Q&A: Simon Phipps Talks the Past, Present, and Future of Open Source Part Two



This is the second post in a two-part interview between open source advocate Simon Phipps and Open.Intel’s Editorial Director Nicole Martinelli. Part one explored the dawn of open source and how corporations have changed the movement. Part two looks at ethics, reputation vampires and the evolution of open source organizations.


Q: What’s the most important debate in open source now? 

A: Ethics in technology. There’s a very complex debate around artificial Intelligence and the ethics of artificial intelligence that people view through different lenses.   

The free software community tends to look at that through the lens of “How dare they train their AI on our GPL-licensed free software!”  

Other parts of the community are very concerned about “How dare they train their AI on those pictures of my children!”  

And another view is: “How dare they train AI on my artworks and they're not paying me royalties!” There’s a lot of outrage.   

The place where I’ve looked more closely is at the so-called ethical licensing of open source.  

People forget why they wanted an open source license in the first place. We've got to work out how to express ethical preferences and how to secure compliance. How I or my company can secure compliance with our ethical principles from our partners and from our customers.  

Q: When you started, there weren’t any powerful foundations in open source. Can they provide a ballast to big tech when it comes to ethics? 

A: Tricky question. Not all foundations are the same. Americans have 501(c)(3)s and 501(c)(6)s. People from the rest of the English-speaking world have public charities and trade associations. 501(c)(3)s and public charities have a mission to speak on behalf of and in the interests of the general public.   

So if you're talking about foundations in the sense of 501(c)(3)s, like the Open Source Initiative (OSI), the Free Software Foundation (FSF) or the Software Freedom Conservancy (SFC), they do a pretty good job of balancing the impulses of corporations. They do such a good job that many corporations try to shun them. That's a shame; large corporations should be paying no-strings attached sponsorships to organizations like the SFC and the FSF and the OSI simply because we create stability in the force, so to speak.  

Trade associations can only have an impact if it’s in the interests of their members. Trade associations set rules by member consensus to mark ethical red lines to sanction the bad actors of the group. But that won't lead to the public good. That will only lead to protecting corporations from their worst instincts. 

Q: Over the years, you’ve been involved with a lot of open source organizations. You wrote recently about the rise of “reputation vampires,” people who take up a lot of space yet suck the lifeblood from these organizations, exploiting the open ethos. How do you spot one? 

A: Well, if you're worried that you're a reputation vampire, you're almost certainly not.  

There’s a character you can quickly spot in any community organization of people, those who want the status without doing the work. They may avoid the work because they don't want to put in the effort. They may avoid the work because they discover they can't do it.  

But they do show up. 

For most of the organizations I’ve been involved in, if I were pressed, I could give you the names of two or three people who had prominent roles who never contributed anything of consequence… 

Generally speaking, the solution to people who show up to annex the reputation others have gained through their efforts is to require effort from those individuals.  

It becomes very difficult when you deal with soft contributions; there's a boundary where it's really difficult to determine. For example, I know of one major leader who has never contributed anything to the code. They used to run a company that competed against the project immediately before becoming involved. They managed to get a government program to include the project on its list of potential beneficiaries. Now they can point and say, well, “I did that.” 

That person is almost certainly reputation vampire, but they're a clever enough one. To do something that, without careful scrutiny, looks like a contribution, happens pretty quickly as communities get bigger. Basically once you’ve blown your Dunbar’s number - 150-200 people - you have to go by documented contribution rather than what you know about the person. After 200 people, it’s difficult to work out who the concrete contributors are - I've no idea what the antidote is to reputational vampires in large communities. 

Q: Is the antidote, then, keeping communities small? Project based? 

A: Where possible, it's good to have many small pieces loosely joined.  

The Apache Foundation has many small projects, each with its own governance. There’s some unifying governance and rules, but basically all their projects are largely independent. They have a common fiduciary umbrella, voting rules and all the practical details are in common.  

So, for example, I'm a PMC member of the Netbeans community, but that gives me no say whatsoever in the Apache OpenOffice community. (To be honest, I've not contributed very much recently to Netbeans and probably ought to give it up.) The point is that my contributions there are understood by the other committers, whereas if I wander into some other Apache community, I don't have any right to speak there. 

That's a good model because it's much harder to be a reputation vampire in a world where each small part is independent and you try to keep the project parts in the Dunbar boundary. 

Q: What keeps you interested in open source? 

A: What originally got me into this, my core fascination, is action at a distance. My first job was with the Burroughs Corporation, which merged with Unisys in 1986. I worked on the very earliest networked workstations, called CTOS workstations, and I was fascinated by X.25 networking, by distributed file systems and resource sharing over a network. 

Open source is the social method of action at a distance. It allows you to meet, collaborate with, co-work with smart people who you can understand and identify with who you would never meet any other way. 

There are still things that I want to see happen. I'm sick of excessive centralization in computing. I have an idea for a decentralized capability that I keep on trying to persuade my friends from various projects to work on with me. It involves an InterPlanetary File System (IPFS), LibreOffice and WebAssembly (Wasm). If I could put it all together, it would put Google Docs out of business :-) .  

What keeps me working in open source is there's always new stuff, new people and I'm constantly finding new ways to either act at a distance or to be acted upon at a distance that touches on what got me into technology in the first place in the 80s. 


Photo by Clément Falize on Unsplash