GPL's cloudy future

GPL's cloudy future

Summary: One of the things about getting older is that you learn to ignore things until you have to do something about them. It's a learned efficiency, I suppose, rationing your increasingly precious time out to the unceasing demands upon it.


One of the things about getting older is that you learn to ignore things until you have to do something about them. It's a learned efficiency, I suppose, rationing your increasingly precious time out to the unceasing demands upon it. I finally realized I have to do some serious thinking about cloud computing.

"Hang on a minute, don't you work at Google ?" I hear you say. Well, yes, but in my defense many of the people who work at Google don't have anything to do with cloud computing. Some of us have to keep the conference rooms clean, write Open Source/Free Software, things of that nature.

But several recent events have stirred my aging brain into action. These events included the departures of two of my colleagues, who were leaving their current, extremely stable employment to join increasingly risky cloud computing startups. That's not so strange here in Silicon Valley. I remember some wacky people leaving nice safe enterprise computing jobs to go do something strange with "Web 2.0" startups, and look how that turned out. One of them drives a Ferrari now (but he always was a bit of a show-off). The third event was from a rather more unlikely source, the Free Software Foundation's (FSF) annual General Meeting, LibrePlanet, held in Boston.

I was fortunate enough to get invited to give a keynote there, as a sort of comic relief whilst people were waiting for Richard Stallman (the founder of the FSF) to turn up and articulate the state of the Free Software universe. I was in the middle of my talk, "The Elephant in the Room: Microsoft and Free Software", busily pontificating about Microsoft's nefarious plans for dominating the Web and software as a service, when I got heckled.

It wasn't any ordinary heckler either. It was Bradley Kuhn, the former executive director of the Free Software Foundation. Fixing me with a steely glare, he said "So doesn't this mean that the GPL is the new BSD license and that Google is the new Microsoft ?" I must confess I was a little non-plussed.

I'll answer the second charge first, then explain the first. Without speaking on Google's behalf, my opinion is that companies, however large they become, tend to keep the character of their founders so long as the founders are still there. Google is still led by a couple of computing science graduates from Stanford University and one of the old school Sun Microsystems executives. Whilst they are around I have no fears of looking in the mirror and seeing a hazy reflection of Clippy the talking paperclip. Oddly enough, there is finally hope of change at Microsoft for exactly the same reason.

So what did Bradley mean by "GPL being the new BSD" ? The GNU General Public License (or GPL) is the most popular Free Software license. It's a reciprocal or "copyleft" license in that in order to be allowed the right to redistribute the software (normally forbidden under copyright law) the distributor has to agree to make the source code available to the recipient under exactly the same terms. In other words, share and share alike. The main point of the GPL license is it is impossible to use it to create proprietary software. It's deliberately designed that way by a man who views proprietary software as immoral. The Berkeley Software Distribution, or BSD license, is a much simpler document. Essentially it allows anyone to use the code without restriction, so long as the copyright notice and disclaimers of warranty are preserved. The main difference between the two is that BSD licensed code is freely used in proprietary software (Apple's proprietary MacOS X is based on BSD code), whereas the GPL is designed to ensure all derivative works remain Free Software.

But the fatal flaw in the GPL is that the reciprocal clause is only triggered by the act of redistribution. This works well in the world of traditional software, where in order to use a program it must be directly distributed to the recipient. Under the GPL, that person then inherits the same rights to the software source code as the distributor had. But now consider the strange new world of cloud computing, and software as a service. The way software works in this world is completely different. Most of the complex logic and the actual programs themselves live as software only running within server farms, communicating solely by network requests sent from a client Web browser via downloaded Javascript programs.

There is no "distribution" here, so the reciprocal clause of the GPL is never triggered. In such a world, service providers can use GPL-licensed code in proprietary back-end server farms with impunity. This seems contrary to the spirit of the authors of much of the GPL-licensed code used in this way, although it strictly complies with the license. It means that, as Bradley warned, GPL code can be used in the cloud computing market in exactly the same way as BSD code can be used in the traditional software market.

So what can be done to fix this ? Should anything be done to fix this ? After all, traditionally distributed software is still the majority of software used in the world, so why worry ? The FSF think they have the answer, and so in conjunction with Affero, they created the Affero GPL license (AGPL). Affero is a company who writes network software used in the software as a service world and who firmly believes in the concept of software freedom as espoused by the FSF. The result was this creation of a variant of the GPL to cover this important new threat to Free Software. The current AGPL is a version of the GPL version 3 (the current standard GPL version), with one important addition:

"..if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software."

In other words, when you interact with this software running as a service in the cloud, you must be able to get the source code, just as you would when receiving a normally distributed GPL licensed program.

For network services running in a cloud, this brings back the fairness provision that the original GPL intended, and returns the freedom that Free Software promises to all users and developers.

Currently the AGPL is a minority license as compared to the GPL. Not much Free Software is currently written directly to serve cloud computing network services.

But cloud computing is going to change the industry in as profound a way as client server did in the late 1980s and 1990s. The ability to easily provision and scale up software services based on the Free Software LAMP stack  (Linux / Apache / MySQL /PHP or Perl or Python) or more modern fare such as the open source Java software framework Hadoop is going to massively change the way software is developed. Of course at my day job, it already has for many of the engineers.

Even old fogies like me are going to have to learn some new tricks in this world. Free Software is going to have to adopt as well. I still have lots of Samba code to write first (no, Samba isn't a finished product yet), but if I ever work on cloud computing code, I'd like to see it under the AGPL, in order to preserve the freedoms I've been able to enjoy in conventional software development these many years. Without the AGPL, our freedoms will depend on the kindness of strangers donating their modifications to our code back to us, as they did in the days before the GPL license and the FSF was born.

The LibrePlanet conference also had some very interesting sessions on Free Software Web services, run by the people behind and Check them out to learn more about Free Software network services and cloud computing.

Topics: Cloud, Open Source, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • In the Cloud: ANYBODY can do IT

    ANYBODY. I believe that is the essence of the Cloud revolution.

    Users old enough remember the IBM PC. It was a revolution. A maneuver around traditional IT which gave rise to a new generation of software and hardware development without the usual 'impediments' of traditional IT.

    There will be growing pains, but I strongly believe that IT will benefit by it.

    ANYBODY can do IT.

    Dietrich T. Schmitz
    • RE: GPL's cloudy future

      GPL's cloudy<a href=""><font color="light&amp;height"> about it</font></a> is bank that <a href=""><font color="light&amp;height">website</font></a> attacked from the <a href=""><font color="light&amp;height">site support</font></a> from any soldier <a href=""><font color="light&amp;height">site</font></a> to the light <a href=""><font color="light&amp;height">home page</font></a> is great future
  • Just to be contrary

    For businesses, technology is secondary and DATA is key. The company's data <i>is</i> the company. I'm not sure how many are willing to cede control of their data to the cloud. I suspect that the larger the business, the less likely they would be to hand over control. Government regulations would prevent more company's from doing this (HIPPA/hospitals).

    If a company wanted an INTERNAL cloud to be set up by a cloud provider, the original GPL would be in force since the OS is not "internal" anymore. This would affect companies like IBM and HP that could provide on-premise clouds.

    So no change really needs to be made to the GPL. If you want control over your data - then you need to run a cloud locally - which means that the GPL is in force.
    Roger Ramjet
    • VPNs

      >[i]"I suspect that the larger the business, the less likely they would be to hand over control. Government regulations would prevent more company's from doing this (HIPPA/hospitals).[/i]"

      I've been a Healthcare IT professional for over 16 years. VPNs are common-place and this is an addressable item in HIPPA, so no problem there.

      A good VPN like openVPN is all you need.

      Anybody doing non-compliant HIPAA stuff on their VPN remote PC will get put up against the nearest wall and shot. ;)
      • Where is the cloud?

        The trouble is, as a client of such a service you have no control of where the data is physically stored. That starts to matter when the cloud storage is in a different regulatory environment than you think it is.

        How many US-based companies would be comfortable with finding their data has been subpoenaed from a Europe-based datacenter based on an application filed in a French court, and handed over to EU anti-trust officials for a little fishing expedition? All right thats a rather extreme example, deliberatly so, but it illustrates the problem.

        How about if the data gets stored at a nice cheap facility in somewhere like Elbonia, where anybody (including journalists?) can get access if they bribe the right person? Again, just an example, perhaps unfair, but I'd like to illustrate the risk that others will assess on using cloud services of this kind.

        One of my Swiss clients already expressed interest in cloud storage (for backup in this case), but wanted a solid guarantee that the data would never leave the same [i]canton[/i]! Needless to say, cloud solutions that have to provide datacenters located in specific territories and keep the right data in the right jurisdiction, are not going to scale very efficiently.

        As for VPN meeting requirements on confidentiality, I suppose that depends on whether the provider is certified trustworthy under the regulations. But I would want a LOT of insurance (hopefully paid for by the provider) against lawsuits and liabilites when the data is outside of my own company-controlled servers.
        • In some cases, the glass is half-empty.

          Laws and Cloud governance will undoubtedly need to change to address new needs that arise locally, regionally, and globally.

          A needed ingredient is the test of 'time' where the trust level improves and any perceived or real hindrances to Cloud implementation are seen through use and get addressed.

          The old will tend to stay in their low-risk ways where possible. The young will likely be the early adopters and risk takers.
          • Definitions

            [i]The old will tend to stay in their low-risk ways where possible. The young will likely be the early adopters and risk takers.[/i]

            You know how to spot a pioneer?
            Yagotta B. Kidding
        • Not so extreme

          [i]How many US-based companies would be comfortable with finding their data has been subpoenaed from a Europe-based datacenter based on an application filed in a French court, and handed over to EU anti-trust officials for a little fishing expedition?[/i]

          Or, as has already happened, European commercial data has been caught up by US electronic eavesdropping and passed on to US-based competition.

          Do you really want your corporate existence to depend on whether a Texas magistrate allows law enforcement to confiscate an entire server farm?
          Yagotta B. Kidding
    • You know what I can't understand?

      Whats running in these datacenters like Rackspace or The Planet now? People keep knocking this cloud idea but as far as I can see there are many companies running their applications and storing their data in The Cloud v1.0. I really don't see the difference.
      • SMBs

        SMBs are the current clients of clouds. They don't have the cash to build their own datacenter, so this is a good avenue for them.
        Roger Ramjet
  • What's the extent of obligation in the AGPL?

    Configuration files are as much a part of how software works as the compiled code. So does that mean if you run AGPL code you must publish the contents of your /etc folder? And could one charge an additional fee for distribution of the code, or is it like GPL where the cost of distribution of the binaries automatically includes the cost of distribution of the source (upon request)? I ask that last one because a lot of Web 2.0 programs are gratis (usually ad-supported) and adding the cost of source distribution may risk that profit model.
    Michael Kelly
    • I asked the same questions....

      ...on multiple blogs and have not seen answers to this yet.
  • It is working out great for Google

    to be able to modify the code to their needs, and not [i]have[/i] to distribute it to anyone else.

    For that very reason is why Google is where they are at today.
    • For that very reason...

      is why Microsoft is where they are today.
    • Which is why...

      ...FOSS is great if you ask me. I disagree with the AGPL. The GPL is supposed to be about distribution and not usage or remote access.
    • re: It is working out great for Google

      [i]For that very reason is why Google is where they are at today.[/i]

      No, Google is where it is today because it knows how to do search. The platform on which it implements its search algorithms is immaterial.

      Going by your logic, Live Search would be where Google is today if it used Linux.

      none none
  • I see it now

    Turns out "cloud computing" is really just a plot by Microsoft to get around the GPL. Who would have thought?

    Carl Rapson
    • Not at all

      MS's fingerprints are nowhere to be found on this one. If anything this will turn Google into the next "evil empire".
      Michael Kelly
      • I beleive that he was being sarcastic (NT)

      • Sarcastic, certainly

        Although it's not beyond certain people to attempt to tie Microsoft into this somehow. Even Jeremy admits that he was actively engaged in issuing dire warnings about Microsoft when the "heckling" occurred, and Jeremy is known for nothing if not fearing Microsoft's influence. Also telling is how Jeremy, by strange coincidence an employee of Google, neatly side-steps the issue raised by the "heckler" and proceeds to explain why it won't matter even if Google does have such designs, because the GPL will eventually be supplanted by the AGPL. So there's nothing to fear from Google after all, leaving Microsoft as still the only entity to fear.

        Carl Rapson