FOSDEM 2019 and the challenge to finance Open Source

Last modified by Ludovic Dubost on 2019/06/17 20:28

I'm coming back from FOSDEM and it has been again an amazing year. We have been super happy to be able to run a dev room about "Collaborative Information and Content Management Applications" which has been a success  (videos are available here). We also have been able to meet XWiki and CryptPad users and give out stickers (all of them are gone and we need to reorder some for our next events). I've been happy to see that the "privacy" subject becomes more and more understood and important to the users.

While I have not been able to attend of lot of talks, beyond the dev room, I've been able to watch the videos. I use the occasion to give KUDOS to the FOSDEM video team. Their video recording system is amazing and videos are getting online with checks from speakers in a record time.

XWiki & CryptPad Talks

I'll start by recommending my talks, as well as other XWikiers:

The Challenge to finance Free and Open Source

Now what I want most to talk about is the talks about Open Source financing and the state of Open Source, as I believe that Libre and Open Source Software is having some challenges that are from my point of view growing and related to the state of the whole software industry.

I'm very happy that there are more talks that bring the subject of financing on the table, as I believe we have too much ignored the "business" aspects as "Open Source" was taking over the world through mostly the first Open Source Professional companies, Software Services companies and Cloud providers.

However while the open code was spreading everywhere, we have not fully grasped where it was coming from and how it has been financed, and today as we see less VC investment in professional open source companies, as RedHat is being acquired by IBM, and as the leading Cloud Providers are eating the business of almost all the other actors and as most future business are being developed as Cloud Services, we are starting to see a fundamental change. 

Open code continues to grow of course, especially all the infrastructure and libraries which are mostly sponsored by the cloud or SaaS actors. However there are already tentions in this area as is shown by the debates about the SSPL/Commons clause licences. The talk by Michael Cheng (working as a lawyer at Facebook, talking on his own behalf) SSPL, Confluent License, CockroachDB License and the Commons Clause - Is it freedom to choose to be less free?  when into good detail about this. It was a very good talk. Now the one thing I believe it failed to talk about was about the future of infrastructure Open Source code given the change in the market forces. While I agree that changing the licence and creating licences that effectively are trying to recreate the "proprietary software model" is not a good thing for Open Source, on the other side, if it becomes impossible to build a significant infrastructure Open Source solution as a startup, investment in Open Source code will either reduce or be only coming from the big cloud and SaaS actors and we should not expect a high percentage of Open Source investment relative to the business of these cloud providers. In the end a massive challenge for Open Source is that it represents only a small fraction of the global technology investment in the world.

Another set of talks actually discussed about direct financing of libre and open source software. I'm really happy that these talks are getting more and more common and that new solutions are emerging to help finance the developers:

Next Generation Internet

First the Next Generation Internet initiative - Year Zero - Come work for the internet on privacy, trust, search & discovery by Michiel Leenaars from NLNet presented the European Community initiatives to finance the future of the internet and in particular Open Source Code, as 12 Millions Euros are being distrubuted in small project between 5k and 50k to help developed "Privacy Enhancing Technologies" and "Search & Discovery". We are candidating to these funds for CryptPad, and I'm a big fan of the approach of financing smaller size projects with public money versus the big projects with many partners. I believe France and BPI should take a similar approach to fund Open Source. 

Hackers gotta eat

Kohsuke Kawaguchi from Jenkins/Cloudbees had a great talk Hackers gotta eat, Building a Company Around an Open Source Project, which touched on the business models for Open Source and why running a company alongside a project is useful and what challenges there are. I believe we have similar experiences also at XWiki which we presented last year XWiki: a case study on managing corporate and community interests - 14 years of Open Source in a Small Co. and in 2013 in the talk Combining Open Source ethics with private interests

Something I also clearly believe in, is that by structuring a company it allows to raise the level of quality and offering that the Open Source software has. In our area there are tons of wiki softwares, but only the ones with a structure can really keep up.

Crowdfunding, bounties, sponsorship programs

There has been a few talks about new financing methods:

The second talk presents GitCoin a funding mecanism using blockchain for open source code. The third one shows a great Open Source sponsorship program at INDEED where 120 K$ will be directed towards open source projects based on what is being used and voted by those who contribute. The objective, which I support, is not only to bring money but also to foster participation from inside INDEED to the projects. It is indeed (no pun intended) important to not only fund the projects but also to increase participations from the users.

The first talk gave a very good overview of different ways and new methods, including OpenCollective, GitCoin, Tidelift.

I've stolen a few slides to show them here (I hope Tobie Langel will be ok with it) because it's really important to understand this:

This is what currently OpenCollective/Tidelift have collected/committed for Open Source code:

million.png

and this is how it compared to the Trillion dollar technology industry developer wages:

trillion.png

A very good question was asked at the end of the talk about wether there is a measurement of the direct company investment in Open Source, and nobody was able to answer. It could be estimated as:

  • How much R&D is being sponsored by Open Source companies

You could use the COSSC Index of commercial open source companies (http://OSS.Cash - Google Docs) , which evaluates the revenue of these companies to 16 Billions Euros / year. Discounting a bit this revenue to 10B$, because some of these companies are not necessarily investing the massive amount of their R&D to Open Source software, and considering a 10% R&D investment, this would mean about $1B Open Source R&D.

  • How much R&D is being sponsored by Cloud providers, SaaS companies or traditional companies

If we consider the whole rest of the software industry, in the presentation above, the total wages of the developers in the world has been estimated to around 1 Trillion dollars (this is the big tower in the image).

If we look at this data from GitHub which indicates that Microsoft has 1300 contributors to OSS and Google 900. Compared to the number of engineers at Microsoft (around 60000 according to this page) and Google (37% according to these numbers in 2014 which would mean 30000 based on the current number of employees), this would mean 2% and 3% knowing that of course we don't know much about the full time nature of these contributors. We could easily estimate less than 1% for these top companies, and this would probably be much less for the rest of the tech industry.

If we consider that maybe in the best scenario, 1% of the R&D is being directed towards Open Source contributions, that would mean 10 Billions $. We could also estimate around 0,1%, which would be another $1B Open Source R&D.

  • Volunteer Time

Now the good news for Free and Open Source code is that there is the volunteer time. A study from 2014 based on hours of commit indicates that 50% of commits would be during work time versus non work time. It is not easy to validate this data, and amounts of commits, do not necessarily mean quality code. Freelancers might contribute on Open Source code outside of their paid missions, during the day. Commits might be done at the end of the day with work from the whole day. Now it's undeniable that there is non-paid Open Source contributions and according to this study it is significant. If somebody has another study of the amount of "non-paid" code, this would be very interesting. 

However, if you consider these developers have a job during the day, you can consider that their "proprietary job" is sponsoring their "evening" open source contribution.

When taking this together, if we are taking the lower estimation, it would be $2B which means the truck in the image, and in the best case $10B which would be one level of the whole tower. If we add the volunteer time on top, this could mean 2 trucks or 2 levels. I would estimate that Open Source R&D funding it's more like the truck in the image, and it's currently coming about half from Open Source companies, and half from the rest of the industry contributing. 

What is sure right now, is that not only this is very small compared to the massive amount of energy directed towards proprietary software, but the "crowdfunding" is even more microscopic compared to the "corporate" funding. 

This is why I'm worried, because looking at the evolution, it seems that we risk having less "professional open source" contributions, if VC backed companies are using non-open source licences or backing off open source, or having the "corporate" contribution become highly dependent on a consolidating industry controlling all our tech lifes. The biggest risk I see, is less "professional" projects to build "end-user" applications which require a lot of fine tuning to be competitive with the cloud solutions. I don't see the cloud and internet applications provider investing in anything else than infrastructure and libraries and keeping the application and the data for themselves.

The risk, and I believe it has already started, is while we had many open source applications working on our desktop or for enterprises, while we have all the infrastructure being open source, the applications on the cloud will be controlled by proprietary providers who won't share them. We might have a lot of Open Source in the backend, but the key service is itself a proprietary service that we cannot control.

The role of developing Free and Open Source software in the sense of the FSFE.org, will remain to Open Source companies and to the vast majority of volunteers who work with almost no or little funding.

The Cloud is just another Sun

This leads me to the final talk of this FOSDEM article, The Cloud is just another Sun from Kyle Rankin from Purism (great stuff by the way). Check it out entirely because it shows a great parallel between the "Cloud Wars" and the "Unix Wars". I'm reprinting again a few slides (I hope he won't mind).

It talks to me because I do have a feeling of "déjà-vu" when looking at our the big cloud providers are dominating everything. And we all look at it thinking it's Open Source while the key aspects are being made highly proprietary. 

unixwards.png

cloudwars.png

cloudsun.png

whatdowedo.png

What can we do ?

Educate

The key question is indeed what we can do about it. We need indeed to educate again on vendor lock-in and particularly of cloud services. In Europe we already do it also because none of these big providers is actually European. As users we need to resist more the big cloud services and we need to advocate again for "Open Cloud" services, which means services that are fully Open Source.

Education is key.

Choose stronger Licences

I believe we need also stronger licences like the AGPL which pushes cloud services to contribute to the Open Source cloud services and does not allow the to fork them as proprietary softwares. I will not advocate for the SSPL licence which is pushing the limit to all the infrastructure. However a legitimate questions is how can the Open Source providers compete with Cloud providers that would contribute only marginally and sell the cloud services. As an Open Source company, the same question is showing up between those that invest in Open Source software versus those that just reuse them for profit without contributing.

However this is not an easy subject, as the stronger licence might also reduce your distribution and turn away some contributors. It is a difficult balance to find in the same way that the balance between free distribution and paying one is a difficult one.

At XWiki we have chosen to have paying modules in our app-store which are fully Open Source, but not available through install for free in the app store. If you want to use them for "free", you will need to build them yourself and run you own app-store.

Value Open Source, not the Zero price

We all confuse Open Source and Free. By doing this we push individuals or companies that try to find a balance towards "Open-Core". In the open hardware world, this is less a problem as people are used to pay for a physical object, but in the software world, we want all for free. By providing more cloud services that are "Open Cloud" we can also have a revenue stream for the cloud service and still keep the software open.

For CryptPad, this is what we are doing and many "privacy" oriented software providers are doing it this way, because it makes sense to show the code when you promise security. Now there will be a challenge to see how these services can interconnect or wether they will start competing with each other.

Finance what is not financed

We need to continue to find ways to financed what is currently not financed. We can advocate to the public funding (European for example) to finance as Open Source what is missing. This is happening with the NGI Funds for example, and us as individuals we can help more end-user projects emerge. I will make here a shameless plug for the OpenCollective of CryptPad.fr which needs your help to provide an privacy centric collaboration platform.

Kudos to the FOSDEM organizers

  • 788 talks
  • 408 hours of content
  • 600 speakers
  • 65 stands

I have to say I'm particularly impressed by the video system and the ability to validate the video of a talk and publish it in record time.