Monthly Archives: December 2013

TGIM! Rise early, lecture, writing, guest lecture, party.

Thank $deity it is Monday, because this is going to be a great day! First call of the day bonus: Tokyo, 8:15, about Open Invention Network’s Linux System Definition, already done. Now off to the university. Today‚Äôs morning lecture will be about Open Source licensing, derivative works, software stacks and license compatibility. Then, working on a publication about device ownership and DRM. Next, a guest lecture by Matthias Kirschner from FSFE, the students seemed quite excited about it. Finally, off to the Endocode office for our end-of-year get-together. It is going to be a long day, but a good one.

FLOSS in the Cloud: EOLE, Brussels, Dec 6

Happy Saint Nicholas day everybody! What better purpose could the day be used for to than to travel to Brussels through a storm, and attend the 2013 incarnation of EOLE, the “European Open Source & Free Software Law Event”, held today in Brussels. Philippe Laurent opened the conference with the still blurry question of what cloud is, quoting the FSF: “[cloud] … is a marketing buzzword with no clear meaning…” that is best to avoid. The whole world did not listen and now uses the term widely. The post reflects both what was discussed, and what I learned from the event.

It seems that while the cloud is still opaque, a common understanding is emerging on what cloud computing means. It represents a convergence of all the individual bits of running a service – software, platform, infrastructure, storage, hosting, billing, scaling and more – into a single, standardised, comparable offer. Essentially, it is the message to the engineers that nobody cares about the details, the individual twiddly bits, and clients want one unified package of hosting something that is actually used by a user. Economically, it is another critical step towards massive standardisation of IT operations, making procurement easier because all relevant bits are integrated, and improving competition by making the offers of various providers comparable. We should expect average service prices per user to fall, pretty dramatically, and especially fixed cost overhead in companies that formerly self-hosted to go down as well. In a couple of years, owning your own metal might sound like getting milk delivered to your door in cans.

It helped that Christian Verstraete from HP opened with a detailed overview of OpenStack. It showed the audience that there is a strong convergence of the market towards one free software solution, with backing from 95% of the relevant industry players. A standard test similar to the JavaScript Acid test can be expected to emerge for compatibility between offerings by different cloud providers. With that, migrating from one provider to another should pose no technical issues, only contractual ones. Based on the ForgeRock experience, Lasse Andresen underlined that by stressing that solutions have to be completely free software, not open-core. And the fact that if there is a well-adopted Open Source solution, it cannot easily be killed. In this, the freedoms provided by the licenses do prove useful – companies may fail, but the technology remains.

So far, that was all good, but not very law-related. Things became interesting from a legal point of view when Patrice-Emmanuel Schmitz opened the panel, with his background as one of the authors of the European Union Public Licence. However, he summarised the issues of current licenses and the debate of what distribution or conveying software means for web services, and it seems like that is still mostly murky. The concentration of services into cloud offerings has led to the rise of new licenses (a trend nobody was hoping for, considering the mess of tons of mostly identical not-invented-here licenses that were used a couple of years back). The underlying problem, though, is fundamental: Open Source licensing is based on copyright, which governs reproduction, distribution, adaption and performance of a copyrighted creation. None of these happen under auspices of the user of the site, and therefore there is no copyright relationship regarding the software between the site provider and the consumer. There is a remainder of code being distributed to the user, like JavaScript libraries. It is hard to construe a derivative work relationship between that code and the rest of the application that runs server-side, especially because these JavaScript libraries are often treated more like data than code and not even linked server-side at all. It is more similar to an client-side running interpreter than to a program part. If the web application is not a derivative work of the distributed libraries, the chain is broken, and a provider can claim not to be at fault with Open Sources licenses and not offer the source code for their modifications of the server application. The Affero GPL solves this problem partially by requiring the provider to offer the source code to the user when it is run on the server. This again ties the licensing to an element of the copyright rights bundle, performing. But it leaves a trace of a bad taste, because now there is a problem of proof – the user usually does not know what software was involved in rendering a response. Also, not all server software is licensed under the AGPL or similar licenses.

Contributing to Open Source is not something people do just because the license says so, but because they are somehow driven to collaborate. Web applications can still benefit from the Open Source way. What is different is that for libraries and applications, what the licenses are modelled for, users and developers are effectively treated the same and the distinction only exists in what they do. For web applications, users do not necessarily acquire a right to use, study, modify and improve the source code even if the developers published their product under a copyleft license. This is the norm that made it fun and enjoyable to contribute to Open Source projects. New norms and governance setups should be designed to maintain that situation and thus keep the motivation of contributors (individuals as well as institutions) intact. Compliance should be the norm by now, and I hope that the distrust sometimes underlying the relation – “Are they really showing all the software that is running?” will be a thing of the past.

Many thanks to the organisers!