The Commons Clause causes open-source disruption

Published: September 14th, 2018

A group of software companies and developers are going after cloud infrastructure providers for what they claim is an abuse of the open-source software ecosystem. The group says cloud providers are using open-source software for their own commercial benefit without returning anything back to the open-source community, helping sustain those projects, or giving open source any credit at all. This is causing them to turn to a new license to protect their work and preserve monetary gain.

“I call it the big code robbery. Amazon and other cloud providers are taking successful open-source code and adopting it as their own cloud service. This is a complete abuse of the open-source concept,” said Ofer Bengal, co-founder and CEO of the software company Redis Labs, creator of the open-source project Redis. “If this continues, there will be no incentive for any developer or any startup to develop any meaningful open-source project because it will immediately be adopted by cloud providers and they will make the money off this.”

Bengal’s frustration stems from his company’s own open-source work. Redis is an open-source, in-memory data structure store that can be used as a database, cache and message broker under the BSD license. In addition, the company offers its own enterprise database offering based off the open-source technology, but because of its open-source success the company is finding it hard to monetize its own offering. This is because cloud providers like Amazon are abusing the open-source code by taking it, building their own database services off of it, and offering them as an integral part of their platform without contributing anything back to the open-source project, according to Bengal. Google Cloud’s website also shows it offers a CloudMemorystore for Redis as a service.

“So basically they are enjoying huge revenues for something they did not develop,” he said. “We, Redis Labs, only make a small fraction of those revenues with our offering, and this is not because their product is better in any way. This is just because the [open source] Redis service is way more accessible for users that go on the AWS console while our Redis service is buried in the marketplace. This scenario does not just apply to Redis. Almost any open-source project nowadays suffers from the same unfair competition.”

While Amazon by definition isn’t doing anything illegal or violating any of the terms of the ‘open-source agreement’ as stated by the Open Source Initiative, Bengal believes they are abusing their power and resources for monetary gain and destroying the entire essence of what it means to be open source.

“The issue of monetizing open-source projects by cloud providers without contributions back to the community has become a significant challenge for the open-source business model. While all cloud providers are guilty of this at some level, AWS leads the charge due to its market share but also because of its business practices,” said Manish Gupta, CMO of Redis Labs. “Accelerated ‘for-fee’ services introduced by cloud providers have increasingly relied on the work done by others without any significant payback for the community.”

SD Times reached out to Amazon for comment, but had not heard back at the time of writing.

Kevin Wang, founder and CEO of FOSSA, a contributor and promoter of the clause, explained the problem doesn’t lie only with cloud providers. In principle, the Commons Clause is meant to protect open-source projects from any bad actors who choose to use the project for their own gain, without giving back.

Redis gets heat from open-source community
Redis Labs tried to legally stop cloud providers from abusing its trademark, but found it difficult because of the legal resources and budgets these giant companies have.

So the company took another route and decided to change the licenses of certain open-source Redis add-ons with the Commons Clause. This change sparked huge controversy within the community with many stating that Redis was no longer open source.

“We were the first significant company to adopt this and announce it in such a way that we got most of the heat from the community on this one,” said Bengal.

The reason for the uproar is because the Commons Clause is meant to add “restrictions” that limit or prevent the selling of open-source software to the Open Source Initiative’s approved open-source licenses.

“ … ‘Sell’ means practicing any or all of the rights granted to you under the License to provide to third parties, for a fee or other consideration (including without limitation fees for hosting or consulting/ support services related to the Software), a product or service whose value derives, entirely or substantially, from the functionality of the Software. Any license notice or attribution required by the License must also include this Commons Clause License Condition notice,” the Commons Clause website states.

According to the OSI, this directly violates item six of its open-source definition in which it states no discrimination against fields of endeavor. “The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research,” the definition explains.

According to Vicky Brasseur, vice president of the OSI, by restricting users from making money off a project where it is applied, the Commons Clause cannot be by definition labeled as open source. “As the Open Source Definition is no longer applicable to those projects, they—quite literally by definition—are no longer open source. At best they can be called ‘source available,’” she wrote in an email to SD Times.

However, Bengal stated that “Redis is always and will always remain open source via the BSD license.” He believes this still promotes the idea of open source because it does not change users’ ability to use the product and still can be freely used within applications and sold as a combined product. Instead, what it does is prevents cloud providers from taking the add-on itself and monetizing it without contributing anything back to open source.

The war between the Commons Clause and the open-source community
“The Commons Clause is getting a lot of attention because developers are frustrated at how hard it is to commercialize and sustain open-source projects. Many open-source projects require tens of millions of dollars to fund something that’s given away for free. Therefore, they adopt the Commons Clause to try and commercialize the value in order to sustain the core project,” said FOSSA’s Wang. “Users are afraid that this means the world is getting less open. This is not true, the greatest threat to open source is not narrow licenses, but lack of resources for open-source projects to succeed. That misunderstanding and lack of empathy for the developer is causing the uproar.”

However, developers see it differently. Drew DeVault, a software developer, flatly stated: “The Commons Clause will destroy open source.”

“It preys on a vulnerability open-source maintainers all suffer from, and one I can strongly relate to. It sucks to not be able to make money from your open-source work. It really sucks when companies are using your work to make money for themselves. If a solution presents itself, it’s tempting to jump at it. But the Commons Clause doesn’t present a solution for supporting open-source software. It presents a framework for turning open-source software into proprietary software,” DeVault wrote in a blog post.

Bengal agrees this could have been addressed by introducing a proprietary, non-open-source license. But after several open-source companies raised a need to address the unfair competition in the community, it was decided to add this clause as a way to provide a solid concept that could be applied to any underlying open-source project and protect it from being abused as a standalone product from cloud providers. He believes the community needs to recognize that the world has changed since the open-source concept was defined 20 years ago and that this concept doesn’t work in today’s reality.

“It is time to reexamine the ethos of open source,” Salil Deshpande, managing director at Bain Capital Ventures and investor in companies like Redis Labs, provided in an email to SD Times. “Our view is that open-source software was never intended for cloud infrastructure companies to take and run as a service, keep the profits, and give very little back. That is not the original ethos of open source. Commons Clause is reviving the original ethos of open source. Academics, hobbyists, or developers wishing to use a popular open-source project to power a component of their application can still do so. But if you want to take substantially the same software that someone else has built, and offer it as a service, for your own profit, that’s not in the spirit of the open-source community. As it turns out, Commons Clause makes the source code not technically open source. But that is something we must live with, to preserve the original ethos.”

Article Tags

open source, Open Source Initiative, OS, OSI, OSS, Redis, Redis Labs, The Commons Clause

About Christina Cardoza

Christina Cardoza is the News Editor of SD Times. She is responsible for the oversight of the daily news published to the website as well as the company's weekly newsletter, News on Monday. She covers agile, DevOps, AI, machine learning, mixed reality and software security. She is an undeniable nerd who loves Marvel comics and Star Wars. On Follow her on Twitter at @chriscatdoza!

View all posts by Christina Cardoza

Cookie	Duration	Description
cf_use_ob	past	Cloudflare sets this cookie to improve page load times and to disallow any security restrictions based on the visitor's IP address.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__atuvc	1 year 1 month	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.
__atuvs	30 minutes	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_S6PB8V57DG	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_846073_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_jsuid	1 year	This cookie contains random number which is generated when a visitor visits the website for the first time. This cookie is used to identify the new visitors to the website.
at-rand	never	AddThis sets this cookie to track page visits, sources of traffic and share counts.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
iutk	5 months 27 days	This cookie is used by Issuu analytic system to gather information regarding visitor activity on Issuu products.
uvc	1 year 1 month	Set by addthis.com to determine the usage of addthis.com service.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
WMF-Last-Access	1 month 14 hours 26 minutes	This cookie is used to calculate unique devices accessing the website.

Cookie	Duration	Description
__Host-GAPS	2 years	This cookie allows the website to identify a user and provide enhanced functionality and personalisation.
_pxhd	session	Used by Zoominfo to enhance customer data.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
loc	1 year 1 month	AddThis sets this geolocation cookie to help understand the location of users who share the information.
mc	1 year 1 month	Quantserve sets the mc cookie to anonymously track user behaviour on the website.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
__gpi	1 year 24 days	No description
__Secure-YEC	1 year 1 month	No description
_heatmaps_g2g_100754890	10 minutes	No description
_techvalidate_session	session	No description
cf_7166_id	20 years	No description
cf_7166_person_last_update	session	No description
f5avraaaaaaaaaaaaaaaa_session_	session	No description available.
GoogleAdServingTest	session	No description
Gyazo_cfwoker	7 years 2 months 17 days 7 hours	No description
incap_ses_451_2783402	session	No description
incap_ses_769_2783402	session	No description
loglevel	never	No description available.
m	2 years	No description available.
nlbi_2783402	session	No description
prism_252377639	1 month	No description
TS011605d9	session	No description
ustream-guest	session	No description available.
visid_incap_2783402	1 year	No description
xtc	1 year 1 month	No description

AI

AI and Software Development

Observability

Guide to Observability

CI/CD

A guide to CI/CD

Cloud Native

Cloud Native Content

Data

A Guide to Data

Test

Automation

Mobile

Mobile Testing

API

Sponsored by Parasoft

Performance

Load & Performance Testing

DevSecOps

A Guide to DevSecOps

Enterprise Security

A Guide to Security

Supply Chain Security

Supply Chain Security

Dev Manager

Dev Managers Content

Agile

A Guide To Agile

Value Stream

A Guide To Value Stream

Productivity

A Guide To Productivity

DevOps

DevOps Content

Microservices

A Guide to MicroServices

AI

AI and Software Development

Value Stream Management

A Guide To Value Stream

The Commons Clause causes open-source disruption

Article Tags

Subscribe to SDTimes

About Christina Cardoza

Related Articles

SD Times Open-Source Project of the Week: STORM

OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs

Open source in 2024: Tackling challenges related to security, AI, and long-term sustainability

SD Times Open-Source Project of the Week: Guac