Joyent

Joyent Weblog

Joyent To Offer Open Source Version of Slingshot

By David Young 17 April 07

When Slingshot ships, Joyent will use a dual license model similar to Trolltech, MySQL, and Sleepycat.

Open Source and/or Free

Slingshot will be open-sourced under the GPL and available to anyone with a publicly available service that is free (advertising is “ok”) running on the Rails platform. An example of this type of application is Twitter. You will be able to download the source-code of Slingshot, dig your fingers in, and work with it in any way you see fit.

We are planning a number of initiatives in order to build a vibrant community around Slingshot and are currently working to get a number of open source Rails applications working on Slingshot. We have Radiant working, and we will release this as part of the SDK when we ship Slingshot to the world.

Commercial Use

If you plan to use Slingshot for commercial purposes, we will have two types of licenses. One license type will be for commercial applications that are publicly available. An example of this type of application is Joyent Connector. The other license type will be for commercial applications that are not publicly available (either it is behind the firewall or customer cannot sign up for accounts).

Having commercial use licenses allows people to contribute to the continued development of Slingshot as we plan to reinvest a significant amount of this license revenue into further development of Slingshot and support for the Slingshot open source community.

If your commercial application is powered by a Joyent Accelerator, you get a commercial use license for Slingshot for free. No kidding.

Apollo Model?

When we announced Slingshot, Andrew Shebanow at Adobe posted about Apollo, Competition, and Openness.

Next is SlingShot from Joyent and Magnetk. I love Ruby on Rails, so this product is very interesting to me. They basically have taken the all-in-one desktop server approach of Locomotive and turned it into an application runtime. Its a great idea, and one that opens up a lot more power to the local application than Apollo. Downsides are a lot of potential security issues (no sandbox?), the fact that the entire source of your application is distributed to the world whether you like it or not, and the fact that it is limited to Ruby on Rails applications. More disturbing, though, is that it sounds like Joyent will be charging a royalty for distributing applications based on their runtime unless you are a customer for their hosting service. Maybe they just plan on charging a flat fee for the SDK. Either way, this is much less open than the Apollo model where the SDK and runtime are both free of charge.

We are charging a license fee to people using Slingshot for commercial purposes. I believe Adobe does this for content producing tools, too. Joyent would like to invite Adobe to open source Apollo and the ecosystem around it (Flex, Flash). Don’t just make it free, free it.

And by way of response. Sandbox? What’s the sandbox Adobe Photoshop runs in? Entire source? More on that, later. Limited to Rails? Yes. Focus.


  1. I really love what SlingShot will allow developers to create.

    As a developer, I’m curious to hear any advise you might give as to what will be the best way be to implement a security model for SlingShot applications.

    Let me example, most logic and security is handled at the application layer.

    With the source code now distributed to the end user, what prevents them from editting the source code to give a non-admin user administrative privilleges over the application (or masquerade as another user)?

    I assume the web service API that the SlingShot applications implements on the server will now have to double-check?

    Thank guys for this interesting and awesome product, regardless of what DHH thinks about airplanes.

    — Chad    491 days ago    #

  2. Fantastic news! I assume I will be able to host the server-end of my app somewhere besides a Joyent server (not that I would ever think of doing such at thing!). You must have some secret sauce available for those folks hosting @ Joyent though …

    Patrick Mueller    491 days ago    #

  3. Andrew Shebanow has been trying to post the following comment:

    Wow, holding a grudge, are we?

    I addressed your sandbox comment on my original post, but you clearly don’t appreciate the trust model differences between small apps that are downloaded from the internet and large-scale traditional desktop applications. Or maybe you do appreciate the difference but are only targeting the latter. Or you just don’t care. I personally think you are making a big mistake ignoring the security issue but its certainly your right to do so.

    I’m happy you’re releasing source under GPL. Duel licensing is an interesting choice, and I look forward to seeing how it works out for you business-wise. There is no question that monetizing a runtime framework is a tricky business.

    Can’t really speak to the whole “free vs. free” thing. I’d certainly welcome such a thing but it isn’t something I have any control over. I do want to point out that even though Apollo isn’t fully open source, pieces of it are, like WebKit and Tamarin. That obviously won’t be enough to satisfy everyone, but we expect great things.

    Bottom line is I wish you all the success in the world, and I hope you get over your hard feelings.

    The whole post is here:

    http://blogs.adobe.com/shebanation/2007/04/joyent_fires_their_slingshot_a.html

    David Young    491 days ago    #

  4. @Andrew (via me): saying we are ignoring the security issue is just not true. Rails applications run within Slingshot. In that sense we have a sandbox: Slingshot.

    Re: Apollo being open source. I was not aware that Webkit was an Adobe creation.

    Hard feelings? None at all. I’m just trying to set the record straight about what Slingshot is and its license model. And pointing out that your original post was just speculation and a bit of misdirection about what Slingshot was/was not.

    David Young    491 days ago    #

  5. Can you explain the inconsistency between this:

    Slingshot will be open-sourced under the GPL and available to anyone with a publicly available service that is free (advertising is “ok”) running on the Rails platform.

    and:

    We are charging a license fee to people using Slingshot for commercial purposes.

    You can’t make distinctions between commercial and non-commercial under the GPL. You can’t stop someone from using your code under the GPL and then redistributing it without these restrictions.

    I think I understand what you’re trying to say: That Slingshot source will be available under a commercial license, not the GPL, for paying customers, ala MySQL. You might want to clarify that though because, as this post is written, it may not be clear.

    Kenn Christ    491 days ago    #

  6. The GPL doesn’t let you impose extra restrictions on distribution like you intend.

    A lot of people set out with lofty goals on usage when they release a project, but it’s better not to have them. You lock people’s business strategy to their technical strategy, and the technical strategy loses out.

    If you want people to use your app, the open source has to really be open.

    evan    491 days ago    #

  7. Or better still, choose a saner license.

    Dick Davies    491 days ago    #

  8. Great news! I can’t wait to have stuff like Tracks running in Slingshot (unless I won’t need to because there’s a kickass todo manager in the connector hint).

    Bastiaan Terhorst    491 days ago    #

  9. I think there’s merit in what Kenn is trying to say, but his message is a bit garbled. I found this in the GPL FAQ :

    The GNU GPL does not give users permission to attach other licenses to the program. But the copyright holder for a program can release it under several different licenses in parallel. One of them may be the GNU GPL.

    The license that comes in your copy, assuming it was put in by the copyright holder and that you got the copy legitimately, is the license that applies to your copy.

    So my reading of it is that you can say: “Slingshot’s source will be released under the GPL to users with publicly available services… For commercial users, a commercial license applies.” It feels like a subtle difference to me as an outsider, but it’s critical to FSFers.

    @David: The GPL makes my head hurt.

    Adam    490 days ago    #

  10. @Those who don’t think we can release Slingshot under two licenses: obviously Joyent believes it can. This link provides more information.

    David Young    490 days ago    #

  11. I thought my post was pretty clear, actually. Of course software can be dual-licensed, but if the GPL is one of the licenses you’re using, you will lose the control you’re trying to keep over Slingshot’s usage.

    To illustrate: If I have a commercial project, you can sell me a copy of Slingshot with whatever restrictions you like, no problem. But if I have a free project and receive a copy of Slingshot under the GPL, I am free to redistribute the Slingshot code to anyone I want under the same license I received it with (ie, the GPL), whether their projects are free or commercial.

    Licensing models like the one MySQL uses are “open- vs. closed-source”, which is not the same as “free vs. commercial”. You will find that MySQL is free to use and redistribute, regardless of how it’s being used.

    Kenn Christ    490 days ago    #

  12. basically they’re saying that if you release it under the GPL there’s no way you can stop them from using the GPL code in a commercial situation, so long as the source code is available. However, if you want to keep the code closed, you need to purchase the rights to do so from Joyent, in which case you can keep the code closed.

    The real kicker, is that you cannot stop them from using Slingshot for commercial apps, so long as the code is open. That abides by the rules of the GPL.

    — Kyle    490 days ago    #

  13. Note that, by saying source code is available. It only has to be made available upon request. It doesn’t need to be out in the open on a webpage, it merely needs to be available if someone requests it. If you’ve made no changes to the code, then a tarball or zip of the checked out version from SVN would be sufficient. Or even a link to the download elsewhere. It just has to be available upon request if a user requests it.

    — Kyle    490 days ago    #

  14. @Kenn: we’re not making distinctions between commercial and non-commercial use under the GPL. There will be a version of Slingshot that is released under the GPL. People can use that, extend it, however they see fit. But they have to provide access to the source of their modifications, extensions if they sell their product. There will be a version of Slingshot distributed under commercial license. It may have Joyent-specific features. We will offer support. Etc.

    David Young    490 days ago    #

  15. Slightly off-topic, but any way you guys could turn off Textpattern’s “include comment count in feeds” option?

    It causes my feedreader to plunk this article up top every time anyone comments (which may or may not be what you desired). I get all excited for a new Joyeur post, but it’s just the same old :\

    Jamie Wilkinson    490 days ago    #

  16. I’m excited by the announcement, but for somewhat different reasons.

    I’ve been working on developing local only, desktop based Rails apps for data analysis. This is specifically targeted at users that have highly sensitive data and/or very large volumes of data that can’t be posted on the ‘net.

    I’ve fooled around with modifying the one-click install to the point that I realize how hard it is to package this stuff up.

    When you get a Window’s version going, I’d love to hear about it.

    By the way – the press release is a little misleading (I don’t think intentionally) – on it you say that “Joyent Slingshot enables Rails to break free of the browser.” I think that you might have meant to say, “Joyent Slingshot enables Rails to break free of the internet.” While you could certainly use Rails outside of the browser, if you’re ultimately syncing with a web based application, then in most cases, you still need a browser to get at the data.

    Best of luck guys.

    Nick    490 days ago    #

  17. I’d really appreciate it if you guys would answer the question that chad (first comment) and others before him, including Andrew Shebanow have been asking:

    What will you do about the security risks involved in distributing the full application source?

    furthermore:

    As the developer of a closed source system where my code composes a significant portion of the value of my service, why on earth would I want my source to be available to the consumer?

    Stephen Caudill    490 days ago    #

  18. Stephen, I think it’s been mentioned that you could encrypt your application (like is done with Java Bytecode). Someone correct me if I’ve got this wrong.

    — Geoff    490 days ago    #

  19. @Nick: a Windows version will be available when we launch.

    David Young    490 days ago    #

  20. @Stephen: We’re still working on that part of Slingshot. But this much is true: even if encrypted, a person wanting to get to your code in Slingshot would, given time, be able to get to it. We’ll make it as difficult as possible, but it can’t be impossible.

    David Young    490 days ago    #

  21. I’m very interested in incorporating this into a proposal I’m working on…can you give an idea as to the license costs for commercial applications?

    — Dylan    490 days ago    #

  22. Looks like they called you on your bluff guys :)

    http://labs.adobe.com/wiki/index.php/Flex:Open_Source

    Kyle    482 days ago    #

  23. Licensing this technology seems to stray from your core business of providing hosting infrastructure.

    I would have thought that making a truly open-source product with a free-for-all license would have benefited the platform you’ve created and your existing business much more than any commercial licensing fee arrangement will.

    Help the world to kick ass by developing and nurturing an truly free platforms, and then when you’ve got a big base of amazing companies doing great things with the tools and platform you developed you’ll no doubt have avenues to monetise it.

    Adobe, Google, Apple and many other companies have one up on you in this regard: they understand that you have to help progress the technologies and give back as much as you can, and then through adoption you’ll find business success.

    A licensing scheme that says “if you want to make money with this you must pay fees” will only hurt adoption in return for what, in the long term, are measly amounts of money.

    Tim Lucas    478 days ago    #

Commenting is closed for this article.