back to article The open secret of open washing – why companies pretend to be open source

If you believe Mark Zuckerberg, Meta's AI large language model (LLM) Llama 3 is open source. It's not, despite what he says. The Open Source Initiative (OSI) spells it out in the Open Source Definition, and Llama 3's license – with clauses on litigation and branding – flunks it on several grounds. Meta, unfortunately, is far …

  1. Khaptain Silver badge

    Protection is vital

    Open Source was developed intentionally in order that everyone can benefit , it is vital that it remains that way in order to avoid the dictatorships and monopolies that will result in its demise.

    It is in all our interests that it remains truly open source.

    1. Bryan W

      Re: Protection is vital

      Old habits die hard. Embrace, extend...

      1. doublelayer Silver badge

        Re: Protection is vital

        This isn't an organized campaign planning to eliminate open source. It isn't even in the mind of someone who hopes that open source would go away. It is just people who think lying about what they're making will help them. That person doesn't hate open source, they just don't care about it, know that others do, and think that they can get those others on board by claiming to care.

    2. navarac Silver badge

      Re: Protection is vital

      Trouble is, Greedy Corporations are rapacious and couldn't give a shit about anything, but profit. Open Washing is just a euphemism for theft IMO. So called "AI" is a great vehicle for these corporations to rip-off everything and everybody.

  2. Anonymous Coward
    Anonymous Coward

    Open source health software lies have cost the nhs millions

    Particularly egregious in health software a preying on the good will of doctors and nhs leaders.

    Try find one that publishes their source code.

  3. Dan 55 Silver badge

    Look who funds the OSI

    Firefox has limitations on branding and nobody could argue that isn't open source.

    In any case, if Meta's LLM licence doesn't meet the definition of open source, don't worry, it will do in a few days when the OSI publishes its definition of open source AI. Just look at who funds the OSI.

    It's obvious the large corporations which fund the OSI benefit from an absolutist definition of open source where the BSD or MIT licence is preferred over the GPL. Even GPL v3 too restrictive because it doesn't allow for Tivoisation. It helps them take what they want from smaller idealistic developers without paying for it or even contributing back.

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Look who funds the OSI

      Who made the OSI (with the same acronym as an actual standard) the King anyway? I could come along with my own definition of open source, and it would be no less valid.

  4. Randesigner

    OpenAI

    ... should rename itself.

    1. Conor Stewart

      Re: OpenAI

      OpenAI is particularly bad. Yes they started as being open but for a long time now they haven't been but won't change their company name, likely due to the public perception of it having "open" in it.

      There are no protections for this sort of name though and that has meant a few companies have done similar, start off being at least partly open with "open" in the name and then go closed source.

    2. Grunchy Silver badge

      Re: OpenAI

      I’m curious about just how many people here actually “use” OpenAI.

      (Please downvote this post if you, personally, use OpenAI.)

  5. Tim99 Silver badge
    Unhappy

    Entitled CEOs,

    and Sociopaths; but I repeat myself. (Apologies to Mark Twain)

    1. ecofeco Silver badge

      Re: Entitled CEOs,

      Not enough upvotes.

  6. the spectacularly refined chap Silver badge

    Not a universal definition

    The fundamental problem is that open source is not a single homegenous community, different elements have at time radically different objectives: at the one end you have the likes of the BSD licence with research and academic origins - yes take this, do what you want with it, but make sure you acknowledge us. Then you have GPL and similar - essentially we'll share this between ourselves but add restrictions to keep away the people we don't want. Then you have the various commerically derived licences generally designed to protect and prefer the original copyright holder. Layered on top of each you have various people in the chain, whether that is developers, maintainers, support, distributors, applying pressure by various methods the retrospectively implied term "but if you make any money, we want our cut" to all of the above.

    Where you draw the line is thus a judgement call and when you are drafting actual law as opposed to a policy it is probably best not delegated to a self appointed pressure group. That is not to belittle the OSI but the likes of the BSI, ANSI, ISO operate under the auspices of government regulation and are ultimately accountable as public institutions of various jurisdictions. The OSI is not.

    1. Flocke Kroes Silver badge

      Re: Not a universal definition

      OSI lost my vote a long time ago when they were keen to approve lots of different "open" licenses. BSD and GPL have good and different reasons to exist. GPL compatible is pushing it. The FSF went to a great deal of time and expense to make the GPL work as intended in as many countries as possible. Rolling your own GPL compatible license is as sensible as non-cryptography specialists rolling their own cryptography algorithms.

      Commercial software producers are free to choose whatever license they like for their own work. If they say "open" but not GPL or BSD I assume there is a sting in the tail of the license that is not worth my time and trouble to identify.

    2. I could be a dog really Silver badge

      Re: Not a universal definition

      Then you have GPL and similar - essentially we'll share this between ourselves but add restrictions to keep away the people we don't want.

      I'm not sure if I'm seeing what you intend in that sentence.

      If you are trying to say that the GPL is "... share this between ourselves but add restrictions to keep away the people we don't want." then you are very wrong. The GPL is very clear that you cannot, in any way, restrict who can use your software or what they can use it for - so that means it can be used by people who don't like for purposes you don't tlike and there's nothing you can do about that.

      If you are saying that some of these "looks like GPL if you squint a bit" licences do add such restricitons, then I;d agree with you - and that's a good reason to boycot them.

      1. JimC

        Re: Not a universal definition

        The statement is reasonable. GPL places restrictions on how the source code can be taken and modified that are not present in the more open licenses. Whether that is good or bad depends entirely on your viewpoint. The people that GPL doesn't want are those who develop software that can not or will not be licensed under GPL.

        1. Dan 55 Silver badge

          Re: Not a universal definition

          And you can argue that MIT, BSD, etc... licences also place restrictions, on the end users. As soon as that code ends up in a PlayStation, iPhone, or a cloud service, it's locked away. End users can't study, share, or modify the software and can only run it if they buy or subscribe to the product.

          The fact that MIT, BSD, etc... licences are often viewed as freer than GPL licences is thanks to years of large tech companies and the organisations they fund saying so. Bruce Perens argues that these licences are used for resource extraction by tech companies, the resource being developers.

          1. Crypto Monad Silver badge

            Re: Not a universal definition

            I think it's disingenuous to blame large tech for somehow biasing the agenda. Authors make the decision between BSD and GPL with their eyes wide open, fully aware of the consequences, often to align with a community to make it easy to aggregate with other similar work - e.g. people who write libraries in Ruby often distribute it under the Ruby licence.

            In any case, the world has moved on. Large tech = cloud, and cloud doesn't care if it's BSD/MIT or GPL - they can monetize both equally. Hence the development of AGPL and the like.

            Perens is also being disingenuous. He wants to apply, in effect, a tax on all companies that use "open source", and use this to fund his trickle-down empire. This completely turns the head on the whole concept of "open source": all open source becomes commercially licensed under a collective subscription system with a massive price tag (1% of *turnover*) - comparable to regulatory penalities applied for market abuse. This is absolutely the opposite of what anyone who writes either BSD or GPL code wants, and I don't think it has the slightest chance of happening. The large companies will fork the code they use, and maintain it themselves - they can afford to - and stop contributing back.

            1. Dan 55 Silver badge

              Re: Not a universal definition

              In any case, the world has moved on. Large tech = cloud, and cloud doesn't care if it's BSD/MIT or GPL - they can monetize both equally. Hence the development of AGPL and the like.

              AGPL is hardly an insurmountable problem. Are you saying that Google, Amazon, or Microsoft are so cheap they won't touch AGPL-licenced code as it means they would need to contribute patches back to the project and that detracts too much from their bottom line?

              all open source becomes commercially licensed under a collective subscription system

              But it already is! Only the money is funneled into Google's, Amazon's, and MS' pockets, not the projects themselves. Open source projects are starved of money and cloud companies can donate a percentage of the income which comes from the sale of open source services to their customers, only they elect not to. If there were no open source software, cloud companies would be paying third-party suppliers for that software.

              with a massive price tag (1% of *turnover*)

              I suspect that's his opening gambit.

              The large companies will fork the code they use, and maintain it themselves - they can afford to - and stop contributing back.

              What exactly are they contributing back? Currently approximately 0 patches and $0.00. Is anyone supposed to be at all bothered if licencing forces them to be more honest?

          2. JimC

            Re: MIT, BSD, etc... freer than GPL ...thanks to years of large tech companies

            Not at all. When I've put my trivial bits of code out with an NCSA license its as a pay forward in recognition of all the developers who've put sample code out there for me to learn from. I'm not concerned with end user freedom to study, share or modify. Apart from anything else I'm well aware that 99% plus of them neither wish or are able to take advantage of that highly notional freedom. What I am concerned about is the freedom for other developers to take it and use it without having to worry too much about licenses.

        2. GeekyOldFart

          Re: Not a universal definition

          "...GPL places restrictions on how the source code can be taken and modified that are not present in the more open licenses..."

          While technically correct, this is a statement I'm more used to hearing from open-source opponents. The restrictions in the GPL on taking and modifying code can be summed up as "You can't make a derivative work based on this code that is less free* than this code is" and so we got the still-continuing wailing about how the GPL somehow forces you to open the source of your crown jewels, about how it prevents building a commercial product using it etc. None of which are true.

          The GPLs sway stops at the API. You want a closed-source - and presumably one you can monetise - product that uses the GPLed codes functionality? Fine. Write your closed source stuff such that it interacts with the GPLed stuff through a documented API. A dependency on having a GPLed module being present, and probably installed separately, doesn't make your product fall under the GPL any more than a dependency on a redistributable .net runtime means all your base are belong to Microsoft (although I'm sure they wish it did.) If the API doesn't expose the stuff you need, use the open source model to add to its functionality. You'll need to open that source code, of course, which means your competitors can use it too, but if your confidence in your closed-source product that works with it is good, that shouldn't be a scary thing.

          Unless, of course, you're one of these software firms that likes to stop anyone else trying to do it better with a barrage of lawsuits rather than keeping the development of their own product ahead of the competition.

  7. Stuman8484

    Red Hat much?

    Was at a Red Hat event the other day. They were handing out t-shirts with the slogan ‘open mind, open heart, open source’. I thought it was madness but people seemed to lap it up. Surely one of the biggest culprits of open washing?

    1. Tim99 Silver badge
      Unhappy

      Re: Red Hat much?

      Systemd... >>========>

      1. GidaBrasti

        Re: Red Hat much?

        As much as I dislike systemd, I can't see anything that does not make it open source.

        https://github.com/systemd/systemd/tree/main/LICENSES

        Would you care to elaborate why you seem to think that it isn't open source?

        Objection on a technical level are one thing, but fair do's and all that.

        1. Tim99 Silver badge

          Re: Red Hat much?

          Like many complex systems systemd has been put together in a way that relies on many different components. The licencing page lists them here: https://github.com/systemd/systemd/tree/main/LICENSES. My main concerns are in the README.md file:-

          "Unless otherwise noted, the systemd project sources are licensed under the terms and conditions of LGPL-2.1-or-later (GNU Lesser General Public License v2.1 or later)
          If we look at "Why you shouldn't use the Lesser GPL for your next library" at https://www.gnu.org/licenses/why-not-lgpl.html we find:-
          The choice of license makes a big difference: using the Lesser GPL permits use of the library in proprietary programs; using the ordinary GPL for a library makes it available only for free programs.
          I believe that, whilst agreeing with a definition of Open Source, this may indicate a level of control that may not always be in the best interest of the commons for something that is designed to be ubiquitous. I have been around this stuff for a long time and have learned cynicism - Here is a "modest proposal" I posted about what I thought about systemd on El Reg over 6 years ago: How can we make money? I have seen nothing since then that has changed my mind.

          Before that (about 15 years ago) I replied to a question by Pamela Jones on her Groklaw site, here are the relevent sections:-

          ... The LGPL generally deals with software library packages. The library is copyrighted and requires a distributer to give a user all of the normal GPL rights for that library. The normal GPL requires that any software that is distributed should follow the normal GPL freedoms. However the LGPL allows for proprietary code to be linked to the library. One of the justifications for this approach is that the widest possible use of a LGPL library could encourage a LGPL project to become a de-facto standard. Only changes made to the LGPL library must be made available to other users under the LGPL. If identifiable sections of the distributed work are not derived from the Library, and can reasonably considered independent separate works, then the licence does not apply to this sections - i.e. Changes made to proprietary code that uses the library do not have to be made available to end users. Aggregation of another work not based on the Library does not bring the other work under the scope of the LGPL. I can see scenarios where a commercial producer aggregates a number of different FOSS libraries with a reasonable amount of their proprietary code. This could give a terrific hand-up in being the first to market a new product - This product could then be extended until it has market dominance, during which time the FLOSS libraries are depreciated and replace with proprietary “work alike” modules (Remember that the GPL is a copyright licence and not a patent, so that the ideas and methods in it are not protected). The LGPL prohibits the distribution of software that incorporates patents, but it does not prohibit you from gaining a dominant market share. In any case if you do not distribute the work, you do not have to distribute changes. A few years down the track you could have a dominant work that may (in the US) be patentable...

          ... Before I can explain my attitude to "Lesser" FLOSS licences, you probably should know my background: I am not a lawyer, any opinion that I express should not be used as advice in any software project. I am a (retired) scientist and software developer. My company has produced commercial software and a couple of successful small products used mainly by the public and community sector...

          ...I have been a volunteer technical assessor to a national accreditation and standards body for 15 years. During this time I have come to believe that open data and document formats are essential to all public organizations. Infrared and mass-spectral data are generated in standard formats. Raw instrument and sample data is transferred as CSV files of known formats. Whilst it is important to use FLOSS wherever you can to avoid proprietary lock-in - It is more important to mandate that a copy of all important data is held in a standard format. All of this data should be accompanied by its relevant metadata. Metadata is “data about data” and describes how data is assembled. Examples include size, colour depth, resolution, creator and date of an image; “Markup and Content” for XML; raw data from databases and the relevant schema (ASCII delimited/CSV data and Data Definition Language statements for SQL?); HTML structured documents and OS PDF. Currently we keep most of our data in proprietary formats and structures.We could all use FLOSS solutions for this, but this does not address the problem of when we don’t have access to the original developer or when a programme goes out of fashion. Perhaps the data is contained within an application that uses Java, C/C++, PHP, CSS/HTML and SQL - They are all standards - Can we find someone who can duplicate this if we have to move platforms?

          Linux is claimed by many (most?) to be a Unix - Systemd definitely does not conform to the Unix philosophy that emphasizes building simple, compact, clear, modular, and extensible code that can be easily maintained and repurposed by developers other than its creators. The Unix philosophy favors composability as opposed to monolithic design (Wikipedia).

          1. doublelayer Silver badge

            Re: Red Hat much?

            So you're arguing that LGPL makes something not open source? Do you think BSD or MIT are open source? You're missing the point. All of those licenses allow you to use, modify, distribute, etc the code. The page that advises against the LGPL doesn't like proprietary code and prefers GPL because it makes it a little harder to write it and still use the thing, but that makes something else not open source, not the code under the LGPL in the first place. Open source is not only the GPL.

            1. Tim99 Silver badge

              Re: Red Hat much?

              If you got that impression, I wrote my submission badly. What I meant was that systemd was *designed* to spread, such that it controlled other parts of Linux - Hence my inclusion of the statement by gnu.org "The choice of license makes a big difference: using the Lesser GPL permits use of the library in proprietary programs; using the ordinary GPL for a library makes it available only for free programs".

              As above, I suspect that this decision may not have been made in the best interests of users by the mythical "Really Enterprise Dependant Huge Applications Technology" organization. I believe that the LGPL can be, and is, used in open washing, as in the original article.

              The Linux Kernel is provided under the terms of the GNU General Public License version 2 only - If you have the time, you may like to peruse the Linux Kernel COPYING file and its referred documents. I take them as indicating that the GPL is preferred. Linux is too important to be potentially damaged by incorporating systemd as a critical component when its licencing could potentially be abused.

              1. doublelayer Silver badge

                Re: Red Hat much?

                GPL is the choice of the kernel, but the use of an LGPL application, which is what systemd is, doesn't affect the kernel's license at all, no matter how frequently it's used. Lots of applications that are commonly installed on Linux systems are licensed with it or even more permissive licenses. Glibc, which is more common than systemd, is LGPL. It was written by the GNU project, the same people who have the page you linked advising against the LGPL. That's been common for decades and it has done no harm to Linux's GPL2 status. LGPL is also GPL-compatible such that you can easily license additions to something LGPL as GPL if you wish.

                LGPL is also not open washing. If someone releases something with an LGPL license, it's open source. I have all the freedoms that involves. Open washing is when they say they've made something open source but they haven't. For example, when someone releases code but their license says that it's forbidden for you to use it if you compete with them (for instance Hashicorp) or you cannot use your modifications in anything commercial [undefined] (many people, for example FUTO), or that you can't distribute at all (WinAmp, but they were probably not really claiming to be open source), or that they haven't actually given you the source (Facebook, and they are claiming to be open). LGPL is not any of those things. I disagree with you that "LGPL can be, and is, used in open washing", and I don't understand how you have come to that conclusion. My best guess is you decided this based on a misunderstanding of how it would affect Linux and by taking a suggestion from GPL advocates to an extreme they did not intend.

                1. Tim99 Silver badge

                  Re: Red Hat much?

                  I'm still not making it clear. My problem is not with the LPGL as such - It is that systemd uses it. The LPGL appears to allow derivative works to be licensed under any license, and dynamic and static linking with any proprietary code.

                  The systemd roadmap indicates that it will continue to expand within Linux. Its original aim was "apparently" to replace imperfect initialization programs like sysvinit (which BTW was licensed under GPL 2). I am probably only slightly paranoid, but think that systemd may have been (at least partially) intended as a Trojan Horse to expand the proprietization of Linux. I'm now retired but still do pro bono work - I hope that I have a basic understanding of software licencing, as my latest small project (that would have little commercial value) was released under the Boost 1.0 license.

  8. JamesTGrant Bronze badge

    Can anyone access the source code? Yes? Well that’s great it’s but if it’s licensed such that you can’t then do anything with it, what’s the point? Except to say ‘Open Source’. As in ‘world-readable source code’.

  9. Filippo Silver badge

    I wonder whether widespread, institutional, systematic lying really is a relatively recent phenomenon, or whether it's just my perception as I'm getting older and my glasses start to become rose-tinted.

    I have the feeling that it used to be that politicians, CEOs and other movers and shakers told half-truths all the time, but outright direct lies were much less common, and tended to carry at least some consequences when found out.

    Nowadays, it appears that if a big name says that the sky is green, people aligned with him will happily declare the verdancy of the heavens in a chorus, and most of the unaligned will largely shrug and not hold it against him too much.

    I hope it's just that I'm getting older, and imagining better days, as older people do. Because if I'm right, then I have to wonder how long a society can function with rampant denial of reality.

    1. JimC

      > relatively recent phenomenon

      I study the history of railways in the UK, and from my reading its quite evident that outright lies and dishonesty were just as prevalent two hundred years ago as they are now. Probably worse back then actually, with so much less regulation.

    2. may_i Silver badge

      It's been this way for generations. It's just the tint of your glasses causing the problem.

      1. Filippo Silver badge

        That's actually reassuring in some twisted way, thanks.

    3. ecofeco Silver badge
      Meh

      Why wonder when you can just look up history?

      Spoiler: they never last.

    4. AdelaideSimone

      Basic world history will unfortunately show this has almost always been the case; however, I do think when countries have more recently (past couple hundred years) revolutionized to democratic forms, there were some truly amazing people in them.

      Like with other things, our world's huge interconnectedness (modern ability rapid travel and rapid dissemination of information) just make it easier for the immoral people to lie and manipulate.

      PS: You got your metaphor backwards. Seeing through rose-tinted glasses means you only obliviously see the positive in things.

      1. doublelayer Silver badge

        I think they were saying that they only see positive things from the past, not the lies, but they see all the stuff from the present. So more retroactive rose-tinted glasses. I agree that I've seen lots of evidence of frequent falsehood from the past. It's just that most of it no longer has any relevance, so it doesn't get repeated or talked about.

  10. Doctor Syntax Silver badge

    I'm increasingly reminded of the first episode of Yes Minister when Sir Humphrey explains to Bernard about the title of the report being prepared for Hacker which appears to be exactly what they don't want. He explains it's getting rid of the difficult bit in the title where it won't do any harm. The title? "Open Government" and the difficult bit is the word "open". There seems to be a lot of getting rid of that same difficult bit in the title these days.

  11. david 12 Silver badge

    Who does that now?

    How many among you have compiled the Linux kernel you are using? "Open Source" now is something competing companies use to compete with each other, and they are arguing about the terms of the competition.

    1. hayzoos

      Re: Who does that now?

      I compile the Linux kernel I am using. I do so to simplify the bootstrap from UEFI to the kernel by enabling the EFI stub and to include the modules my system needs to boot and not bother with modules I will never need. I want that freedom. I use Slackware. I compile a lot of what I use. If I wanted to compile all I would use something like Gentoo instead.

      That is why I look for the FOSS rather than just "Open Source". The plethora of terms thrown about for decades has thoroughly muddied the waters. There is more to FOSS than just having access to the source. Even in that part of the "Open Source" world you have those who seem to want all software to become not just "Open Source", but FOSS forever.

      So, without a standard legal definition "Open Source" by name is interpreted by many to mean any software where the source code is not kept secret even if every other aspect of the software is restrictive as one can imagine.

      FOSS "Free and Open Source Software" by name is a bit more descriptive beyond just having access to the source code. But, the definition of "Free" is not immediately clear. Many believe it just means you never pay for FOSS.

      Marketers (those are creatures usually found only in the corporate realm) love this type of ambiguity. It allows them to pull all kinds of sneaky excrement to their advantage.

  12. Grunchy Silver badge

    Litmus test

    It’s not “OSS,” it’s “FOSS.”

    (If it’s not “free” then it’s not worth my while!)

  13. Natewrench

    Libre software Libre source

    Museum source for others

  14. FIA Silver badge

    If we need to check every license for every bit of code, "developers are going to go to legal reviews every time you want to use a new library. Companies are going to be scared to publish things on the internet if they're not clear about the liabilities they're encountering when that source code becomes public."

    I mean that is something you do need to do. (Checking licences I mean...)

    Having a common set of licences makes it easier, but don't ever add a third party library without understanding the licence.

    Companies... if you're not clear about the liabilities of publishing source code.... do not do it.

    (For example, I have to make sure none of my devs use any GPL software in the software product we ship, as we wouldn't be able to comply with the licence. It's an old piece of windows software that uses several third party libraries we don't have the ability to re-licence so any GPL inclusion would put us in some very icky legal waters).

  15. Zippy´s Sausage Factory

    If you believe Mark Zuckerberg

    If Mark Zuckerberg told me the I had ten fingers*, I'd still count them and check.

    * in this case I'm counting thumbs as fingers. Honorary fingers, if you prefer, but fingers nevertheless.

  16. hauga

    Companies should not be afraid of true open-source licenses

    I believe often companies or rather decision makers are afraid of going fully open-source because they invested a lot of money into the product and are afraid some other company uses it, offers it cheaper and ultimately harms the originator.

    So even they might believe in open-source they put protections in place that ultimately lock it down and thus make it closed source but trying to keep the impression of being open.

    In our journey at AirGradient towards becoming fully open-source hardware (all code and hardware licensed under CC-BY-SA), we had the same concerns but ultimately decided to go full-in and open up everything with an officially approved open-source license.

    I believe there are a few important aspects and "protections" that are open-source compatible that help companies protect their investments.

    Firstly, requiring Attribution is compatible with open-source and can help companies get a lot of visibility and competitors probably don't want to attribute another company and thus are often not likely to clone.

    Secondly, using a share-alike license also makes it unattractive for many other companies using the code.

    Lastly, I believe the code itself is often not the valuable part compared to the brand value, employees, reputation, business model, network and implicit knowledge that a company builds up.

    It really worked for us to go that way with a true open-source license and I hope many others will do it too.

    There are already some easy to understand licenses like CC in place and I do hope that they also create awareness around "open washing".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like