Faking Open Source

April 13, 2010

The popularity of Free and Open Source Software (FOSS) has attracted a collection of projects and organizations that are keen on benefiting from the good reputation of Free and Open Source Software, but are not committed to its principles or its practices.

For lack of a better name, lets call these projects

 “NRFOSS“: Not Really Free and Open Source Software

NRFOSS is sometimes the result of lack of education on Open Source (the “confused” projects), while sometimes it is the result of an intentional misrepresentation guided by questionable goals (the “evil” projects). Both of these categories are bad for FOSS, since they drain energy from the good intentions of potential adopters and contributors, and also taint the reputation of real FOSS projects.

Here is a recipe of five tests that will allow you to rapidly separate NRFOSS from real FOSS

Step 1: Run the “Google Test” of Open Source
For project “ACME”, do a Google search for “ACME Download”. If in the first five hits you get a link to the web page that instructs you on how to download the source code, then the project has passed the “Google Test”.  If on the other hand, you find a lot of PowerPoint presentations talking about how great the project is, then you can label the project as NRFOSS, and put it in the subcategory of “vaporware”, or maybe “powerpointware”, which is, by the way, excellent material to use if you need to mislead executives who care about buzzwords but do not know what a compiler is.

Step 2: The Download Test
Once you identify the download page of the project, go ahead and try to download the source code. This will typically be a  tar.gz or a .zip file, or a direct access to a CVS / SVN or Git repository.  If after twenty minutes of navigating the “download” page you still have not located the files to download, then the project gets the NRFOSS label in the subcategory “NTRHTS: Not trying really hard to share”.  If at any point in this process you have been required to provide a user name or password, then the project also gets to be labeled as NRFOSS, in the subcategory of “clubware”, which means that you have to belong to a exclusive club in order to get the privilege of looking at the source code. Time to start thinking : “What are they trying to hide…?”

Step 3: The Copyright and License Test
Copyright infringement is a Federal Crime. You can get up to five years in a Federal Prison and a fine of up to $250,000 dollars. You can thank the active lobbyists from the movie and music industry for that…. but… I digress. The point is, copyright is not something to take lightly. For your own safety and security you must verify that the developers of the project know what they are doing. In particular, you must expect to find: (a) a clear statement indicating who holds the copyright of the project, and (b) a very specific statement indicating the license under which the project is distributed. If either one of those is missing, then… run!. Delete those files from your hard drive and remove that web site from the cache of your web browser. You may have been exposed to one of these two very grave dangers:  “Copyright Irresponsibility” or “Proprietary Bait”. The first case usually involves people with good intentions but insufficient preparation who didn’t do their homework when learning about what Free and Open Source really is. They rush to share without quite knowing how to share. They may be nice, but they mean trouble in your future. Keep your distance, or if you feel compassionate, let them know that they should learn about copyrights and licensing,… then Run!.  The second case is a more dangerous type. There are actively trying to lure you with a bait that looks like FOSS, but hides a proprietary hook inside. They tend to use two common tricks: (a) vague licensing statements, and (b) long-winded licensing terms. So, if you don’t find a clear statement indicating that the project is distributed under one of the OSI approved licenses,…. well,… Run!.

Step 4: The Build Test
Open source is great! But Open Source that works is even greater! Once the source code has made it to your hard drive it is time to verify whether the developers really gave you everything you need, and to test whether they know what they are doing. Locate the instructions for building the project. You will typically find them in a README file, or an INSTALL file, or in the Wiki or Web pages of the project. If by following the instructions you fail to build the project, then you must check if this is the result of some of the files being missing from the download. That is, are the developers withholding part of the project and sharing other parts? Does the project depend on some proprietary libraries? The build test is challenging, since many projects can require a certain level of technical skills on the part of the builder. If you fail to build the project, to be fair, you should give them the benefit of the doubt, and cautiously proceed to apply the “community test”.

Step 5: The Community Test
FOSS is not only about software. Source code is just the visible manifestation of a deeper socio-economical phenomenon: “Peer Production“. Real FOSS must have a community behind it. This is typically a group of committed developers combined with a group of users (or adopters). As a busy ant colony, this community actively improves the software and helps new adopters and developers get on-board. New users must be welcomed without any questions asked; embracing new developers is usually subject to certain picky tests that ensure that the newcomer will be a positive contributor to the project. As a potential new user of the project you have the right to expect to receive answers to the typical “newcomer” questions regarding how to download, build and use the software. Of course, you have to ask nicely… if you want to get an answer. You must keep in mind that in many cases those who answer your questions are volunteers and not your typical technical support division that make you wait online while listening to “elevator music”. You should also be aware that every FOSS project has a particular culture that has evolved as a niche ecosystem. It is usually a good idea to take a look at the archives of their forums or mailing lists and get a feeling for their culture before you start posting questions there, particularly if you plan to stick around.

Epilogue
Paradoxically, the abundance of NRFOSS, should drive you to better appreciate the many real FOSS projects and their communities, and hopefully will motivate you to contribute to them as well.

1 comment to Faking Open Source

  1. Expecting to be able to download everything for free and not wanting to pay for software is something that is often hold against the free software community, and with points 1 and 2 you are actually supporting this prejudice. However, these two points are wrong: Nowhere does it state that FOSS is about being able to download the source code without any kind of pre-condition. If some software company sells a software, provides the buyer on sale with access to the source code and the right to distribute that source code under the terms of an OSI approved license then this software is still FOSS. There is no requirement that the general public gets access to the source code.
    In other words, NTRHS is not a subcategory of NRFOSS.
    Just my 0.02€

Leave a Reply