.
Bruce Perens: I remain active as a programmer and evangelist. A lot of my work is with wireless technology for ham radio.
Years ago I evangelized for an Open Source digital ultra-low-bandwidth digital voice CODEC for hams, and this has happened. We found a programmer to develop Codec2, as we called it, and others to develop applications and hardware for it. In October, the first commercial walkie-talkie using it (and an Open Source protocol called M17) went on sale. And this is the next model which is hackable and will support multiple software CODECS. I agreed to serve on the board for the M17 project, which is carrying on this development. There is also the FreeDV project, which runs the Open Source codec on HF (the frequency bands that can reach world-wide), which came from the Codec2 project and which I have supported.
I have also been building a remote ham radio site on 10 acres in far-northern California about 10 miles from Oregon, and I have a presentation about it here. This is fun because I can put very large antennas on the property. So far I have an experimental Beverage antenna of 1000 feet of horizontal wire along a cow fence.
I continue to program, and I still run a consulting business that helps companies with Open Source compliance and strategy.
And of course there’s Post Open, which takes up a lot of my time.
Several People Asked This…
by EditorDavid
One thing you’ll see that came up a couple times in the questions from Slashdot readers was how would your proposed “Post Open” license be different than shareware licenses from back in the day?
BP: It’s not really that much like shareware. I started out with the question: Who should Open Source be helping the most? And it seems to me that individuals and small businesses are the ones that really need the software to be zero-cost, and deep-pockets companies actually need other things from us more than they need zero-cost, like security and an assured chain-of-custody so that back-doors don’t get sneaked in to our code, great support, maintainers who stay on the job, and compliance with new law like EU Cyber Resliliance Act.
But what we’ve actually been doing in the Open Source world is running the world’s largest corporate welfare system. The world’s richest companies, the ones that don’t really _need_ it to be zero-cost, get it at zero cost, while they don’t get the things they need to support their business. So, there has arisen this big chain of intermediaries who put a thin veneer on top of Open Source to make it more palatable for business, and the intermediaries collect the money that I think should rightfully go to our developers.
So, I thought about how to turn that around so that the developers got paid for making their software, and making it suitable for business, and having great support, and legal compliance. And the way that works is that entities that get over USD$5M/year income start to pay for the software, the cost ramps up as they make more but never exceeds 1% of their revenue (not profit, I came from the movie industry and we used to say: “If your film makes a profit, you’re doing your books wrong.”), and everybody else gets the software for zero-cost. The rights are pretty much the same as with Open Source today.
And if anyone approaches me with crying eyes because multi-million-dollar-income-per-year companies have to pay, I’m not going to be very sympathetic 🙂
I don’t expect the today’s big companies to jump on this. I expect small companies to build themselves with it, and start to pay as they grow larger.
So, if you are a developer, I hope you can eventually have a job which is just staying home and coding what you want. And the way you will get paid is that we will get reporting from the paying companies annually on what software they are using, and a check, and then compliance will be over for the year. We have a process to keep every company’s data private, we only see totals. We take the money and the report of what software the paying companies are using, and we instrument the git repositories for that software to tell who the contributors are. And then we apportion money to them based on the paying usage for that program.
There’s some hand-waving here, software and processes still have to be written. And the 1st generation will only pay for coding and documentation (because we can tell who wrote it the same way), we will leave figuring out how to pay other sorts of contributor for later. And there are some potential abuses that we’d have to watch out for, or make the software catch.
Any interesting/supportive reactions?
by DevNull127
what kind of interesting/supportive reactions have you gotten to this from others in the licensing community?
One of the nicest expressions of interest is that a law firm joined the project pro-bono (that means without pay, for the public good). We have two great lawyers, one an aerospace lawyer who does ITAR and EAR, munitions export law, which is important because a lot of Open Source, and later Post Open, has potential military use and we have some extra process to keep the Government from restricting it. And the lawyers also do copyright and patents. They are helping with the license that I drafted, and also are developing other processes for Post Open. It wouldn’t be right for me to put out a license for other people to use without having it vetted by a lawyer first. The license could let people down in court if I did that.
How will you keep it honest?
by Anonymous Coward
The open source developers will be the ones doing all the work coding, fixing and supporting the open source products, but in order to pay them there must be a source of revenue. How will you stop the management component of this foundation eating all of that money itself so that we can avoid situations like so-called charities where you typically see ~80% of collected monies getting paid out in “administration fees” instead of doing something useful.
BP: Well, that’s already a problem with current organizations. Perhaps the most obvious is Linux Foundation, they have very highly-compensated executives. And it seems that only 3% of their income is actually spent on Linux. So, I’m taking that as a counter-example. And also Mozilla, which has paid Mitchell Baker a great deal. I heard 7 Million in one year. Now Mitchell was probably compensated for income she generated for Mozilla Foundation, and that came from a deal she made with Google to pay for search hits from Firefox. Which was huge at the time. But I was always unhappy with the optics of the unpaid developer vs. some extremely highly-paid people.
The way you prevent that is with governance. There has to be language in the organization’s constitution that limits executive compensation, and developers have to have a vote which is meaningful in guiding the organization. And here we get into more hand-waving, in that I haven’t written down how that will work yet, and there’d be a lot of public comments and revisions before such a thing was done.
Simple Question
by divide overflow
I don’t know how you get around the historical problem of money corrupting individuals and organizations.
Do you?
BP: Money and power both have corrupting influences. I think the best way to avoid their influence is to not have secrets, so that everybody knows what is going on. When you see that someone has extorted money, that has to have gone on without people seeing for a long time. There are a lot of other examples we could give. The other thing is, again, good governance, and I am lucky in that the prospective funders I am working with are really pushing for good governance and financial responsibility. So, there is already a board and I am not in exclusive control of the project. Which is also good since I’m 67 and won’t live forever. The budget includes a part-time CFO to help us keep financials straight from the start, and another executive to help with the design and eventual operation, hopefully younger. And the lawyers will help with designing governance. But I could also use help from the community.
Fairness
by Grady Martin
I recognize the problem you describe as real. Thank you for attempting to address it.
You mention a number of contribution avenues to the greater ecosystem of free software — from documentation to lobbying to actual programming. How will your proposed system ensure that such varied contributions are compensated fairly?
As-is, free software is largely a do-ocracy, with only moderate potential for deception. Adding bureaucracy to the equation threatens to upset this natural order.
Thank you and best of luck.
____________________________________________________
Re:Fairness
by evanh
There’s really two questions there.
– What is the algorithm for payouts?
BP: We take the companies that pay for software, and information from them, submitted annually, on what they are using, and we instrument the git repositories for those things and figure out who the contributors are. We then apportion money to the developers based on what is paid, how much their software is being used, and what portion of the program they are contributor of. We do documentation writing similarly. Obviously this is more complicated than I can say in a paragraph, and the code is not written yet, and we will also learn from experience as this goes on. For example there will be abuses we have to handle, etc.
And it won’t ever be 100% fair. Just as fair as we can make it. But most of those folks are getting USD$0 today, so it will be a heck of a lot more fair than that.
– How is trust to be ensured?
BP: Sunlight. Lack of secrecy. Oversight by the membership. Auditing. If you think of more, please tell me. Or join the project. I don’t want to create all of this process alone.
As far as the code is concerned, having everything not secret is actually protective regarding ITAR and EAR, because they have carve-outs for information in the public domain, in a trade-secret rather than a copyright sense. So we have rules (already written) to be careful to keep development in the open.
I haven’t read the docs myself but I’d guess both answers are still being formulated, and both are up for discussion.
BP: And both would welcome your help.
Re:Fairness
by AmiMoJo
A related question: What are the responsibilities for the open source dev getting paid?
BP: Some stuff they might not have dealt with before. #1 is positive identification. Fortunately, there are companies who will do that for us, and it’s not expensive. You probably go through it every time you get credit, etc. But we need a secure chain-of-custody for software from the developer all of the way to the user, so that we don’t get stuff like the back-door inserted into XZ Utils.
Developers will get some sort of cryptographic device, probably a 2FA one at the start, and won’t interact with us without using it. I like having the secret key in a piece of hardware where it’s difficult to ever see or copy it.
It’s interesting that the fraud carried out on the original XZ Utils maintainer included fake users submitting bug reports and feature requests until he felt compelled to add the bad actor as a maintainer. So, we might even go to ID verification for all participants in our online communities.
Some libertarians will throw up their hands about this. But I don’t see how we serve companies or governments today without doing this.
Are they likely to be required to respond in a timely manner for security issues? What is they are on holiday? In Europe we have a right to take time off and disconnect, but I’m guessing it would work more like a contract than employment.
BP: The way I envision paid support to work is that the first line of support are our employees. They deal with the user and then behind the scenes we contract the developer to fix their own software. This is a lot nicer for the developer too, users can be difficult to deal with at times. If the developer is not available, we will have a big community that we can contract.
So, handling security reports will be paid support for the Post Open entity itself, so that it happens immediately, and we might take that out of payment for that particular piece of software – but again, policy not written yet.
I can foresee a lot of cases where commercial interests conflict with what the developer wants to do. Timescales, architectural issues, even working with certain people. Linux has seen some drama with commercial contributors that resulted in things getting delayed or not making it into the mainline kernel.
BP: One thing that might help is that this is a developer-controlled organization. Only individual developers vote and the rule is that you vote your heart, not your employer’s interest. Your company is welcome to make money from Post Open – if your developers work for hire, your company gets paid by Post Open and they can tell the developer what to work upon during company time. There is an easy way for the developer to indicate, per check-in, whether they should be paid directly for some work, or if any company they are contracted to, or even their favorite non-profit, should be paid for their contribution. But _control_ of Post Open is entirely in the hands of individual developers.
I am not ever expecting Linus to join the project, but he’d have to change his behavior if he did. And I will too, I wasn’t any better than Linus, probably worse. Those of you who have been around for the early years know I wasn’t great at handling things emotionally.
We have a code of conduct that is a lot different from the ones that Open Source projects have. It respects your right to political expression outside of the project and avoids some reasons we’ve seen for recent developer exclusion from projects. It also restricts the subjects of discussion on project resources but provides a free-speech zone. And the project is politically neutral, which means it can’t stand for some things that are dear to my heart (and yours as well) but that’s how a world full of developers could get along. Take a look.
Comments welcome. This is another thing that libertarians might hate.
And related, what about liability insurance, or failure to meet contractual obligations?
BP: So, here’s one place where Post Open can do a lot better, because it has a central organization. There is already insurance in our starting budget, informed by that experience I had when Open Source Security, Inc. sued me for millions of dollars. That time I won because I had great pro-bono lawyers from O’Melveny and EFF. Next time I want to have insurance and I want to have lawyers on retainer, and not put my home and family at risk. And of course that applies to all sorts of liability of the project and developers, not just me. We have some plans, for example, for patent defense.
Re:Fairness
by iplayfast
Would this project take open source projects under it’s wing, and do things like provide corporate support, corporate dev (for the things that aren’t interesting), maintenance etc. Would this be a way to
1. provide open source projects development money even if they aren’t part of the post open world.
2. provide systematic methods of corporate sponsorship
BP: Yes. If you are an Open Source project, you can dual-license with the Post Open license. The rule is that Post Open’s paid users, who are mostly paying for software under the Post Open license alone, must then use the Post Open license, rather than the Open Source one, for your software. And you get paid. And you don’t have to give up your current Open Source license, and your existing user community.
Also would this be a new license, replacing other ones out there, (if so how would/could that happen with many developers on a single project). or would this be an additional license?
BP: It’s a new license and just _one_ for Post Open. I don’t think Open Source license proliferation has been good for the community. Post Open is not Open Source, and the license doesn’t allow you to call it Open Source. We don’t ever want people to be confused about that.
I provided some input when Wikipedia was relicensed. We also have seen OpenSSL relicense, which had to wait for Eric A. Young and his business partner to retire from RSA, but that one’s unusual. And the Linux developers, long ago, established that they _could_ relicense if they had to. In most cases you can make relicensing work even with some opposed, unresponsive or dead developers. I can tell you more about how, offline.
How would entity revenue be verified and enforced?
by Equuleus42
The How Post Open Works article says, “Deep-pockets entities (over USD$5 Million revenue in a year), companies that include the software in a paid-for product, and companies that wish to keep modifications private must pay.”
How would this revenue threshold be verified and enforced, especially for privately-held companies that do not publicly disclose their annual revenues?
BP: They would still not disclose their revenue to _us_. Nor the list of what software they are using. Both would go to a CPA contracted to us, under NDA. We would only see the totals.
I haven’t discussed with the lawyers what to do about folks who outright lie about their revenue. With public stock corporations it is less of a problem, because you can see their SEC filings. With private ones where there is suspicion, we might have to have an audit process or for our CPA to see their tax filings under NDA. But Post Open would not see this stuff, we would have an arrangement with our CPA to keep it at arms length.
Licensing fees?
by dskoll
This is my question: If the software is open-source (Free Software if you prefer) how will you force anyone to pay licensing fees? And if you do force people/organizations to pay licensing fees, then how can the software possibly be considered open-source (Free Software)? Aren’t you just envisioning a pool that sells proprietary software, and if so, are you abandoning the idea of open-source / Free Software?
BP: Post Open isn’t Open Source. It is a successor to Open Source informed by the great many things that have gone wrong, IMO, in the history of Open Source, and the even more things that will go wrong as governments realize how important we are and try to regulate us, as with EU Cyber Resiliency Act. It has a different license. It has different rules for companies that make a lot of money. It is essentially the same as Open Source for you and me.
If you want to get paid, you need to at least dual-license with the Post Open license. You can use it exclusively if you wish.
So, yes, I am asking people to go beyond some of the original tenets of Free Software and Open Source, because they didn’t quite work out the way we thought they would when RMS, and later me, worked on this. It seems to make sense to me that 27 years after Open Source and 41 after Free Software started, we might want to look at our history, what we did great at and what we failed at, and make some adjustements.
I think we failed to help the common person. And I think we were great for corporations. And I think we weren’t good to our own developers. Why not try to fix that?
My follow-on question is this: How do you envision your collective competing with developers who choose truly open / Free licenses?
BP: I actually put in the Post Open license that you could not call it Open Source. I don’t expect anyone to call it Free Software, but I could put that in too. Open Source and Free Software get to go on doing what they are, with our financial support for the projects that dual-license. If you can think of anything else I should do, please write.
How can I participate?
by PhrostyMcByte
I’ve been nested in Open Source within .NET as a platform for a bit, and in other communities in the past. I’ve seen and helped others navigate this stuff. Honestly, I’d love to join you. Is there a meaningful way I can participate in shaping this venture?
Here’s an example of one thing I’d love to solve. I would love to give devs a licensing framework if not a platform for being both open source and compensated. I want to see a spectrum of options that are both lawyer-approved and safely understandable/explorable by a 14 year old ready to post his first project to Github…
BP: We actually deal with the problem of 14-year-olds in the Post Open license, which I’ve never seen any Open Source license do. Those folks don’t have Contractual Capacity, and you need special language to deal with that. But it’s just one license and I hope it can stay just one. I don’t yet see why it would not be appropriate for the professional and the 14-year-old.
And I understand the problem of your projects casting about for how to support themselves and be open at the same time. I am trying to arrive at a happy medium. It might not be for everyone.
To participate, please start with the Post Open web site, and then please feel free to contact me directly. There is a lot of work people can do. We just set up someone who will take charge of privacy issues. You can write to me at bruce@perens.com .
[Foundations?]
by ctilsie242
As for foundations, this is something I think needs to be addressed. Were it not for F/OSS products, FAANG companies would not exist. Pretty much everything we take for granted now would not exist. At best, we might be connecting to AOL, CompuServe, or MSN, with what would be the Internet still mainly using Solaris and commercial variants of UNIX.
BP: If not for the ATT divestiture, it might well have been the phone company. They had a demo system.
Governments created copyright as a way to compensate content creators. We can use it without any new law, or a new tax. We just need to use it differently from the way that Open Source is doing so today. The way I am proposing to do it has real lawyers behind it and so far we see no reason it would not work with US and international law.
What I definitely want to see an end to is the developer as supplicant. That means beggar. We create the software the whole world runs on, and we have to beg to be compensated for that. Post Open gives us a way to be compensated fairly without begging.
please find a way to keep solidarity with FOSS
by AleRunner
Hi Bruce, I’m a bit of a fan of some of the stuff that you have done, however, I also think that you’ve made an admission that launching the OSI as it was done in competition to the free software foundation was bad because it broke [the] chance of having a single solid movement which concentrated on the importance of freedom. Overall that could be seen as having caused large long-term damage which your new initiative seems to be at risk of repeating.
We now see that it is precisely that freedom which motivates the development of F/OSS systems, specifically seen as commercial freedom. Companies realize that if they commit to a proprietary system then they are under the control of the whims of the providers and that proprietary providers like Microsoft and especially Google, will alter the rules of the game. FOSS is now getting a real chance from that understanding and there are many more developers being paid for working on it, even if their contributions aren’t fully visible as coming from their companies than you seem to estimate.
What I fear is that your new shareware model (as others have kind of rightly described it) will undermine the many many developers who are already making successes out of collaborative fully free software projects. Could you consider some compromises, such as dual licensing under a strong copyleft license like the AGPLv3 or possibly even stronger as a way of ensuring that you are both not seen to be breaking solidarity and that you are also contributing back to the community which your software is definitely going to be expecting to build on top of.
BP: The main difference here is that wealthy companies that make over USD$5M/year revenue have to pay a small portion of revenue. That is not how shareware works, shareware made little people like us pay $50 for a program.
I don’t think you are really defending the very rich. You are defending the Free Software philosophy. Which came about in 1983 and we’ve learned a lot since then. I think this is the way to carry the Free Software philosophy into the future, a future where governments are having a hard time dealing with the fact that the underpinnings of their entire economies are based on anonymous 15-year-olds whose mommies don’t even know they’re working on the project. And spies from every nation. Etc. So, I am trying to help us grow into the role that we already have. I am afraid that if I left the issue alone, someone else would eventually do a worse job. We need only look at the Open Source AI Definition to have an idea how.
The project needs loyal opposition. Will you join us and keep us honest?
If it’s not a co-op, I’m not in
by peterww
Open Source only works because nobody controls it. No organization, person, etc can affect all open source. No central planning, organization, rules, etc. Anyone can do whatever they want. This should be absolute chaos – except it isn’t. The Open Source Community is in effect a quasi anarcho-syndicalist collective of independent workers. We don’t elect anybody, we all actively participate, individually. We ignore capitalism/commerce (our licenses say you can have our labor for free, or pay us, whatever) and therefore we are not bound by it.
I would never support a corporation exerting capitalist control over my work. It would destroy the nature of the community. What I would accept, is a collective of individuals, who all actively participate in a cooperative, managing the organization through direct action, and thus exerting control to support their own rights as needed. The other thing I would accept (which I believe would work, despite its flaws) would be to simply change the license to “paid for commercial use”. This has the benefit of still supporting other open source developers (for free), but corporations have to pay. And corporations would still pay, because they are always willing to pay for tools they need, especially when there’s no other [cheaper] alternative. The model is simple: you give a 6-month free trial to all commercial users. This is enough time to test the software and find out that it works. After that, you pay to keep using it. We could all use part of our payments to support a co-op that pursues legal action against those that don’t pay, as well as receiving the funds and sending them to developers (payments is a tricky thing). You get to dictate your own license, your own payment terms, etc. But you give certain rights to this co-op (mainly the ability to handle funds and pursue legal action, as directed by you) and thus receive its benefits, and it gets some money from you if you get paid. In this way you can decide if you want a percentage of revenue (lol, that will never happen) or just $5 for a lifetime license. Or maybe Ukraine gets it for free. Your project, you decide. But for the most part, corporations pay, and someone else deals with the complexity for you. This retains the anarchist nature of the Open Source Community, while still allowing you to opt-in to being reimbursed for your labor. It will be as chaotic and complex as the Open Source world is, which is just as it should be: a global community of individuals.
BP: Post Open retains most of the free-for-all element of Open Source. You either work for yourself and decide what to do, and get paid by Post Open if you have users, or you work for someone else and they pay you, and they get paid by Post Open, and they decide what you do. You can actually do both, you check in free-time and employer-time software with different IDs.
What it does is establish an entity to do things for the developer that aren’t being done today. Like pay them. Help them to maintain their software and pay them for that, too. Take the lead in complying with laws they aren’t really interested in. Lobby for their actual developer interest, not for the corporations that run the Linux Foundation board. Take the lead when there is a security issue, and if they can’t handle it immediately, get someone else to.
I think this is the way we go forward with what you want.
VC backed open source projects
by Njovich
It seems like in the past decade there has been a large increase in the amount of venture capital backed projects that create software that is (at least nominally) open source. I think it would be really interesting to hear your point of view on this type of project.
BP: I participated in one of the VCs. If you look at the “Team” page on their web site, they have the photo of someone who quit 6 months ago, still shown to prospective investors as a key player. 95% of VCs fail.
I think it’s really hard to run a _pure_ Open Source project with investors who want income. Private equity is worse and I have seen companies I’ve contracted for stripped to the bone so that they don’t even have the staff to help with Open Source compliance even if I offer to do it for free.
So, what we generally see is the “widget frosting” paradigm, where there is an Open Source version, and a paid add-on.
Post Open means you don’t have to do that. You get paid for the main thing, and the right people use it for free.
AI impact
by oumuamua
Do you worry this whole initiative could be made redundant by AI? AI is already writing decent code and getting better each year.
BP: Yes. I already have in the license that the software can’t be used to train AI. We can do this because it’s a contractual term which you must agree to before even performing ephemeral copying (like from a disk to a CPU). Most Open Source licenses try to rely on copyright alone, rather than contract, and have a harder time enforcing things that might be permissible if you only considered copyright law.
There’s an interesting point here, in that Open Source, and certainly Free Software, has refrained from using every tool in the legal arsenal. Post Open doesn’t have to, and certainly the people who abuse Open Source today don’t either. So, let’s deal with them as equals.
Thanks! Everyone please feel free to write to me at bruce@perens.com .
.jpg?w=380&resize=380,220&ssl=1 "How to Shop for Vinyl Records Online (2025): Discogs, Ebay")
