Open source software is amazing. This emergent phenomenon of human collaboration, enabled by the internet, makes it possible for organizations of every size—including for-profit businesses—to get more done, faster, with less friction and with more predictability. It's the foundation of our digital economy.
Proprietary software is fine. It is what it is. Sure, it lacks the collaborative advantages of open source software, but at least it does what it says on the tin. Pay me this, I'll give you that, and you can use it according to this specific license we negotiate.
Proprietary software masquerading as open source—what has been termed fauxpen source—is toxic. It's an intentionally deceptive hybrid that seeks to give its proponents the best of both worlds—the positive vibe and broad distribution of open source, together with the commercial leverage of proprietary software.
Fauxpen source isn't entirely new—witness the discredited Sun Community Source License of the early '00s—but in recent months this dysfunctional concept has resurfaced with a vengeance.
Fauxpen source is a disrespectful appropriation of free software and open source culture.
But fauxpen source is also just plain bad for business. Here's why.
Fauxpen source is bad for business because it is confusing by design
Almost every business relies on open source components in their applications. In fact, recent surveys indicate that 92% of applications include open source.
What does it mean to be "open source"? It doesn't just mean that the source code is available—it means a lot more. To keep everyone on the same page, the nonprofit Open Source Initiative was formed in 1998 to define and govern the use of the term "open source."
When businesses select open source components for their applications, they know they can rely on the elements of the Open Source Definition, including:
- Free redistribution, without royalties or fees, including derived works
- Source code availability, so it can be adapted and modified
- No discrimination against persons, groups, or fields of endeavor so it can be used for any purpose, including any business
Most fauxpen source licenses plainly don't comply with the requirements of the open source definition. The source code may be available, but they are not open source.
Sure, there are some important additional considerations that businesses consuming true open source software must take into account—copyleft vs. permissive licenses, attribution requirements, etc. But as a starting point, businesses can rest assured they enjoy the broad protections afforded by the Open Source Definition.
Fauxpen source licenses upend the clarity of the open source definition by introducing new complexity and confusion into the mix. That confusion and uncertainty significantly complicates things for businesses that critically rely on open source.
Introducing confusion into your software supply chain slows things down and adds risk to your company. And that's just bad for business.
Fauxpen source is bad for business because its costs and availability are unknowable
The terms of non-open source licenses can change at any time. And they do—witness recent events with software released by Redis Labs, Confluent, and others.
Even if those license changes don't apply to prior releases of the software, they do apply going forward. Is it viable for your business to stay on an old version of your database perpetually or carry the burden of maintaining a fork of that old software yourself forever? Certainly not, and fauxpen source proponents know that—which is why this gambit works. Even if you can keep using their software by buying a proprietary commercial license, the terms and cost can change at the time and place of their choosing.
The problem isn't that fauxpen source is expensive. It's that its future costs, and even its future availability, are unknowable. You're one bad vendor acquisition away from being stuck up a creek without a paddle—or stuck in a dark alley with a knife at your throat.
Didn't the industry's shift away from proprietary software and towards open source just get us out of this Stockholm syndrome where software vendors hold all the cards and demand fealty from their customers? What software-dependent business would be eager to return to that dysfunctional dynamic?
Fauxpen source leaves your business susceptible to a bait-and-switch followed by a hold-up. That's a poor business strategy.
Fauxpen source is bad for business because it unfairly depletes our shared software commons
Proponents of fauxpen source frequently offer the defense that they are protecting themselves from free riders who would use their software without subsidizing its creation and maintenance.
Meanwhile, those same fauxpen source vendors freely appropriate millions of lines of code from other open source projects to power their own businesses without contributing back anything at all to most of those projects.
I'd have more sympathy for the "Big companies don't pay us when they use our free software, so we have to use a non-free license" arguments if there was any evidence that the people making this argument were funding all the free software they depend on
— Matthew Garrett (@mjg59) February 19, 2019
BRB re-licensing my software under licenses that are free for everyone except people who add bullshit non-free clauses because they don't understand the philosophy that allowed their company to exist in the first place
— Matthew Garrett (@mjg59) February 19, 2019
In reality, fauxpen source vendors themselves are free-riding on the efforts of the open source community, but in an even more pernicious way. Instead of adding to the commons they rely on, they are appropriating the open source brand while withholding their own software from that commons. That's an unfair trade.
Strip-mining the open source community in this way, without contributing to the underlying commons, while leveraging the benefits that the open source brand enables, means fewer quality open source components for everyone—including businesses—to build on. And that's just plain bad for business.
Let's reject fauxpen source and choose a better path
Fauxpen source is a cynical ploy that risks damaging the wonderful opportunity for innovation that we've collectively created with open source software.
But as technologists and professionals, we don't have to put up with it.
Let's reject fauxpen source in the marketplace and instead choose better business models that are aligned with the values and traditions that have made open source the world-changing phenomenon it is today.
When software vendors choose to follow a fauxpen source approach, we should vote with our voices, our feet, and our dollars to push them back onto a more sustainable and responsible path.
If we do that, we can rest assured that we can continue to bet our businesses on the amazing phenomenon of open source—not fauxpen source—for years to come.