Goodbye Cyanogenmod, I'll miss you

It is with some disappointment that I read of Cyanogenmod’s descent into fauxpensource. Not only does it appear that they are doing everything they can to ruin any credibility with their community, it also means that I need to find a new operating system for my android devices.

For those who don’t know, Cyanogenmod is was a very popular implementation of the Android Open Source Project (AOSP). Basically, it is a recompiled version of the software Google and others distribute with their phones but the aim of AOSP is to be as open source as possible (i.e. without a lot of proprietary add-ons). If you were to buy, say, a Google Nexus 4 and a Samsung S4, both android phones, you would find that the user interface on both is radically different.

The reason is that it is rare for a company to want to sell commodity products. If the software on android devices were the same across them all, price becomes the main differentiator. If you are a device maker aiming to get the same margins that Apple is able to demand for its products, then you want to add something unique that isn’t available elsewhere, and it is hard to do that under the open source model. Also, the traditional way to offset costs is through deals to bundle other products into your offering. Does anyone here remember buying a retail computer with Windows installed on it? Usually the desktop would arrive full of pre-installed software, or “crapware”, that the vendors paid to have ship with the product. This happened when I bought my Galaxy S3. I tried to remove all of the kruft, such as the Yellowpages app, only to have the operating system tell me that it was a “critical” system app and couldn’t be removed.

So, within two hours of getting my phone I had root access and installed Cyanogenmod.

Now, I have struggled for over a decade to balance the desire to create free and open source software with the need to make money. I can understand the pressures that the Cyanogenmod team must have felt watching their buddies at commercial software companies making large salaries with a decent amount of job security while they toiled along with no real business model. I, too, have heard the siren song of Venture Capitalists who believe that all you need to make a lot of money is to offer some sort of “enterprise” or commercial version of your open source project.

Most of them are wrong.

I was in a meeting with a VC a few weeks ago when this came up. Now you have to realize that there has only been one “Valley-grade” success story with open source (well, that still exists as a private company), and that is Red Hat. However, most in the Valley don’t view it as a success, and I think that is mainly because it wasn’t a Valley deal. The first thing the VCs will say is that Red Hat is too small – it’s not a “real” success – when the fact is that they have a market capitalization similar to Juniper Networks (about US$10 billion). The second thing is that they’ll point out that Red Hat has “an enterprise version”. This is also not true. Red Hat sells time, just like we at OpenNMS do, through support and ease of use. If I want to, I can buy that access, take the product, remove all of the trademarked information and create an open source, feature for feature copy. This is exactly what CentOS does and why I call the measure of whether or not a company’s products are truly open source the “CentOS Test“. The main reason that the Valley has been unable to duplicate Red Hat’s success is that they always undermine it with some sort of commercial software component that removes the reason people would use it in the first place.

Take Eucalyptus for example. They tout themselves as an “open source” cloud solution, but the barriers they erected with their commercial offerings caused the creation of OpenStack – a truly open source solution that in just a few years has easily eclipsed their product. In that same VC meeting the guy asked “yeah, you’re open source, but what is the ‘secret sauce’?”. Well, the “secret sauce” is the fact that OpenNMS is open source. If I were to screw with that we’d stop being a market leader and just become one of many hundreds of commercial offerings, despite any features that make us better than them.

“But,” the open core people will exclaim, “we need to make money.”

One way to make money is to dual-license an open source project. In order to do that, one must own 100% of the copyright. This brings us to the contentious topic of copyright assignment, and Cyanogenmod seems embroiled in this issue at the moment.

I think it was MySQL that pioneered this idea. Their argument was “Sure, you can contribute to the project, but we need you to assign the copyright to the code you wrote to us. Thus, we can offer it under a license like the GPL, but if you want to pay us you can use it under another license.”

In theory this is a great idea, but there are two flaws. The first is that, as a programmer, if I were to create some code and then give away my copyright, then I no longer own what I wrote. Imagine that you wrote some code for MySQL, and, I don’t know, the company gets acquired by, say, Oracle, and you decide you’d like to work on that code for MariaDB. You can’t. You gave it away. You no longer own it.

The second flaw is that when a company makes a commercial offering, the pressure is on to add more stuff to it and leave it out of the “free” version. MySQL started down this path with offering new versions to commercial customers six months or so before releasing them under an open source license, then six months became a year, and then became never. This is exactly how Cyanogenmod hopes to pay back that $7 million investment by requiring device manufacturers to pay for features that they plan to keep out of the open source version.

OpenNMS, I think, has avoided these two traps. First, we do require copyright assignment. One main reason is that we need to be able to defend OpenNMS from people who would try to steal it. This happened a few years ago when a company was using our code in violation of the GPL. When we started legal action to make them stop, their defense was that “if” they were stealing the code, they were stealing from OpenNMS 1.0 (which at the time we didn’t own the copyright) and thus we couldn’t defend it. Myself and David Hustace mortgaged our houses to acquire that copyright and were able to bring the existing OpenNMS code under one copyright holder.

The next problem to solve was future contributions. Instead of unilaterally declaring that we get sole copyright to all contributions, we actually bothered to ask our community for suggestions. DJ Gregor pointed out the Sun Contributors Agreement (now the Oracle Contributors Agreement) which introduced “dual copyright” to the software industry. In much the same way two authors can share copyright on a book, it is possible for a code author to contribute the copyright to their code to a project while retaining the rights as well. We adopted this for OpenNMS and everyone seems to be pretty happy with it.

Now the second issue, that of a dual license, is harder to address. In the case of OpenNMS it comes down to trust. Trust is very important in the open source world. When I install a pre-compiled binary I am trusting that the person who compiled it didn’t do anything evil. Mark Shuttleworth came under fire for implying that Canonical “had root” in response to some questions about Ubuntu and privacy. While the statement was a little harsh in light of the valid concerns of the community, it was also true. We, as Ubuntu users, trust Canonical not to put in any sort of backdoor into their binaries. The difference between that and commercial software, however, is that it can be verified and I have the option of compiling the code myself.

At OpenNMS we promised the community that 100% of the OpenNMS application would always be available under an open source license, and we have kept that promise. In fact, when Juniper (one of our “Powered by OpenNMS” customers) licensed the code, all the additional work they contract from us ended up in OpenNMS as well (you can actually see the code we are working on in feature branches in our git repository). This is a great way to make money and advance the project as it can be used to pay for some of the development.

This is not a plan that Cyanogenmod plans to follow, if the experience of Guillaume Lesniak is any indication.

The only reason I was interested in Cyanogenmod was the fact that it was open source. Now, the beauty of it is that open source almost always offers options. Bradley Kuhn, a person I consider a friend and whose blog post pushed my button to write this in the first place, offers up Replicant as an alternative. I hadn’t looked at that project in awhile and it seems to be coming along nicely, with a lot of newly supported devices. Unfortunately my AT&T S3 isn’t one of them (they only support the international version), so I’m looking to switch to AOKP as soon as I can find the time.

It will be interesting to revisit Cyanogenmod in a year. My guess is that anyone not employed by Cyanogenmod, Inc. will flee to other projects, and Cyanogenmod, instead of being the go-to AOSP alternative, will fade into just another commercial offering. It is doubtful that Samsung will license it, since they pride themselves on in-house expertise, and Google is, well, Google. With the exception of HTC, no one else has any market share.

But, what do I know, right?