Thursday, April 26, 2007
Free Telematics and a enforcing open source SaaS
This morning I received an email from Rufo Guerreschi of the Telematics Freedom Foundation. I honestly never heard of this organization - until today - but it looks like a very interesting initiative. And it is based in Italy, which makes me proud ;-)Rufo wrote a post on his blog about a model for the democratic control of telematic services. In a nutshell, he is trying to close the ASP loophole of GPL (v2 and v3...) with something quite more elaborate than a simple license.
He is envisioning a world of free services based on Software as a Service (SaaS), where Reviewers can be appointed as Auditors for the software behind the service. And Modifiers can modify the code of the service and obtain free or at cost hosting.
It is a very interesting approach. The issue behind the reasoning seems to be enforcement of the license. I heard about it before, many times. If your software runs behind a firewall, how can you (the user) know what really is the service running? What if they change the code and do not tell you? What about your freedom as a user to see the code?
Rufo's answer is: let's appoint Auditors. Mimicking the voting process, where Auditors are making sure nobody votes twice. These people might have conflicts of interests, but the entire system usually works (unless you live in Florida).
I have never been a fan of enforcement. Maybe because I trust people by nature. Or because I am just pragmatic. Enforcement is tough to achieve. For example, the Affero license has a provision that forces the hosting service to give a user a way to download the entire source code while accessing the service. I always found it too restrictive. Forcing software implementations through a license seems odd and hardly applicable to the millions of different cases we are going to see in the future (think about a mobile phone accessing email on a Funambol server... How can I give you the entire source code to download on your device?) .
Is the old good GPL enforceable? In theory... If I take a GPL library in C, modify it and I compile it with my product, then ship the binary in a commercial product, who can tell I am violating the GPL? Probably nobody. Does it mean GPL is useless? No, it is based on trust. If you do not GPL your code, you are violating the license. We could catch you and enforce it.
The same for SaaS. If you run a service based on HPL, you must open source your code. If you don't, you are violating the license. We could catch you and enforce it.
To me, a piece of paper that says YOU HAVE TO, is enough. It is practical. It is based on trust. It simply works. Anything more complex would work as well, and maybe limit open source thieves, but adds so much complexity to also limit adoption. Which would turn people to use something else, less restrictive, even giving up copyleft (which would mean the death of open source). I am willing to give up on enforceability, to see open source also thrive in the SaaS world. That's where the world is going.
Copyleft is based on trust. It would work in SaaS as well. Trust me ;-)
Posted by Fabrizio at 08:37
1 Comments:
rufo guerreschi said...
thanks for the attention given to my initiative. :-)
yes, in the long term we envision a world of were you can factually have on telematics services the same freedoms you can have today by running copylefted FLOSS on your desktop machine.
In the medium term, our goal is to affirm in develop and affirm in practice a copyleft model (much as the free software movement did) of providing "free" telematic services that, if adopted widely by many, could eventually inspire the drafting of suitable legislations for freedom-critical remote software applications ...
About "Trust":
Can we reasonably believe (i.e. rationally "trust") people to know AND do what is good for others? After meeting dozens of members of the "FLOSS community" of developers and entrepeneurs.
Also, I would not characterized as "trust" when people behave according to a law or a contract. Especially, when there are reasonable possibilities of being caught.
yes, it is tough to achieve enforcement. When the going gets tough, the tough get going"! :-)
Maybe we can wish for 2 different models: one based on trust and with lesser overhead (hopefully the new Affero GPLv2), and another with more stringent requirements for freedom-sensitive application, such as for all privacy-sensitive communications (telephone, email, chat), including political participation or self-expression.
The extent to which sharing behavior in the "FLOSS community" has been based on trust is a matter of opinion. But if they were to be trusted in their belief in the FLOSS ethics, wouldn't we have most those "community of providers and developers" of remote software services disclosing their code to the "community of users"?
Almost no-one does. Maybe because they can legally do so because of a legal loophole? Maybe because, they are also morally supported by ... themselves?
