Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Open Source Technology

'The Open Source Licensing War is Over' (infoworld.com) 128

It's time for the open source Rambos to stop fighting and agree that developers care more about software's access and ease of use than the purity of its license, reads a piece on InfoWorld. From the report: The open source war is over, however much some want to continue soldiering on. Recently Meta (Facebook) released Llama 2, a powerful large language model (LLM) with more than 70 billion parameters. In the past, Meta had restricted use of its LLMs to research purposes, but with Llama 2, Meta opened it up; the only restriction is that it can't be used for commercial purposes. Only a handful of companies have the computational horsepower to deploy it at scale (Google, Amazon, and very, very few others).

This means, of course, it's not "open source" according to the Open Source Definition (OSD), despite Meta advertising it as such. This has a few open source advocates crying, Rambo style, "They drew first blood!" and "Nothing is over! Nothing! You just don't turn it off!", insistent that Meta stop calling Llama 2 "open source." They're right, in a pedantic sort of way, but they also don't seem to realize just how irrelevant their concerns are. For years developers have been voting with their GitHub repositories to pick "open enough." It's not that open source doesn't matter, but rather it has never mattered in the way some hoped or believed. More than 10 years ago, the trend toward permissive licensing was so pronounced that RedMonk analyst James Governor declared, "Younger [developers] today are about POSS -- post open source software. [Screw] the license and governance, just commit to GitHub." In response, people in the comments fretted and scolded, saying past trends like this had resulted in "epic clusterf-s" or that "promiscuous sharing w/out a license leads to software-transmitted diseases."

And yet, millions of unlicensed GitHub repositories later, we haven't entered the dark ages of software licensing. Open source, or "open enough," software now finds its way into pretty much all software, however it ends up being licensed to the end user. Ideal? Perhaps not. But a fact of life? Yep. In response, GitHub and others have devised ways to entice developers to pick open source licenses to govern their projects. As I wrote back in 2014, all these moves will likely help, but the reality is that they also won't matter. They won't matter because "open source" doesn't really matter anymore. Not as some countercultural raging against the corporate software machine, anyway. All of this led me to conclude we're in the midst of the post-open source revolution, a revolution in which software matters more than ever, but its licensing matters less and less.

This discussion has been archived. No new comments can be posted.

'The Open Source Licensing War is Over'

Comments Filter:
  • Many terms has been wrangled into a new meaning over the years. We used to call it false advertising now its creative advertising.
  • As developers, we are not lawyers and honestly many of the different flavors of licenses are so ambiguous it is not clear whether or how we can leverage "open source" software in our own projects/implementations.

    I mean, I pick modules all the time from NPM, from Java Maven Central, from github, etc. I honestly don't know, regardless of the license stamped on it, if I can use the code, if I can modify the code, whether I can use it in personal projects or business projects, ...

    I do understand that I can't ju

    • by Junta ( 36770 )

      mostly that it doesn't seem to apply to me the developer, and if it really did apply to me, then there'd be clear summaries/explanations attached to each one with a TL;DR section that explained it.

      The thing with copyright law is that it applies to you, the developer, whether you sell or not. Legally speaking, there's no default permissive allowance just because you can freely download and use it for non-commercial purposes. If a code developer wants their code to be legally usable in a typical freely way, they have pick *something*, or else there's no legally defined path to use the code they provide apart from specific individual agreement between the user and the developer.

      • Sorry, I should have been clear...

        I'm distinguishing between the developer of the open source solution vs the developer who consumes the solution.

        I get that the developer who creates the code needs to have a license to protect their own investment...

        But for the developer that wants to take all of these various pieces and integrate them into an application, they're often looking at a varying list of licenses with different restrictions, all to solve business problems. So it's not just a simple question of "C

        • by Junta ( 36770 )

          I agree that the licenses are verbose and nuanced and needlessly complicated due to some person nitpicking on one detail versus another. I was focused on the fact that, unfortunately, this statement doesn't pan out:

          I do understand that I can't just sell those open source projects, but that's not the business I'm in, so that wouldn't affect me anyway.

          Doesn't free you from having to worry about those verbose, nitpicky license choices by the developers of software you consume. Consuming the open source libraries means you have to know the gist of at least LGPL, AGPL, GPL, BSD-2, BSD-3, MIT, and Apache (others depending). About the only stuff y

        • by narcc ( 412956 )

          The problem with developers today is that they're so terrified of "reinventing the wheel" that all they spend all their time aggregating various third-party libraries in the hope that the product they want will eventually emerge, all under the delusion that this is saving them time and effort.

          Try writing your own code, reserving third-party libraries for things you can't or shouldn't write yourself. Not only will the end result be significantly smaller, faster, more secure, and use fewer system resources,

          • Try writing your own code... Not only will the end result be significantly smaller, faster, more secure, and use fewer system resources...

            I do not believe that is generally true. TDD is not always in use, developers frequently do no performance testing on their own code, and it is all to easy to create insecure software.

            These things can be possible if you have unlimited time, money and resources. Most projects are not so lucky...

            • by narcc ( 412956 )

              The irony is that including a third-party library often takes more effort than writing the feature yourself.

              There's a story I often tell about my search for a 'date picker' control 20 years or so ago. I spent a whole morning searching for and evaluating various third-party solutions looking for anything suitable. I only found one that could have possibly been used, but it came with a massive dependency and wasn't a great fit anyway. After I gave up searching, it only took about an hour or so to write my

        • by caseih ( 160668 )

          And the same problems exist regardless of the code being used is open source or not. Say you want to use Qt, Parasolid, and Oracle SQL in your product. That's licensing, redistribution, and royalty terms of three different commercial products that you must comply with.

          Open source only trips up companies because initially they think oh, it's available to download for free and so it must be free to use! Why they think open source code is different than proprietary I'll never know. Everything used must alw

          • by Junta ( 36770 )

            This is true, that commercial third party software is even more tricky (with open source, there's a large chance the rights holder will never notice, or will never care, versus commercial having people dedicated to identifying and enforcing.

            To your point about businesses contacting an open source project for a different licensing term, my favorite remains:
            "I give permission for IBM, its customers, partners, and minions, to use JSLint for evil."

  • by Junta ( 36770 ) on Friday August 11, 2023 @09:56AM (#63758936)

    If a developer chooses no license, you can't touch it, no matter how it is. It's silly to declare that people shouldn't bother declaring license as long as they commit to github.

    You could advocate for declaring public domain, or selecting a BSD-style license, or copyleft. However, code without any selection made is just untouchable.

    The assertion that software without license nor public domain is pretty much in all software is false. It may be true that developers picked a permissive license without much care about it, but there is almost always a license. If there isn't a license/copyright statement, then it's still a non-starter for use.

    If you want your code to be useful at all, you must declare your intent, otherwise the default is, legally, the user can't even use the code for private use.

    • Is that the case in the 'States? And if so, in which states in particular?

      In Canada, employers are told in no uncertain terms to specify that their proprietary code is "all rights reserved", because there's British case law that failing to do so puts it into the public domain. German companies say the same, so I suspect that may be the law in the EU as well as the British Commonwealth...

  • by Rei ( 128717 ) on Friday August 11, 2023 @09:56AM (#63758938) Homepage

    Meh. 24GB consumer cards can run quantized models up to ~35-40B parameters with ease; the largest LLaMA 2 model is 70B and can be run on a pair of 24GB cards if quantized. Doesn't require some insanely expensive system with 8x H100 processors or whatnot.

    Those insanely expensive systems are needed for training. It's tough enough to train even a 3B model on a 24GB card. Training large models takes a huge amount of VRAM. Otherwise you're stuck training LoRAs for preexisting models, which will change the behavior but not heavily impact the fundamental information on which the model is based.

    • Fwiw I think the author means "at scale" here running it as a service for other people

      • by Rei ( 128717 )

        My point is that you can run services at scale on consumer cards, which are quite cheap. You don't need big expensive server cards. Those are for training.

        There's a massive gulf in pricing between consumer cards and server cards. It would IMHO be a total waste of money to do inference on a 8x H100 system.

    • Are you seeing people doing a lot of training/fine-tuning for LLMs? So far, I've been able to solve all my issues with clever prompt design and plugins, but I'm sure that will change at some point.

      Thanks!

      • by Rei ( 128717 )

        I'm actually doing it right now with axolotl :) But god, it is SUCH a VRAM hog. Most people just train LoRAs because that's easier to do on a home system. If you want to train anything more than a 3B, maybe 7B model, you're going to be doing it on some big expensive server (probably one you're renting rather than owning).

  • Open enough (Score:2, Insightful)

    Not as some countercultural raging against the corporate software machine, anyway.

    Anyone who repeats the FUD that open source (by which they mean "copyleft" style of licences, in context) is against corporations lose all credibility. They unquestioningly repeat all the FUD they've heard.

  • by HalAtWork ( 926717 ) on Friday August 11, 2023 @10:02AM (#63758962)

    Sorry but this story reads like gaslighting and propaganda. Many developers - and users - care very much, and for good reason.

  • the whole premise of the article is wrong. The great news about llama2 wasn't the "somewhat improved model" part, but rather the fact that it came with a new license that absolutely permits commercial use, no (unreasonable) questions asked. At least as long as you have less than 700M monthly active users, which in itself is a quite hilarious way of excluding just a handful of companies that should either have the standing to build their own model or to properly license one.
  • by Lobo42 ( 723131 ) on Friday August 11, 2023 @10:03AM (#63758968) Journal

    This article is late to the party.

    SaaS software killed most of open source's movement momentum a decade ago. The vast majority of code being written at companies these days is as closed as ever -- and it's still on github. It's accessible to employees in a corporate account, hosted and run on a server somewhere, and only accessible to users in the form of API access.

    In other words, it's closed source. Even if it depends or relies on hundreds or thousands of open source libraries or modules! Most early licenses simply didn't consider the SaaS model when they were devised. They were intended to prevent the distribution of binaries without the distribution of code.

    But for the most part companies simply stopped distributing binaries. It's perfectly within most licenses to run the code on behalf of users without giving them access to their code or data.

    The GPLv3 attempted to correct for this, but it never caught on -- this battle years ago was the first big sign that "open source" was going to be won by SaaS companies.

    • by Junta ( 36770 ) on Friday August 11, 2023 @10:17AM (#63759026)

      Actually, GPLv3 does nothing for SaaS scenario. You can still freely use GPLv3 and privately modify it for SaaS applications.

      AGPL is the license that takes aim at SaaS, but it's rarely invoked.

    • > The GPLv3 attempted to correct for this, but it never caught on -- this battle years ago was the first big sign that "open source" was going to be won by SaaS companies.

      What does the GPL3 have to do with this? The GPL (any version) is not, and never was, an open source license. Richard Stallman would roll his eyes in desperation if he heard you calling it as such.

    • Every one of those closed-source SaaS systems, relies on plenty of open source components. I don't think open source is quite so dead as it may seem.

  • by greytree ( 7124971 ) on Friday August 11, 2023 @10:21AM (#63759040)
    to stop fighting and security issues and sheer selfishness and ...
    OPEN SOURCE THEIR CODE!
    • by caseih ( 160668 )

      But they can't do that because then everyone would see how much code they've stolen. So they have to keep fighting. And now with AI generating code scraped from all sorts of sources, they know they absolutely have to keep their code secret

  • by evanh ( 627108 )

    Summary: Something that has no useful purpose* is supposedly the new definition of open source, and nothing else matters?

    * As highlighted by the capital needed. Not to mention LLMs seem to be gimmicky at best and horribly power hungry.

  • Licenses are as important as ever. You will find out if you violate one and it matters to the person or company whose license you violated, or if you stupidly publish under an overly permissive license and find your work has been turned against you through embrace, extend, extinguish. There are powerful actors who want nothing more than for you to think licenses don't matter, so that they can take from you without giving back. Learn from the past or learn through your own mistakes.

  • ...the endless lawsuits that scare off developers who want to get involved in FOSS begin. Don't think so? Ever heard of patent & copyright trolls?
  • by Immerman ( 2627577 ) on Friday August 11, 2023 @10:45AM (#63759138)

    The battle isn't over until BOTH sides lay down their arms. Do you really see the big corporations ever stopping their push towards more and more easily-exploitable licenses?

    No? Me neither. And that means either the "open source Rambos" keep pushing back in the other direction, or we all roll over and let the businessjerks call all the shots.

    That is how it *always* happens in every domain. Democracy. Capitalism. Cultural "properties". As soon as the little guys doing the work stop actively pushing back, the powerful people exploiting it creep steadily forward until everything is shit again.

  • by bwt ( 68845 ) on Friday August 11, 2023 @11:13AM (#63759246)

    A license that forbids use in a commercial use is no license at all for use cases that matter. This is disclosed source, not open source. It maybe helps some researchers, but even for them, I'd prefer they work with solely open source, since my tax dollars fund them, so I want to benefit directly from their output, which means giving me code that I can use without restriction.

  • This guy seems to think that the character John Rambo was the villain of the movie _First Blood_. He wasn't. Big Denehy Energy ("Dehenergy") here.
  • The premise of the article is absurd and the piece unworthy of being deliberately spread by Slashdot or anyone else.

    msmash lazy as usual.

  • As a closed source software developer by day and more of an open source software user than a developer by night I am coming at this from more of an open source hardware perspective as that I do contribute to.

    I pass on including or contributing to any non-commercial licensed projects. Sorry.. I think helping them would be a waste of my time and ultimately counter-productive.

    Now, I'm not making anything to sell myself. But I was there to watch what happened with 3D printers. Sure, a lot of people that wanted

  • Still not clear to me what the legal basis is for Facebook or anyone else in believing people are legally required to respect license claims to any publicly available AI model. Neither do I understand what "open source" has in common with freely available bags of weights. There is no "source code" so what does calling this open source even mean?

    All that aside from what I recall only commercial use restriction for Llama-2 kick in at the 700 million user mark which excludes the vast majority of commercial u

  • by Bu11etmagnet ( 1071376 ) on Friday August 11, 2023 @02:49PM (#63760128)

    This is like Vladimir Putin declaring that the war has been won, without notifying the Ukrainians about it.

  • If you're an open source developer, you can choose to license, or not license, your code however you want. There's no reason we should *all* have any particular attitude about open source licensing. To each their own.

  • Matt Asay clearly doesnâ(TM)t understand that Meta / Facebook is the mediaâ(TM)s punching bag. Using negative media press about Meta as a jumping off point for an article about âoedefacto open source licensingâ is an oddly non-sequitur jump.

    In addition, does Matt actually understand what the issue is with pseudo-open source LLMâ(TM)s? He seems to think itâ(TM)s an issue of being pedantic about licensing, but my understanding is that the issue is actually more about how one goes

  • Setting aside the uhm, rhetorical quality of this article, this is an utterly bizarre take for a Mongo employee to take.

    There's a very pay no attention to the man behind the curtain quality to that reality. Mongo's business pretty thoroughly depends on their license so Amazon can't just run whatever they want. Their head of developer relations has to know his argument is nonsense. I suspect they just want people calling things like what Meta is doing open source so the door is open for Mongo to be similar a

There are never any bugs you haven't found yet.

Working...