Is It Time to Leave Open Source Behind?
Once there was a group of people who got tired of the status quo, so those people started their own community based on a commitment to freedom and equality. That community got bigger and bigger, until what was once revolutionary became widely accepted.
But there were problems. Big business had too much control, some people warned. Others thought the community’s founding documents had become outdated — they served the needs of the people who wrote them, not the community in its current form.
This story could be about the United States, but it isn’t. It’s about open-source software.
What started as a small, homogeneous online community fed up with proprietary software has exploded into a mainstream framework that powers the tech giants in your stock portfolio and the mobile phone in your hand. Now, the open-source community is much bigger and (slightly) more diverse, but its inner workings remain largely the same.
And a lot of people think that’s OK. The philosophical bedrock of free and open-source software — no hidden source code, no limitations on use — could be as legitimate today as it was when it was written.
Many others disagree. Big companies profit from the work of underpaid and overtaxed project maintainers, they argue. Some organizations take open-source tools and use them for unethical ends, and developers can’t stop them. Real freedom, #EthicalSource activists like Coraline Ehmke claim, requires limitations.
So, if a large faction of open-source participants aren’t happy with the state of things — why don’t they just leave?
* * *
This story is the fourth in a series on cultural battles facing the open-source community. You can read the first article, on ethics and licensure, here, the second article, on governance, here, and the third article, on the rights of end users, here.
Open Source or Bust
“It’s really, really hard to leave,” Don Goodman-Wilson told me.
Goodman-Wilson is an engineer, open-source advocate, philosopher and former academic. His disenchantment with open source didn’t happen overnight. Rather, it was a long process of noticing and questioning some assumptions he’d taken for granted.
“It’s something that had been a long time coming for me,” he said. “I was, very slowly, attending talks and feeling doubts rise within me over the years.”
Now, he’s joined with Ehmke and other #EthicalSource proponents to call for changes. Could they abandon traditional definitions of open source and make common-pool software their own way? Sure. But people have tried that, and it didn’t go great.
Take King Games, which in May decided to list its game development engine Defold on GitHub for community collaboration.
“We are immensely proud to announce that @king_games has released the Defold game engine as open source on GitHub and transferred Defold to the Defold Foundation,” Defold Engine tweeted.
Gamers rejoiced; then the fallout came.
“It’s really, really hard to leave.”
“Can we discuss the license choice? I had missed this initially and thought it was [the open-source license] Apache 2.0, but I see now that it’s custom,” one user replied. “It means that it’s not open source as per the [Open Source Initiative’s] open-source definition.”
That’s because King, which presumably didn’t want other gaming studios to take and profit from its code, released Defold under a modified license that prevented commercial reuse. That violates the definitions of free and open-source software as per the Free Software Foundation’s four freedoms and the Open Source Initiative’s (OSI’s) open-source definition.
So, Defold Engine tweeted again five hours later: “We are humbled by the positive reactions to the news we shared earlier today but also sorry for misrepresenting the license under which we make the source code available. Defold is a free and open game engine with a permissive license, and we invite the community to contribute.”
But that didn’t do the trick.
“The use of the words ‘open’ and ‘free,’ and the ‘derived from [open-source license] Apache’ makes me upset,” one user replied. “It is a blatant attempt to use someone else’s good name.”
So, Defold Engine tweeted again. And again. And again.
“Some thoughts on the open source discussions yesterday,” the first in a nine-tweet thread read. “There was no ill-intent on our part when said that Defold is open source. The source code is available on GitHub for anyone to play around with and hopefully contribute to. This is what we meant, nothing else.”
Comments on that thread appear to have been disabled.
It’s a familiar scene, Goodman-Wilson said. A person or organization fiddles with an open-source license and is met with righteous anger. That’s what happened when Ehmke introduced the Hippocratic License — which prohibits the use of software for human rights abuses — although plenty voiced their support as well.
Open source’s strength lies in its community. Without community buy-in, options are limited for people looking to expand or reimagine what “open source” means.
The Reputation Game
Reputation is another barrier to exit for open-source participants, Goodman-Wilson said.
Today, open source is often touted as a resume-builder, or a stepping stone to high-paying jobs with tech companies. For developers, that means creating a high-profile project — or even contributing to one — might mean the difference between writing your own ticket and languishing in software obscurity.
What makes a project “high-profile” is, invariably, adoption rates. The more people use your software, the more successful it’s considered.
“You want that [adoption rate] number to go up and to the right, because you’ve been told over and over again that is the metric for success. And if you can’t show that metric, then your project is not successful,” Goodman-Wilson said.
That creates what Goodman-Wilson views as a problematic incentive: To boost adoption rates, developers must take care to appeal to corporate interests.
Corporations are notoriously risk-averse. OSI worked hard to bring them into the open-source fold, and their involvement has largely been limited to projects with standard, approved licenses. If developers built some software and slapped on a modified license with caveats for ethics or commercial use, corporations would balk. By sticking with OSI-approved licenses, developers greatly improve their chances of getting their software into corporate tech stacks.
That means higher adoption, more repute and, potentially, more money. Split with OSI, and those benefits of open-source involvement all but disappear.
The Price of Success
What happens when an open-source developer creates a successful project with a relatively high adoption rate? They might end up with a job offer. Or, they might get stuck maintaining that codebase for little or no pay.
When Goodman-Wilson was working on GitHub’s developer relations team, the company organized a series of meetings for open-source project maintainers to discuss their experiences and make recommendations for improvements. The last one was held in 2019 in Berlin.
“Those conversations were eye opening. Holy crap. A lot of the complaints were around like, ‘I feel taken advantage of. I feel like my time is being given freely to people who do not value it, typically large corporations,’” Goodman-Wilson said. “Based on those conversations, it felt like [open source] had come full circle and was now a system that, although initially intended to overturn power hierarchies in the tech world, actually ended up reinforcing them.”
“It felt like [open source] had come full circle and was now a system that, although initially intended to overturn power hierarchies in the tech world, actually ended up reinforcing them.”
The accompanying report named “frequent and widespread burnout” as a cause for concern, as maintainers cited unmanageable volumes of work and problems with competing interests.
Maintainer burnout is one issue that arises when corporations can dip into the open-source pool with few limitations. But companies can also toss things into the pool.
Often, those contributions are extremely helpful. Tech entrepreneurs rely on open-source to spin up new and innovative offerings. Google’s release of Kubernetes as open source, for example, changed the game for cloud-native projects, and TensorFlow laid the foundation for accessible neural network technology.
Other times, the effects are mixed. React, for instance, is a Facebook-maintained open-source library that’s served as a powerful recruiting tool — as React grew in popularity, Facebook engineering grew in esteem. But React has also been accused of harboring toxic community members and attitudes, leading to the departure of several prominent contributors.
‘It’s Really Cool’
Despite some systemic flaws and personal risk, the desire for industry success and peer repute drives developers to stick with open source. It also drives them to build software that will get them noticed.
Like Avatarify, a program by developer Ali Aliev that uses artificial intelligence to superimpose one face onto another during video capture. Avartify grabbed attention because it is the first software to create semi-convincing real-time deepfakes. Check out this demo, in which “Elon Musk” bombs a Zoom meeting.
“It’s really cool, in some very sad sense of the word cool,” Goodman-Wilson said.
The implications of technology like this are complicated. On one hand, it is really cool. Combined with a convincing audio deepfake to mask the impostor’s voice, perhaps a person really could convince their friends that a celebrity had joined their Zoom call. Or they could make and release a video of a real politician saying fake things. They could spread false information. Or incite violence.
It’s fair to say that, in the wrong hands, a tool like Avatarify goes from fun to scary. And, because Aliev released it under a traditional open-source license, anyone could take and use its technology.
“[Aliev] gained reputation from doing it, so he was incentivized to work on this release in open source,” Goodman-Wilson said. “On the other hand, now we’ve got state actors that would love to have this sort of tool available to them. So, knowing that there are oppressive, unjust organizations that can dip into the pool of open source and take from it what they need is actually deeply terrifying to a lot of developers.”
“The horror in the room was palpable.”
What Goodman-Wilson is describing has actually happened. Developers who oppose war, for instance, have been alarmed to learn that the U.S. Air Force and Navy use Kubernetes, an open-source project, to run combat aircraft and warships. For developers outside the United States, these connections may be particularly disturbing.
While giving a talk in Amsterdam to a group of developers who worked on JavaScript extension TypeScript, Goodman-Wilson presented a U.S. Air Force recruiting website with a TypeScript dependency. The website is a sort of drone flight simulator, and visitors fly through an abstracted city, shooting at blips of light that represent “insurgents.”
“A lot of people in the room were from the Netherlands and unknowingly had their code used by this Air Force recruiting site, and the horror in the room was palpable,” Goodman-Wilson said. “The last thing that they expected was to be working on a language extension and find that it was being used to recruit drone pilots.”
Read This TooOpen-Source Governance, Meet Feminist Economics
When Progress Meets Morality
“There’s this huge disconnect between what we think we’re doing when we’re contributing to open source, which is, quote-unquote, making the world a better place, and the reality of the incentive and access structure behind open source, which is such that, who knows if what you’re building is being turned into a weapon?” Goodman-Wilson said.
But is it a developer’s fault if a totally separate entity uses something they helped build for unethical ends? Won’t bad actors get their hands on the tools they need, Hippocratic License or no Hippocratic License?
Yes, to both, Goodman-Wilson told me. Organizations that hurt people will always get the software they need — but with formal, ethical boundaries around open-source resources, they’d have to pay for that software rather than taking it for free. From a moral perspective, that distinction matters, he argued, because open-source developers would no longer share responsibility for abuses.
“Even if they’ll just take that software from somewhere else, at least I have cut off one avenue of access that links back to me.”
If we think of ethics as a causal relationship, “moral” actions are ones whose outcomes we can influence, he said. If a dictator in a faraway country uses a tool we’ve never heard of to aid in human rights abuses, we shouldn’t feel responsible. But if an organization uses a piece of software we helped build to conduct drone strikes on civilians, we might feel some sense of responsibility.
“To the extent that I want to take responsibility for my own actions and decisions, I might want to find ways to cut down that causal chain,” he said. “Even if they’ll just take that software from somewhere else, at least I have cut off one avenue of access that links back to me. Then you convince enough people to do that, and, as a movement, you begin to cut off more and more avenues.”
For Goodman-Wilson, that movement looks like #EthicalSource and Hippocratically licensed software. But cutting off access for some while maintaining the spirit that made open source special — access for all — is profoundly difficult.
It’s a balance Goodman-Wilson, and other open-source activists, are continually trying to strike.
A Fork in the Road
The story of open source feels like the story of communities.
They start small and single-minded. But as they grow, factions form and power dynamics arise. New people show up, bringing new ideas. And, eventually, the community is faced with a decision: Should we evolve, or hold fast to the principles we started with?
Ehmke, Goodman-Wilson and others are asking for evolution, and they’ve encountered plenty of obstacles. So far, the #EthicalSource movement has been limited to a tweet here, a presentation there, and many behind-the-scenes conversations. Potential allies are afraid to put their reputations and career prospects at risk, Goodman-Wilson said, which limits the movement’s scope.
“What do we need to do to create an atmosphere where people aren’t afraid to speak out?” he said. “I don’t know the answer to that, but that’s a question a lot of us are asking. And I would really like more people to ask.”
For now, #EthicalSource will continue to promote unapproved models and licenses and hope that open source’s governing bodies come around. But its proponents might not wait forever.
“I’ve certainly never built a political movement before, but I think a lot of us are starting to see this as a political movement that needs to be built, instead of just throwing some good arguments out there and seeing what sticks,” Goodman-Wilson told me.
In the end, open-source participants are free to choose where they stand. Their decisions will affect each and every one of us.
Read This TooThe Rules of Open Source No Longer Apply