Engaging Open Source Communities

At FOSDEM 2017, Simon gave a well-attended talk explaining many of the things that could go wrong for a company trying to engage a large open source project over legal or governance issues. Based loosely on a mailing list thread at the Apache Software Foundation, the talk highlighted seven things to avoid and gave ideas on how to do so.

Continue reading

Wix and WordPress Explainer

When you breach the terms of the GPL, the best plan is to put things right straight away, not misdirect away from the problem and condescend to the authors.


Many were surprised when one of the pioneers of the open web accused a competitor of theft1. Matt Mullenweg complained on October 28 that the new mobile app Wix has released uses a big chunk of code from WordPress, namely the WordPress Mobile Editor Component. Matt is the original creator of WordPress and now CEO of the company successfully monetising it, Automattic, Inc.

Continue reading

Oracle Gets It Right: NetBeans Heads To Apache

In a surprise move, Oracle has submitted a proposal to the Apache Software Foundation Incubator to adopt the NetBeans IDE — written in Java, for Java — as an Apache project. The proposal is very well written, easy to understand and well worth reading. I was at Sun when it acquired NetBeans in 2000 and have been a fan of the project in varying degrees ever since. Here are my views about the move to Apache. Continue reading

HPE “Buys” SUSE & Offloads Its Legacy Software

In a move reminiscent of the departure of its consulting wing to CSC, Hewlett Packard Enterprise (HPE) announced a complex transaction involving a reverse takeover of legacy software specialist Micro Focus PLC of the UK. They described it as a spin-off and merger. First they will create a spin-out company named Seattle SpinCo Inc comprising all the many enterprise software assets HP has accumulated over the years. That company will then merge with Micro Focus, who will pay for the transaction with $2.5 billion cash and a 50.1% equity stake. The result, expected to complete late in 2017, will be a company half owned and with a majoority of the board selected by HPE but still run by Micro Focus’ existing management and headquartered in the UK. Continue reading

Apache License Yes, Apache CLA No

In a thread on Twitter, the CTO at Chef Software defended the company against the accusation from an open source contributor that it demands copyright assignment from contributors. Chef’s CTO Adam Jacob explained that the company does copy Apache rules and thus requires a copyright license agreement (CLA) in addition to Apache’s open source license – not copyright assignment. He said:

we have never asked for copyright assignment. We do ask for a license, as Apache license requires.

That’s not actually correct, even if it’s a sufficiently common misunderstanding that Jacob really shouldn’t be called out for asserting it (especially as he was probably just suffering from Twitter’s 140 character limit!). Copying Apache’s license does not imply you should copy the rest of Apache’s CLA practice. The Apache License v2 (ALv2) is the best choice among non-reciprocal licenses for new projects, mostly because it includes explicit patent licensing. It is a perfectly effective license to use for any open source project where the community has no expectation of contribution on the part of users of the code, as it conveys all the rights you need to work with the code independently of others. Continue reading

FAQ: Which open source license is best?

A frequently asked question in the world of free and open source software (as well as the origin of many disputes) is “Which open source license is best?”


Unlike bilateral copyright licenses, which are negotiated between two parties and embody a truce between them for business purposes, multilateral copyright licenses — of which open source licenses are a kind — are “constitutions of communities”, as Eben Moglen and others have observed. They express the consensus of how a community chooses to collaborate. They also embody its ethical assumptions, even if they are not explicitly enumerated.

When that consensus includes giving permission to all to use, study improve and share the code without prejudice, the license is an open source license. The Open Source Definition provides an objective test of evaluating that such a license is indeed an open source license and delivers the software freedom we all expect.

Since licenses are the consensus of communities, it is natural that different communities will have different licenses, that communities with different norms will find fault with the licenses used by others, and that all will regard their way as optimum. The arguments over this will be as deep as the gulf between the philosophical positions of the communities involved.

Ultimately, there is no license that is right for every community. Use the one that best aligns with your community’s objectives and ethos. Meshed Insights can help you select an open source license for your project as this is not primarily a legal matter; please contact us.

[Now adopted as part of OSI’s official FAQ]

What Is A Blockchain?

The Linux Foundation started a blockchain initiative involving many of its large corporate members. The initiative will devise a viable new approach to blockchains (presumably implemented as open source software) that can be used for any application where a distributed ledger is a useful data structure.

It’s easy to confuse “blockchain”, a distributed document database technology that operates without an authoritative master copy, and “bitcoin”, a virtual currency associated with one particular instance of blockchain technology. So here’s an explanation of the blockchain.


The “blockchain” is a database, journal or ledger for storing arbitrary documents. It’s maintained as a linked list, with cryptographic signatures verifying each entry. As a public resource, there’s a risk of journal entries being made too often (a bad thing for performance, especially over time, creating a risk of DoS). To prevent this, every entry needs to be accompanied by a token indicating the good standing of the author.

Since issuing tokens from a central authority defeats the purpose of the blockchain, they are instead created by each author independently but verifiably. For the Bitcoin blockchain and many others, the token takes the form of a “proof of work” – a cryptographic evidence of having solved a computationally-complex cryptographic problem within a globally-identified sequence.

There is no master copy of a blockchain; copies of it may be kept anywhere. The validity of each entry in the blockchain can then be independently confirmed by every participant. In the case of the Bitcoin blockchain and many others, this is done by every user replicating the entire blockchain and then comparing new entries against the findings of other users. A voting mechanism between replicas allows the “wisdom of crowds” to identify and reject flawed or fraudulent entries. The crowd involved can be public (as in the case of Bitcoin), or private or indeed a mixture of both.

While Bitcoin is the best-known application of the blockchain, there are many others, including different approaches to the entry token and to cryptography. We expect blockchain to become an important part of distributed systems in many roles: creating auditable logs of transactions, establishing provenance of reference documents such as inventions or contracts, providing a micro-currency for automated transactions in a heterogeneous “internet of autonomous things” and many more beyond the familiar use as a virtual currency.

[Did this help? You can use Bitcoin to leave a tip! See right margin ⇨]