mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

16K
active users

Matt "msw" Wilson

How it started: "This change has zero effect on the Redis core license, which is and will always be licensed under the 3-Clause-BSD."

How it's going: "Beginning today, all future versions of Redis will be released with source-available licenses. Starting with Redis 7.4, Redis will be dual-licensed under the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1)."

@msw Curious what AWS's plans are in light of this. (The Redis announcement, I mean - not the Microsoft thingy...)

@jzb @msw
I sure hope they pay up. (Or open source their stack, either is a win tbh)

@max @jzb @msw The SSPL is a poison pill. Nobody can every fulfill the "open source your stack" requirement as you'd have to e.g. provide Linux under an SSPL ...

@theuni
I mean that's literally the point. And Linux is already free software so where would the issue be? (Yes, I realise the issue is companies wanting to keep their proprietary crap to themselves)

The SSPL is not more of a poison pill than GPL (and especially AGPL) already is.

@max But it's not the lingo of the license. I'd be more than happy if this was the case, but it seems risky to positively assume this. So: IANAL and my lawyer points in the opposite direction currently. I agree on the "purpose" thing, but that isn't something I'd go without better understanding/proof.

@theuni Well I agree that it's kinda too ambiguous for most proprietary software companies... (but the same discussions have already been had when MongoDB did it so this isn't really something new?)

Don't get me wrong, I would prefer it if they just used the AGPLv3 (or even a potential GPLv4 with an included fix for this exploit... one can hope 🤞)

@max I'm on the fence because I asked those exact questions for clarification to MongoDB with an inside contact and came up with a "no comment" ... which makes me call it a FUD bluff.

@max Do you have a pointer to those discussions? I never stumbled over them whenever I researched this ... <3

@theuni Well the stuff I remember is mostly based on stuff discussed/shared in IRC&co back then but I can try to find something mor tangible.

@max That would be appreciated. If it *really* holds I would be more than happy to make it easier to find in the future and as we're currently getting professional advice anyway I'd be more than happy to make those findings assessments available as well. I *wish* MongoDB (and the others) would go on record to confirm license compatibility.

@jzb @msw probably we will see an announcement at the next Re:Invent about a new "openkv" service

@gianarb @msw Perhaps! Seems a long time to wait, though.

@jzb @gianarb didn’t have to wait that long…

@jzb @msw Honestly, they likely don't have to do much as Redis is available on AWS/Azure/GCP ... this is really mostly a fuck you to the FLOSS community.

@msw yup, asked a few minor pointed questions this weekend of them with those banners adorning their booth...

Nobody knew nuttin'.

No clue on any of the developer-pertinent questions at a heavily developer conference.

Guess we now know the people sends out to dev conferences are just poor mushrooms who can't be relied on for the information they convey there ☹️

@msw Wow, they really do. <3 They're clearly *funding developers building the open source products they use* instead of other companies which will probably announce a fork to avoid paying for anything like bathroom breaks for drivers.

Huge respect to Microsoft for this one.

@msw I literally noticed I was replying to an Amazon employee after I posted. But it is not lost on me the loudest complaints about this are all coming from the only company who is causing infrastructure to shift away from open source licensing.

@ocdtrekkie @msw no, they are funding developers who are building the source-available products they are reselling. these licenses are proprietary and exploitative, designed to shake down consumers while appearing to be “open source,” and describing them as open source allows them to continue with this fraud.

@scott @ariadne @msw That's correct. SSPL is basically complete harmless unless you are a cloud provider using your proprietary platform to undercut and destroy the developers of the open software. SSPL literally only works against companies using closed source to compete.

@ocdtrekkie @scott @msw

none of this matters. SSPL is not an OSI-approved license, so it is by definition NOT open source.

if you want to deal with projects that do not produce free software, then that is your business, but the software freedom guaranteed by the open source definition matters.

@ariadne @scott @msw If the OSI wanted to support open source, it would've worked with companies like Elastic, Mongo, and Redis to approve licenses which enabled open source companies to thrive. Instead it's primary role in the past few years is protecting a proprietary SaaS platform from having to pay for stuff.

The OSI is really not very supportive of open source software at the end of the day.

@ocdtrekkie @scott @msw

cool.

let me know when private individuals not backed by venture capital are using the SSPL.

let me know when the FSF says it is OK to use it.

neither of these things have happened, because the license is designed for and by parties funded by venture capital (to protect frankly nonviable business strategies under capitalism) and is not relevant to anyone else verses normal AGPL.

that is the problem with SSPL. it is not about copyleft, it is about trying to protect nonviable business strategies.

bluntly -- if you need a poison pill license to "win" then you need to rethink your business strategy, because AWS can just put a team of engineers on cloning your SaaS offering without using your code.

commons clause and SSPL are both perversions of copyleft and software freedom pushed by venture capital to try to attain vendor lock-in for services. it's disgusting.

@ocdtrekkie @scott @msw

(if you actually care about copyleft, then the correct answer is AGPL without CLA. then all players are locked into following the same rules.)

@ariadne @scott @msw I *do* feel like AGPL should be radioactive enough to companies to do the same as SSPL but I wonder if that isn't well court-tested enough to risk going up against Amazon's lawyers.

I personally prefer BSL over SSPL so code eventually falls into being less protected, but there's some dangers for computer security if people have reasons to use old code.

@ocdtrekkie The AGPL isn’t as broad as the SSPL. AGPL focuses on the service the user interacts with, which leaves out quite a bit.

BSL and SSPL are interesting experiments. I’d like to see something similar which is anti-corporate rather than pro corporate like those two.

@ariadne @scott @msw

@ariadne @scott @msw The FSF is categorically unable to not give voting board rights to a guy who constantly and frequently speaks in favor of pedophiles. Also not exactly an organization which is a good role model. We should pick better heroes in our community.

It is indeed possible SSPL protects nonviable business models, but if open source companies are non-viable, we should fix that. The competitive edge Amazon has is "proprietary software".

@ocdtrekkie @scott @msw

bringing up stallman's misconduct (which I agree with you on!) does not address the point I am making -- that projects outside of the VC-funded ones are not using SSPL, because there is no point in using it.

in this case, Amazon's competitive edge is not proprietary software, it is their workforce of hundreds of thousands of engineers.

SSPL does not protect you from Amazon, in reality all it does is cause you to be locked into a single vendor's proprietary cloud service, because that vendor will *always* require a CLA for third-party contributions, and that vendor will *always* grant themselves an exemption from the SSPL.

being locked into Elastic or MongoDB instead of AWS is not enhancing my software freedom in any way. it just means that i have two vendors who do not care about my software freedom instead of one, but that other vendor is happily gaslighting me about freedom.

@ariadne @scott @msw
> in this case, Amazon's competitive edge is not proprietary software, it is their workforce of hundreds of thousands of engineers.

I strongly disagree with this. Amazon has two advantages:
- They provide a one-stop shop to get Elastic, Mongo, or Redis bundled with their proprietary products on one proprietary management platform.
- They can offer it at more competitive prices because they can extract value from the same companies via pricing on those proprietary products.

@ocdtrekkie @scott @msw

so what? those software packages went SSPL, and Amazon just cloned the API surfaces of those packages and kept running their services.

so, we get locked into Elastic/MongoDB/Redis cloud offering, or we get locked into AWS's clone of it.

either way, *users* lose. and that is the point, really.

@ocdtrekkie @scott @msw

(my larger point is that if you care about freedom, you should be rejecting all of these anyway, but sadly the people who care about freedom aren't the ones driving IT purchasing decisions usually)

@ariadne @scott @msw Sure, the lesson here is "don't ever try to produce SaaS infrastructure under an OSI-approved license", and I imagine Amazon has gotten that lesson through to everyone now. Open source infrastructure is probably dead as a new industry unless directly done internally by a FAANG.

@ocdtrekkie @ariadne @scott @msw "as an industry" is a key phrase there; "I want to create open source software" and "I want to make money" are different objectives with different obligations, and with FAANG sucking all the air out of the room, it's nearly impossible to optimize for one without compromising the other. If you leave anything on the table, a dragon is going to come gobble it up, be it money or be it rights. Either you become a dragon yourself, or you put dragon poison in everything, the middle ground is now scorched earth.

@ariadne @ocdtrekkie @scott @msw I'd argue that there's often less lock-in with AWS, because (for example) the Elastic fork they use to provide their service (OpenSearch) has remained open source.

@mathew @ariadne @scott @msw It's not more open just because the OSI says it is. That's a tautological argument. SSPL is copyleft, it strongly promotes open source. A proprietary company forking a thing does not more open make.

@mathew @ocdtrekkie @scott @msw OpenSearch is the exception — instead of just duplicating the API surface, they forked Elastic and kept it under Apache license.

In the case of MongoDB, they just created their own proprietary reimplementation which cloned the API surfaces. this is normally what they do.

@ocdtrekkie @ariadne @scott @msw No, the reason to pick AWS (or Azure) is pretty much entirely because of their engineers and customer support.

Their proprietary tech (mostly SQS and S3) usually has FOSS reimplementations available made by others or is typically just talking over the same protocols/syntax as a FOSS tool.

The reason you want AWS/Azure as opposed to a Linode/Hetzner/DO VPS is specifically because they'll manage it for you, keep it up-to-date and inform you about any breaking changes that you'll have to make. The actual tech isn't the selling point for AWS (or any cloud provider that isn't like, GCP, but you shouldn't build on GCP if you can help it.)

(I'd still recommend avoiding SQS/S3 exclusive solutions; vendor lock-in is bad, use open standards.)

@ocdtrekkie @ariadne @scott @msw Open source companies being non-viable is not something we can fix with licensing. It was, at one point, actually possible to build an open source company and make good money at it (re: Red Hat before 2019) but investors and executives reject these models these days because they're not maximally exploitive. The possibility of being able to make even more money and increase lock-in is too attractive.

TLDR, RCA: capitalism

@ariadne @ocdtrekkie @scott @msw And also, put bluntly, neither Fedora nor Debian will accept anything SSPL because they don't comply with OSD, FSF-Free, nor DFSG. Both distribution organizations more or less require a license to fit among at least one of these and provide their own lists with justifications when they make their own decisions.

e.g. Fedora: docs.fedoraproject.org/en-US/l

Fedora DocsAllowed LicensesLearn more about Fedora Linux, the Fedora Project & the Fedora Community.
@ariadne @ocdtrekkie @scott @msw the FSF and OSI may have nice ideas but they are not designed for militant capitalism. We live in a class WAR, whether we like that or not. Aiding the enemy who's trying to take away everything you have, including your life, cannot be good for you in the long run. They're welcome to stop being the event, and then receive aid.

This problem could also be solved by AGPL in most cases though - the equivalent of making your equipment so communist that the Americans are too disgusted to appropriate it.

@ocdtrekkie @ariadne @scott @msw OSI in not opposing copyleft. The SSPL has not been evaluated, its review was suspended by the license steward

@ocdtrekkie @scott @ariadne @msw I mean, as someone who pays for software as a service, I don't particularly like that one company has monopoly on providing that service. So I wouldn't say it's "harmless"

@wwahammy @scott @ariadne @msw But that's what Amazon gets, effectively. It's impossible for an open source company to compete when it has to both pay the developers and it's competitor can subsidize with proprietary code.

Anyone can compete with a SSPL code developer without paying anything... provided they are also an open source company. Amazon isn't that. We should definitely have licenses that give open source companies advantages over proprietary ones.

@ocdtrekkie @wwahammy @scott @msw

SSPL companies are NOT open source companies, they are just companies.

do you understand?

there is NO interest in software freedom by venture capitalists. they see all of us as *annoying*.

@ocdtrekkie @wwahammy @scott @msw

(and, no, that's not what Amazon gets. if I want to cut ties with AWS, and go to another cloud vendor, I can do that today. but with SSPL, there is only one vendor that I can use.)

@ariadne @wwahammy @scott @msw Saying it's not open source because the Amazon-backed corporate shill outlet says it's not is a tautology. We can fix that by throwing out the OSI.

And a company which releases all of their code under GPL or MIT can use SSPL code for free. It's literally a license that promotes open source.

@mawhrin @ocdtrekkie @ariadne @wwahammy @scott @msw

«our long-standing partnership with Microsoft will continue to support organizations...»

So... I'm not up to speed. Do MS and Redis have an explicit (formal) side agreement that has MS shipping $$ to Redis and Redis declining to sue under SSPL? (Like, "Redis licenses Redis to MS under these specific terms, etc. etc.")

Because, otherwise, wouldn't SSPL also apply to MS?

And if I, as pee-wee cloud services offerer, use Redis, am I SOL...

1/

@mawhrin @ocdtrekkie @ariadne @wwahammy @scott @msw

...unless I either open-source pretty much my entire stack or negotiate my own license agreement with Redis?

Is that the picture?

2/2

@tarheel @mawhrin @ariadne @wwahammy @scott @msw I would assume Microsoft pays for use of the code under another license. But the alternative to that would be "open source your entire platform" which is something I think we should wholeheartedly support.

There should be advantages to being an open source company, IMHO.

@ocdtrekkie SSPL & co. are neither open source nor free software licenses; they're proprietary licenses wchich regulate what you can with the executable product of the source code (specifically: not to compete with the company owning the source code) while allowing to look at the source; we've been through that dance a number of times in the last thirty years, did we forget everything? @tarheel @ariadne @wwahammy @scott @msw

@mawhrin @ocdtrekkie @ariadne @wwahammy @scott @msw

Not to be pedantic, but, yes, the collective "we" does forget, because new members of the collective are constantly appearing.

@mawhrin @ocdtrekkie @tarheel @ariadne @wwahammy @scott @msw In addition it is fundamentally impossible to comply with the terms of the SSPL should anyone decide your use triggers the distribution obligations.