The GPL Is Not About Freedom
(Written in April 2005, but never published)
At home, I am planning to set up a file server. The only other thing this machine will do is act as a printer server so my wife and I can share the printer without any cable swapping. If I could have gotten a new Mac mini, I would have done so. My wife and I have been impressed and very happy with her PowerBook, but my budget was “as little money as possible.” So I asked around for an old machine I could get for free, and then explored my options as to what OS to use.
Of course my budget eliminated any newer Windows from consideration, and I didn’t really want to use my old copy of Windows 95, so I settled very quickly on BSD or Linux.
I’ve used OpenBSD before and been very pleased with it. But Linux seems to have more momentum, so I put it in contention. But I didn’t want just any version of Linux. I use Suse Linux at work and have used Red Hat in the past. I’m not too impressed with either of them as far as a server goes. Being somewhat of a security and simplicity freak, I didn’t want to have anything installed except what I actually needed to share my printer and my files.
After a lot of reading, CRUX became my primary Linux candidate. OpenBSD, of course, is well know for it’s security. I recently read that the Honeynet Project, a group devoted to “learn[ing] the tools, tactics, and motives of the blackhat community”, has determined that the life expectancy of a default Linux install on the Internet is growing, and is often measured in months. Some versions of Windows are compromised in minutes. And OpenBSD? The headline from their homepage reads: “Only one remote hole in the default install, in more than 8 years.” They measure themselves in available security holes, whereas Linux and Windows are measured in security violations as the holes themselves are too numerous to count.
CRUX installs just the minimal set of packages necessary to have a basic OS. It is not nearly as large as a “basic” install with Red Hat or Suse. The base CRUX install consists of 62 packages, including the tools for developers. It’s much easier to secure a system when you have a reasonable chance of understanding everything installed on it. OpenBSD, while larger, still fits within this constraint.
I was in the middle of debating between the technical merits of CRUX and OpenBSD, when I stumbled across a notice that OpenBSD team was unhappy with the new version of Apache’s license. According to the OpenBSD team, it was less “free” than the original version and therefore they would not be using any of the code from the newer versions of the Apache web server.
The discussion was interesting and intense. Theo de Raadt, OpenBSD’s founder, is known for his stubborn determination to stick to his principles, which in this case required him to disavow the new Apache license as being incompatible with the BSD license. Incompatible in a moral sense because the new Apache license, which is much more like the GPL than the previous Apache license (which was derived from the BSD license), actually limits freedom. Countless discussions have occurred arguing the merits of what “freedom” means when dealing with software.
Then there’s the old comment of Benjamin Franklin: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” The difficulty in applying it is found in those pesky qualifiers “essential” and “temporary.” What liberties in the software world are essential? And what safeties are temporary? Theo argues that the new conditions in the Apache license represent an unacceptable decrease of freedom.
In the real world, we all like having the police around to keep us safe, and we’re happy to give up a few non-essential liberties in order for that to happen. It’s a classic trade off that requires a delicate balance between safety for everyone and restricted individual freedom. This balance is the essence of civilization. It is what makes any community function.
And then it hit me. The BSD team is right. The new Apache license and the GPL are not about freedom. They’re about community.
Take, for instance, what Apple did with Mac OS X. They took FreeBSD, adapted it to their architecture, made fixes and improvements, added a whole UI layer on top and now sell it as proprietary software. If you’re in the freedom (BSD) camp, you rejoice that Apple saw value in your work and chose to build on it rather than make something themselves from scratch. If you’re in the community (GPL) camp, you’re devastated that Apple pillaged the community by taking from it without giving back. Those reactions are at the opposite ends of the spectrum and reflect a fundamentally different belief about how software should be developed.
Apple is chosing to contribute back most of their fixes and improvements back to the FreeBSD project, but they didn’t have to. They have even set up the Darwin project as a central place for all non-proprietary aspects of their base OS. But they didn’t have to. They were free to take the software, improve it and then keep it for themselves.
However, a community depends on trust and mutual giving. Intel, HP, Dell, and IBM all contribute to Linux. They do so primarily because they know that no one can take that contribution, build on it and then keep it to themselves. It has to be given back to the community. The GPL creates this exact kind of legal obligation.
The economies of a community are very attractive as well. As an example, if we have 20 companies who each have 5 programmers working on the same proprietary software project, and each programmer costs $100,000 per year, then after one year, each company will have $500,000 worth of software that does the same thing. If, however, they work together in a community, at the end of one year, the community has $10,000,000 worth of software and everyone can take a copy and use it. Invest $500,000 and get $10,000,000? That’s a 2000% return-on-investment in one year. Not bad.
Of course, there are a couple of practical considerations that limit that ROI mentioned above. First, it would be rare to find 20 companies that want the exact same software product. Usually, they will just want similar products. The math still works out favorably, but the return isn’t quite as high.
Then there is the increase overhead of communication between a larger group of people. The collaboration probably slows the whole process down a bit. But it can be argued that the end result is a better product. And in reality, both the Linux kernel and Apache itself have shown a remarkable ability to improve at great speed despite the large number of people involved.
Finally, none of our hypothetical 20 companies could realistically expect to make a profitable business out of selling the community-developed software. After all, everyone in the community can take a copy for free. It is certainly possible to sell complimentary products like hardware, support, and services around the software. And Intel, HP, Dell, and IBM all do just that. Even Red Hat and Novell do that when it comes right down to it. Apparently, there just isn’t much commercial value in community software. There is, of course, great value in it as a freely available commodity product.
Now, my sudden insight about the GPL isn’t really new. I’ve seen many people mention “the community” in their discussions or arguments about the GPL. However, it’s become clear that the “free as in freedom, not free as in beer” debate actually disguises the issue and distracts from the real purpose of the GPL: freedom balanced with safety for the benefit of the community. And for me, it’s a new way of thinking about, and explaining, the GPL. The license that targets true freedom is the BSD license.
So which OS do I choose for my file server? Do I even want to make a decision based on the license? After all, I don’t plan to build on the software. I just want to use it.
But in a larger sense, I do feel a need to figure out which camp I’m in. I make my living developing software and I’m likely to face this question many times. I want to make good, informed decisions in the future without having to re-hash the issues in my mind each time. Community Software or Free Software? The reality is that, for myself, I don’t know yet.