1. 13

I’m currently building software that I would like to see turned into a business. However, there is plenty of evidence that companies will not pay for what software they use until they realize that there is a problem, such as log4j, OpenSSL, and probably plenty others. Then there are the cases where companies are outright violating licenses such as the violations of the GPL with regards to OBS Studio by TikTok, among others.

And then, of course, Copilot might be used to launder code.

That leaves me with the impression that companies will not pay if they can get away with it, and getting away with it might even include breaking the law since the little guy does not have resources to sue.

However, there seems to be a glimmer of hope: copyleft licenses with the option for companies to purchase a commercial license. (This is an option for me because I’m writing the code from scratch.) Based on some previous comments on the orange site (like this one), it seems that even this may not work, which would be sad. But I thought I would ask here before I throw in the towel.

To address things like Qt, obviously, dual licensing makes money for companies because if they dual license their stuff, other companies will pay because they are afraid of being sued be someone with enough resources to win. But as I alluded to above, that’s not really the case for an individual.

So I would like to hear your thoughts and experiences about using copyleft with commercial licenses.

Does dual licensing work? Do companies pay?

By the way, by “effective,” I don’t mean that every company follows the license. All I want is for just enough of them to purchase a license and/or support to pay 2 times the typical developer salary. (I need 2 times the salary for tax purposes.)

I guess I also have a meta-question: when companies violate licenses, how often are they just bluffing? Is serving them with a lawsuit enough? Or will they fight what they know is a losing battle?

  1.  

  2. 13

    Companies do pay for software. I’m dual-licensing pngquant. It doesn’t quite pay a developer salary, but it’s worth my time.

    I can’t truly know how many companies use it against the license, but OTOH there are many that come to me and happily get a license.

    In my experience companies want to pay. They value having a written contract that guarantees they will have support and that the license is truly valid (there’s a real risk that a random free library on the net is incorrectly licensed and the code belongs to someone else, eg due to author’s employment contract.)

    I’m not worried at all about companies copying the code. If the task is their core competency, they will write their own thing no matter what. But when it’s not, it doesn’t make sense for them to steal the code – simply because development and maintenance is costly, and it’s taking up their resources they need for their core business. When they buy code it’s because they want to move faster and stay focused, and not reinvent the wheel.

    Be warned that the real work that goes into running such software business is not software development. It’s mainly sales and marketing. Answering enquiries, contract negotiation, soul-sucking SAP vendor registration forms, chasing invoices, dealing with US banking being on a different planet than everyone else, and so on.

    1. 2

      Thank you for your answer!

      In my experience companies want to pay. They value having a written contract that guarantees they will have support and that the license is truly valid (there’s a real risk that a random free library on the net is incorrectly licensed and the code belongs to someone else, eg due to author’s employment contract.)

      Wow, this completely goes against what it appears like from the outside. I hope you are right.

      I’m not worried at all about companies copying the code. If the task is their core competency, they will write their own thing no matter what. But when it’s not, it doesn’t make sense for them to steal the code – simply because development and maintenance is costly, and it’s taking up their resources they need for their core business. When they buy code it’s because they want to move faster and stay focused, and not reinvent the wheel.

      I hadn’t thought about that.

      1. 2

        Wow, this completely goes against what it appears like from the outside. I hope you are right.

        Companies are all different but there are a few useful rules of thumb:

        • If a company has done something multiple times, they will have a process for it. Anything that has a process is easy.
        • In general, companies want most of their employees working on what they regard as their core competency (which may not be what you think it is). They will spend money to outsource things if it helps their employees focus on the things that they’re paid to do.
        • Companies tend to be better at optimising for reduced risk than for maximum gain.

        The first of these may help you but it probably won’t. Buying software is almost certainly something that any company that you talk to has a process for. Often, this will require buying it from an approved supplier. This means that you will need to either have a reseller’s agreement with one of their approved suppliers (meaning that the reseller takes a big cut) or you will have to go through their process for approvals (this is usually not worth it unless you’re expecting a lot of revenue from the customer and can take a long time).

        The second point probably helps you. If you are selling a tool that makes their employees more efficient at doing whatever it is that they’re actually paid to do, then it is probably better for them to buy it from you than it is for them to develop it in house.

        The last point is the one that will cause you the most problems. If you are a small company (especially if you are a sole trader) then you are seen as very high risk. If your software is amazing and you get hit by a bus, what happens? Can someone else maintain it with the license that they have? How much will that cost? If they discover a critical bug, what is the chance that you’ll be able to fix it without disrupting their schedules? Is your support contract giving them measurably lower risk than just using the free version?

        Beyond that, are they shipping your code? If so, there are all sorts of compliance things that are easy for permissively licensed software, harder for proprietary or copyleft software. It may be cheaper (factoring in the risk) to write something and release it under a permissive license than to use your version.

        1. 2

          Wow, this completely goes against what it appears like from the outside. I hope you are right.

          Why Are Enterprises So Slow? explains a lot of the motivations behind typical enterprise policies. It’s common to have support contracts for everything to mitigate risk.

          I hadn’t thought about that.

          I have seen this effect firsthand at work. Several of our internal applications have been discontinued because third-party vendors released comparable products.

      2. 6

        Lots of companies pay for software. There’s a whole giant industry selling commercial software… which leads to the question of why not making it proprietary.

        1. What sort of product is it?:
        2. Who would benefit from availability of source?
        3. Who would benefit from it being open source (you can give people source code under a proprietary license, so this is a different question than the previous one)?

        (I’m working on commercial product, with open source variant with slightly different use case as marketing, and … a bunch of people use the open source tool, and I’ve only gotten a single patch, ever. It’s not clear what being open source does for anyone in this particular example.)

        1. 1

          You have a good point, so let me answer your questions:

          1. It is a tool meant for developers: a build system.
          2. Everyone; it is actually crucial to the software supply chain that the source is available. If the build system is not Open Source (i.e., you can’t compile it yourself), you don’t know if it has been backdoored with a Trusting Trust attack, just like a compiler.
          3. End users. If it’s only source-available, then companies that distribute software that builds with it could conceivably make it really hard to build their software, even if that software is FOSS or source-available.

          But beyond the fact that it is actually crucial to be FOSS for security, there is another big reason: developers will not adopt a non-FOSS tool. If it is FOSS, it has a chance, and if it is not, then it has none.

          1. 4

            There are many build tools out there that are very successful and not open source. TeamCity is a good example.

            1. 3

              But beyond the fact that it is actually crucial to be FOSS for security, there is another big reason: developers will not adopt a non-FOSS tool. If it is FOSS, it has a chance, and if it is not, then it has none.

              Open source isn’t a requirement for commercially successful build tools; Incredibuild is a proprietary build system used by Adobe, Amazon, Boeing, Epic Megagames, Intel, Microsoft, and many other companies. Most of the market consists of pragmatists; they’ll adopt a new product if it addresses a major pain point.

              Is there a distributed build tool for Rust yet? That may be a market worth pursuing.

              1. 1

                I did not expect anyone to say that closed-source build systems were used, but you and a sibling named two.

                As far as making a distributed build tool for Rust, yeah, I can do that. Thank you.

              2. 1

                It is a tool meant for developers: a build system.

                I am curious how are you planning to legally structure dual-licensing of a build system. I believe most (all?) examples of dual-licensing where one license is free/open source involve a copyleft license (commonly GPL). In order to trigger copyleft’ness the user must produce a derivative work of your software (e.g., link to your library). I don’t see how using a build system to build a project results in derivative work. I suppose there are probably some dual-licensed projects based on AGPL but that doesn’t seem to fit the build system either.

                I also broadly agree with what others have said about your primary concern (that the companies will steal rather than pay): companies (at least in the western economies) are happy to pay provided prices are reasonable and metrics are sensible (e.g., many would be reluctant to jump though licensing server installation, etc). But companies, especially large ones, are also often conservative/dysfunctional so expect quite a bit of admin overhead (see @kornel comment). For the level of revenue you are looking at (say, ~$300K/year), I would say you will need to hire an admin person unless you are prepared to spend a substantial chunk of your own time doing that.

                This is based on my experience running a software company (codesynthesis.com ) with a bunch of dual-licensed products. Ironically, quite a bit of its revenue is currently used to fund the development of a build system (build2; permissively-licensed under MIT). If you are looking to build a general-purpose build system, plan for a many-year effort (again, talking from experience). Good luck!

                1. 1

                  I am curious how are you planning to legally structure dual-licensing of a build system.

                  It will also be a library.

                  There are plenty of places in programming where it is necessary to be able to generate tasks, order those tasks to make sure all dependencies are fulfilled, and run those tasks (hopefully as fast as possible).

                  One such example is a init/supervision system. There are services that need to be started after certain others.

                  (Sidenote: I’m also working on an init/supervision system, so technically, companies don’t need to make their own with my library. It’s just an example.)

                  I suppose there are probably some dual-licensed projects based on AGPL but that doesn’t seem to fit the build system either.

                  This build system will be distributable, like Bazel, so yes, that does apply.

                  I also broadly agree with what others have said about your primary concern (that the companies will steal rather than pay): companies (at least in the western economies) are happy to pay provided prices are reasonable and metrics are sensible (e.g., many would be reluctant to jump though licensing server installation, etc).

                  What are reasonable prices, though?

                  But companies, especially large ones, are also often conservative/dysfunctional so expect quite a bit of admin overhead (see @kornel comment). For the level of revenue you are looking at (say, ~$300K/year), I would say you will need to hire an admin person unless you are prepared to spend a substantial chunk of your own time doing that.

                  I am going to do it, yes, but I’m also going to be helped by my wife.

                  This is based on my experience running a software company (codesynthesis.com ) with a bunch of dual-licensed products. Ironically, quite a bit of its revenue is currently used to fund the development of a build system (build2; permissively-licensed under MIT). If you are looking to build a general-purpose build system, plan for a many-year effort (again, talking from experience). Good luck!

                  Oh, I’m cutting features out of my build system, so I don’t expect it to take that long. Also, I’m not running a business like you are.

                  Thank you.

                  1. 2

                    What are reasonable prices, though?

                    The video Designing the Ideal Bootstrapped Business has some excellent advice on pricing; the author has sold at least 3 startups.

            2. 6

              Companies pay for software all the time. You may be reading too many headlines from one corner of the industry.

              Dual licensing (AKA selling exceptions) has worked and does work for many firms, large and small, both on its own and in combination with other models, like selling proprietary extensions or complementary software. I keep a very incomplete list of examples at duallicensing.com. There have been many more successful dual-licensing sales than lawsuits by dual-licensing companies against deadbeat users.

              Merely sprinkling a business model on top of a project with a few website changes and social media posts almost never yields meaningful money. Not with dual licensing, not with open core, not with services or any other model. You need a model and you need to push. Going into business is adding a whole ’nother project to your life.

              Driving paid-license sales will take time and energy. That is time and energy you will not also be able to spend on your software. On the upside, paid-license sales can take substantially less time and energy than developing complementary products, hosting, developing closed, one-off software on contract, or providing high-touch professional services like training. Your project is your project and there won’t be any business need to segment it into free and paid chunks, since what you’re selling is fundamentally permissions, not bits.

              1. 1

                Dual licensing (AKA selling exceptions) has worked and does work for many firms, large and small, both on its own and in combination with other models, like selling proprietary extensions or complementary software. I keep a very incomplete list of examples at duallicensing.com.

                I don’t know how many of your examples are actually small people, but I do know of one: VideoLAN. And the link I had in my original post was the VideoLAN guy talking about how it really hasn’t worked out very well. So while you have examples (and thank you for them; I’m going through them now), I’m a little nervous about how effectively those examples actually make money.

                There have been many more successful dual-licensing sales than lawsuits by dual-licensing companies against deadbeat users.

                I’ll have to take your lawyer’s word for that, but I do wonder if that’s just because the threat is enough from bigger entities. If I, as an individual, am not enough of a threat, would they care enough to pay as required? I don’t really know.

                Merely sprinkling a business model on top of a project with a few website changes and social media posts almost never yields meaningful money. Not with dual licensing, not with open core, not with services or any other model. You need a model and you need to push. Going into business is adding a whole ’nother project to your life.

                Agreed. My current business model plan is two-fold: licensing and on-call support. I just don’t think people will pay for that if they can get away with not paying.

                Driving paid-license sales will take time and energy. That is time and energy you will not also be able to spend on your software. On the upside, paid-license sales can take substantially less time and energy than developing complementary products, hosting, developing closed, one-off software on contract, or providing high-touch professional services like training.

                I do understand that driving sales takes time and energy. Unfortunately, that’s just what I’m going to have to do to make money. I’d rather spend half my time on that than all of my time on someone else’s software.

                Your project is your project and there won’t be any business need to segment it into free and paid chunks, since what you’re selling is fundamentally permissions, not bits.

                Are you saying I should keep it closed source? I’m not entirely sure what you are saying here.

                1. 2

                  If you think your potential customers are a bunch of big companies and you’re afraid of big companies, I’d suggest you reach out to some founders at companies that successfully license big companies. Or find another line of business.

                  If you’re looking for validation of the idea that dual licensing doesn’t work because large companies are all big meanies who don’t play fair, I can’t corroborate. I’m sure it happens. And probably more often where the developer obviously lacks spine and cowers. But the dual licensing failure cases I see have a lot more to do with more basic business faults.

                  1. 1

                    If you think your potential customers are a bunch of big companies and you’re afraid of big companies, I’d suggest you reach out to some founders at companies that successfully license big companies. Or find another line of business.

                    That is a fair criticism. I’ll take the L, and I’ll see about doing as you said.

                    If you’re looking for validation of the idea that dual licensing doesn’t work because large companies are all big meanies who don’t play fair, I can’t corroborate. I’m sure it happens.

                    My wife, the one with business sense, thinks it won’t work because of this, so it’s not just me. In fact, I was pretty idealistic about it until a month ago. She tried to get me to see sense for years, and I’ve only recently come around.

                    And probably more often where the developer obviously lacks spine and cowers.

                    If I had the resources to go after companies in the case that they violated my license, I would happily “grow a spine” and continue with my work. But I don’t have the resources because a lawyer like you doesn’t come cheap.

                    But the dual licensing failure cases I see have a lot more to do with more basic business faults.

                    I believe it. I’ve been taking potential business ideas to my wife for years, and having the business sense that she does, she has shot them all down. So I could see it being hard to find the right one.

                    In other words, I guess I have not found the right one. Good to know.

                    1. 2

                      Wasn’t trying to talk you down. But you came in with a question based on a presupposition that contradicts my experience. For what it’s worth, I’m a deals lawyer, not a lawsuits lawyer.

                      I have seen founders and salespeople have to push on large company users who weren’t initially willing to deal. When the vendor is small, that is definitely an asymmetric conflict. If you find yourself on the smaller side of an asymmetric conflict, you can’t think just in terms of all the big-side resources you don’t have, like how many dollars or bodies or lawyers they have that you don’t. You have to work other leverage. Go talk to founders that have won some of those battles.

                      For what it’s worth, the VideoLAN comment you cited seemed to have a lot more to say about lack of interest in technical support contracts than dual licensing. That fits with my perception of their software’s primary use case and license choice, which don’t put a lot of users in positions where they need other license terms.

                      It’s hard to sell tech support for reliable, well documented software. It’s relatively easy to sell technical support to large companies with urgent problems.

              2. 3

                I have gone a similar route the past years with HexaPDF. My goal was to get an adequate side income next to my 40h job, so it was clear for me that I wouldn’t sell support as main income because that would take too much time away from the main development.

                The PDF library is dual-licensed AGPL and a commercial license. The reason for the license choice was mainly that I wanted to provide a command line tool for manipulating PDFs. So everyone can use the AGPL version without much thinking about the license terms. And companies will choose the commercial license. And this works. I’m not sure how dual-licensing would work in your case, e.g. with a build system.

                HexaPDF fills a niche where no other similar product existed/exists. And it still took a long time to get somewhere business-wise. I guess that mainly comes down to me not doing enough marketing and sales, and having a product that is not needed by that many companies.

                I started the company in 2018 and now, 3.5 years later, I have about 25 paying customers. With about double the number I will have the side income I initially targeted. We will see how it goes :)

                If you want to have 2 times the typical developer salary, I would do a market research and see how many companies would benefit from your software. If your product is better, than the companies will happily pay.

                1. 1

                  I’m not sure how dual-licensing would work in your case, e.g. with a build system.

                  It’s going to be distributable as a library, but it’s also going to be a distributed build system, like Bazel.

                  If you want to have 2 times the typical developer salary, I would do a market research and see how many companies would benefit from your software. If your product is better, than the companies will happily pay.

                  I hope this is true, though I suspect that I also have to prove to the companies that it’s better. And not just better, but far better (because of inertia). I think that may be the hardest part.

                  1. 2

                    I hope this is true, though I suspect that I also have to prove to the companies that it’s better. And not just better, but far better (because of inertia). I think that may be the hardest part.

                    Isn’t that the beauty of dual-licensing? That you can do everything completely in the open and let companies try everything out without them needing to ask any licensing questions or do upfront payment?

                    I don’t think that your product has to be far better than all the others, it just has to have a business advantage for your customers.

                    For example, although I think HexaPDF is great (naturally :) I know that it is by far not feature complete and there are commercial libraries in other languages that are much better in various regards. Yet, I have one customer who came across HexaPDF, tested it for their use case and found it superior to all other tools they tried but still not optimal for what they wanted. So I worked with them for months before they bought a license, and in the process made HexaPDF better for everyone.

                    1. 1

                      Isn’t that the beauty of dual-licensing? That you can do everything completely in the open and let companies try everything out without them needing to ask any licensing questions or do upfront payment?

                      Depends on the license. AGPL is famous for being entirely forbidden in some larger companies (e.g. Google), so for people working there, the product doesn’t exist until the other license is acquired.

                      This doesn’t mean “don’t use the AGPL”, but the dynamic you’re envisioning might not work out for any number of reasons.

                      1. 1

                        Ah, I heard about that some time ago. So this means nobody there is using any application/library that is AGPL licensed, even if it would come by default with the OS?

                        1. 2

                          The operating systems to use at Google are well curated - Linux would be https://en.wikipedia.org/wiki/GLinux. As the policy is “no AGPL”, my guess (I work at Google but didn’t check the licenses) is that the GLinux maintainers simply don’t (re-)package such software.