Who Owns Commercial Open Source – and Can Forks Work?
Three years ago, Tom Foremski wrote an interesting piece called “Adapt or die--the choice facing the open source movement“, which began:
Can Larry Ellison be stopped? By which I mean could Oracle shut down the fledgling open-source software movement through a series of acquisitions??
Consider this: This week, (not) coincidentally with the open source conference at the Argent Hotel in San Francisco, Oracle announced the acquisition of Sleepycat, an up and coming open source database; MYSQL said Oracle tried to buy it; and industry insiders are saying the acquisition of JBoss by Oracle is imminent.
In one fell swoop, Oracle has drawn a square around the most active and interesting parts of the open source movement--the databases and tools. These are the platforms for applications. Applications are just skins on the database--if you own the database (Oracle) or access to the data (Net Apps) you are in the sweet spot.
I'll say it again: In one fell swoop Oracle drew a square around the open source movement and unless it can prove that it can remain independent--it is a dead movement. Unless the open source movement reorganizes to meet this challenge it will dwindle and become an interesting footnote in the history of the computing industry.
Needless to say, I wasn't too convinced by the argument. Here's a comment I wrote on the story:
I think it's important to distinguish between the open source community and open source companies: you can buy the latter, not the former. Mr Ellison could buy every open source company he likes, but he can't control the communities that support them: all they have to do is "fork" the code - start a new version - which will effectively render his investment worthless. This ability to fork code - a central freedom of open source software - is what keeps the communities vibrant, and the companies honest.
At that time, this was a purely theoretical discussion, but with the acquisition of Sun and hence MySQL by Oracle, those points suddenly gain a new pertinence.
Someone else has been thinking about them, too – and it's someone who knows much and cares deeply about the open source project in question: Michael Widenius, founder and original developer of MySQL. Here's what he's written:
I don't think that anyone can own an open source project; the projects are defined by the de-facto project leaders and the developers that are working on the project. If the company loses the trust of these people, they can go away and fork the project and turn it the way they want to.
Sun's acquisition of MySQL did not go smoothly; most of the MySQL leaders (both commercial and project) have left Sun and the people who are left are sitting with their CV and ready to press send.
Oracle, not having the best possible reputation in the Open Source space, will have a hard time keeping the remaining MySQL people in the company or even working on the MySQL project. Oracle will also have a hard time to ensure to the MySQL customers, community and users that it will keep MySQL "free and available for all".
Now, Widenius probably knows the developers of MySQL better than anyone, and if he says that most have already left, and that those who haven't are about to depart, that's probably correct. This has major implications for MySQL, since it would leave the corporate side of the project hollowed out. But as both Widenius and I emphasised, that does not mean the end of the project itself. Indeed, Widenius is willing to get actively involved to ensure the latter lives on:
Here I see where Monty Program Ab, can play a significant role. Since I left Sun, I have been working on making it to be for Sun what Fedora is for RedHat. With Oracle now owning MySQL, I think that the need for an independent true Open Source entity for MySQL is even bigger than ever before.
The biggest threat to MySQL future is not Oracle per se, but that the MySQL talent at Sun will spread like the wind and go to a lot of different companies which will set the MySQL development and support back years.
I would not like to see this happen and I am doing everything I can do to keep this talent pool together (after all, most of them are long time personal friends of mine). I am prepared to hire or find a good home (either at Monty Program Ab or close to it) for all core MySQL personnel.
Here's why that is noteworthy. “Pure” open source projects like Fedora have always been set up alongside the commercial variants like Red Hat Enterprise by the company owning the copyrights on some or all of the code – Red Hat in this case. That is, they are very much “official” complements to the commercial versions. Widenius' plan is daring, because it seems to hold out the prospect of a MySQL fork set up independently of the copyright owners, and irrespective of their wishes. Under the GNU GPL, that's certainly possible, but I don't think it's ever been tried before, certainly not on this scale and with such an important project.
It will be interesting to see whether Widenius is able to pull this off, and whether Oracle, or whoever ends up owning MySQL, decides to help or hinder the attempt. There's always been a tacit assumption that it's not really viable to take this route, because the open source company simply has too much of an advantage through its ownership of the copyright, and the fact that it can always incorporate any code produced by a fork into the commercial variants. If this attempt to create a self-standing but quite separate version of MySQL succeeds, it could have major ramifications for all open source companies that think they own the project simply because they own the copyright of the code.
Follow me on Twitter @glynmoody.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- The US Government and Open-Source Software
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide