This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!

Feature: Free Software

Web apps: the next battleground for FOSS?

By Bruce Byfield on July 14, 2008 (7:00:00 PM)

Share    Print    Comments   

Concerned about the increasing popularity of Web applications, Marco Barulli of the Clipperz project has written one of the first detailed suggestions about how free and open source software (FOSS) should respond to the trend. Although neither Barulli nor Clipperz is well-known, his ideas are being listened to by such figures as Richard M. Stallman of the Free Software Foundation and Fabrizio Capobianco, the CEO of Funambol and a long-time advocate of FOSS in Web applications.

Web applications (a.k.a. software as a service and cloud computing) refers to software that users access via their Web browser and that resides on a provider's servers. Whatever term you prefer, Web applications present a significant challenge to FOSS for at least two reasons.

First, because Web applications do not distribute software in a traditional sense, they bypass the requirement in free licenses such as the GNU General Public License (GPL) that the provider must return code to the community. As a result, companies like Google can take advantage of FOSS for their Web applications, but treat any modifications they make as proprietary.

Second, with data being passed between users and the provider, and, in many cases, the provider's software being installed on users' machines, Web applications raise privacy issues that most free licenses do not address.

These issues are not new. Tim O'Reilly has been warning about them for years, but his sensationalistic declaration that "open source licenses are obsolete" has tended to sidetrack any discussion of the implications.

Moreover, as Barulli notes, the convenience of Web applications has tended to stifle any critique of them. "I've been in the security field a long time," Barulli told, "and I can tell you that convenience is a big driver -- bigger than freedom, and bigger than security."

Yet, at the same time, the need to address the issues is becoming greater. Pointing out that no one predicted that everyday productivity applications like word processors or spreadsheets would be available via a Web browser, Capobianco observes that "The direction of the market is that every application that can be run as a service will be run as a service someday." He refers to the problems raised by Web applications as a "cancer" for FOSS, adding, "If we let [this] problem slip by because we think software as a service is of minimal importance, we're wrong. Because the direction of the world is software as a service. Ten years from now, if 90% of software is run as a service, then open source dies."

Making Web apps free

Until Barulli suggested his course of action, Clipperz was best known for its problem in having Google Code host the Web site for Clipperz's community edition. The project wished to license its software under the Affero General Public License (AGPL), a license that closes the distribution loophole in the standard GPL by defining the offering of software as a service as a form of distribution that carries the same obligations.

However, Google refused to host a project licensed under the AGPL, claiming first that it wished to avoid a proliferation of licenses, and later that the AGPL was unproven. However, many observers suggested that the real reason was that Google, which had profited from the loophole, was simply nervous about any association with AGPL.

Clipperz eventually found a home for its community edition on However, a more important result of the issue was that Barulli began an extended email exchange with Richard Stallman. "It was quite a revelation for me," Barulli says, and the conversation led directly to his action plan.

Addressing the problem

At the outset, Barulli makes clear that he is not trying to stop the spread of Web applications. "Web apps are great and I’m in love with them," Barulli says. "But I think it’s time to ask for more freedom and more privacy."

Clipperz was one of the first projects to choose the AGPL. "This was what we were waiting for," Barulli says. Given this enthusiasm, the first step Barulli proposes is unsurprising: encouraging the use of the AGPL. "I think it's my right to know what code I'm running on my machine, and what code I'm running on yours," he says simply. As part of this campaign, Barulli is canvassing for suggestions for an "AGPL suite" of Web applications for free software users, and urging developers to join Clipperz in becoming evangelists for the AGPL.

To address the privacy issues raised by Web applications, Barulli advocates what he calls "zero-knowledge Web apps" -- that is, applications that encrypt user data and identity so that it is inaccessible to the provider.

This suggestion is Barulli's own. "Richard Stallman was only worried about the freedom of the source code," he says. "I'm also worried about the freedom of my data." When the issue is software installed on a workstation or network that you control, Barulli explains, the issue hardly arises. However, he says, "When I move my application to the Web and therefore my data, I would like to retain control over my data. It's still my data."

In fact, as a security expert, Barulli is so concerned about the privacy of data that, referring to free software's traditional four freedoms, he suggests that "this is another freedom that free software should take care of."

In the long term, Barulli also calls for changes to free Web browsers as an additional protection of users' freedoms. Specifically, Barulli would like to see browsers that not only authenticate code using zero-knowledge protocols, but, in keeping with a suggestion from Stallman, would compare JavaScript or Ajax code to a stored copy, and alert users if any change had occurred. "This solution," Barulli says, "protects the user from malicious code that could be unknowingly executed by his browser, stealing his data and destroying the whole zero-knowledge architecture." This capability, Barulli suggests, might be provided by an extension to major browsers.

Barulli plans to continue developing these ideas, and urges readers to add their own suggestions, to blog about the ideas on their own sites and forums, and to donate to the campaign. He also asks for help in naming the campaign.


So far, Barulli has had only limited responses to his suggestions, and mostly from those who encouraged him in the first place.

When contacted, Stallman discussed the outlines of the challenges that Web applications pose, but declined to discuss solutions in details, explaining, "I am writing my own article about this subject, so I don't want to write at length about it before that is finished."

However, Capbianco, who first encouraged Clipperz to move its code to the AGPL, has been more supportive. Capbianco has blogged about Barulli's suggestions, particularly the concept of zero-knowledge Web applications, and told that "I totally agree with Marco about the need for the AGPL." He advises developers, "If you believe in the open source concept of copyleft, you'd better adopt AGPL as a start, so your community is covered, and any modification made on your code will come back to the community."

Barulli's suggestions could be easily implemented if enough people in the FOSS community had the will to do so. However, the problem, as Capbianco says, is that "People aren't thinking about what is happening. And there are companies making significant money by using open source and not returning the code, and they're against [suggestions like Barulli's]. So it's an uphill battle. But I'm pretty optimistic. The good thing about open source is that good things happen fast."

Of course, whether events will happen fast enough is another question. And if Barulli and Capbianco are right, the answer could have significant effects on the future of FOSS -- perhaps even determining whether FOSS has a future.

Bruce Byfield is a computer journalist who writes regularly for

Share    Print    Comments   


on Web apps: the next battleground for FOSS?

Note: Comments are owned by the poster. We are not responsible for their content.

Web apps: the next battleground for FOSS?

Posted by: Anonymous [ip:] on July 14, 2008 08:21 PM
I have been thinking about this for a long time and contacted the FSF
a while ago concerning how the GPL doesn't ensure my freedoms anymore.
They directed me to the Affero General Public License and I have
decided to license any of my work that I release under it to ensure it
remains free.

We all need to branch together and take back our freedom. The FSF also needs to recognise this as a fifth freedom.


Web apps: the next battleground for FOSS?

Posted by: Anonymous [ip:] on July 14, 2008 10:30 PM
An independent group convened by the FSF (called has been working on this issue, and published a statement today about their progress so far. See Seems to be a hot topic, as well it should be.


Web apps: the next battleground for FOSS?

Posted by: Anonymous [ip:] on July 14, 2008 11:05 PM
Zero Knowledge is all well and good, but what about applications where some - or all - of the "business logic" is at the server end? SourceForge is an example of such an application. I am sure there are many others where it would be natural and significantly more efficient to put the logic on the server.


Re: Zero Knowledge Web Applications?

Posted by: Anonymous [ip:] on July 15, 2008 10:09 AM
There are times when data freedom is not only applicable, but needed. And there is also an Ajax pattern which makes it possible. It's called Host-Proof Hosting. The definition of the "Zero Knowledge Web Application" put forth by Barulli is based on HPH, but I'm afraid instead of improving the pattern, it introduces a trust fallacy.


There's an ongoing discussion. Barulli has yet to reply to the criticism.


Web apps: the next battleground for FOSS?

Posted by: Anonymous [ip:] on July 15, 2008 08:50 AM
I've wanted for quite some time to write an article myself over this whole "software as a service" issue, but haven't found the time yet. Therefore, right now I'll only add one note and one comment.

First of all, the GPL and similar traditional licenses regulate, in the interest of Freedom as defined by RMS, redistribution of software, with or without modifications. Software ran as a service (SaaS) on an Internet accessible server is not distributed. I can understand the feelings of those who use AGPL and I am sure they all are good guys in good faith.

This said, I must confess that calling SaaS as software distribution really irritates me. What one does running software exclusively on HIS OR HER computer, whatever it is, surely is not software distribution: sure, it may be wrong and it may need to be stopped, but it is NOT software distribution. How it can seriously be called so frankly baffles me.

I'm not saying SaaS is right or wrong here, mind you. If you don't like SaaS, OK, but twisting the meaning of words in this way really reminds me Orwell's Newspeak or all the confusion made on purpose by corporations with the Intellectual Property terminology.

Now a comment on two quotes:

Capobianco: Ten years from now, if 90% of software is run as a service, then open source dies."

Barulli:"When I move my application to the Web and therefore my data, I would like to retain control over my data. It's still my data."

These two sentences sum up very well why I believe that personal desktop and workstations, that is personal computing instead of using web apps, are not going to vanish anytime soon. Once we'll have realized what web apps mean in terms of privacy, censorship, robustness, monopolies and so on, we'll just use as often as possible only computers we can personally, physicall own, lock and completely configure.
You can have universal access to your data with an always online home or VPS server, for example, no need of third party web apps (as long as net neutrality remains, of course).

So, web apps may be the death of Free Software. But if we educate people (not hackers, average people) to what the dangers and real limits of web apps are (something which has NOTHING to do with their software license, let's realize it please: don't try to solve from software something which is NOT a software problem), then SaaS will become much less of a problem, even for Free Software, than what it seems from some angles.

I look forward to hear (even directly) from Capobianco, Barulli, RMS and everybody else their opinions on these thoughts and/or to discuss these issues publicly. You can contact me by email at marco, at digifreedom, dot, net

Best Regards,

Marco Fioretti

The Family Guide to Digital Freedom:


Web apps: Not as clear-cut as the OP thinks

Posted by: Anonymous [ip:] on July 15, 2008 09:01 AM
This is a very interesting article and well written. Thanks.

I'd like to just add that, of course, the GPL and other FOSS licences are very much alive and well within the cloud. I was looking in Amazon's EC2 yesterday funnily enough and it is very hard to find any AMIs (Virtual Machine Instance to you and me) that aren't based on sound and good FOSS platforms, Debian, Ubnutu etc... I also read a great "proof-of-concept" piece recently about running Asterisk in the Cloud too.

So, although I do agree with almost everything in the main article, there wouldn't be the possibility to actually build out and run Clouds without FOSS. Imagine how much (and how slow and unreliable) Amazon's EC2 would be if was based on Redmond code....


Web apps: the next battleground for FOSS?

Posted by: Anonymous [ip:] on July 21, 2008 06:37 AM
Nice article. Working and maintaining free and non-free Content Management Systems I'm interested to see how this develops.


This story has been archived. Comments can no longer be posted.

Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya