For most people writing open source, it – open source software – seems like an unalloyed good. You write code, and other nice people, like you, get to add to it, test it, document it and use it. Look what good it can do to the world! Even the Organisation-Formerly-Known-As-The-Evil-Empire has embraced open source software, and is becoming a happy and loving place, supporting the community and both espousing and proselytising the Good Thing[tm] that is open source. Many open source licences are written in such a way that it’s well-nigh impossible for an organisation to make changes to open source and profit from it without releasing the code they’ve changed. The very soul of open source – the licence – is doing our work for us: improving the world.
And on the whole, I’d agree. But when I see uncritical assumptions being peddled – about anything, frankly – I start to wonder. Because I know, and you know, when you think about it, that not everybody who uses open source is a good person. Crackers (that’s “bad hackers”) use open source. Drug dealers use open source. People traffickers use open source. Terrorists use open source. Maybe some of them contribute patches and testing and documentation – I suppose it’s even quite likely that a few actually do – but they are, by pretty much anyone’s yardstick, not good people. These are the sorts of people you probably shrug your shoulders about and say, “well, there’s only a few of them compared to all the others, and I can live with that”. You’re happy to continue contributing to open source because many more people are helped by it than harmed by it. The alternative – not contributing to open source – would fail to help as many people, and so the first option is the lesser of two evils and should be embraced. This is, basically, a utilitarian argument – the one popularised by John Stuart Mill: “classical utilitarianism”[1]. This is sometimes described as:
“Actions are right in proportion as they tend to promote overall human happiness.”
I certainly hope that open source does tend to promote overall human happiness. The problem is that criminals are not the only people who will be using open source – your open source – code. There will be businesses whose practices are shady, governments that oppress their detractors, police forces that spy on the citizens they watch. This is your code, being used to do bad things.
But what even are bad things? This is one of the standard complaints about utilitarian philosophies – it’s difficult to define objectively what is good, and, by extension, what is bad. We (by which I mean law-abiding citizens in most countries) may be able to agree that people trafficking is bad, but there are many areas that we could call grey[2]:
- tobacco manufacturers;
- petrochemical and fracking companies;
- plastics manufacturers;
- organisations who don’t support LGBTQ+ people;
- gun manufacturers.
There’s quite a range here, and that’s intentional. Also the last example is carefully chosen. One of the early movers in what would become the open source movement is Eric Raymond (known to one and all by his initials “ESR”), who is a long-standing supporter of gun rights[3]. He has, as he has put it, “taken some public flak in the hacker community for vocally supporting firearms rights”. For ESR, “it’s all about freedom”. I disagree, although I don’t feel the need to attack him for it. But it’s clear that his view about what constitutes good is different to mine. I take a very liberal view of LGBTQ+ rights, but I know people in the open source community who wouldn’t take the same view. Although we tend to characterise the open source community as liberal, this has never been a good generalisation. According to the Jargon File (later published as “The Hacker’s Dictionary”, the politics of the average hacker are:
Vaguely liberal-moderate, except for the strong libertarian contingent which rejects conventional left-right politics entirely. The only safe generalization is that hackers tend to be rather anti-authoritarian; thus, both conventional conservatism and ‘hard’ leftism are rare. Hackers are far more likely than most non-hackers to either (a) be aggressively apolitical or (b) entertain peculiar or idiosyncratic political ideas and actually try to live by them day-to-day.
This may be somewhat out of date, but it still feels that this description would resonate with many of the open source community who self-consciously consider themselves as part of that community. Still, it’s clear that we, as a community, are never going to be able to agree on what counts as a “good use” of open source code by a “good” organisation. Even if we could, the chances of anybody being able to create a set of licences that would stop the people that might be considered bad are fairly slim.
I still think, though, that I’m not too worried. I think that we can extend the utilitarian argument to say that the majority of use of open source software would be considered good by most open source contributors, or at least that the balance of “good” over “bad” would be generally considered to lean towards the good side. So – please keep contributing: we’re doing good things (whatever they might be).
1 – I am really not an ethicist or a philosopher, so apologies if I’m being a little rough round the edges here.
2 – you should be used to this by now: UK spelling throughout.
3 – “Yes, I cheerfully refer to myself as a gun nut.” – Eric’s Gun Nut Page
Alice, Eve and Bob - a security blog 
This bring two things to mind.
First, I remember coming upon a library a number of years ago that was released under a modified FOSS licences which stated the usual (I think it was based on a GPL licence, if memory serves well) but added a restriction: people or organisations wishing to use the software in the process of exploiting animals were explicitly banned from doing so.
I can’t find what it was now (a javascript library?), and it clearly didn’t see a lot of other projects emulate its license, but it was very opinionated.
Another project that was clearly aiming for good is the dyne:bolic distro, which used to state on its main page “Dyne is rasta software”, although as far as I can tell that never extended to having a non-standard FOSS license.
No, when you say “Many open source licences are written in such a way that it’s well-nigh impossible for an organisation to make changes to open source and profit from it without releasing the code they’ve changed.”, this brings another thing to mind: the recent MongoDB / Redis kerfuffle (Commons Clause).
If you basically just use the code, without making changes to it (and creating some proprietary glue code around it), to provide a service, you are free to take code, not contribute back, and profit from it. Vastly, in some cases.
I don’t really have a definitive opinion on this current situation, as I can understand the arguments on both sides (essentially, that it’s unfair to just take other people’s effort and give nothing back, and that that’s not in the spirit of free and open source software, on one side, and that preventing people to do what they want to do with the code is a violation of freedom 0 and makes the software non-free, on the other hand). Still, something to take into consideration.
LikeLike