Yesterday, as expected, Facebook revealed the code behind their F8 platform, a little over a year after its launch, offering it under the Common Public Attribution License.
I can’t help but notice the glaring addition of Section 15: Network Use and Exhibits A and B to the CPAL license. But I’ll dive into those issues in a moment.
For now it is worth reviewing Facebook’s release in the context of the OSI’s definition of open source; of particular interest are the first three sections: Free Redistribution, Source Code, and Derived Works. Arguably Facebook’s use of the CPAL so far fits the OSI’s definition. It’s when we get to the ninth attribute (License Must Not Restrict Other Software) where it becomes less clear whether Facebook is actually offering “open source” code, or is simply diluting the term for its own gain, given the attribution requirement imposed in Exhibit B:
Each time an Executable, Source Code or Larger Work is launched or initially run (including over a network), a display of the Attribution Information must occur on the graphic user interface employed by the end user to access such Covered Code (which may include a splash screen).
In other words, any derivative work cleft from the rib of Facebook must visibly bear the mark of the “Initial Developer”, namely, Facebook, Inc., and include the following:
Attribution Copyright Notice: Copyright © 2006-2008 Facebook, Inc.
Attribution Phrase (not exceeding 10 words): Based on Facebook Open Platform
Attribution URL: http://developers.facebook.com/fbopen
Graphic Image as provided in the Covered Code: http://developers.facebook.com/fbopen/image/logo.png
Most curious of all is how Facebook addressed a long-held concern of Tim O’Reilly that open source licenses are obsolete in the era of network computing and Web 2.0 (emphasis original):
…it’s clear to me at least that the open source activist community needs to come to grips with the change in the way a great deal of software is deployed today.
And that, after all, was my message: not that open source licenses are unnecessary, but that because their conditions are all triggered by the act of software distribution, they fail to apply to many of the most important types of software today, namely Web 2.0 applications and other forms of software as a service.
And in the Facebook announcement, Ami Vora states:
The CPAL is community-friendly and reflects how software works today by recognizing web services as a major way of distributing software.
Thus Facebook neatly skirts this previous limitation in most open source licenses by amending Section 15 to the CPAL, explicitly covering “Network Use”:
The term ‘External Deployment’ means the use, distribution, or communication of the Original Code or Modifications in any way such that the Original Code or Modifications may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Code or Modifications as a distribution under section 3.1 and make Source Code available under Section 3.2.
I read this as referring to network deployments of the Facebook platform on other servers (or available as a web service) and forces both the release of code modifications that hit the public wire as well as imposing the display of the “Attribution Information” (as noted above).
. . .
So okay, first of all, we’re not really dealing with the true historic definition of open source here, but we can mince words later. The code is available, is free to be tinkered with, reviewed, built on top of, redistributed (with that attribution restriction) and there’s even a mechanism for providing feedback and logging bugs. Best of all, if you submit a patch that is accepted, they’ll send you a Facebook T-shirt! (Wha-how! Where do I sign up?!)
Not ironically, Facebook’s approach with fbOpen smells an awful lot like Microsoft’s Shared Source Initiative (some background). Consider the purpose of one of Microsoft’s three Shared Source licenses, the so-called “Reference License”:
The Microsoft Reference License is a reference-only license that allows licensees to view source code in order to gain a deeper understanding of the inner workings of a given technology. It does not allow for modification or redistribution. Microsoft uses this license primarily for technologies such as its development libraries.
Now compare that with the language of Facebook’s announcement:
The goal of this release is to help you as developers better understand Facebook Platform as a whole and more easily build applications, whether it’s by running your own test servers, building tools, or optimizing your applications on this technology. We’ve built in extensibility points, so you can add functionality to Facebook Open Platform like your own tags and API methods.
While it’s certainly conceivable that there may be intrepid entrepreneurs that decide to extend the platform and release their own implementations (which, arguably would require a considerable amount of effort and infrastructure to duplicate the still-proprietary innards of Facebook proper — remember that the fbOpen platform IS NOT Facebook), they’d still need to attach the Facebook brand to their derivative work and open source their modifications, under a CPAL-compatible license (read: not GPL).
In spite of all this — and whether Facebook is really offering a “true” open source product or not — is really not the important thing. I’m raising issues simply to put this move into a broader context, highlighting some important decision points where Facebook zagged where others might have otherwise zigged, based on their own priorities and aspirations with the move. Put simply: Facebook’s approach to open source is nothing like Google’s, and it’s critical that people considering building on either the fbOpen platform or OpenSocial do themselves a favor and familiarize themselves with the many essential differences.
Furthermore, in light of my recent posts, it occurs to me that the nature of open source is changing (or being changed) by the accelerating move to cloud computing architectures (where the source code is no longer necessarily a strategic asset, but where durable and ongoing access to data is the primary concern (harkening to Tim O’Reilly’s frequent “Data is the Intel Inside” quip) and how Facebook is the first of a new class of enterprises that’s growing up after open source.
I hope to expand on this line of thinking, but I’m starting to wonder — with regards to open source becoming essentially passé nowadays — did we win? Are we on top? Hurray? Or, did we bet on the wrong horse? Or, did the goalposts just move on us (again)? Or, is this just the next stage in an ongoing, ever-volatile struggle to balance the needs of business models that tend towards centralization against those more free-form and freedom seeking and expanding models where information and knowledge must diffuse, and must seek out growth and new hosts in order to continue to become more valuable. Again, pointing to Tim’s contention that Web 2.0 is also at least partly about harnessing collective intelligence, and that data sources that grow richer as more people use them is a facet of the landscape, what does openness mean now? What barriers do we need to dissemble next? If it’s no longer the propriety of software code, then is it time that we began, in earnest, to scale the walls of the proprietary data horders and collectors and take back (or re-federate) what might be rightfully ours? Or that we should at least be given permanent access to? Hmm?
Related coverage:
- Facebook opens up, but misses opening by Jay Lyman, 451 Group
- Facebook: Open Source Was Always the Plan by Clint Boulton, eWeek
- Facebook adopts the CPAL poison pill by Matt Asay, CNET
Factory Joe 
Open source won in as much as it became so relevant and prevalent that the biggest of the proprietary operators not only noted it as a threat to their business but actually took defensive action.
Thats as much of a win as can be had against capitalism which demands the scale always be tipped in its favor.
Open source got close enough to equal footing with proprietary that the fulcrum had to be moved to give proprietary more leverage.
“Open” has been diluted, your screen shot of Microsoft’s Open source web page with the prompt to install SilverLight comes to mind. But it may not matter. Any site providing hackable RESTful URLs is close enough for me. Add in Microformats, Open ID, Oauth, your pending Dizo thingy and some ULML and I consider it really “open”, don’t need the source code.
The meaning of open source is changing but regardless of whether the code is open, it will not matter as much as the information contained in the system being open. As long as information can be easily distributed throughout these not-so-open software structures, the system as a whole can maintain openness of its users.
While you may not be able to tweak the software and distribute yourself, you will still be able to create software with very little barrier to entry. The duality of closed software with open standards of functionality will help to promote innovation in the long run. The platforms will be profitable before they become totally commoditized, to maintain an incentive to develop.
What is occurring may not be the true meaning of open source but it is certainly an evolution of the movement, not a step back.
btw how not ‘open’ is your commenting system Mr. Moderation.
From MS “Open Source” web page: “…Click here to install SilverLight!”
And this Simpson’s episode came to mind when I realized there is an intentional effort to dilute the word “open”:
Marge: Oh Homer, please! You’re embarrassing yourself.
Homer: No I’m not, Marge! They’re embarrassing me. They’re embarrassing America. They turned the Navy into a floating joke. They ruined all our best names like Bruce, and Lance, and Julian. Those were the toughest names we had! Now they’re just, uh…
John [ played by John Waters ]: Queer?
Homer: Yeah, and that’s another thing! I resent you people using that word. That’s our word for making fun of YOU! We need it!!
Hey Chris!
Great post (as usual!), thought I would throw a few cents in the ring. The open source licensing community IMHO often times paint themselves into a corner with licenses — I see a separation of open source’s true ethos with what’s written in the license. Compare GPL with the MIT license: the GPL license is so onerous that it actually becomes a huge pain in the ass to abide by it. But I digress…
What _I_ value as the core of open source has been totally victorious: some software is better served as core building blocks than as a source of revenue. If you can’t sell software, then putting it under an easily digestible open source license:
1. gets the code in front of lots of smart folks who can make it better.
2. gets the code in front of lots of smart folks who think of cool new things to do with it.
3. gets the code in front of lots of eager folks who can learn from it.
4. provides ample proof that the software isn’t doing any funny business.
5. helps build economies that build value on top of it.
6. gets the authors some net fame.
That’s why so many big name open source projects have academic roots. It is why open source voting machine software makes sense. It’s why open source communications make sense (twitter?).
BUT, open source _commercial platforms_ are really a sneaky subversion of this. Companies aren’t interested in selling the platform per se; they are interested in having the platform as core to as many things as possible. Just take a look at open source licensed material from Microsoft and Adobe. At the end of the day the platform play is to take you back to a mothership revenue stream. Maybe this only occurs in aggregate, maybe you don’t care. In any case, by making a platform “open source”, you try to take advantage of all of the points listed above, but with the added twist that all the new economies it creates eventually drive revenue to the company that put it there.
So the issue for anyone looking at F8 or another platform is really: “how does this eventually feed back to the parent?” and “does that matter to me?”
I had similar thoughts on this peculiar definition of “open”. This is the post I wanted to write 🙂
I, too, was very interested by their Affero-like clause. There’s been some debate recently in circles that I run in over whether or not such a clause can be enforced – consensus seems to be that it cannot.