Whenever chaos engulfs a proprietary technology relied on by millions, the default knee-jerk reaction from many seems to be: “Hey, let’s see what the open source world has to offer.”
Case in point: X’s (Twitter) steady demise since Elon Musk took over last year led many to search for more “open” alternatives, be it Mastodon or Bluesky.
This scenario became all too familiar throughout 2023, as established technologies hit a chaos curve, making people realize how beholden they are to a proprietary platform they have little control over.
The OpenAI fiasco in November, where the ChatGPT hit-maker temporarily lost its co-founders, including CEO Sam Altman, created a whirlwind five days of chaos culminating in Altman returning to the OpenAI hotseat. But only after businesses that had built products atop OpenAI’s GPT-X large language models (LLMs) started to question the prudence of going all-in on OpenAI, with “open” alternatives such as Meta’s Llama-branded family of LLMs well-positioned to capitalize.
Even Google seemingly acknowledged that “open” might trump “proprietary” AI, with a leaked internal memo penned by a researcher that expressed fears that open source AI was on the front foot. “We have no moat, and neither does OpenAI,” the memo noted.
Elsewhere, Adobe’s $20 billion megabucks bid to buy rival Figma — a deal that eventually died due to regulatory headwinds — was a boon for open source Figma challenger Penpot, which saw signups surge amid a mad panic that Adobe might be about to unleash a corporate downpour on Figma’s proverbial parade.
And when cross-platform game engine Unity unveiled a controversial new fee structure, developers went berserk, calling the changes destructive and unfair. The fallout caused Unity to do a swift about turn, but only after a swathe of the developer community started checking out open source rival Godot, which also now has a commercial company driving core development.
But while all this helped to highlight the eternal struggle between the open source and proprietary software sphere, struggles within the open source community were once again laid bare for all to see.
The (not so) open source factor
Back in August, HashiCorp switched its popular “infrastructure as code” software Terraform from a “copyleft” open source license to the source-available Business Source License (BSL, or sometimes “BUSL”), which places greater restrictions on how third-parties can commercialize the software — particularly where it might compete with HashiCorp itself. The reason for the change? Some third-party vendors were benefiting from Terraform’s community-driven development without giving anything back, HashiCorp said.
This led to a vendor-led faction forking the original Terraform project and going it alone with OpenTF, eventually rebranded as OpenTofu with the Linux Foundation serving as the governing body. While HashiCorp was perfectly within its right to make the license change and protect its business interests, it also created uncertainty among many of its users. According to the OpenTofu manifesto:
Overnight, tens of thousands of businesses, ranging from one-person shops to the Fortune 500 woke up to a new reality where the underpinnings of their infrastructure suddenly became a potential legal risk. The BUSL and the additional use grant written by the HashiCorp team are vague. Now, every company, vendor, and developer using Terraform has to wonder whether what they are doing could be construed as competitive with HashiCorp’s offerings.
HashiCorp is far from the first company to make such changes, of course. App performance management (APM) platform Sentry switched from an open source BSD 3-Clause license to BSL in 2019 for reasons similar to those cited by HashiCorp. However, this year Sentry created an entirely new license called the Functional Source License (FSL) designed to “grant freedom without harmful free-riding,” the company said at the time. It’s a little like BSL, but with a few tweaks — for example, FSL-licensed products automatically revert to an open source Apache license after two years, compared to four years with BSL.
Again, this highlighted the perennial struggle from companies looking to embrace the open source ethos, without compromising their commercial interests.
“There’s been a long history of companies with deeper pockets and more resources taking advantage of traditional open source companies,” Sentry’s open source chief Chad Whitacre said in November. “Open source companies, regardless of license or the pedantic definition, have become increasingly reliant on being venture-backed, for-profit, or more importantly being supported by the companies that rely on their code.”
Similar to Grafana before it, Element transitioned core elements of Matrix, the decentralized communication protocol, from a fully permissive Apache 2.0 license to a less-permissive AGPL open source license. These included the main Matrix server, Synapse; the alternative server implementation Dendrite; and several associated server-side projects such as the Sydent identity server. This shift essentially forces all derivative projects that use these facets of the Matrix project to maintain the exact same license — a major deterrent to commercial companies looking to build proprietary products.
Element said that the cost of maintaining Matrix, which it makes the vast majority of contributions to, forced its hand at a time when other companies’ business models were designed around creating proprietary Matrix-based software — with none of the costs Element had to bear for maintaining Matrix. “We have succeeded in making Matrix wildly successful, but Element is losing its ability to compete in the very ecosystem it has created,” the company wrote at the time.
This license change effectively meant that companies using Matrix would have to contribute their code back to the project… or pay Element for a commercial license to continue using it in a proprietary product.
So on the one hand, companies, consumers and developers alike have seen how going all-in on proprietary platforms can lead to vendor lock-in and disastrous consequences when things go belly-up. But on the other hand, businesses built on solid open source foundations can easily pull the ladder up by switching the terms of engagement — all in the name of commercial protectionism.
All this, of course, is nothing new. But the past 12 months really have underscored both the power and perils of open source software.