Thomas Ptacek should stop whining about open source and StillSecure
There are few things I dislike more than seeing a grown man whine. Thomas Ptacek has been on a whining spree for months now - whining on about how StillSecure’s use of open source software is "driving open-source projects underground". He has taken every opportunity to bad mouth, whine, throw mud, and stamp his feet about StillSecure. I have for the most part ignored him. This is the same tact I take with my 5 and 7 year old sons when they whine. In fact, we have a saying around here, “whiners get nothing”. Ignore it and my kids stop whining, but Ptacek just doesn't stop. Before he threatens to hold his breath until he turns blue, let’s look at what has Ptacek so agitated that he’s telling me to stop talking or writing about open source (and here I thought free speech was protected under the GPL or something).
1. Our Cobia license - We call Cobia a community, open source license. We said from the beginning that if your definition of open source is an OSI license, then Cobia does not meet that definition. We are not trying to fool anyone. However, we give the product away for free with the source code (from our vantage point, we believe Cobia is open source – but we fully understand those that disagree). The GPL leaves a lot to interpretation, and we wanted to be clear about what can and can’t be done with Cobia. So, we wrote our own license. If you are going to make money off of Cobia, we want to make money too. Same idea as any number of dual licensed, open sourced projects out there today. This got Ptacek in an uproar and he started a brouhaha about it. According to Ptacek, if you don't have either the GPL or another OSI license you are really not open source. I understand his feelings on it. So, I said fine, don't call it open source, call it “community source” or whatever you want, just don't call me late for dinner. And just to put this issue to rest, we are fine calling it community source – in fact, if you looked at our license its titled community source license! Evidently this was not enough for him though, so he continued whining about it in a Dark Reading article by Kelly Higgins Clark.
2. Snort 3.0 license - I speculated about possible licensing changes in the upcoming Snort v3.0. Marty Roesch who has a thing or two to say about Snort licensing responds. According to Marty, they are not changing the license; they are just "clarifying" what they think the derivative sections of the GPL mean. Truth be told, I was hoping to get a definitive answer on this from Marty. Now we can decide, whether we should continue being a Sourcefire partner or not (yes Thomas, we write Sourcefire a check, so don't give me the exploitation crap) and what it means for our business.
So Ptacek, who at this point is all about badmouthing StillSecure, proceeds to blow up, saying I should stop talking about open source and Snort. In the world according to Ptacek, since we "don't give back" and "exploit" the poor guys doing open source, I should not have the right to talk open source and licensing. Now there is a great strategy to build dialog and understanding. Ptacek, maybe you should tackle the Middle East peace process next. With your open debating style, I bet we’d get that problem sewn up in no time and there may be a Nobel Peace Prize waiting. But before Ptacek solves all of the world’s problems, let’s get back to open source, giving back and exploiting. While Ptacek is making money for himself, we have been spending millions of dollars developing Cobia – which is FREE to end users. We also have developed our Strata Guard Free product – which again, is FREE to end users. We happen to think that is a form of giving back, but Ptacek says it isn’t because it doesn’t have an OSI license. Well, that’s Ptacek’s logic for you. Maybe you can ask the people that are using either product whether they think StillSecure has given back?
Next (this is a real beauty), I show him an article by Lawrence Rosen of Rosenlaw, a corporate secretary and general counsel for the very same OSI that Ptacek so vigorously defended earlier. It plainly calls bunk on Ptacek's view of derivative work. So what does Ptacek say? He says the lawyer is crazy of course. Of course he is, he doesn't agree with Ptacek. How can he be anything but crazy? After all, Ptacek has a much better handle on the complex legal issues around open source licensing than one of the preeminent legal authorities in the world on the subject.
3. Ptacek really gets desperate with this one. I write an article noting that the FSF released a "last call" draft of GPL v3. I state that I don't see the word derivative in there and say that we will have to wait for the courts and the lawyers to see what this will mean with regard to derivative works. So, Ptacek takes "artistic license" and writes an article titled "StillSecure Rejects Terms of GPL". Where did I say anything about rejecting GPL terms? Who is blog whoring now?
Ptacek's whining about StillSecure's use of open source reminds me of baseball fans that complain about how much teams like the Yankees and Red Sox spend on players. How can the "small market" teams compete? The Sox and Yankees don't make the rules, they just play by them. Same thing here, Ptacek. Frankly, who cares about what your view of open source licensing and derivative use is. We don't answer to you. We answer to our customers, investors, and the market.
On the issue of the game going on with open source commercial developers and "open source remorse", Ryan Russell summed it up perfectly in a comment to your post. Let me just paste most of it in here:
So who cares if StillSecure uses Snort? If they change the Snort code, they will give that away right? It’s Sourcefire that cares. Marty and company picked the GPL, and now they’ve got the open source remorse. Sourcefire doesn’t want anyone to commercialize it *but themselves*.
Sure, it’s their code, who is more deserving of commercializing it, right? Fine. But why did they pick the GPL then?
So who’s the bastard who took your GPL Snort, Nessus, and nmap away from you? Is it the Companies that compete with the commercial versions of those projects with their own code? Or is it those companies themselves that sucked up all the GPL goodwill, and now want to be the only ones to capitalize on it?
Did they drop the GPL because they don’t like competition? Did they drop it because “no one was contributing back”?
What did they have to do to be able to re-proprietize the code? They had to drop or swipe all the contributions from everyone else who thought they were contributing to a project that was GPL. Way to encourage contributions.
So who exactly are the ones screwing up the GPL?
Ptacek, why don't you reread Ryan's comments and worry about answering that rather than whining about how StillSecure does business. By the way, I think Ryan has hit the nail on the head here. Take a good read of his comments and tell me how you disagree.
Ptacek, here is the bottom line. You don't like StillSecure, how we do business and you don't evidently like me. That is fine; you can't please everyone all the time. You are entitled to your opinions and I would never tell you to shut up (as you have told me repeatedly), however the potshots have gone on long enough. If you want to have a rational discussion on the facts, I’m happy to engage. If you want to throw mud at StillSecure have at it, but stop the whining, it is not becoming.