Open Source Web Applications

January 3, 2011

The Open Source Web Application is a concept I've been thinking about for the past year.  Over the new few weeks I will put it into practice with two services I plan on opening up.  This post is an attempt at roughly defining what it is, why it should exist and what it could be.

The idea

An Open Source Web Application is a hosted web service that publishes source code as its deployed.

Users of an Open Source Web Application should be able to easily access the source code running the deployed application through a prominent link displayed on every page.

Open Source licenses aren't effective anymore

The way it was: in order to use open source code within your software, you needed to participate and meet license terms to legally redistribute your application.

Typically this meant that if you modified open source code you would have to publish your changes back to the respective community.  In many cases open source licenses also required that your application be open source as well.

The way it is: open source code is used everywhere but licenses are effectively circumvented as more and more applications become server based services that never redistribute the code in a traditional sense via file or disk.

This means you don't have to follow the rules of the license, make the application open source or publish any modifications publicly.

Scott O'Grady over at RedMonk gives a clearer explanation:

Simply stated, this refers to the fact that Software-as-a-Service or Web 2.0 applications fail to trigger the most important reciprocal protections afforded by the GPL because they are not, according the GPL’s definition of the term, “distributed.” What this means in practice is that companies such as Amazon, eBay, Google and so on – Application Service Providers, as they might have been called in years past – are free to consume GPL assets and make modifications to them without the obligation of sharing them under the same terms. Traditional software distributors, on the other hand, have no such luck. If Canonical, Novell, Oracle, or Red Hat want to make modifications to their respective Linux distributions, they are required per the terms of the license to share those changes with their competitors. Amazon or Google, meanwhile, are not.

The rarely used GNU Affero General Public License (AGPL) solves the licensing problem by covering Application Service Providers but the massively popular GNU General Public License version 3 does not.  Beyond that there is still the fundamental problem with hosted applications: its on the developers of that system to be honest about their use of open source.  The cloud is a giant black box and many are hiding behind it.

My concern: participation in open source dwindles as most developers spend time creating web applications and not redistributable libraries or frameworks.  If everything is to become a service, to live within the cloud, then what will become of open source?

I could be wrong but the mentality amongst developers has changed.  Everyone is developing the next great Rails application and isn't terribly concerned with the open source lifecycle.

The problem with this trend is this: a tremendous loss in open source publishing will lead to a tremendous loss in developer education.  Open source code has been my primary learning tool over my 15 year career as a programmer.  I can't imagine where I'd be without it.  Think of the children.

Not every web application is a business or startup

There needs to be a space for good ideas to exist without being attached to combustible egos and venture capital dollars.

We need to think smaller.  Software is supposed to make our lives easier.  The most useful things are often times just features and shouldn't be considered anything more than that.  Less is usually more.

The truth is that when it comes to the consumer web no one really knows what they are doing.  Either you build the next great thing and get to a million users or you simply vanish.  I don't think this has to be a zero sum game.  Maybe Open Source Web Applications is the other way.

Security through obscurity isn't secure

One counter-argument to publishing the code of a deployed service is exposing an unnecessary security risk.  I don't believe that is true.

My belief is that developing in the open raises the quality of written code.  If you are going to publish your code base you have to ensure that the code is actually secure.  I'd prefer services that are actually secure and not secured through obscurity.

The future

One idea I've had: a SourceForge for non-commercial web applications.  Code and application hosting infrastructure would be provided for free.  Applications are owned by the community of users and developers.  Everyone has a stake in the application, its continued existence and the data within.  This idea would support the process of a typical open source project with the added dimension of running a hosted application.

The recession has brought about an epidemic of dying startups.  Maybe this larger thesis could be an avenue to preserve a startup in its death throws, open it up and let the community take it forward.

My motivation with this post is to start a dialogue about the state of web applications today and where we might go in the future.  This just the first iteration on thinking out the concept.