1. 17

  2. 25

    How has AGPL failed? Quoting the introduction to Google’s own policies, which are the top hit for “agpl google” on DuckDuckGo:

    WARNING: Code licensed under the GNU Affero General Public License (AGPL) MUST NOT be used at Google. The license places restrictions on software used over a network which are extremely difficult for Google to comply with.

    This seems like a resounding success of AGPL.

    Proprietary distributed systems frequently incorporate AGPL software to provide services.

    Who, and which software packages? This isn’t just about naming and shaming, but ensuring that those software authors are informed and get the chance to exercise their legal rights. Similarly, please don’t talk about “the legal world” without specific references to legal opinions or cases.

    I feel like this goes hand-in-hand with the fact that you use “open source” fourteen times and “Free Software” zero times. (The submitted title doesn’t line up with the headline of the page as currently written.) This shows an interest in the continued commercialization of software and exploitation of the commons, rather than in protecting Free Software from that exploitation.

    1. 8

      How has AGPL failed?

      I said how in the article:

      The AGPL was intended, in part, to guarantee this freedom to users, but it has failed. Proprietary distributed systems frequently incorporate AGPL software to provide services. The organizations implementing such systems believe that as long as the individual process that provides the service complies with the AGPL, the rest of the distributed system does not need to comply; and it appears that the legal world agrees.

      The purpose of the AGPL is not to stop commercial users of the software, it’s to preserve the four freedoms. It doesn’t preserve those freedoms in practice when it’s been used, so it’s a failure.

      But really AGPL doesn’t have anything to do with this. No-one claims AGPL is a license like the one I describe in the article.

      Proprietary distributed systems frequently incorporate AGPL software to provide services.

      Who, and which software packages?

      mongodb is a high-profile example, used by Amazon.

      1. 10

        I’m fairly certain that the version of mongodb that Amazon based DocumentDB off of was Apache licensed, so I don’t think that applies here. From what I’m seeing, they also explicitly don’t offer hosted instances of the AGPL licensed versions of Mongo.

        1. 5

          But really AGPL doesn’t have anything to do with this. No-one claims AGPL is a license like the one I describe in the article.

          Then your article headline is misleading, is it not?

          1. 2

            This is true. MongoDB changed their license, in response to Amazon using forks of their own software to compete with them.

            1. 1

              That’s fair, you’re probably right. There are lots of other hosted instances of MongoDB that used the AGPL version though, so MongoDB is still the highest-profile example of this. That was the motivation for MongoDB’s move to SSPL.

            2. 2

              I don’t see a laundry list here. I appreciate that you checked your examples beforehand and removed those which were wrong, but now there’s only one example left. The reason that I push back on this so heavily is not just because I have evidence that companies shun AGPL, but because I personally have been instructed by every employer I’ve had in the industry that AGPL code is unacceptable in their corporate environment, sometimes including AGPL developer tools! It would have been grounds for termination at three different employers, including my oldest and my most recent employments.

              Regarding MongoDB, I have no evidence that AWS violated the terms of the AGPL, and they appear to have put effort into respecting it somewhat. It seems that MongoDB’s owners were unhappy that their own in-house SaaS offering was not competing enough with others, and they chose licensing as their way to fight. Neither of these companies are good, but none of them appear to be disrespecting the AGPL.

            3. 4

              the agpl says

              Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software.

              in other words, you cannot run your own proprietary fork of an agpl program; you have to offer users the modified sources. it says nothing about the sources of the other programs that that program communicates with, or the network infrastructure and configuration that comprises your distributed system.

              1. 3

                Yes. This is how we define distributed systems, in some security contexts: A distributed system consists of a patchwork network with multiple administrators, and many machines which are under the control of many different mutually-untrusting people. Running AGPL-licensed daemons on one machine under one’s control does not entitle one to any control over any other machines in the network, including control over what they execute or transmit.

                Copyright cannot help here, so copyleft cannot help here. Moreover, this problematic layout seems to be required by typical asynchronous constructions; it’s good engineering practice to only assume partial control over a distributed system.

                1. 1

                  So, that seems fine then? What’s the problem with that?

                  1. 1

                    the problem, as the article says, is that we have no copyleft license that applies to entire distributed systems, and it would be nice to. not so much a problem with the agpl as an explanation of why it is not the license the OP was wishing for.

                    1. 4

                      I explain more upthread, but such licenses aren’t possible in typical distributed systems. Therefore we should not be so quick to shun AGPL in the hopes that some hypothetical better license is around the corner. (Without analyzing the author too much, I note that their popular work on GitHub is either MIT-licensed or using the GH default license, instead of licenses like AGPL which are known to repel corporate interests and preserve Free Software from exploitation.)

                      1. 2

                        We have Parity as a start. Its author says:

                        “Parity notably strengthens copyleft for development tools: you can’t use a Parity-licensed tool to build closed software. “

                        Its terms are copyleft for other software you “develop, operate, or analyze” with licensed software. That’s reads broad enough that anything an operator of distributed systems both owns and integrates should be open sourced.

                2. 11

                  The software that’s actually used for the largest distributed systems maintained by the largest organizations isn’t available, even though individual services within it are open source.

                  That’s because those systems are exploitative and proprietary.

                  1. 1

                    I don’t disagree - that’s basically my entire point. Was that not clear?

                  2. 5

                    I like the content, but man am I thankful Firefox has a reader mode. Completely unstyled pages are not reader-friendly. Even something as minimal as html { padding: 1em } body { max-width: 65ch; margin: auto; line-height: 1.5 } would go a long way.

                    1. 1

                      The real question is why does Firefox choose such terrible defaults that we feel compelled to tell people to override them…

                      1. 3

                        It looks identical in Chrome, it’s not a Firefox issue. Firefox just happens to have an inbuilt mode to deal with issues like this.

                        1. 4

                          It’s the same render in Epiphany and Netsurf too. HTML is used for many things outside of blog-style entries so it would be a bit ridiculous to try to add that styling for all contexts. As such, all contexts necessitate some styling.

                          1. 1

                            Yes, mostly all browsers have bad defaults. I don’t know why

                            1. 2

                              As I said in the sibling comment, not all contexts using the web are meant for articles as default. The current default is effectively empty. You can see in normalize.css and reset.css that these files have very little that they actually need to do because of how sparse the defaults are which is probably better than needing to override a default article styling for your web application or your canvas demo. If you want a decent default for your page, there are dozens of premade CSS library files that can give you the blog article context without any modifications.

                              1. 1

                                IMO we only think of the defaults as “empty” because they rarely change. There is a default background and foreground colour, link colour and link visited colour, link text-decoratiin, default font family and sizes for different elements, default margins on many elements, default paddings on others, and lots more. You may say “but those are all the obvious defaults” but IMO they are not obvious and just feel that way due to how long they have been relatively the same. Why shouldn’t body have a slightly bigger default margin or a better default colour pallette? Remember when font defaulted to serif and we finally got that fixed?

                                1. 2

                                  I wouldn’t disagree that it could be improved, but I think trying to overstyle it and optimize for articles would not be the right approach. The biggest reasons I’d assume the defaults are as they are now is backwards compatibility for browsers on CRT 480x800 displays when, yeah, those probably were sensible defaults and some of those pages do exist. Perhaps something like a based-on-font-size-max-width on the body could be a sane default to make those, and this page, more legible on the larger displays of 2021 (or 2010 for that matter).

                      2. 4

                        We do not need licenses that force you to open your tooling around open source components. Those scripts are often highly personalized to the environment and user; even setting that aside they regularly shift across a team, evolving as different people use it.

                        1. -3

                          Just use BSD.