{"id":96999,"date":"2024-06-28T03:44:15","date_gmt":"2024-06-28T03:44:15","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4247433"},"modified":"2024-06-28T03:44:15","modified_gmt":"2024-06-28T03:44:15","slug":"some-open-source-software-licences-are-only-open-ish-says-thoughtworks","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=96999","title":{"rendered":"Some Open Source Software Licences are Only \u2018Open-ish,\u2019 Says Thoughtworks"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/assets.techrepublic.com\/uploads\/2024\/06\/tr_20240625-thoughtworks-open-source-apac.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>It has been <a href=\"https:\/\/www.synopsys.com\/software-integrity\/resources\/analyst-reports\/open-source-security-risk-analysis.html?intcmp=sig-blog-ossra22#introMenu\" target=\"_blank\" rel=\"noopener noreferrer\">estimated 90% of organisations use some form of open source software<\/a>, and if they needed to go and code it again themselves, <a href=\"https:\/\/hbswk.hbs.edu\/item\/open-source-software-the-nine-trillion-resource-companies-take-for-granted\" target=\"_blank\" rel=\"noopener noreferrer\">it would cost USD $9 trillion<\/a>. This makes open source a huge global economic resource.<\/p>\n<p>However, some tools have shifted to commercial models in recent times. After years of growth through developer contribution and widespread uptake among users, they are monetising the end result \u2014 often to the chagrin of developer communities and dependent business users.<\/p>\n<p>Global technology consultancy Thoughtworks identified the trend in <a href=\"https:\/\/www.thoughtworks.com\/en-au\/radar\" target=\"_blank\" rel=\"noopener noreferrer\">its most recent Technology Radar<\/a>. Australian Chief Technology Officer, Scott Shaw, said it is partially driven by a closer focus on financials in recent times, and organisations need to ensure they approach open source \u201cwith their eyes open.\u201d<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Some_open_source_favourites_have_shifted_to_commercial_licences\"><\/span>Some open source favourites have shifted to commercial licences<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>In April 2024, Thoughtworks noted a \u201cchurn in the previously serene landscape\u201d of open source. \u201cSeveral prominent tools have recently garnered bad press, when their maintainers switched \u2014 in several cases abruptly \u2014 from an open-source licence to a commercial model,\u201d it said.<\/p>\n<p>The trend has been building for some years, according to Shaw. While the tech industry has a common set of principles and a number of well understood open source licences governed by the Open Source Initiative, there has been a growing \u201cdivergence\u201d from that paradigm.<\/p>\n<h3>Abrupt changes to open source licences<\/h3>\n<p>The first example are those companies that have changed the terms of their open source licence mid-stream. After building a developer community and onboarding large numbers of users who have integrated the software into workflows under the permissive standards of open source licences, there has been a move to clamp down on that, often linked to revenue.<\/p>\n<p><strong>SEE: <a href=\"https:\/\/www.techrepublic.com\/article\/open-source-project-management-software\/\">The 8 best open source project management software for 2024<\/a><\/strong><\/p>\n<p>While Thoughtworks wrote that \u201cwe have no problem paying for software and are fine with the common model of commercial licences for additional functionality,\u201d it added that \u201cwe find it problematic when core functionality of a widely used tool is suddenly put behind a paywall, especially when an ecosystem has developed around the tool.\u201d<\/p>\n<h3>\u2018Semantic diffusion\u2019 in open source<\/h3>\n<p>There has also been a blurring in what open source means, with Thoughtworks observing \u201csoftware that proclaims to be open source, yet fundamental capabilities only appear after consumers pay subscriptions or other charges.\u201d In some cases, an open source project may only distribute code, not builds, increasing the burden for organisations using it on premise.<\/p>\n<p>\u201cOne example is some large language models that are being loosely referred to as open source that are not; they are open in some way, but they don\u2019t meet the principles of open source, certainly not the way the OSI defines them,\u201d Shaw said.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Docker_Terraform_and_Llama_3_diverge_from_pure_open_source\"><\/span>Docker, Terraform and Llama 3 diverge from pure open source<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Thoughtworks said there have been several examples of shifts to commercial licences or \u201copen-ish\u201d licences emerging. Three examples are developer containerisation software Docker, Hashicorp\u2019s Terraform, and Meta\u2019s newly released LLM Lllama 3.<\/p>\n<h3>Docker<\/h3>\n<p>Docker is open source software used by developers to automate the deployment of applications inside containers. It became the basis for most application distribution and integral to software delivery, with 55% of developers using it daily. Docker also had a convenient Docker Desktop, allowing developers to run Docker locally on a machine to perform testing.<\/p>\n<p>In 2021, and effective in 2022, <a href=\"https:\/\/www.docker.com\/blog\/updating-product-subscriptions\/\" target=\"_blank\" rel=\"noopener noreferrer\">Docker changed its licensing<\/a>. While remaining free for small businesses with fewer than 250 employees and less than USD $10 million in revenue, larger enterprises using it professionally needed to pay for a Pro, Team or Business membership, meaning organisations were no longer in compliance if they did not pay fees to Docker.<\/p>\n<h3>Terraform<\/h3>\n<p>Terraform from Hashicorp is one of the most popular and effective infrastructure as code tools for safely and predictably provisioning and managing infrastructure in any cloud. However, Hashicorp caused an outcry in the open source community when it made the decision to <a href=\"https:\/\/www.hashicorp.com\/blog\/hashicorp-adopts-business-source-license\" target=\"_blank\" rel=\"noopener noreferrer\">shift from a Mozilla Public Licence v2.0 to a Business Source Licence<\/a>, because of its widespread use as an open source software supporting DevOps operations and companies.<\/p>\n<p><strong>SEE: <a href=\"https:\/\/www.techrepublic.com\/article\/best-open-source-crm\/\">The 5 best open source CRMs for 2024<\/a><\/strong><\/p>\n<p>The company explained its decision, primarily, as being to protect its interests from competitors using Terraform to compete with Hashicorp, who can now utilise commercial licences. This did not placate the whole open source community; some were galvanized to start OpenTofu, a community-driven project that aims to create a fork of Terraform and maintain it as an open-source tool, in line with the company\u2019s previous commitments to open source.<\/p>\n<h3>Llama 3<\/h3>\n<p><a href=\"https:\/\/www.techrepublic.com\/article\/what-is-llama-3\/\">Meta\u2019s Llama 3<\/a> is being received as a powerful LLM model, Shaw said. However, in terms of its open source credentials, the model has open weights but does not follow other OSI principles like the ability to examine source code and complete unrestricted redistribution. Meta\u2019s Llama 3 requires the payment of licensing fees based on user numbers for the use of weights.<\/p>\n<p>\u201cIf you ask Meta, <a href=\"https:\/\/ai.meta.com\/blog\/meta-llama-3\/\" target=\"_blank\" rel=\"noopener noreferrer\">they call it an openly available model<\/a>. That is honest, but the term open source gets very loosely applied to these things, and I think it\u2019s important for people to understand openly available or free doesn\u2019t necessarily imply open source. I think this is sometimes missed; people don\u2019t completely understand what degree of openness a particular model might have.\u201d<\/p>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">More Australia coverage<\/h3>\n<\/aside>\n<h2><span class=\"ez-toc-section\" id=\"AI_LLMs_come_in_many_degrees_of_openness\"><\/span>AI LLMs come in many degrees of openness<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Thoughtworks said \u201csemantic diffusion\u201d of the open source badging is something being seen in the fast-growing AI space in particular. \u201cEven though this business model has existed before, it seems to be exploited more with many of the shiny new AI tools \u2014 offering amazing capabilities a little too hidden under the fine print,\u201d the firm wrote in its Technology Radar.<\/p>\n<p>Shaw said that for LLMs, there\u2019s a range of openness available in different models. They range from completely proprietary, like <a href=\"https:\/\/www.techrepublic.com\/article\/chatgpt-cheat-sheet\/\">OpenAI\u2019s ChatGPT<\/a>, to models where the source code, training data, model structure and weights are all freely available and open for inspection and contribution. One recent example is <a href=\"https:\/\/www.techrepublic.com\/article\/snowflake-arctic-llm-launch\/\">Snowflake\u2019s Arctic LLM, released on an Apache 2.0 licence<\/a>.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Two_reasons_why_companies_rethink_open_source_licences\"><\/span>Two reasons why companies rethink open source licences<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Thoughtworks suggests revenue and IP protection are behind some of the licensing moves.<\/p>\n<h3>Focus on financials<\/h3>\n<p>The <a href=\"https:\/\/www.techrepublic.com\/article\/it-finance-transformation-australia-apptio-interview\/\">whole tech industry has been more cost conscious in recent years<\/a> due to economic headwinds, with chief financial officers becoming more influential in decision making. Thoughtworks\u2019 Technology Radar said \u201ca lot of blame has been placed on private equity and venture capital firms for putting more pressure on firms for revenue and profitability, particularly as the tech industry has slowed.\u201d Shaw said it has been a time where people all through the industry have been re-examining their business models, leading to some churn in open source.<\/p>\n<h3>The protection of IP<\/h3>\n<p>Another factor, noted by Hashicorp in its Terraform licensing decision, is the protection of IP. Thoughtworks writes that \u201cothers speculate that the open source vendors are only protecting themselves and their intellectual property from the cloud vendors who would profit from the IP through hosted cloud services.\u201d<\/p>\n<p>Shaw said in some cases bigger organisations, like hyperscalers, had been taking open source tools and creating very profitable services and not paying and licensing fees back to the originator of the tools. Though that is essentially the spirit of open source, the originating vendors want to ensure that they receive some form of financial benefit.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"There_are_risks_for_enterprises_when_open_source_licences_change\"><\/span>There are risks for enterprises when open source licences change<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>When the licences of widely used open source software projects shift to a more commercial model, it creates a \u201cbig headache\u201d for their enterprise users, Shaw said. To remain compliant with licensing terms, companies have to make sure the software \u2014 such as Docker Desktop, in the case of Docker \u2014 is removed from individual devices; otherwise, they may be hit with licence fees or risk getting caught out in an audit, even if the software is still there unwittingly.<\/p>\n<p>Shaw said organisations already spend a lot of time, money and effort auditing, making sure the software their employees are using are being used within the terms of their licences. Abrupt shifts in the deal on offer from open source providers can be difficult to manage. \u201cI think it\u2019s something that boards, CEOs and CFOs would want to be conscious of, because they may be highly dependent on open source software that has changed its licensing terms,\u201d Shaw said.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Things_IT_should_watch_when_using_open_source_software\"><\/span>Things IT should watch when using open source software<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Thoughtworks has advised businesses and IT stakeholders to exercise \u201cparticular diligence around licence issues. Pay attention to caveats and make sure that all files in a repository are covered by the licence at the top level,\u201d the firm detailed in its Technology Radar. Shaw added that enterprises needed to approach open source software with their \u201ceyes open.\u201d<\/p>\n<h3>Check the details of open source projects<\/h3>\n<p>One factor to look at is whether an open source project is truly grassroots supported, or is dependent on a commercial interest with no other apparent business model, Shaw said. In the latter case, he recommends considering if it is worthwhile paying for the enterprise version of the software, so the terms of the licensing are agreed upon contractually from the start.<\/p>\n<h3>Beware of data leakage to SaaS models<\/h3>\n<p>Another factor to consider is whether the open source software is actually running on a desktop or is sending some data to the cloud. Shaw said enterprises should know how data is being treated if it is an online service and what sort of safeguards there are against redistribution. In some cases, Shaw said there is a risk of data leakage if organisations are not careful.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"New_vendors_and_products_are_competing_after_licencing_changes\"><\/span>New vendors and products are competing after licencing changes<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>When an open source tool changes licence terms and users are forced to pay, there are always competitors waiting in the wings to step in and provide competition, Shaw said. For example, in the firm\u2019s Technology Radar where it flags tools to watch, alternatives to Docker Desktop include Colima. And while the current economy is causing closer scrutiny of business fundamentals, those accentuated drivers for shifting to commercial licences may be cyclical.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It has been estimated 90% of organisations use some form of open source software, and if they needed to go and code it again themselves, it would cost USD $9 trillion. This makes open source a huge global economic resource. However, some tools have shifted to commercial models in recent times. After years of growth [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-96999","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/96999","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=96999"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/96999\/revisions"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=96999"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=96999"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=96999"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}