Read the Fine Print on "Open Source" Software

by Ostatic Staff - May. 09, 2008

Back in the 1980s, when Richard Stallman was the only one talking about the need for "free software," no one quite knew what he was talking about. That's not just because people looked askance at someone who said it would be possible to write a version of Unix that could be given away for free, along with all of the compilers, editors, and utilities that a typical Unix installation included.

Stallman also managed to confuse people with the term "free" -- he used it as a political statement, saying "free as in freedom," or "free as in 'free speech'," contrasting it with "free as in 'free beer'." But no matter how hard he tried, Stallman was faced with the reality that most people thought of "free software" as programs for which you didn't have to pay money. The fact that Stallman's software was indeed designed to be given away without charge only added to the confusion.

The term "open source" was supposed to remove that confusion, and was deliberately chosen to emphasize what the software is, rather than what it isn't. The good news is that when the term "open source" was coined, just 10 years ago, the world was ready to listen, and incorporated this term into its vocabulary. The bad news is that the open source world is now so diverse, with so many licenses and commercial interests involved, that it is often hard to know whether a program is truly available on an open source basis without reading the fine print. Even when a reporter does a good job of describing the software and license, you should double-check the details, to ensure that you won't get your organization into trouble.

For example, I read a story earlier this week about a company named Aras that radically shifted its strategy in the last year, switching from a traditional proprietary model to one involving "open source." The article called attention to the fact that Aras is only making its software available for Microsoft Windows -- an acceptable open source strategy, if an unusual one. But then the article indicated that Aras was releasing its software under a "shared source" license that was written by Microsoft.

Now, to anyone in the world of open source software, the term "shared source" is a red flag. The "shared source" program was and is Microsoft's way of fighting the open source world, allowing customers to inspect Microsoft source code without giving those customers the right to modify or redistribute the code. In other words, "shared source" is not open source, and shouldn't be confused with it. So if Aras is distributing its software under a shared-source license, then we can't consider it to be open source, can we?

Actually, we can: It turns out that "shared source" is now the umbrella term that Microsoft uses for its policy of relatively openness and transparency, and that this program includes several different software licenses. Two of these licenses, the Microsoft Public License (Ms-PL) and the Microsoft Reciprocal License (Ms-RL), have indeed been approved by the Open Source Initiative, which means that they are indeed open-source licenses. And in fact, Aras is distributing their software under the Ms-PL, which means that their software does indeed qualify for the "open source" moniker.

The confusion stems from the fact that Microsoft's "shared source" program includes three proprietary licenses as well, whose names are similar in some ways to the open-source licenses. Thus, while the Microsoft Reciprocal License has been approved by OSI, the Microsoft Limited Reciprocal License (Ms-LRL) is not, because it allows users to modify and redistribute the software only on the Windows platform.

I encountered a similar issue earlier this week, when I read an article about Sun's open-source virtualization engine being available for the Macintosh. The article went on to state that this product, xVM VirtualBox, could be used for free by individuals, but required a paid license for corporations.

It turns out that there are two versions of xVM VirtualBox; the open source version is freely available to anyone who wants it, and for any reason, but lacks certain options in the proprietary version. It was only after a few minutes of reading and thinking that I finally understood that Sun is offering VirtualBox with a dual license -- with an open source program downloadable for free, and licensed under the GPL, or with a proprietary license for which people have to pay.

In both of the examples I mentioned here, there was no attempt to shade or hide the truth. And in both cases, we were truly dealing with open source software. However, commercial companies are realizing that the term "open source" can be co-opted to some degree, and are starting to confuse us with software that is mostly, but not completely open source. Or they do so with licenses that are similar to, but not completely identical to, the open-source licenses that they publicly tout. Or they do so with software that is described as fully open source, when in fact there are proprietary add-ons required to make it useful.

The bottom line is that in open source, as with everything else, let the buyer (or downloader) beware: Richard Stallman might have been the first one to realize that seemingly clear terms can easily be confused by the general public. In the case of open source, the problem is less one of semantics and multiple meanings, and more one of companies blurring the line between their profitable proprietary software, and their attempts to move into the open source market.