AGPLv3 licensed
So how do we accomplish all that? We do it by changing our license. Plausible Analytics has now changed the license from the MIT to a newer licensing scheme called GNU Affero General Public License V3 (AGPLv3) or any later version. [...]

This change makes no difference to any of you who subscribe to Plausible Cloud or who self-host Plausible, but it may upset a few corporations who tried to use our software to directly compete with us without contributing back.
[...]

The goal of the AGPL license is to maximize user freedom and to encourage companies to contribute to open source.

What is the GNU AGPLv3 license?
Copyleft license: “If you make a derivative work of this, and distribute it or run it as a service on a server to others then you have to provide the source code under this license”

What are the benefits of the AGPLv3?
The AGPL license is identical to the original GPL license with the only additional term being to allow users who interact with the licensed software over a network to receive the source for that program.

AGPL is designed to ensure corporations contribute back to the open source community even when running the software as a service in the cloud.

If you used AGPL-licensed code in your web service in the cloud, you are required to open source it. It basically prevents corporations that never had any intention to contribute to open source from profiting from the open source work.

It explicitly prohibits corporations from parasitically competing with an open source project. They won’t be able to take the code, make changes to it and sell it as a competing product without contributing those changes back to the original project.

Here’s that extra paragraph:
“If you run a modified program on a server and let other users communicate with it there, your server must also allow them to download the source code corresponding to the modified version running there”.

What are the restrictions with the AGPLv3?
A corporation needs to be clear and provide a prominent mention and link to the original project so people that are considering to use their version of software can be aware of the original source

If a corporation modifies the original software, they need to open source and publish their modifications by for instance contributing back to the original project

So how can a corporation commercialize a FOSS project without open sourcing their modified code? They can purchase a commercial license to remove the copyleft restrictions and in that way support the original project.

jdaviescoates

@mehdi said in Why not make Cloudron fully open source again?:

No, I mean the app store part (what's installed on the Cloudron.io infrastructure) has never been open-source.

But all the app packages themselves are open source, no?

I think I'm missing something. Like @Lonk said, be good to get some greater clarity on the status quo.

avatar1024

@jdaviescoates Most but not all I don't think (TeamSpeak isn't, right?). Sorry I don't have a lot of time at the moment to contribute much but I think this is a very important conversion. At least in my circle, it's difficult to promote cloudron due to its licensing choice and I would need more info to explain / justify such a choice (and everyone of course wants the dev to get reliable income, people just think a free software license would not endanger the business model).
Anyway, thanks for starting this thread. I will write more on the topic soon

ruihildt

@avatar1024 Correct, not all apps are free software. It never was a requirement for apps to have a specific license to be packaged.

It just happens that most apps available for packaging -and thus on which you can freely base a businees model on- are free software.

murgero

@ruihildt said in Why not make Cloudron fully open source again?:

It never was a requirement for apps to have a specific license to be packaged.

Not to say that all licenses types can be packaged - the license for the app needs to allow free distribution of the software in order for us to package it.

jdaviescoates

@avatar1024 said in Why not make Cloudron fully open source again?:

@jdaviescoates Most but not all I don't think (TeamSpeak isn't, right?).

Confluence and Emby too. Possibly others (I would still really like a filter in the app store for licences and LDAP support)

But, I think the additional Cloudron code in the Cloudron packages for those apps is still MIT even for these non-open-source apps too.

@avatar1024 said in Why not make Cloudron fully open source again?:

At least in my circle, it's difficult to promote cloudron due to its licensing choice and I would need more info to explain / justify such a choice

Same.

@avatar1024 said in Why not make Cloudron fully open source again?:

and everyone of course wants the dev to get reliable income, people just think a free software license would not endanger the business model

Exactly.

Although I'm still open to being convinced otherwise if there is some genuine risk I've not fully considered as a non-developer.

@avatar1024 said in Why not make Cloudron fully open source again?:

I will write more on the topic soon

Thanks

nilesh

IMHO, there are serious problems with AGPL-licensed software that is hosted on servers - namely, it allows Amazon AWS , Google GCP, Microsoft Azure etc to take the code and start charging for it without contributing anything back to upstream. The access to code has stopped being the bottleneck. The problem is now centralization. We've seen this happen again and again with Redis, Elastic etc.

The question is whether this risk is worth the developer contributions and user adoption that Cloudron is missing out by NOT being open-source.

Lonkle

@nilesh The devs seem to imply they don’t want code contributions but will allow them if it allows a new app in the store that couldn’t exist without them.

That’s the vibe I’ve gotten anyway. I’ve written code contributions to box for my VPN Client app and plan to add contributions to dashboard. But I’ll let you guys know what happens.

scooke

@nilesh I signed up way before there were the amount of developer contributions we can see now because what the Cloudron team could offer was already awesome. I've seen the forums get really busy with lots of dev suggestions; I've tried non-Cloudron submitted apps that didn't work out for this or that reason - even though some are still on offer, I'm not sure to what degree the Cloudron team has taken "full" responsibility for these dev-contributed apps, but it has all made me wonder just how much busier these contributions have made the Cloudron team, and to what detriment to existing users or road plans. Obviously the Cloudron team has a better picture of who the paying users are, but I suspect there are many like me. Don't get me wrong, I super appreciate the time outside devs and users have freely given to helping make the overall Cloudron platform broader, but the people I'm looking at getting to sign up and pay for Cloudron are more like me , though they have less awareness or interest in open-source in general, they do like things that work, and they like having ownership and control over their data (meaning we won't ever sign up with an AWS, GC or Azure-branded cloudron). My main concern is that Cloudron remains functioning to be able to offer their service.

Lonkle

@scooke That sounds spot on and the best demographic to go after. Since I’m just a dev that finds this stuff fun (not the target market); they still do go out of the way to help me which I think shows how much character both of them have. Which is another reason I’ve backed Cloudron so much.

I did want to ask what you meant by installing apps outside of the official AppStore and what was your experience with that?

jdaviescoates

@nilesh said in Why not make Cloudron fully open source again?:

IMHO, there are serious problems with AGPL-licensed software that is hosted on servers - namely, it allows Amazon AWS , Google GCP, Microsoft Azure etc to take the code and start charging for it without contributing anything back to upstream.

Two things.

1. The scenario you describe is actually exactly what AGPL was designed to protect against, no? See https://www.gnu.org/licenses/agpl-3.0.html and lots of relevant quotes from that and other write-ups in posts above.

Perhaps you're thinking of a different license?

But, also,

2. as I said above, I think the risk of someone cloning Clouron is MUCH higher from a small tech agency than the Tech Giants taking the code. The Tech Giants have unfathomable resources. If they wanted to reverse engineer Cloudron it would take an unimaginably tiny fraction of their immense budgets.

ianhyzy

@jdaviescoates The Fair Code license makes this explicit - I think it might work well here if they choose to go open-source. https://faircode.io/

ruihildt

@ianhyzy Fair code is not a license, and it's not open source (OSI compliant).