Reflections on Open Sources 2.0

  • Article

by admin on May 24, 2006 01:57pm

I'm reading Open Sources 2.0 right now.  It's a well-composed book of short essays by founders and luminaries of the Open Source movement - people like Chris DiBona, Ian Murdock, Matt Asay, and Danese Cooper, to name just a few.

So far I've read essays by Mitchell Baker (Mozilla), Chris DiBona (Google/Slashdot), Jeremy Allison (Samba), Ben Laurie (Apache), and Michael Olson (Sleepycat).
They are all well-written and insightful.  The most consistent conclusion that the essays I've read so far is that where development is concerned, Open Source development is not that different from commercial software development - similar (although usually more rapid) lifecycles, requirements and bug tracking. Key differences that the various authors cite are greater passion and willingness by open source developers to go beyond "working hours" to solve problems, and the general lack of interest in writing documentation as opposed to coding.  This short summary unfortunately trivializes the excellent essays and I encourage you to buy the book and read them yourselves.
I believe that Mitchell Baker's essay in particular offers the most powerful lessons for proprietary & commercial software development companies on how to adapt their practices into shipping open source software.  In the Mozilla project, Mitchell was at the forefront of the wrenching practical and emotional shifts required from both AOL/Netscape management and the open source contributors to the project.
Interestingly, Ben Laurie attacks the idea that "many eyes make all bugs shallow", one of the key claims about open source software quality.  I myself have been a fan of this idea, and I was surprised to see him dispute it.  To put his statements in context, however, Ben is specifically discussing security flaws, which he defines as being of a different class of problem from a standard "bug" or software defect.  His point is that it takes deep expertise and hours of dedicated effort to find security flaws, and that most eyes cannot see them.

The most provocative essay I've read so far is by Michael Olson, who discusses the concept of a "dual licensing" model in detail.  In short, dual licensing is a commercial Open Source software (COSS) approach that uses the GPL to convert full ownership of software IP into a self-sustaining open source community, while selling a proprietary license of the same source to proprietary vendors.  The proprietary license grants the buyer more rights, including no reciprocity - not needing to release their own product under the GPL.  This way, paying customers get the benefit of the open source product while retaining much stronger IP protection for themselves. Michael's summary of this balanced model is that the licensing & technology combination must be designed so that "Open source users experience only pleasure in their use of the software" while causing enough pain (Michael's word) to enough customers to make the business of selling proprietary licenses profitable.

This comes to mind most strongly to me because of some of the debates I've seen in the comments on Port 25.  Some readers believe that any commercialization of open source software is downright wrong, and a violation of the principles of Open Source.  Other readers seem quite willing to allow developers of open source software to make a living from their work.  I think this may be an irresolvable dispute - a clash of ideals between Open Source as a movement and open source as a development, marketing, and commoditization model.