[HN Gopher] Getting forked by Microsoft
___________________________________________________________________
Getting forked by Microsoft
Author : phillebaba
Score : 1512 points
Date : 2025-04-21 11:05 UTC (11 hours ago)
(HTM) web link (philiplaine.com)
(TXT) w3m dump (philiplaine.com)
| glenngillen wrote:
| Hey, this sucks. Unfortunately the MIT license doesn't do much to
| prevent this and (I think?) their licensing transgression is they
| haven't kept "Copyright (c) 2024 The Spegel Authors" in the
| LICENSE file. I suspect if you call them out on it that'll be the
| remediation.
|
| Did you manage to reach out to any of the people at MSFT you
| originally spoke to to ask wtf?
| diggan wrote:
| > Unfortunately the MIT license doesn't do much to prevent this
|
| Seems both you and Microsoft needs to actually read through the
| MIT license, it isn't that long or complicated :)
|
| > The above copyright notice and this permission notice shall
| be included in all copies or substantial portions of the
| Software.
|
| That part is even in it's own paragraph and everything, really
| hard to miss for anyone who even glances at the license.
| dtech wrote:
| So if both versions use the same MIT license, the only
| difference is the line parent highlighted...
| gortok wrote:
| Define "substantial"?
|
| What percentage of copying is "substantial"?
|
| That's the problem with concisely written licenses, the legal
| world thrives on definitions and terms of art, and when you
| leave something open to interpretation you invite the
| probability that a nefarious (or even sufficiently amoral
| actor like a large corporation) actor will point to the
| language you use and interpret it differently.
|
| To win any argument in a court of law you must now spend time
| and money to win the argument. Something an open source
| maintainer likely doesn't have, and since the license doesn't
| specify damages, there's no way to even write in a penalty
| for failure to adhere such that a court of law would consider
| it under contract law, and then you have to prove damages.
|
| At least in Virginia, each party pays their own lawyers fees,
| even if they win. You can only collect lawyers fees when
| statutes allow you to, or there has been sufficient bad faith
| from the other side that the court uses its own power to
| sanction.
|
| Oh, and let's say you win and somehow you are able to prove
| damages. Now you have to spend money to collect on the
| judgment. That's money you're not getting back.
|
| The point here is that we've written software licenses as
| contracts that assume good faith and do not punish bad
| actors, when we would need to treat corporations as if they
| are bad actors and write licenses accordingly.
| john_the_writer wrote:
| What they likely mean is that MS says "Good luck enforcing
| this. Have you met our legal team?" Nothing they can't walk
| around, or drown you in legal fees while they smile.
| phillebaba wrote:
| Any copies of the code should include the notice according to
| the MIT license. I do agree that I could have used a less
| permissive license, and it is something that I am now
| considering to change.
|
| The reality is that licenses do not mean anything unless you
| are actually able to enforce it. So I really do not think the
| license would have mattered in this case.
| elteto wrote:
| Licenses absolutely matter, that's the whole point of using
| them! Big corps will absolutely not risk being sued over
| infringement, it's not worth it to them. For the litigation
| cost they'll throw a couple engineers and redo your project
| from scratch.
|
| Sorry it happened to you but it seems like you just picked
| the wrong license.
| diggan wrote:
| > As a sole maintainer of an open source project, I was enthused
| when Microsoft reached out to set up a meeting to talk about
| Spegel. The meeting went well, and I felt there was going to be a
| path forward ripe with cooperation and hopefully a place where I
| could onboard new maintainers.
|
| Seems it isn't the first time Microsoft leads open source
| maintainers on, trying to extract information about their
| projects so they can re-implement it themselves while also
| breaking the licenses that the authors use. Not sure how people
| fell so hard for "Microsoft <3 Open Source" but it's never been
| true, and seems it still isn't, just like "Security is the #1
| priority" also never been true for them.
|
| Here is the previous time I can remember that they did something
| similar:
|
| - https://news.ycombinator.com/item?id=23331287 - The Day AppGet
| Died (keivan.io) 1930 points | May 27, 2020 | 550 comments
|
| The best advice for open source maintainers who are being
| approached by large tech companies is to be very wary, and let
| them contribute/engage like everyone else if they're interested,
| instead of setting up private meetings and eventually get
| "forked-but-not-really" without attribution.
| vasco wrote:
| If a megacorp wants your help to explain ANYTHING to them, you
| better be paid handsomely per hour. Wtf are people doing
| charity for trillion dollar empires.
| keepamovin wrote:
| Not just a megacorp. Anyone for a commercial purpose
| freeamz wrote:
| Hmm, think we ought to judge on a case by case basis.
| However, for megacorp and especially banks that has almost
| 0 to 1% access to cost of capital, vs rest of us who at at
| 20 - 30 % ( for credit card, loan sharks), then there
| should be a different license for these people. There
| should be a GLP type license adjusted to the cost of the
| capital.
| keepamovin wrote:
| Why, if they are paying their employees and aim to earn
| from their enterprise, should so disrespect your time and
| IP as to attempt to not pay you?
|
| Tho pricing tailored to customers works, as long as it's
| efficient and non-zero.
| chii wrote:
| There should not be any difference between small or large
| entitise in how you deal with them as an opensource
| maintainer. Just because someone has more money (or
| less), should not automatically mean you treat them with
| more leniency or ethics.
|
| You set up your standard, and stick to it whomever comes.
| formerly_proven wrote:
| > You set up your standard, and stick to it whomever
| comes.
|
| Why? Most businesses don't entertain standard rates,
| either. It's case-by-case negotiations ("call us",
| "request quote"). Why should I, as a private person
| putting stuff out there for free, set up "my standard"
| and stick to it?
| keepamovin wrote:
| Because otherwise it's not a value, it's a whim.
|
| But I guess they don't mean set the same price for
| everyone - but rather stick to your values in what you
| do.
| keepamovin wrote:
| This is The Way
| vasco wrote:
| Interacting with faceless entities with the power to buy
| multiple countries the same way you'd interact with some
| interested independent young person wanting to learn.
|
| Interesting moral proposition, I doubt you'd get many
| followers. I think it's perfectly reasonable to treat
| people differently from corporations, and random small
| and medium corporations differently than huge megacorps
| without losing any sleep.
|
| Specially in business, charging more to those that can
| pay more is a very common approach.
| chii wrote:
| > charging more to those that can pay more is a very
| common approach.
|
| and all consumers dislike price discrimination. Airlines
| is the classic example.
|
| It's just that those companies do this because they can.
| And i hate it. I much prefer a static, single price for a
| product.
| homebrewer wrote:
| No, it's also because some consumers can't pay the
| "original" price. Steam in "developing" countries is a
| classic example -- you as a game developer can ask a guy
| from my country $60 for a game (and some companies do try
| that), but he will simply go back to torrent trackers
| because $60 is a week's worth of living expenses.
|
| gaben figured that out and successfully expanded into
| many markets that were considered basket cases for
| software licensing.
| jimbokun wrote:
| > Interesting moral proposition, I doubt you'd get many
| followers.
|
| But the US Supreme Court would be one of them.
| polotics wrote:
| Clearly you have yet to experience some of the less
| savoury behaviours from Megacorps sharks. You're looking
| at people trying to make a name for themselves internally
| and if this means being economical with attributions,
| this is the least they would do for their place in the
| California sun.
| LtWorf wrote:
| So you're equally like to give your change to a poor
| beggar and to a guy begging from inside his rolls royce?
| chii wrote:
| If i ahead of time decided to give my next dollar to the
| next guy begging, why not?
| wizzwizz4 wrote:
| That's a really silly precommitment. If you were
| sensible, your _actual_ commitment should be "help the
| next person who requires help, provided that help can be
| provided in the form of one dollar".
| chii wrote:
| That's why the premise in the grandparent post is
| ridiculous.
|
| But the license of a piece of software is not ridiculous
| - if you chose a very permissive license, you cannot then
| go and choose who should or shouldnt be profiting off
| your software. The license was a pre-commitment.
|
| But lots of people make this pre-commitment, but then
| makes a moral/ethical judgement post-facto when someone
| rich seems to be able to extract more value out of the
| software than what "they deserve", and complain about it.
| wizzwizz4 wrote:
| "Permissive" licenses, in fields where abusive
| corporations are known to operate, are a really silly
| precommitment. Copyleft exists for a reason. _But_ , even
| if you (foolishly) made that precommitment, that doesn't
| then mean you have to do free labour for the abusive
| corporations, out of some misguided ideological
| consistency. (Such consistency is the hobgoblin of little
| minds.)
| taormina wrote:
| I mean, the MIT license might be a "more permissive"
| license but it says very explicit things that Microsoft
| is explicitly ignoring. Your license choice doesn't
| matter when they ignore the license anyway.
| flysand7 wrote:
| If a guy comes begging for money out of rolls royce, I
| guess they either are pretty bad at begging or have a
| pretty bad sense of humor. I guess I wouldn't give money
| to them, it doesn't seem like it'll help them regardless.
| freeopinion wrote:
| What is the difference between a rolls royce and a
| celebrity benefit? You shun Shriners if they have a
| catered $1000 fund-raising dinner?
| latexr wrote:
| Companies are never _just_ money. There is a monumental
| difference between:
|
| 1. A small company which is barely profitable but is
| building something which aligns with your values and you
| see as a positive to the world.
|
| 2. A massive mega corporation whose only purpose is
| profit, mistreats employees, and you view as highly
| unethical.
|
| You shouldn't treat those the same way. It's perfectly
| ethical to offer your work for free to the first one
| (helping them succeed in creating a better world) and
| charging up the wazoo (or better yet, refusing to engage
| in any way with) the second one.
| bbarnett wrote:
| There is no such difference.
|
| A company is not a person, and can literally have its
| entire staff changed in short order. Or be bought.
|
| Companies have no morals. Sometimes people in companies
| do, but again, that person can vanish instantly.
|
| You should treat a company as a person which may receive
| a brain transplant at any time. Most especially, when
| writing contracts or having any expectation of what that
| company will do.
| thfuran wrote:
| A sole proprietorship pretty much is a person.
| mindcrime wrote:
| Or a single member LLC.
| Spooky23 wrote:
| The key is contract. Casual chat with a corporate
| representative who isn't selling you something about
| something you own requires some sort of contractual
| relationship and consideration.
| potato3732842 wrote:
| This is an exceptionally ignorant viewpoint.
|
| A business that is privately owned, is run by its
| founders and which represents the lion's share of its
| officers income and net worth can be dealt with like any
| other small business.
|
| Some guy who makes bespoke firmware for industrial
| microcontrollers or very niche audio encoding software
| isn't Microsoft. You won't be able to do business with
| him in a useful way if you treat him like Microsoft.
| scarface_74 wrote:
| If the business is run by its founders and has taken VC
| funding, the founder's "values" no longer matters.
| bee_rider wrote:
| There exist companies which have taken VC money, and
| others which haven't. We've carved out one exception, but
| this doesn't indicate that small personally-run companies
| can't exist, right?
| WD-42 wrote:
| How do you refuse to engage if you use the MIT license?
| dec0dedab0de wrote:
| don't respond to their emails.
|
| If you want to be extreme don't distribute it to them in
| the first place. Licenses do not come into effect until
| after distribution. So you could have a pay-to-download
| model that comes with a %100 discount if you're a lone
| developer or an organization with under X amount of
| revenue. You wouldn't be able to stop someone
| redistributing it after the fact, but you're not
| engaging.
| PeeMcGee wrote:
| > You set up your standard, and stick to it whomever
| comes.
|
| Well, the standard for software licensing is to sell
| cheaper licenses to smaller businesses and more expensive
| licenses to larger businesses.
| buran77 wrote:
| Because they're hoping not to antagonize the megacorp (too
| quickly). If a megacorp has you in their sights, especially
| in a country like the US where court battles are
| prohibitively expensive, pushing the envelope will just draw
| ire and aggression from that megacorp. A normal person has no
| negotiating leverage in front of MS especially when it comes
| to open source.
|
| It's like negotiating with the mafia, you might get something
| out of it but if you cross the line you'll end up face down
| in a ditch and authorities will look the other way. Megacorps
| have stolen, copied, reverse engineered, replicated, etc.
| things since forever and it always worked out for them.
|
| In this case MS didn't _need_ any help. They could very well
| take everything and face no real repercussions (this is the
| reality when the majority is uneducated, and their elected
| representatives are greedy and spineless). So playing along
| gives some chance to get something positive out of it.
| latexr wrote:
| > especially in a country like the US where ending up in
| court is prohibitively expensive
|
| What's the scenario here where they could take you to court
| for refusing to (in GP's words) doing charity for them?
|
| Scenario 1: Microsoft contacts you and says they want to
| talk about your open-source project. You never reply.
|
| Scenario 2: Microsoft contacts you (...). You reply "thank
| you, but I'm not interested. You are of course free to
| contribute or fork within the constraints of the license."
|
| Scenario 3: Microsoft contacts (...). You reply "sure! I
| charge $X/hour or I could do a flat rate of $Y for the
| meeting. Is that acceptable to you?"
|
| What basis would they have for taking you to court in any
| situation? As soon as you got a legal letter for any of
| them, your first step should be to send it to as many news
| outlets you could think of.
| MOARDONGZPLZ wrote:
| "Ending up in court" vs "Microsoft suing you." I think
| the implication is that if MS simply decided to
| unilaterally fork the project and change the license, the
| OS maintainer's only real recourse is the court system
| (and the court of public opinion), and that would be
| expensive.
| debugnik wrote:
| Except MS did it anyway: the author cooperated and MS
| still forked and removed the original copyright notice.
|
| Since this isn't the first time MS does this to a FOSS
| maintainer, it's clear this tactic doesn't help us.
| buran77 wrote:
| > I felt there was going to be a path forward ripe with
| cooperation and hopefully a place where I could onboard
| new maintainers
|
| He was hoping for a fruitful collaboration and offered
| the help towards this goal. MS taking whatever they
| wanted anyway just proves that they had no intention to
| cooperate, let alone to pay handsomely for something that
| was already free.
|
| Ending up in court means _you_ need to sue the megacorp
| to enforce the license. This makes it a free lunch for a
| megacorp.
|
| With every single scenario MS takes whatever they need.
| They don't have to pay, don't need the help to read code,
| and you can't afford to force them to respect the
| license.
|
| P.S.
|
| > As soon as you got a legal letter for any of them, your
| first step should be to send it to as many news outlets
| you could think of.
|
| There's a guy rotting away in a El Salvadorian prison
| with a lot of press to keep him comfort. Not sure your
| letter will capture the world's attention like you think
| it will.
| hinkley wrote:
| Patent infringement. Microsoft has one of the largest
| patent portfolios in the world.
| giancarlostoro wrote:
| It's also very possible they had been working on it already
| and wanted to compare notes, I certainly would if I were
| working on something internal and found a similar project,
| but I agree, ask them for a consultation fee. I don't see why
| they wouldn't pay it.
|
| Both projects also share in license, so I have less of an
| issue with it personally. They're both MIT licensed.
| Maxious wrote:
| Very possible, from the in repo documentation (which
| credits Spegel yet again)
| https://github.com/Azure/peerd/blob/main/docs/design.md it
| seems like there was a particular engineer at Microsoft who
| was working on Azure Container Registry who found it useful
| to integrate Azure Container Registry.
|
| If they contributed it upstream, would we be discussing a
| blog post "how dare evil megacorp submit a PR that only
| implements their API! embrace extend extinguish!"?
| Probably.
| diggan wrote:
| > If they contributed it upstream, would we be discussing
| a blog post "how dare evil megacorp submit a PR that only
| implements their API! embrace extend extinguish!"?
| Probably.
|
| Considering how often that happens VS how little times
| stories like that appear on the frontpage of HN, I'd
| wager a guess that we wouldn't be discussing it like
| we're discussing the current license violation.
| evantbyrne wrote:
| You are supposed to keep the original license for a fork.
|
| > The above copyright notice and this permission notice
| shall be included in all copies or substantial portions of
| the Software.
|
| Simply removing the copyright is a violation of the MIT
| license.
| WD-42 wrote:
| It seems like a pretty minor violation, to be fair. They
| do reference the project in the repo.
|
| The real question is why did the author choose MIT if
| they didn't want allow mega corps to benefit from their
| work without contributing back. That's a feature of the
| license, not a bug.
| kazinator wrote:
| It is literally the only violation that the license is
| concerned with therefore it is major!!!
|
| MIT and BSD type licenses say you can do almost anything
| you want, but just don't plagiarize, because that would
| be intellectual misconduct.
|
| In addition to not just removing the copyright notice
| from sources, the MIT license requires the copyright
| notice to be present in all derived works. It makes no
| mention that if you compile a program, the binaries don't
| have to have copyright notices.
| evantbyrne wrote:
| Attribution is an important aspect of open source
| culture. It is the only thing that most authors get out
| of the deal.
| NobodyNada wrote:
| It's not a "pretty minor violation", that's the _only
| condition_ of the MIT license.
|
| Yes, they mentioned Spegel, but only to thank the authors
| for "generously sharing their insights" -- that's not
| even close to the required statement that part of the
| project is owned and copyrighted by the authors of
| Spegel.
| WD-42 wrote:
| Ok, so MS will see this thread and re-add the missing
| header to a few files.
|
| You really think the author is going to then feel 100%
| better about it?
|
| They are just another data point in the long list of
| authors who chose a permissive license and are then
| shocked when a billion dollar company takes advantage of
| it.
| RIMR wrote:
| I mean, the author understands the MIT license, and is
| upset that the terms of that license aren't being
| honored. If I were them, I would absolutely feel better
| getting credit where credit is due.
|
| If they wanted a less permissive license, they could have
| used one.
| WD-42 wrote:
| Did you read the article? The missing attribution is a
| tiny part of it. That's not really what the author is
| complaining about.
| istjohn wrote:
| > Please don't comment on whether someone read an
| article. "Did you even read the article? It mentions
| that" can be shortened to "The article mentions that".
|
| https://news.ycombinator.com/newsguidelines.html
| hiatus wrote:
| That seems to be exactly the thing they are complaining
| about:
|
| > Spegel was published with an MIT license. Software
| released under an MIT license allows for forking and
| modifications, without any requirement to contribute
| these changes back. I default to using the MIT license as
| it is simple and permissive. The license does not allow
| removing the original license and purport that the code
| was created by someone else. It looks as if large parts
| of the project were copied directly from Spegel without
| any mention of the original source.
|
| Can you share what you think the author is really
| complaining about?
| NobodyNada wrote:
| I can't speak for the author, but I when I release code
| as open-source I think carefully about the license that I
| use (usually either MIT, GPL, or CC0). If I choose MIT,
| then it's because I'm fine with companies "taking
| advantage" of my code. I'd probably mainly feel glad that
| I created something useful to someone.
|
| What I'm _not_ OK with is a company doing that without
| attribution. If XYZ company 's product is built on code I
| wrote, I want to be credited -- both so that I can show
| it to potential employers, and so that users of XYZ
| company's product are aware that some of the code in it
| is something they can use for free and modify for their
| own purposes. If the attribution wasn't important to me,
| I would have chosen CC0 instead of MIT.
|
| So yeah, if I was the author, I'd probably feel a lot
| better about if MS re-added the correct attribution. I'd
| probably still feel miffed that they tried to pull one
| over on me in the first place -- but I wouldn't be
| offended by the fact that they're using my software.
| danudey wrote:
| This is fundamentally my thoughts on it as well.
|
| If I write something useful and convenient for people,
| something that makes peoples' lives better, it's probably
| not going to see a lot of use realistically speaking. I'm
| not out there making a name for myself, I'm just doing
| some stuff.
|
| If Microsoft takes my code, turns it into a separate
| project with a separate name, distributes it as part of
| their own commercial offering, uses it in their
| marketing... great! It means that my ideas are making
| people's lives better. Yes, it's enriching a giant
| soulless megacorp who, at a high-level, does not actually
| care about how people feel and only cares about making
| money off my work, but _I_ care about how people feel,
| and if it means that my work gets to make people 's lives
| better then that's great - I wasn't going to make money
| off it anyway, so I lose nothing.
|
| _Unless_ they take implicit or explicit credit for what
| I made. I don 't need my name on the marketing or an
| invitation to a launch party, but at least make a note in
| the docs somewhere that "this project was forked from
| ...." so that I can point to it and say hey, look at this
| cool thing I helped make happen.
|
| I guess what would really irritate me, when it comes down
| to it, is not that the giant corporation did this, but
| that the individual developers did this - some dev out
| there found my project, decided to use my code, and made
| the conscious decision to strip out my attribution and
| claim it as their own. That's what would actually hurt.
| shahzaibmushtaq wrote:
| I second that.
| franga2000 wrote:
| There's a difference between what the license
| does/doesn't allow and what is/isn't a dick move.
|
| MIT is commonly used for cases where you don't want to
| scare away potential corporate USERS by the "virality" of
| something like the GPL. This does not mean that the
| authors are completely fine with their work being
| repackaged and DISTRIBUTED as if the company wrote it
| themselves.
| WalterBright wrote:
| The D programming language code is all Boost licensed and
| billion dollar companies are welcome to take advantage of
| it.
| timewizard wrote:
| How much consulting revenue does it generate for you?
| WalterBright wrote:
| I don't accept compensation from the D Foundation, but
| encourage donations to it instead.
| timewizard wrote:
| Hacker News. Temporarily embarrassed billionaires who
| want to vouchsafe evil behavior in case their own future
| offers them an opportunity to steal from the community on
| a similar scale.
|
| If you lose open source you lose a major resource. You
| should be looking for ways to protect these authors
| instead of explaining how "technically it's all actually
| their fault for being generous in the first place."
|
| This position is absurdly scummy.
| fragmede wrote:
| Ah yes, "temporarily embarrassed billionaires" -- spoken
| by someone defending billion-dollar companies blowing
| past the only condition of a permissive license, then
| getting mad when people point that out.
|
| You don't get to posture as anti-corporate while
| handwaving away an actual license violation just because
| the license was permissive. That's not protecting the
| community - that's making it easier to exploit. You're
| not railing against theft, you're normalizing it.
|
| Either the community's rights matter, or they don't. Pick
| a side.
| kergonath wrote:
| > It seems like a pretty minor violation, to be fair.
|
| Quite the contrary. The licence does not have many
| constraints, but this one is important. Volunteer
| developers let their code being used in closed source
| commercial programs. Recognition is the only thing they
| expect and the whole point of the licence.
| thwarted wrote:
| "There won't be any money, but we won't properly credit
| you and you'll won't even get any exposure". Not even
| offering exposure anymore.
| Graphon1 wrote:
| There won't be any money, but when you die, on your
| deathbed, you will receive _total consciousness_.
|
| --Carl Spackler, quoting the Dalai Lama
| palata wrote:
| People here keep saying that they removed copyright
| headers. I can't find a single copyright header in the
| Spegel source files. Can someone help me find which
| headers Microsoft actually removed?
|
| What I see is that Microsoft added headers to their Peerd
| files. Now they read "Copyright Microsoft", which is
| correct because Microsoft owns some copyright over those
| modified files. If those files had had a "Copyright
| Spegel project" before, Microsoft should have kept it and
| added their own. But those files did not contain such a
| header as far as I can see.
| ptx wrote:
| It's in the license file: https://github.com/spegel-
| org/spegel/commits/main/LICENSE
| palata wrote:
| Right. So Microsoft should just have a copy of this
| LICENSE file somewhere? Can't we just open a PR to add it
| to the repo? Did the author do that and did Microsoft
| decline the PR?
|
| Feels like Microsoft was not necessarily trying to steal
| work (they link the original project in their README).
| Conan_Kudo wrote:
| It needs to be present in the headers of each file that
| they took from. Attribution matters and in mixed projects
| you need that clarification at the file level.
| palata wrote:
| Does the MIT licence text say that? I don't understand it
| like this. I understand that a copy of the licence should
| be preserved, not that the licence should be copied into
| source files.
| aksss wrote:
| I think the fork needs to preserve the LICENSE file in
| the repo and in distributed code (e.g. packages), right?
| But not replicated as a file header in every blessed file
| in the repo.
| johnisgood wrote:
| I think as a bare minimum, they should have kept the
| original LICENSE, and add theirs on top or something.
| Nevermark wrote:
| uh, no!
|
| Microsoft got tremendous value for free by forking. Which
| makes the obligation to deal ethically and honestly very
| serious.
|
| You don't get to take something from anyone without
| meeting the terms they have set for you to take them.
| That is theft.
|
| (For clarity, I am saying theft of a right. As it does
| negatively impact the original creator, in terms of
| competition and lost attribution to the code they wrote,
| and Microsoft is not paying the "fee" that taking that
| right depends on.)
|
| And no third person can can ethically speak for the
| source of the value and state that it's no big deal for
| another party to break some part of a contract/license.
|
| How do you know how much this aspect of the license
| impacted the original creators decision to share their
| work, their choice of license, or how they feel and and
| practically impacted about it now!
|
| In this case, we know they clearly feel the violation was
| harmful to them at some level. They were snubbed, their
| work left unacknowledged, while Microsoft leached off
| them, even though doing the right thing would cost
| Microsoft essentially nothing.
|
| Please don't socially absolve the powerful from bad
| behavior toward smaller parties. That's bad faith, after
| the fact, and you are not even benefiting from your own
| disrespect for the license. Always support the (credibly)
| injured party.
|
| As for offenses against you, you have every right to be
| generous and overlook those.
|
| (I once took a year sabbatical to work collaboratively on
| a project, with the presumed (based on what was a clear
| discussion to me) attributions being a key factor in me
| deciding it was worth the time and effort, when other
| factors made that a difficult decision. Only to have my
| attribution expectations unfulfilled, and no attempt was
| made by other parties to work things out. The situation
| was fraught enough that I couldn't but help feel bitter
| about it for some time. I am long over it, but I would
| certainly take the year back if I could.)
| reaperducer wrote:
| _It seems like a pretty minor violation, to be fair._
|
| Why "to be fair?" This is a trillion-dollar company with
| enough lawyers on staff to populate a small city.
|
| Why are we cutting Microsoft slack? If anything, it
| should be held to the highest of standards.
| didgetmaster wrote:
| The author talks about changing his licensing as the only
| stone he can throw.
|
| As I understand it, changing the licensing will do
| nothing to affect the fork Microsoft already made. It
| might affect the next megacorp from doing the same thing
| in the future, but Microsoft can keep working on their
| fork without giving it a second thought.
|
| This is for sure a cautionary tale for every open source
| contributor. Choose the original open source license very
| carefully.
|
| Edit: Might I suggest that when picking the original
| license, you try to imagine how you might feel if the
| company that you hate the most (could be Microsoft,
| Google, Amazon, or other) does the most extreme thing
| allowed by the license.
| 3np wrote:
| It would prevent MS from backporting new changes.
| didgetmaster wrote:
| They might not be able to copy new code, but you can't
| stop them from fixing bugs that you also fixed, or adding
| similar new features as you (using code they wrote after
| carefully examining what you did).
| palata wrote:
| > Simply removing the copyright is a violation of the MIT
| license.
|
| Did they remove the copyright? All the source files I
| checked in Spegel don't have a copyright header. To me it
| feels like it's the author's mistake.
| evantbyrne wrote:
| Forks don't get to pretend that licenses don't exist just
| because they don't like the placement in the source.
| palata wrote:
| You don't understand my point (probably my mistake).
|
| If the file starts with:
|
| // <MIT header>
|
| // Copyright evantbyrne
|
| Then a fork should read:
|
| // <MIT header>
|
| // Copyright evantbyrne
|
| // Copyright Microsoft
|
| But if you did not add "// Copyright evantbyrne", the MIT
| license doesn't say that Microsoft should add it. I don't
| even know if it's legal for Microsoft to do it. You have
| to add your own copyright to the files where you own a
| copyright.
| evantbyrne wrote:
| I understood and this is incorrect.
|
| > The above copyright notice and this permission notice
| shall be included in all copies or substantial portions
| of the Software.
|
| It needs to appear somewhere regardless of where exactly
| the license was placed in the source repository.
| palata wrote:
| Right. So they should just copy this licence somewhere in
| a subfolder, saying "parts of this project derive from
| Spegel, with licence: <copy of the licence>"?
|
| They can still do it now, and probably they should
| (someone can even open a PR?).
| MyOutfitIsVague wrote:
| They have to say what code where is copied from the other
| project. It can't just be "parts", because that obscures
| the authorship.
|
| You can open that PR, if you care to identify which parts
| were copied and label them all. Really, the people who
| copied the code in the first place should have done so,
| and really should have known better, given they work for
| a massive corporation that claims to love open source and
| has had a massive interest in copyright over the past
| three decades. It's not just a "mistake", it's
| unacceptable for a professional programmer for a
| corporation to take code from a FOSS project without
| crediting it. That's a level of incompetence bordering on
| malpractice for a profession that deals so heavily with
| copyright on a day to day basis.
|
| edit: According to the MIT license, the notice itself
| just needs to accompany the code, so I was wrong about
| the specificity needed. Still, it does mean that any
| further forks would be unable to remove the license
| without personally identifying if all the original code
| was removed. It's always better to identify what code
| belongs to who.
| palata wrote:
| > It can't just be "parts", because that obscures the
| authorship.
|
| Wait. When I contribute to an open source project without
| signing a CLA, I keep the copyright over the lines I
| contributed. Still, I don't add a comment above every
| single line saying that it belongs to me. Nobody would
| accept such a contribution. Even for fairly big patches.
|
| Are you saying that every single open source project that
| does not make contributors sign a CLA is doing it wrong?
| MyOutfitIsVague wrote:
| Nope, I made a mistake there. It's good practice, when
| copying code from software with a different license, to
| call out what code is copied from where, but such a thing
| is not mandatory.
| palata wrote:
| So... what would be the minimal, right thing to do here?
| MyOutfitIsVague wrote:
| I'd say one of the things you have suggested. Copying the
| license file from spegel into a SPEGEL_LICENSE file in
| the repository would be sufficient. So would be actually
| crediting the project properly in the README with
| something like "portions of this code were taken from the
| Spegel project, under the MIT license" with a following
| copy of the MIT license.
| palata wrote:
| Feels like opening a PR doing that would be faster than
| writing a blog post to complain.
| pingec wrote:
| You could open the PR and it would also be faster than
| writing all these comments here about opening a PR.
|
| That's not the point, it is not the author's duty to do
| that and him pointing out Microsoft's wrongdoing is
| meaningful at least to me because I will be more cautious
| if I'm ever being approached in a similar way.
| palata wrote:
| > Microsoft's wrongdoing is meaningful at least to me
| because I will be more cautious if I'm ever being
| approached in a similar way.
|
| That's the thing: Microsoft approaching the author has
| nothing to do with the wrong attribution. And I am not
| sure if the original author here is frustrated because of
| the wrong attribution or just because they would have
| hope money and fame from the fact that Microsoft reused
| their code.
|
| Because it's not like Spegel lacks visibility (given the
| numbers they shared in the article), the link on Peerd's
| README is probably not bad for Spegel, and the attention
| here is publicity again. Probably infinitely more than if
| Microsoft had done the attribution correctly.
| evantbyrne wrote:
| The MIT license does not seem to dictate the exact
| location of inclusion. Logically, I would think you would
| want to associate it with the specific parts of code that
| you are copying. In the past, I've listed licenses
| together in the root license file for forks, and other
| times when the included code was a minor part of the
| overall project placed forked licenses within impacted
| files.
| Linux-Fan wrote:
| There is even some sort of "de-facto" standard for this
| purposes: Debian COPYRIGHT files:
| <https://www.debian.org/doc/packaging-manuals/copyright-
| forma...>.
|
| It may not be perfect for all cases (e.g. if some sort of
| dependency is linked but not present in the source tree
| it is naturally not really accounted for by Debian
| copyright files) but then there is always the options of
| either adding copyright information to every source code
| file (I don't like that style for redundancy but it is
| for sure a very clear way to do it) or to hand-craft a
| human-readable variant similar to the Debian approach but
| less formally.
|
| In any case it seems that nothing is new aobut this and
| developers working with FOSS software should very well be
| aware of these concepts.
| tick_tock_tick wrote:
| Correct the code is still under the license they just
| don't have to add it to every file if it's not there.
| pstoll wrote:
| The other thing is that Microsoft does not own the
| copyright for any of the code they used. Facing their
| work on code they don't own the copyright to is
| incredibly messy from an IP point of view.
|
| It's why con contributor licenses agreements exist in
| most open source popular projects.
| udev4096 wrote:
| Blatantly copying the code without proper attribution is a
| violation. Regardless, it's not _your_ issue to be OK with
| it, if the author himself is uncomfortable with it
| greatgib wrote:
| It all depends if the code was copied for a big part or
| just snippets.
| palata wrote:
| But it doesn't here! You are totally allowed to
| completely copy an MIT file, modify it and add your
| copyright to it!
|
| You should just keep the copyright that is already
| present in the file! But in the case of Spegel, I don't
| think that the files contain a copyright header in the
| first place.
| TheOtherHobbes wrote:
| Nonsense. Copyright is implicit and assigned on creation.
|
| The git history has a clear trail showing author and
| contributor details.
|
| An explicit copyright notice for every file isn't needed.
|
| This is a straightforward, unquestionable license
| violation, and no amount of corporate FUD will change
| that.
| palata wrote:
| You're talking about copyright, I'm talking about
| attribution.
|
| Of course, the author keeps their copyright on the lines
| of code. But that's completely different from how the
| attribution should be done.
| palata wrote:
| > Blatantly copying the code without proper attribution
| is a violation
|
| Except that they did not do that. They forked it (as the
| MIT licence permits), added an attribution to their
| README, and added their own header to the files with
| their own copyright. It's not their fault if the original
| author did not add a header in the first place...
|
| Or where do you see that they actually removed a
| copyright header from the author? None of the source
| files I checked in Spegel have one.
| MyOutfitIsVague wrote:
| MIT license requires attribution, not "a copyright
| header". It's not concerned when headers, or with sources
| being pristine, but with people being credited. If I
| release my software MIT-licenced, but don't have
| copyright headers, you are not free to copy files without
| crediting me.
|
| And no, their note in the readme is not an attribution.
| It's thanking them for "sharing their insights", which in
| no way is code attribution.
|
| Microsoft violated copyright here, bar none. There is no
| other reasonable interpretation.
| palata wrote:
| Right, they should copy the LICENCE file somewhere in
| their repo. Why not opening a PR, before writing a blog
| against Microsoft?
|
| They actually thanked the project, it doesn't feel like
| they were trying to steal it. Maybe they will just accept
| such a PR and that's all.
| MyOutfitIsVague wrote:
| Maybe they will, maybe they won't. I refuse to believe
| that Microsoft doesn't understand how attribution,
| copyright, or open source licenses work, though. I
| believe this is a mistake, but it's a very egregious one
| that showcases a lack of respect for the communities that
| Microsoft is exploiting. This mistake should not be
| possible from an entity like Microsoft.
| palata wrote:
| Maybe the engineers did not go through a 12 months
| process with their legal department and did it wrong.
|
| And with the bad publicity coming back to Microsoft,
| maybe those engineers will now understand that they
| should just avoid re-using open source projects when
| possible. And the next HN post will be about "BigTech
| reinvents the wheel in order to have control".
|
| We're all nitpicking here: they mentioned the original
| project in the README. Peerd is quite different from
| Spegel, it's not just a copy with a small patch.
|
| Sure, they should do it right. But really, a polite,
| small PR fixing that would probably be a good first step.
| MyOutfitIsVague wrote:
| You don't need a 12 month process with a legal department
| to not take code without giving credit. This is not
| untrodden ground.
|
| > they mentioned the original project in the README
|
| They thank them for their "generous insights". That's not
| the same thing. If I take chapters unmodified from Harry
| Potter and thank Rowling for her "generous insight",
| that's still not okay.
|
| > Peerd is quite different from Spegel, it's not just a
| copy with a small patch.
|
| Nobody said it was. It does, however, copy functions and
| other entire blocks of code with comments directly from
| Spegel without giving attribution. That is wrong. That is
| plagiarism.
| palata wrote:
| > You don't need a 12 month process with a legal
| department to not take code without giving credit. This
| is not untrodden ground.
|
| Well, I have been in big companies where it takes a lot
| of time for the legal department to check those things.
| Not because it's fundamentally hard, but because the
| queue of things they have to do is pretty big.
|
| > They thank them for their "generous insights". That's
| not the same thing.
|
| Sure, it's wrong. But it's not "purposely stealing
| without giving any credit at all" either. It feels like
| an engineer did that, tried to give credit and did it
| wrong. And now we go on and on saying how this engineer
| is evil.
| MyOutfitIsVague wrote:
| It's not that an engineer is evil, it's that this mistake
| should not be happening in a company like Microsoft. It's
| professionally incompetent at the very best. No trained
| and professional programmer should be accidentally
| plagiarizing code.
| palata wrote:
| > No trained and professional programmer should be
| accidentally plagiarizing code.
|
| In this case I still feel like they are more attributing
| incorrectly (there is a link to the original repo with a
| "thank you" note) than plagiarizing.
|
| If there was no mention of the original project at all,
| then I could call it "accidental plagiarism".
| ygjb wrote:
| Your argument is fairly asinine. When you fork an open
| source project under the MIT license you have an
| obligation to include the original license in all copies
| or substantial copies of the code. The author of the fork
| may also sublicense, which allows them to add new terms
| to the license, but not remove the original license.
|
| Forking and/or copying files from the Spegel code base
| into the Peerd code base is permitted, but since the
| Spegel code base had a single license file covering the
| entire repo, then the onus is on Microsofts engineers to
| update the code they copied and include the original
| license terms, for example, by including something like:
|
| // Copyright (c) Microsoft Corporation.
|
| // Licensed under the MIT License.
|
| // Some code Copyright (c) 2024 The Spegel Authors, under
| MIT license
|
| If your argument is that they aren't required to do this
| because the original code didn't have a license header in
| the file, then it would follow that you are arguing that
| the MIT license doesn't apply to the code that was
| copied, in which case Microsoft is using unlicensed code
| stolen from an open source project.
|
| While I haven't worked at MS specifically, I would assume
| that like every other tech company I have worked at, they
| have a team or working group that specializes in
| adherence to open source licenses specifically to avoid
| both the legal implications and the bad PR implications
| of misusing open source software.
| palata wrote:
| Do they have to copy the licence in every single file, or
| do they have to copy the licence somewhere in their fork?
| MyOutfitIsVague wrote:
| The details are less important. The code that is copied
| needs to be attributed, either with comments, or a
| license file that states which files came from the
| project, or something else, but the specific code does
| need to be recognizable by a reader as coming from that
| other source. Comments and copyright headers are the
| easiest way to do this.
| palata wrote:
| Still, to me it's not even clear if "substantial parts of
| the code" were copied. What the article shows is really
| small snippets of pretty generic code. Ok, it keeps the
| original comment and the overall form. But if it's 15
| lines, it may even count as "fair use", couldn't it?
| Remembering how LLMs use the concept of "fair-use" by
| stealing everything everywhere...
|
| My point is that Peerd seems like it's loosely based on
| Spegel. Maybe a fork that was heavily modified. Not sure
| if they should track all the code that looks like it was
| not modified enough and attribute it everywhere.
|
| Probably they should keep a copy of the original LICENSE
| file somewhere, sure. And if one asks politely, maybe
| they will do it.
|
| Again: they did credit the original project. So it feels
| a bit aggressive to say that they "stole it without
| giving any credit".
| ygjb wrote:
| > Still, to me it's not even clear if "substantial parts
| of the code" were copied. What the article shows is
| really small snippets of pretty generic code. Ok, it
| keeps the original comment and the overall form. But if
| it's 15 lines, it may even count as "fair use", couldn't
| it? Remembering how LLMs use the concept of "fair-use" by
| stealing everything everywhere...
|
| Fair use allows for commentary, news reporting,
| criticism, teaching, research, and scholarship and there
| are guidelines. Most cases where fair use is sought as a
| defense requires litigation to clear it up. The other
| alternative when forking an extremely permissive MIT
| license is to just follow the license.
|
| > Probably they should keep a copy of the original
| LICENSE file somewhere, sure. And if one asks politely,
| maybe they will do it.
|
| They are required to do so by the original license of
| Spegel. Does Microsoft ask politely when people violate
| MS licensing by say, pirating their software, or do they
| work with 3 letter agencies and a massive enforcement
| team to ensure their licenses are followed?
|
| > My point is that Peerd seems like it's loosely based on
| Spegel. Maybe a fork that was heavily modified. Not sure
| if they should track all the code that looks like it was
| not modified enough and attribute it everywhere.
|
| Yes. Every other tech company I have worked at, including
| Mozilla, a company that publishes almost everything they
| do as open source, has had folks dedicated to ensuring
| license compliance.
|
| > Again: they did credit the original project. So it
| feels a bit aggressive to say that they "stole it without
| giving any credit".
|
| They didn't provide credit in the way that the license
| requires. This isn't a case where a new community member
| forked or copied code into their first open source
| project. This is one of the biggest companies in the
| world with a well-known history of taking and using OSS
| without proper attribution. I like and use many MS
| products, but they absolutely do not deserve the benefit
| of the doubt.
| palata wrote:
| > This isn't a case where a new community member forked
| or copied code into their first open source project. This
| is one of the biggest companies in the world with a well-
| known history of taking and using OSS without proper
| attribution.
|
| Next time you work in a big company and you feel that the
| legal department is a PITA and slows you down, remember
| how people react when they are not, like here :-).
| ygjb wrote:
| I don't know why you are trying so hard to carry water
| for a team of engineers at a company that has the history
| to know better.
|
| The team that built peerd had the good sense to consult
| with the author of Spegel before moving forward with
| their project. A simple note to their business line
| lawyer (or whatever they call them at Microsoft) at work
| to say "hey, we are going to use some of this code from
| this open source project, what do we need to do?" would
| have taken less time and effort than setting up the
| meeting with the Spegel person/folks. That is assuming
| there isn't an easy to find page on how to consume open
| source software on Microsoft intranet. Every major
| company I have worked for (HSBC, Mozilla, Amazon, Fastly,
| Cisco, to name some) has had this going back to 2005.
| This isn't rocket science.
|
| You also don't need to be a legal expert to comply with
| most open source licenses, and the MIT license in
| particular is _really_ easy to comply with. Just copy the
| code, and whatever file you copy the code into gets an
| attribution comment at the top.
| palata wrote:
| I'm all for going against leadership when they purposely
| abuse people (like Zuckerberg telling his engineers to
| torrent copyrighted data for their LLM).
|
| I would be in favour of checking what small companies do
| with licences. In my experience, the vast majority of
| startups blatantly abuse open source all the time.
|
| But here it seems like it's all about an engineer who did
| some kind of attribution, but didn't do it correctly. And
| people are happy to say that it's all part of a big evil
| plan by Microsoft to take over the world.
| nemetroid wrote:
| All this uncertainty is caused by Microsoft's copyright
| infringement.
| donalhunt wrote:
| The number one rule about creating clean source (and IP) is
| not to look at competing implementations / patents. Was
| drilled in to me by legal over the years to avoid such
| issues. Really easy to unconsciously incorporate ideas from
| other projects.
|
| This is not that though. Seems to be exactly what the
| maintainer is asserting and that's not OK. :/
| RajT88 wrote:
| > I don't see why they wouldn't pay it.
|
| I have seen plenty of dev managers refuse to pay for
| something if they didn't have to.
| Beltiras wrote:
| Their trackrecord is such that if I got a similar call my
| first question when possible would be how I was being
| reimbursed. They are welcome to fork anything of mine if
| they observe the license attached. I will take a look at
| any PR. I will NOT spend time explaining anything to their
| engineers unless reimbursed at my regular rates.
| cschep wrote:
| I hope by regular rates you mean your Enterprise rate
| that is 10-50x your regular rate. :)
| spankalee wrote:
| > I don't see why they wouldn't pay it.
|
| It's not the money, it's the red tape. Setting up a new
| vendor, finding the right account, getting the PO approved.
| Even in a company where that stuff is relatively easy, it's
| way more friction than a simple meeting where you don't
| have to ask anyone for permission for anything.
| cogman10 wrote:
| > I don't see why they wouldn't pay it.
|
| Oh I do.
|
| The person that wanted to setup the meeting likely has no
| budget control. Big corps like to keep the ability to pay
| for stuff out of the hands of individuals and isolated in
| bureaucratic nightmares.
|
| You'd be more than reasonable to demand "$1000/hr with 1
| hour minimum" for such a consulting and I'd see HR in MS
| doing an immediate "hell no" to that.
| ein0p wrote:
| One of the prerequisites for a successful negotiation is
| the willingness to walk away. This applies to both sides.
| I did consulting for a few years, years ago, and you'd be
| surprised what people are willing to pay. You'd also
| never know that unless you named your rate and were
| willing to walk away. I'm pretty sure any manager at
| Microsoft could easily swing a couple K. The main
| complication would be that this wouldn't be just a
| "meeting" then, and you'd need to set up a contract etc.
| Not insurmountable, just onerous and time consuming. So
| I'd insist on a much larger minimum, and would be willing
| to trade that for a lower price.
| cogman10 wrote:
| > you'd be surprised what people are willing to pay.
|
| At least in my company, it very much depends on who's
| initiating the meeting. If one of our VPs did, then easy,
| any amount could be approved. However, if it's a team
| lead, we'd be told to pound sand.
|
| I assumed other companies would be pretty similar.
| ein0p wrote:
| But realize, that from the standpoint of the OP someone
| who can't swing a couple of K also can't swing a couple
| hundred thousand K _per year_ to hire more contributors
| or provide other funding to the project. They are,
| therefore, completely pointless to talk to - the decision
| makers won't be in the room.
| jandrewrogers wrote:
| Microsoft has mechanisms to enable exactly this kind of
| arrangement to happen.
| mytailorisrich wrote:
| This is not an HR decision. This is a Director or VP
| decision in the relevant business line... BUT those guys
| can absolutely be 'canny' enough to suggest trying to get
| the person to do it for free first.
| elzbardico wrote:
| > Big corps like to keep the ability to pay for stuff out
| of the hands of individuals and isolated in bureaucratic
| nightmares
|
| I'd say my experience is exactly the contrary. Middle
| managers in my experience in mega corps have a lot of
| expense latitude for these kinds of things, expedited
| approvals, corporate credit cards. At least in the
| finance and tech world.
| cogman10 wrote:
| Could very well just be my company that's jaded me a bit
| about spending along with the work I did at HP. Both have
| a pretty strong penny-pinching attitude for common
| employees and lower-level management.
| dizhn wrote:
| Probably expectation of some monetary gain. At the very least
| getting hired to keep working on the same thing. I do not
| blame him at all for this. Though when things didn't work
| out, all he thought he could realistically do is start
| accepting donations.
| delusional wrote:
| I think that worldview leads to a much poorer world.
|
| Normal people aren't constantly engaging in a fight for
| survival in every aspect of their lives, and I don't think
| it's a good thing to ask them to. We should expect the people
| we deal with to be acting in good faith. I think it would be
| bad actually if I had to consider if you're going to make
| money off of my idea when talking to you.
|
| Asking everybody to be constantly vigilant of possible
| exploitation by megacorps puts an undue burden on
| individuals. We should have strong and durable protections
| against those megacorps in other ways.
|
| What I'm saying is that this sort of copying should be
| criminal (not just illegal, but criminal) and Microsoft, the
| legal entity, should be held accountable and fined. I
| acknowledge that this isn't currently possible with our legal
| framework, but we should work to make it possible.
| luqtas wrote:
| > We should have strong and durable protections against
| those megacorps in other ways
|
| like what? continue to use (pay) for their products and
| wait for regulations coming from lobbyist countries? /s
| diggan wrote:
| > Normal people aren't constantly engaging in a fight for
| survival in every aspect of their lives, and I don't think
| it's a good thing to ask them to. We should expect the
| people we deal with to be acting in good faith. I think it
| would be bad actually if I had to consider if you're going
| to make money off of my idea when talking to you.
|
| I agree with you, if we're talking about _people_ acting as
| individual humans collaborating together on FOSS.
|
| But this is really about a _for-profit corporation_ acting
| in its own interests, using _people_ to do its "deeds".
| Then I think it makes a lot of sense to treat any "Hey,
| could we chat to you about your project?" with a great deal
| of skepticism, because they have a goal with that
| conversation, it it's unlikely to align with your own
| goals, in most cases.
|
| Ultimately, people from that corporation is reaching out to
| you because there is a potential/perceived benefit coming
| out of that conversation that they want to have with you.
| If it isn't extremely clear to you what that exact benefit
| is, I'd say the smart thing to do is being cautious, to
| avoid situations like this which happen from time to time
| it seems.
| hinkley wrote:
| A hugely successful megacorporation with a famously
| competent logistics department can cut a one time check
| without batting an eye.
|
| You're not bilking Ed's Garage, you're a rounding error
| on their petty cash account.
| matheusmoreira wrote:
| Won't you think of the poor trillionaire corporations? They
| are just poor developers with nothing to their names.
|
| https://zedshaw.com/blog/2022-02-05-the-beggar-barons/
|
| > No, this begging is particularly different because it
| capitalizes on the good will of open source developers.
|
| > Microsoft, Apple, and Google are standing on the internet
| in their trillion dollar business suits with a sign that
| reads "Starving and homeless. Any free labor will help."
|
| > They aren't holding people up at gun point. Rather they
| hold out their Rolex encrusted hand and beg, plead, and shame
| open source developers until they get free labor.
|
| > Once they get this free labor they rarely give credit.
|
| > They're ungrateful beggars that take their donated work
| hours, jump in their Teslas, and ride off to make more
| trillions proclaiming, "Haha! That open source idiot just
| gave me 10 hours of free labor. What a loser."
| siva7 wrote:
| Yes, charity. That's exactly what these trillion dollar
| empires think of those open source maintainers. Microsoft
| pulled this same stunt multiple times on os maintainers.
| pknerd wrote:
| What else can you expect from the company that was founded
| by Gates?(Ref, SCP,QDOS, IBM)
| echelon wrote:
| Open source has been hijacked by trillion dollar
| hyperscalers.
|
| It's time we switch to "fair source" or "equitable source".
|
| Put MAU/DAU/ARR/market cap limits in your license. Open to
| everyone with a market cap under $1B or revenues under
| $100M. All others, please see our "business@" email.
|
| Place viral terms like the AGPL that requires that all
| other systems touched by your code to be open - especially
| the backend/server components that typically remain hidden.
|
| We're giving away power to these companies for free, and
| they use their scale and reach to turn our software into a
| larger moat that ensnares us and taxes us in everything
| else we do.
|
| Your contribution of open source in one area might bubble
| up as Microsoft or Google's ability to control what you see
| or how you distribute software to customers. It's
| intangible and hard to describe these insane advantages and
| network effects big players like this have to lay people,
| but I know we as software engineers understand this.
|
| Open source has been weaponized against us. They get free
| labor and use our work to tax us, pin us down, out compete
| us, and control us. We need to fight back.
| ashoeafoot wrote:
| Those companies can produce legal abstraction hacking
| solutions faster then you can develop shielding ones. You
| needs something poisonous ,costing money or work with
| each usage preventing mass adoption without a complete
| rewrite .
| NoTeslaThrow wrote:
| Open source will inevitably succeed, but only in the long
| run. In the short term VC (or tech giant) cash will
| dominate any conversation. There's absolutely nothing you
| can legally do from preventing reimplementation (which is
| a good thing, because it means over the long term we will
| reimplement everything as free software).
| davidcatalano wrote:
| Yes when projects like Alpine Linux are in the ropes due
| to lack of funding something needs to change.
| dman wrote:
| Wait what? I didnt realize this was the case and I say
| this as a huge alpine fan. Will look into whether there
| is an option to setup a recurring donation and will do so
| if its the case.
| immibis wrote:
| There was already a term - "free software".
|
| "Open source" was literally created as a corporation-safe
| neutered form of "free software".
| WD-42 wrote:
| It still boggles my mind that people don't understand
| this. The FUD and misinformation that's been spreading
| about the GPL and the FSF the last decade almost seems
| like an intentional campaign brought on by exactly those
| who benefit from you using a "permissive" license the
| most.
| trelane wrote:
| The key is that "permissive" is passive voice. It's more
| permissive for _corporations_ in that they are allowed to
| use it to tie their customers even tighter to them.
| Compare this with "restrictive" (for corporations) AKA
| "copyleft" which ensures that _users '_ freedom is
| maintained, by restricting how corporations can limit
| them.
|
| It's very akin to the paradox of tolerance.
| bradgessler wrote:
| I did this with https://terminalwire.com/
|
| I'm still tweaking the execution of the license, but in
| principle my thinking is, "if you're using my software to
| make money, and you're making a lot of money, you should
| probably be paying me to use my software".
| NoTeslaThrow wrote:
| I don't understand why we don't just lean into the "osi =
| corporate, copyleft = good faith" model that's worked
| perfectly well for the last thirty years.
| conartist6 wrote:
| That's incompatible with why I do OSS. For me OSS is the
| ratchet for humanity, the way we fight enshittification
| and force companies to innovate and compete with each
| other to make better things. As soon as you abandon that
| mission and split it into fiefdoms, you're now just the
| thing that true OSS has to disrupt in order for humanity
| as a whole to get better software.
|
| A shame though it is, helping everybody the same amount
| is not likely to get your much gratitude from anyone. But
| that's the job.
| Mountain_Skies wrote:
| >Open to everyone with a market cap under $1B or revenues
| under $100M.
|
| That would also mirror what they do with tools like
| Visual Studio, which is free until you hit a certain
| number of developers or revenue.
| armchairhacker wrote:
| Then the company just re-implements your project; they
| have the resources to.
|
| Most software isn't hard to reverse-engineer, and most
| people aren't exceptional; if a group is big enough to
| create a GPL-licensed product that competes with
| Microsoft's, they're big enough to create an MIT-licensed
| product that competes with Microsoft's.
|
| I like GP's comment "don't discuss anything in private
| and/or offer priority support without being paid". Also:
|
| - Ensure you get attribution, and support others who
| deserve attribution
|
| - Develop open-source alternatives to paid programs
|
| - Donate to others who write open-source
|
| I disagree that open-source contributed much to companies
| becoming so rich. I believe it was more that people gave
| them (money and) _private_ data, e.g. made posts and
| interactions that only exist on their locked-down
| platform. I doubt a lack of open-source and accessible
| development tools would've prevented Google and Facebook;
| if anything, they would 've been founded by richer or
| more networked people. And it certainly won't prevent
| them now.
| trelane wrote:
| We don't need yet another license, especially not a _use_
| license. Just use a GPL, the version (LGPL, GPL, or AGPL)
| depending on what you are concerned with.
|
| > Open source has been weaponized against us.
|
| This was _always_ going to be the case. We Free Software
| advocates have been saying this for _decades._
|
| And you're not even to the most important part: this
| isn't about you, me, or megacorps. It's about _users_.
| alganet wrote:
| Getting someone who worked on the thing or someone close
| to the author to be hired by your company and bumped to a
| high prestige position probably has more effect on law
| than a license (just an intuition).
|
| "Hey, that guy worked with the author, and he was hired
| and now is a super top dog there... he must be the true
| genius behind it"
|
| I mean that for ideas, not materialized code. You guys
| are so focused on small text files and miss the big
| picture sometimes.
|
| Licenses are a small angle for those things.
| trelane wrote:
| Look up the WRT54g sometime
|
| https://sfconservancy.org/copyleft-
| compliance/enforcement-st...
| alganet wrote:
| Is it USA courts only? If it is, it's the same as nothing
| for people like me.
|
| Also, GPL is about source code, not ideas. Source code is
| not that relevant.
| trelane wrote:
| The WRT54g led to a variety of user-serviceable firmware
| worldwide, including dd-wrt and openwrt. It gave, and
| continues to give, new life to otherwise wifi devices
| that shipped with a abandoned propeietary software. It
| was a revolution in wifi router firmware, and still is.
|
| It was created because Linksys shipped GPL code to
| customers but didn't provide the source.
| alganet wrote:
| Sure. I understand.
|
| My work is with DSLs: domain specific languages. The work
| is in the idea realm (most of the time is spent there),
| not the source code implementation, which is often
| trivial once the language is developed.
|
| The gratification also is different. Seeing others use
| the language is the best one can hope to achieve
| nowadays. Maybe publish a book about it, but that sounds
| more trouble than it is worth (judging by how books on
| patterns, a similar realm, are often misquoted and
| misused).
|
| That's why all this talk about licenses sounds like
| nonsense.
| Matl wrote:
| > Wtf are people doing charity for trillion dollar empires.
|
| I agree with you 100% but I'm guessing getting approached by
| Microsoft can be pretty ego boosting, which is what these
| companies exploit.
| shortrounddev2 wrote:
| Seems more like a networking opportunity personally
| phillebaba wrote:
| I agree, after this happened to me I learned of a few other
| situations where the same thing happened to other friends.
|
| On my end if was a mix of naivete and flattery which made me
| want to take the meeting. I suspect it is the same case for
| others. I will not make the same mistake the next time it
| happens.
| brianwawok wrote:
| Do you think this stops the fork? It's not like they can't
| read the code.
| phillebaba wrote:
| Well your license is only as good as you are able to
| enforce it. Even with the law there is no guarantees.
|
| I grew up thinking that people would follow the spirit of
| open source rather than the specific letter of the law.
| This is obviously not true, and probably never has been.
| udev4096 wrote:
| No license stops someone from spinning off an OSS project
| into their closed-sourced enterprise offering. It's just
| sad that most corps see nothing wrong with this
| Ajedi32 wrote:
| GPL definitely does.
| nordsieck wrote:
| > GPL definitely does.
|
| Clearly it doesn't because companies get caught doing it
| with GPL software all the time.
|
| ... and the only recourse is to sue them into compliance.
| nativeit wrote:
| Were folks under the impression there were other options
| for license violations? Your comment implies that a
| lawsuit being the only recourse to enforce a license
| renders that license moot.
| debugnik wrote:
| Some people just hoped that picking a corporate-
| unfriendly license would be enough of a deterrent by
| itself, because most folks can't actually afford to sue.
| But infringers, big and small, are increasingly realising
| that these licenses are toothless by themselves, they
| need to be backed by money.
| nativeit wrote:
| I don't disagree with any of that, I think the challenge
| is certainly the costs of enforcement. For GPL licenses
| anyway (I realize the OP used the more permissive MIT
| license) I think their is (or there should be) a non-
| profit foundation established to collectivize the funding
| and legal actions necessary to support open source
| projects in these kinds of scenarios. Certainly, pursuing
| license violations in a manner that maximizes awareness
| and makes examples out of violators should prompt others
| to reconsider their actions.
| WD-42 wrote:
| There is such a organization, it's called the Free
| Software Foundataion??? Where do you think the GPL comes
| from?
| trelane wrote:
| On the other side, some people hoped that picking a
| "corporate-friendly" license would make megacorps good
| citizens. It has worked out poorly.
| j45 wrote:
| Still doesn't waste your time.
|
| Large corporations should and can be extremely clear about
| their intention, which is clear to them before they reach
| out.
| ixwt wrote:
| Microsoft at it again with Embrace, Extend, Extinguish.
| pjmlp wrote:
| MIT License.
| pritambaral wrote:
| Violated by the removal of author's copyright notice.
| pjmlp wrote:
| Adding the copyright notice to be in compliance, does not
| change the fact that the author has chosen a licence that
| allows anyone, including Microsoft, to do whatever they
| feel like, without giving back.
|
| So eventually, with this bad publicity, they will add the
| copyright notice, and move on with whatever else they are
| doing, in full compliance.
| Nemo_bis wrote:
| Microsoft did not bother to respect even the MIT license,
| so clearly the license is not the problem.
| pjmlp wrote:
| Not arguing for Microsoft, rather the fact that people
| put out MIT licenced stuff out there, or similar, arguing
| how bad GPL happens to be, and then get all up in arms
| when companies do exactly what the licence allows for.
|
| Microsoft might not have fully complied with the licence,
| adding the copyright notice to fix that, won't change a
| millimeter from what they are doing.
| Nemo_bis wrote:
| I don't disagree with the general point but in this case
| we're looking at what (seems to be) a blatant copyright
| violation. It would not be any more or less of a
| violation if the infringed license had been a more or
| less permissive one, because the license has not been
| followed.
|
| Sure, the MIT is very permissive so it's very easy for
| Microsoft to correct their repository so that it's in
| compliance for the _future_ , but they cannot correct the
| _past_. (Unless the original authors allow for it.) The
| MIT license, being so short, does not have a provision
| about curing infringements.
|
| So Microsoft seems to be ok with the risk of being sued
| for infringement etc. That's not something you can
| correct with your personal decisions as author.
| ComplexSystems wrote:
| The point is that the author would not really be much
| happier if Microsoft had added a few lines admitting
| substantial portions of code were taken from Spegel. They
| probably will do this, but I doubt he will be satisfied
| with the result either way.
|
| The comment above, which I mostly agree with, is that the
| point of the MIT license to permit anyone, including
| large corporations, doing this kind of thing. Since this
| doesn't seem like an outcome the author is happy with,
| maybe a different license would be better.
| fkyoureadthedoc wrote:
| That doesn't mean that they would have completely ignored
| all implications of any other license. The author of the
| code chose a license that explicitly allows exactly what
| happened, other than Microsoft did not include a text
| file that nobody is going to read.
| palata wrote:
| Everybody claims they removed the author's copyright
| notice. I checked many source files in Spegel, and none
| of them contain an MIT header with copyright.
|
| I don't think Microsoft removed the copyright notice. I
| think that the original author did not add one...
| rovr138 wrote:
| https://github.com/spegel-org/spegel/blob/main/LICENSE
|
| The license doesn't have to be in each file. It's a
| license for the software. A software is a thing.
|
| > Permission is hereby granted, free of charge, to any
| person obtaining a copy of this software and associated
| documentation files
|
| > ...
|
| > The above copyright notice and this permission notice
| shall be included in all copies or substantial portions
| of the Software.
| palata wrote:
| Right. So Microsoft should just have a copy of that
| LICENSE somewhere in their codebase?
| rovr138 wrote:
| No, not somewhere. That's the license. If they reuse it,
| they have to use _that_ license.
| palata wrote:
| This is wrong. Peerd can use whatever licence they want
| that is compatible with the MIT licence for the code they
| imported from Spegel.
| SpaceNugget wrote:
| Why are you doing this? Posting in a way that suggests
| purposely confuses/obfuscates the difference between the
| general concept of a copyright notice and the practice of
| putting a copyright comment at the top of every file in a
| project, then immediately get corrected, then post
| basically the same intentional misunderstanding on
| someone else's comment elsewhere in the thread.
|
| You:
|
| > I don't think Microsoft removed the copyright notice. I
| think that the original author did not add one...
|
| Direct quote that from the file containing and requiring
| the copyright notice in derivative works that was not
| included in Microsoft's fork. This was also included in a
| comment which you have replied to:
|
| > The above _copyright notice_ and this permission
| notice...
| palata wrote:
| You have the timing wrong, I did not do that _in the
| order you suggest_ :-).
|
| I thought people were saying that Microsoft removed the
| copyright headers and replaced them with them, which they
| did not.
|
| Microsoft replaced the LICENSE for the whole repository
| with their own, and thanked Spegel in their README. While
| this is some kind of attribution, it's not enough for the
| MIT LICENSE. I don't know exactly what would be good
| enough, I think having a copy of the Spegel LICENSE file
| somewhere in their repo would be enough (though possibly
| less visible than the line in the README, to be fair).
|
| My overall point is that it feels like people are
| complaining a lot about what seems to be an honest
| mistake. And not just that: the way Peerd did it is
| arguably giving more visibility to Spegel than if they
| had just copied the licence somewhere in their repo.
| Peerd could possible just copy the licence somewhere less
| visible and remove the link from their README.
| SpaceNugget wrote:
| The file titled LICENSE contains a copyright notice.
| That's what a license file _is_ in the context of
| software a LICENSE to use someone's COPYRIGHTed software.
| You must abide by the terms under which you are granted
| the license, otherwise you don't have access via the
| license, and are thus violating the copyright. They
| aren't two unrelated concepts.
|
| Anything else is noise, they violated the license. They
| blatantly copied copyrighted works. They can't "oopsie"
| that away or claim it as a mistake, honest or not. You
| simply are not allowed to do that.
|
| Suggesting that they "could possible just copy the
| licence somewhere less visible and remove the link from
| their README." is wrong. They MUST include the copyright
| notice and the rest of the license. They don't get to
| choose whether or not to respect the license. And they
| don't need to remove the link, That's got nothing to do
| with the copyright issues. No one at Microsoft thought
| that call out was somehow the legally required
| attribution clearly explained in the MIT license.
| CrimsonRain wrote:
| the "fork" peerd is also MIT licensed and contains the
| same license file unless I'm mistaken.
|
| So what does Microsoft need to do to be in compliance?
| I'm not being facetious here. Genuinely curious/want to
| learn.
| joshuaissac wrote:
| They removed the attribution to the original authors and
| replaced it with their own name. So the copyright notice
| is not preserved. They could comply with the licence by
| adding back that attribution.
| SAI_Peregrinus wrote:
| I've been downvoted for it before, but I still say that
| permissive licenses are charity to megacorps. If you want
| your work to get turned into a proprietary program without
| any compensation to you, use a permissive license. If you
| want to at least have a chance they'll contribute back &
| maybe pay you for a proprietary license, pick a free-
| software license.
|
| If you pick a corporate charity license, don't act surprise
| when corporations take the charity!
| j45 wrote:
| Thinking about what you said - how much of the cloud
| providers might be an open-source wrapper?
|
| Cloud providers have long taken hard work of open-source
| projects and packaged it up to be a web administered
| solution.
|
| There is something to be said for putting together an
| experience. Including that it wouldn't be possible
| without everything it does.
| breggles wrote:
| Reading this made me think of AppGet, too
| ghuntley wrote:
| See also https://isdotnetopen.com and
| https://ghuntley.com/fracture
| johnisgood wrote:
| @pjmlp, thoughts?
| pjmlp wrote:
| Nothing is new, I have mentioned multiple times that
| Microsoft management undoes the great work from .NET team.
|
| Also as polyglot developer, while I happen to have my
| preferences in regards to technology, I am not married with
| any of them.
|
| Being MVP, Champion, or whatever program each megacorp
| happens to have, was never something I saw value in.
|
| Never make a specific technology, or company, part of your
| identity as person.
| johnisgood wrote:
| I'm only pinging you because I think a couple of days (or
| weeks, even) ago you or someone else mentioned it is open
| source (?), so I was wondering what's going on.
| pjmlp wrote:
| It is licensed as such, with some gaps versus .NET
| Framework and VS features.
| johnisgood wrote:
| Hmm, okay. In any case I have a lot of misconceptions
| about .NET, TBH.
| neonsunset wrote:
| .NET _is_ open source and people working on it go into
| great lengths to ensure it is a good citizen to open-
| source projects and communities. It has been open source
| for almost 10 years damn it. All in all what other
| divisions or teams do is greatly unfortunate because it
| will get associated with the aforementioned. Personally,
| this annoys me because other languages like Go or Swift
| do not receive the same criticism for the bad practices
| their respective companies engage in. Go in particular.
| johnisgood wrote:
| Do these links have much if any merit? I would have to
| re-check their claims though.
|
| As I said, I have misconceptions of .NET, so it is always
| useful to get to the bottom of it.
| neonsunset wrote:
| The hot reload drama was real, and the decision was
| backtracked. The rest? I don't think it has any relevance
| as of today. Many other languages have worse situation
| when it comes to tooling. Right now, in .NET you can use
| Visual Studio, Visual Studio Code _or any of its forks_ ,
| Rider, which is now free for non-commercial use, and also
| Neovim/Emacs/anything which supports LSP and DAP.
|
| Hot reload in general is difficult to make work in
| something that is mainly compiled, for example it does
| not work with F# right now, but there is someone in
| community working on making it a possibility. It's
| regular activities you'd see in other ecosystems.
|
| E.g. I think NetCoreDbg, as an alternative to closed
| vsdbg that has usage restrictions, works well enough to
| fully enable the standard workflow when using
| VSCodium/Cursor/Neovim/etc. I know people use the latter
| with both C# and F# without sacrificing user experience
| in comparison to languages like Rust. It's just text
| editor, language server + debugger integration and CLI.
| You would hear about "refactorings" and "advanced
| features" from those who are used to more IDE-like
| experience provided by VS or Rider but, for example, many
| refactorings are also available in VSC/VSCodium because
| they are just a feature of the language server based on
| Roslyn analyzers and auto-fixers. It works with anything
| that integrates that and the language server itself ships
| with SDK to my knowledge.
|
| All in all, the tooling situation is pretty good with
| multiple IDEs, commercial and community tools offered to
| be able to program in .NET languages, most languages HN
| loves to sign praises to do not have this. The same
| applies to GUI frameworks too - it's funny to read how
| .NET is "anti-linux" because out of AvaloniaUI, Uno, MAUI
| and a bunch of smaller libraries MAUI does not happen to
| target Linux. Some people just like to hate something,
| and if the reason for that goes away they come up with a
| new one.
| neonsunset wrote:
| I'm curious why are you still maintaining the first one where
| it clearly links to Miguel's comments who is less than fond
| of .NET nowadays and is advocating for Swift of all things?
| Moreover, it speaks more of the tools teams management and
| management outside of .NET than .NET itself and you should be
| very well aware of that. It's been a link people repost ad-
| nauseam here with no constructive dialogue whatsoever
| whenever .NET is suggested as an arguably better tool for
| solving problems it's good at solving.
| giancarlostoro wrote:
| > The best advice for open source maintainers who are being
| approached by large tech companies is to be very wary
|
| Drop them a consultation fee in the thousands per hour, get
| something out of it at least. If they're going to reimplement
| your project, there's absolutely 0 you can do, they will just
| hire an intern and tell them the requirements for what you have
| built without having to meet you, ask them for expenses out of
| your day covered.
| Y_Y wrote:
| > Gates: OH, I DIDN'T GET RICH BY WRITING A LOT OF CHECKS.
|
| > Gates: ( fiendish laughter )
|
| https://frinkiac.com/caption/S09E14/1158256
| anonym29 wrote:
| Microsoft runs on trust... like a car runs on gasoline
| SamuelAdams wrote:
| Another example here, Google forked a GCS fuse driver and the
| author found out later and posted on HN about it:
| https://news.ycombinator.com/item?id=35790223
|
| Edit: apparently Google did not use the author's codebase,
| instead using an Apache 2.0 licensed codebase [1] explained
| here [2].
|
| [1]: https://github.com/kubernetes-sigs/gcp-filestore-csi-
| driver
|
| [2]: https://news.ycombinator.com/item?id=35863944
| yownie wrote:
| The cultural amnesia about how these companies have operated in
| the past and continue to operate just continues to boggle me.
|
| It's as if we've learned nothing about exploitative corporation
| behavior for the last 20-30 years even though it's in the news
| EVERY other day.
| ohgr wrote:
| Yeah. I remember the big hoo haw on here a few years back
| that Satya turning up was the table turning event that would
| fix all evils. Literally rainbow unicorn shit levels of
| brigading. I got downvoted to oblivion for suggesting we hold
| off judgement.
|
| And here we are ...
| pjmlp wrote:
| What can you expect when the same group of folks has given
| the control of the Web to Google served on a plate?
| redbell wrote:
| > Not sure how people fell so hard for "Microsoft <3 Open
| Source" but it's never been true
|
| I think it's important to highlight that the " _Microsoft <3
| Linux_" narrative deserves some scrutiny too: (https://old.redd
| it.com/r/linux/comments/lbp1m8/for_anyone_th...)
| onehair wrote:
| Well it does love open-source, it lives free access to source
| code it would otherwise had to put money into developing the
| same thing xD
| babarock wrote:
| "breaking the licenses"?
|
| "without attribution"?
|
| Did we read the same article?
| diggan wrote:
| If you'd care to be a bit more specific, I might be actually
| be able to explain _something_ to you.
| palata wrote:
| I am genuinely interested: everybody here says that they
| removed the copyright headers. But when I browse through
| the Spegel sources, they _do not contain_ a copyright
| header...
|
| To me it's the Spegel author's fault: there should be a
| copyright header in every single file, such that Microsoft
| would have to keep it.
| MyOutfitIsVague wrote:
| MIT license doesn't require copyright headers. You need
| to credit the authors even if the files don't have
| headers.
| palata wrote:
| Microsoft does credit the authors on their README. Maybe
| it's not exactly the right way to do it, but they do it.
|
| Now if it's not the right way to do it, what about
| opening a PR and asking to change it? Instead of writing
| a blog post to complain about them?
|
| Now maybe those engineers thought they did well, will get
| issues internally because of the bad publicity for
| Microsoft, and next time they want to use an open source
| project their legal department will be even more of a
| pain in the ass because if they aren't, then random
| people on the Internet use that to do bad publicity for
| the company.
|
| Why not assuming that they are in good faith here? There
| are enough reasons to hate Microsoft other than this one.
| MyOutfitIsVague wrote:
| They do not credit the authors. They thank them for their
| "insight". That's very much not credit for copied code.
| Kubuxu wrote:
| The question is who does the copyright belong to in this
| repository. It is both original author and Microsoft
| (because they took authors code and modified it). So the
| License file should mention both.
| palata wrote:
| I am not convinced that the main LICENSE file should
| mention both. I feel like somewhere, in the project,
| there should be a copy of the original license.
|
| When you depend on a third-party, you don't add their
| copyright in your main LICENSE file.
| Kubuxu wrote:
| In case of deps, the dependency comes with its own
| LICENSE file.
|
| In this case the code is essentially forked, integrated
| and intermingled, so that is why it should be in the
| LICENSE file.
|
| If it was file or two, it would be fine to add a comment
| pointing to the license file in the repo, if it was a
| directory, or to copy it verbatim to that file. It all
| the copied code was in a directory then having it in
| directory would be fine.
|
| In this case it looks like they took the original code
| and heavily modified it, so the simplest way to solve it
| is one LICENSE with both notices.
| vvillena wrote:
| It's in the LICENSE file. With a MIT license, you assign
| a copyright to the project, or to a certain set of files.
| The Spegel license attributes copyright to "the Spegel
| authors", while Peerd attributes it to "Microsoft
| Corporation".
|
| If some of the peerd code was lifted from Spegel, it's
| blatant stealing. Code attribution is the only thing a
| MIT license asks people to honor, and Microsoft couldn't
| even do that.
| palata wrote:
| > If some of the peerd code was lifted from Spegel, it's
| blatant stealing.
|
| Could we say "it's incorrect attribution"?
|
| > and Microsoft couldn't even do that.
|
| Did you consider it may have been done by an engineer
| who, in good faith, thought they were giving proper
| credit by adding it to the README? Would you want that
| engineer fired because of the bad attribution?
|
| It's not like Microsoft is making millions out of this.
| Sure, they should fix the attribution. It's a mistake.
|
| Most startups/small companies I've seen rely heavily on
| open source and fail to honour _every single licence_.
| This is bad and nobody cares. Here, Microsoft mentioned
| the project in the README (which is not enough, but not
| nothing), and I 'm pretty sure that they can fix it if
| someone opens an issue. But overall, companies like
| Microsoft do honour licences a lot better than startups
| in my experience.
|
| BigTech is evil for many reasons, but maybe we could
| consider that this is just an honest mistake.
| vvillena wrote:
| Of course it was a mistake. In fact, as of 20 minutes
| ago, the mistake appears to be sorted out, with both the
| main license file and the offending files sporting new
| copyright headers.
|
| But corporations hiding behind their workers is a no-go.
| Corporations get to enjoy their successes, and it's fair
| to hold them accountable for their failures. Least
| Microsoft can do is a bit of public comms work detailing
| what they will do to ensure these mistakes are not
| repeated in the future.
| whywhywhywhy wrote:
| Can't help but feel no matter what they'd done there
| would be some route of thought that leads them to
| wronging the author other than just paying and using the
| code as is. I don't know why a corporation would do that
| though as they likely have their own changes and
| direction they want for it and working with an unknown
| 3rd party on that could be a nightmare.
|
| From the authors reaction they chose the wrong license
| for the project.
| fidotron wrote:
| It's very similar to being on the receiving end of what
| purports to be seeking an acquisition.
|
| Both myself and my other half have separately been directly on
| the receiving end of the "brain rape" by major companies that
| everyone here will have heard of, both of which went nowhere
| except for the supposedly interested acquirer to become ever
| more angry that the crown jewels were simply not offered up on
| a plate.
|
| This situation is surprising in that he did get an
| acknowledgement at all. These companies are not good actors,
| and have a casual disregard for the IP of everyone else that
| should be immediately obvious.
| orochimaaru wrote:
| Don't entertain meetings without compensation from megacrop.
| But the project is open source. The author provided the right
| for them to take it in any way possible and copy it. If I'm not
| mistaken the MIT license allows what they did.
|
| I'm assuming the complaint is more about Microsoft duplicity in
| asking for information as opposed to the forking of the code.
| The latter is fine - the license explicitly allows it.
| robmccoll wrote:
| You are mistaken. The license explicitly allows it subject to
| the terms of the license:
|
| > The above copyright notice and this permission notice shall
| be included in all copies or substantial portions of the
| Software.
|
| Microsoft didn't follow these terms. They copied "substantial
| portions of the Software" and didn't include the notice.
| palata wrote:
| Which notice? None of the *.go source files I have opened
| in Spegel contain a notice. Microsoft cannot remove a
| notice that does not exist...
|
| In my opinion, it's the Spegel author's fault: they should
| have added a notice in every single file!
| tedivm wrote:
| The "notice" is the literal license file. It is illegal
| to strip someone else's license from their work. It
| doesn't matter that they replaced MIT with MIT, because
| they stripped the author and attribution from it.
|
| https://github.com/Azure/peerd/blob/main/LICENSE
|
| If you read that file you'd think that Microsoft was the
| copyright holder, but they very clearly aren't.
| palata wrote:
| > but they very clearly aren't.
|
| Peerd seems very different from Spegel, so Microsoft does
| hold quite a bit of copyright over Peerd.
|
| Now I genuinely wonder if the main LICENSE should say
| "copyright Spegel and Microsoft", or if somewhere in the
| repo Microsoft should just have a copy of the Spegel
| LICENSE file?
| robmccoll wrote:
| Generally, you would want to do one of:
|
| a) Keep any code that you've pulled in from another
| project in its own directory structure with a license
| file indicating where it came from and its licensing
| terms.
|
| b) If you intend to modify the code or integrate it more
| tightly with your own, copy the notice into each source
| file that was taken and perhaps put a pre-amble along the
| lines of "Portions of this file were copied from XXX
| under the MIT license as follows:". Ideally you would
| make a commit with the file in its initial state as
| copied, and then if you ever need to determine what came
| from where and how it was licensed, it shouldn't be too
| difficult.
| palata wrote:
| Generally, what I take from this discussion is that what
| you want to do is get as much inspiration as you want
| from the code, but _absolutely rewrite it from scratch_
| such that it is yours and yours only.
| tedivm wrote:
| What you're proposing, updating the license file to list
| the authors, is a pretty common way to do this. It does
| mean that the code is mixed a bit, so it would be hard to
| split who owns what, but this is only relevant if one of
| the copyright owners wants to change the license (as they
| can legally only do that to the code they own).
| int_19h wrote:
| From my own past experience working with F/OSS at
| Microsoft, they should at the minimum have "third party
| notices" file somewhere in the repo. Something like this:
| https://github.com/microsoft/debugpy/blob/main/src/debugp
| y/T...
| w0m wrote:
| It looks like they relatively recently migrated the
| entire codebase from Apache to MIT. I wonder if that was
| in relation to pulling in code from Spegel. They updated
| ~every header.
| noisy_boy wrote:
| > Not sure how people fell so hard for "Microsoft <3 Open
| Source"
|
| Give them a (somewhat) open source IDE and they start believing
| you are friend of open source in general.
| lucb1e wrote:
| There's also WSL, .NET Core, they own GitHub and continue to
| host a lot of stuff for free, and more things I'm forgetting.
| I think the IDE was the least of it frankly. People do seem a
| bit too gullible because all of these things serve
| Microsoft's bottom line more than it does open source
| developers' (isn't it nice that we can now run Linux things
| right in Windows? How convenient that you don't need to dual
| boot and boot out of Windows rather than using WINE to run
| Windows things on Linux..!), but to say that it was all
| because of the electron IDE version named after a much better
| IDE is misrepresenting the situation
| trelane wrote:
| Yep. Microsoft loves open source. Free Software and
| especially user freedom, not so much.
| Tireings wrote:
| Or it was just a team inside Microsoft and he thought
| "Microsoft" talked to him and saw already dollar signs?
|
| Open source license is there for reasons, he can sue them if
| they did it wrong.
| cestith wrote:
| Generally a court likes for a plaintiff to try to resolve a
| dispute before suing. The author should contact the Peerd
| team at Microsoft and point out that they seem to have
| overlooked their obligations under the license. Only if they
| refuse to do anything would it be worth considering a
| lawsuit.
| lurk2 wrote:
| > Seems it isn't the first time Microsoft leads open source
| maintainers on, trying to extract information about their
| projects so they can re-implement it themselves while also
| breaking the licenses that the authors use.
|
| Can't they just read the source themselves? Why do they need
| the maintainer?
| j45 wrote:
| Maybe AI couldn't explain it to them?
| lofaszvanitt wrote:
| NO, just NO!
|
| And this is done by the owners of Github. Throw away open
| source licenses, create your own, make anyone who forks your
| code perpetually pay for your work, or ask money for your work.
|
| "Luckily, I persisted. Spegel still continues strong with over
| 1.7k stars and 14.4 million pulls"
|
| Yeah, your time is your most precious resource and what you get
| in return? Recognition? virtual stars, pulls, essentially
| numbers, essentially nothing. And then you get robbed.
|
| WAKE THE FUCK UP PEOPLE.
| zdragnar wrote:
| I think this behavior stems from how big companies do
| performance reviews and promotions for developers.
|
| Contributing to someone else's open source project is for
| schmucks and juniors. Authoring a "new" open source project in
| the company's name, getting recognition and solving problems is
| seen as "leading the industry" and whatever other wankery
| sophistry they come up with to try to motivate employees with.
| akudha wrote:
| The most depressing thing about such behavior from MegaCorp is
| that they are too lazy to even _pretend_ to care. We meet lots
| of people in life who would appear sincere, talk sweetly etc,
| but it is all just a show, just acting. Now it is a different
| discussion on which is worse (acting like you care or just flat
| out being a dick) but _acting_ takes some effort. These
| companies with near infinite money can 't be bothered to even
| put in the slightest bit of effort - how much effort would it
| be to give a shout out to Keivan when they copied AppGet to
| make WinGet?
| neonsunset wrote:
| Yeah, at this point I feel .NET could benefit from being made
| into a proper marketed as independent foundation (and not the
| failing .NET foundation that does very little).
|
| Because all these actions will get associated with .NET teams
| even if the latter go to great lengths to collaborate with
| community and ensure that new feature work does not step onto
| the toes of existing popular community libraries (for example
| Swashbuckle or eventing/messaging framework that was
| postponed/cancelled not to interrupt the work of other
| libraries including MassTransit, which is a bit ironic as
| MassTransit went full commercial later).
| j45 wrote:
| This feels like the scene from Silicon Valley about brain rape.
|
| https://www.youtube.com/watch?v=_STfy0QQjJY
|
| Also, many large orgs are known to do this.
|
| Billion dollar companies are not hanging out with you to be
| your friend, even if you're at the table for a reason (you
| belong there because you know something they don't).
|
| When speaking with big companies, you are not there to impress
| them.
|
| Speak for impact + meaning, they are so big and brilliant and
| rich and should already know how.
|
| There are examples where a large corporation simply sponsored
| the developer and development of an open source project. This
| should be the way.
| j45 wrote:
| Thanks for sharing this old thread.
| benwilber0 wrote:
| Don't use one of the most permissive licenses in existence and
| certainly not one that doesn't provide copyleft. This is all very
| well established at this point and yet somehow the GPL seems to
| have gone out of vogue.
| diggan wrote:
| > Don't use one of the most permissive licenses in existence
|
| Does it matter what license you use if they actively ignore the
| terms in the license you did chose? MIT requires attribution,
| but they didn't. Why would any other terms be different? You
| surely could have put "You must license your project the same
| as the one you forked from" and they still would have ignored
| it, not sure what the difference would have been.
| bayindirh wrote:
| MIT doesn't need attribution. Original BSD does, but revised
| and most widespread BSDs do not.
|
| GPL/AGPL would prevented this somehow, requiring proper
| attribution via mandatory source code release, and allowing
| to track project origins. This would make it harder to label
| it as a "a Microsoft Product from Ground Up", and prevent
| Sherlocking the original application to a greater degree.
|
| As a result, this would probably forced Microsoft to develop
| a new one from scratch, because they're allergic to GPL,
| because if they have breached GPL, they would be forced to
| comply, since GPL is court tested already.
|
| So, write Free Software. Not Open Source. Esp. for your
| personal projects.
| Zambyte wrote:
| > The above copyright notice and this permission notice
| shall be included in all copies or substantial portions of
| the Software.
|
| Source: the MIT license.
|
| https://choosealicense.com/licenses/mit/
| bayindirh wrote:
| There's no writing in that license which I can't change
| the copyright after forking the code.
|
| There's a copyright line, check. There's the permission
| notice, check.
|
| The rest is just goodwill and ethics, which is not a very
| valuable currency in software in these days.
| Zambyte wrote:
| You can't just remove the above copyright notice and
| replace it with your own and claim you retained the
| copyright notice lol
| bayindirh wrote:
| Can you give me a couple examples how this is done? I
| mean, in terms of actual repositories.
| throwaway277432 wrote:
| The easiest way to do it is to add your own copyright
| line _above_ the original LICENSE copyright line.
|
| That way anyone touching the project can just add their
| own line on top.
|
| Done.
|
| EDIT: Example: https://github.com/go-
| gitea/gitea/blob/main/LICENSE
|
| A more complicated way to do it is to add a folder that
| contains the original LICENSE file or files. Sometimes
| there is more than one license, or the license texts
| differ. In that case, you _must_ preserve _all_ the
| different variants, even if they all call themselves MIT.
|
| Then, you can optionally add your additional own LICENSE
| file * only iff* it is compatible with all existing
| LICENSES. In the case of the MIT license, you may
| relicense, sublicense, or use a different license in
| addition, provided it is MIT-compatible. With e.g. GPL
| you can't. Note that you still have to preserve all the
| original LICENSE files in the repo.
| Zambyte wrote:
| Original license of Redis is retained in the form Valkey:
|
| https://github.com/valkey-io/valkey/blob/unstable/COPYING
|
| Third party licenses retained in a THIRDPARTY file in
| MariaDB
|
| https://github.com/MariaDB/server/blob/main/THIRDPARTY
|
| Only two good examples I could quickly find.
| throwaway277432 wrote:
| No!
|
| Once you change the copyright line, you no longer include
| "the above copyright notice". At that point you're
| violating the license.
|
| You are also not allowed to change the copyright notice
| or license text in any way (you may however add to the
| license, which is a loophole other licenses such as GPL
| fix.)
|
| Substantial is subject to (legal) debate as the Oracle
| vs. MS case has shown. Whole functions or large parts of
| files however should always be considered substantial, as
| the software would otherwise not work.
|
| I'm seriously flabbergasted at how bad reading
| comprehension seems to be among coders.
| bayindirh wrote:
| > I'm seriously flabbergasted at how bad reading
| comprehension seems to be among coders.
|
| Sorry to deflate your amazement, but I made the remark
| because I have _never_ seen a permissively licensed
| repository which changed hands and had multiple copyright
| lines _in the last 20 years or so_.
|
| Maybe it's not my reading comprehension (and English is
| not my native language to begin with), but the behaviors
| of other coders to begin with.
|
| Maybe we shouldn't point fingers to others and not forget
| that three are pointing towards ourselves. Eh?
| throwaway277432 wrote:
| I've seen plenty of both. I've added one good example in
| my other comment. But it certainly depends on the
| community and programming language as to how serious
| licensing is treated.
|
| But yes, many people are not complying with the license
| literally, and it's frustrating to see. I know it
| basically doesn't matter unless you go to court over it,
| but still it irks me and screams a sort of carelessness
| about the rules and social contract.
|
| Sorry for criticising your reading comprehension, I did
| not mean it as a personal insult.
|
| It's just that I see these types of responses so often,
| basically every time any licensing question comes up.
| Twice in this thread. And all that's required is to just
| read the very short and basic MIT license text itself, no
| lawyering required.
|
| I can understand the native speaker part, but just know
| that I myself am not a native speaker either. But I
| understand that's a huge barrier.
|
| But even native speakers on HN with serious software
| engineering jobs and skill don't understand it, or don't
| want to understand. I think it's a bit like when people
| see math proofs, they mentally just skip over it.
|
| That's the part that continues to amaze me.
| ryao wrote:
| OpenZFS has many files with multiple copyright lines in
| them.
| sublimefire wrote:
| Yes and they do redistribute under MIT as well, there is
| no foul play here
| Zambyte wrote:
| https://github.com/Azure/peerd/blob/main/LICENSE
|
| I don't see "Copyright (c) 2024 The Spegel Authors" (the
| "above copyright notice" in https://github.com/spegel-
| org/spegel/blob/main/LICENSE) anywhere. Where do you see
| it?
| ryao wrote:
| To be fair, Spegel changed the copyright notice in 2024.
| It used to say someone else. That said, Microsoft is
| definitely missing the notice.
| cestith wrote:
| The original author can change their own notice. Why
| would that be a problem?
| Zambyte wrote:
| Well they could technically have proper attribution
| without the literal string "Copyright (c) 2024 The Spegel
| Authors" if they included an older copyright notice that
| was more appropriate. I think that was the point they
| were making.
| ahoka wrote:
| They are essentially claiming copyright here for
| something they don't have the license for, no?
| Asmod4n wrote:
| GPL doesn't help you with them taking your idea and doing a
| clean room implementation.
|
| You'd need to patent your idea to stop that.
| bayindirh wrote:
| I never claimed that?
|
| Citing myself from my comment:
|
| > As a result, this would probably forced Microsoft to
| develop a new one from scratch, because they're allergic
| to GPL, because if they have breached GPL, they would be
| forced to comply, since GPL is court tested already.
|
| So, we seem to agree here.
| jeremyjh wrote:
| GPL/AGPL might have improved the attribution, but they
| would not have prevented anything else from happening
| because Microsoft is publishing the source code.
| liveafterlove wrote:
| Is this really true? Whats the point of even licensing our
| repo then?
| staunton wrote:
| A major point is communicating your intentions to people
| who care about them and who will respect how you wish your
| project to be treated.
| diggan wrote:
| Well, there are other companies than Microsoft out there,
| most of which tend to respect FOSS licenses when they fork
| projects/interact with the ecosystem, at least in my
| experience.
| gwd wrote:
| > Does it matter what license you use if they actively ignore
| the terms in the license you did chose?
|
| If they're breaking the license, go talk to a lawyer. You
| might start by approaching the SFLC [1] (although I haven't
| heard much from them recently).
|
| [1] https://softwarefreedom.org/
| diggan wrote:
| Sometimes social pressure can be a cheaper approach, time
| will tell if it'll work in this case :)
| YetAnotherNick wrote:
| Is there any for profit law firm which works without fee in
| cases like these and split the earnings? Needing to pay
| lawyer upfront makes it hard for individuals to sue mega
| corp even if they were clearly wronged.
| sublimefire wrote:
| MS has internal tools that scan dependencies etc and flag
| them against legal team if anything is fishy. License choice
| matters quite a bit, they will not risk litigation.
| diggan wrote:
| Guess they should start using those tools when they setup
| their "looks-like-acquihire-but-really-is-a-brain-dump"
| meetings so they could flag the FOSS projects they want to
| rewrite internally.
| baq wrote:
| People who run the meetings are not people who run the
| scanners. See also: Microsoft's org chart
| https://imgur.com/gallery/org-charts-uBcF28f
| baq wrote:
| If you worked at a megacorp you'd know they care a whole lot
| about not allowing GPL code anywhere near their propertiary
| repos; this is usually enforced by IT security (NOT
| engineering) with dedicated scanners, confirmed matches are
| _at least_ highest priority bugs.
| mvdtnz wrote:
| Not just mega corps. Everywhere I've worked for the past
| 10+ years treats GPL code like leprosy. You just don't go
| anywhere near it for any reason. It's the first thing you
| look for when taking on a new external dependency.
| trelane wrote:
| Yeah, giving massive corporations a free ride has been
| incredibly successful for corporations. For their users
| not so much.
| mickael-kerjean wrote:
| Everywhere I've worked for the past 10+ years treats open
| source like a candy store to benefit from and wouldn't
| allow contributing code back
| LtWorf wrote:
| There's a megacorp using my GPL library internally.
| They've even blogged about it.
| zamadatix wrote:
| It matters because the only thing which can be claimed to
| have been ignored here is missing the line "Copyright (c)
| 2024 The Spegel Authors" in the main license file. Now that
| it's brought up https://github.com/Azure/peerd/issues/109
| that'll probably be fixed.
|
| What remains after full compliance with the MIT license
| choince will be the bulk of the complaints in the article.
| diggan wrote:
| > It matters because the only
|
| So if the author instead used GPL, this wouldn't have been
| a problem? Call me pessimist, but I don't think Microsoft
| would have cared if it was MIT, GPL or even missing a
| license (so copyrighted by the author), they would have
| made the same choice as they just now did.
|
| I'm sorry, but it's really hard to understand what you mean
| here, how choosing GPL would have somehow lead to a
| different outcome.
| riquito wrote:
| For the copyright part, it wouldn't have lead to a
| different outcome. What could have been different is that
| Microsoft could have had difficulties in working on a GPL
| fork which is harder to resell (you can, but people are
| sometimes afraid for good or bad reasons) and so
| Microsoft could have proposed to the author to sell them
| a copy with a different license.
|
| But reading the article, the author appears to be more
| disgruntled by the fact that a behemoth forked his
| project than the mishandling of the copyright that can be
| fixed with one PR (he is right to be pissed about that,
| but that's an easily solvable problem, I doubt Microsoft
| will stand against it).
| trelane wrote:
| I suspect that damages may also play a role in practical
| resolution of infringement.
|
| There is a large difference between "they didn't put in a
| sentence that they needed to," and "we have 30 users who
| didn't get the source code that they were required to
| receive."
| zamadatix wrote:
| GPL would have helped with the concerns around the
| distributed software (instead of just source) not clearly
| including attribution/copies of the license (which would
| also lead to a better form of notification than the
| conference and webpage acknowledgement). These were also
| the types of points Tanenbaum famously regretted
| regarding MINIX https://www.cs.vu.nl/~ast/intel/ despite
| him not having the further regrets in the article.
|
| I do agree for the author to be _fully_ happy they would
| probably have wanted something even more restrictive than
| any traditionally "open" license like GPL, but about any
| choice would have better aligned with their desires than
| MIT.
| LtWorf wrote:
| When legal reads "GPL" they go completely crazy. Had it
| been GPL they'd have most likely told the developers to
| stay really really far away from that code.
| throwaway2046 wrote:
| > somehow the GPL seems to have gone out of vogue.
|
| Which GPL is that? The GPL 2 and 3 are incompatible with each
| other, making cross contribution between different FOSS
| projects practically impossible. The "v2 or later" licensing
| model does nothing to remedy the problem. See Rob Landley's
| talk on this topic.
| palata wrote:
| And there is not only the GPL. MPL and EUPL are great, too!
| keepamovin wrote:
| Forked up the wazoo.
|
| That said, Microsoft provides extremely generous Startup
| Assistance (to the tune of > 150K of Azure credits). Disclaimer:
| I'm not affiliated with MS but I did their program, also did the
| Gcloud and AWS programs back in the day. No negative comparisons,
| but off the top of my head the Azure program is awesome. I really
| enjoyed working with Azure, and it does what it says on the tin.
|
| You can apply here: https://www.microsoft.com/en-us/startups/
|
| Or here: https://foundershub.startups.microsoft.com/signup
| taormina wrote:
| Oh boy, credits that only work in their cloud. That'll cover
| rent.
| Amekedl wrote:
| This might as well be a LLM generated ad roll performance
| hardwaresofton wrote:
| The future continues to be AGPL
|
| https://vadosware.io/post/the-future-of-free-and-open-source...
| phillebaba wrote:
| I agree with this. It seems to be one of the licenses out there
| that scares the big three cloud providers.
| hardwaresofton wrote:
| And just to be really clear -- it's not _actually_ a solution
| to cloud providers not reusing the code for profit (which I
| assume is the context you 're implying, could be wrong here),
| because AGPL _is_ free software, so people are free to reuse
| your code for commercial purposes. AGPL at least prevents
| making private improvements to open source networked code
| without contributing back.
|
| I think in this situation it might have convinced Microsoft
| to contribute rather than fork... But then again, it's
| Microsoft. Also, they're well under their right to fork and
| keep the changes as long as the license stays the same, etc.
|
| I think another important point might be that "free software"
| aims to protect the _users_ of free software, not necessarily
| the profit-maximizing (I mean to use that phrase neutrally)
| ability of software developers.
| ryao wrote:
| The AGPL doesn't require them to contribute back. It only
| requires them to provide the code to end users upon
| request. No license as far as I know requires people to
| contribute back.
|
| In many cases, project maintainers would not want the
| changed code anyway because it does not align with their
| vision for how things should be done. Linus Torvalds and
| his subsystem maintainers, for example, do not want people
| to send them code dumps containing the hacks people have
| done to private Linux source trees. They want proper
| commits that are done well and have been modified to comply
| with any feedback that they provide.
|
| What the project maintainer here wanted were collaborators
| who would work with him as a team (which is not much
| different than what most OSS developers what), but no
| license requires that and it is rare to get that.
| hardwaresofton wrote:
| This is a good point, the AGPL and free software in
| general is really more about users than individual
| projects and developers.
|
| AGPL may not have convinced Microsoft to collaborate.
| trelane wrote:
| It is _in a roundabout way_ also about collaboration with
| upstream, since the users (or those working for them) are
| fully empowered to be developers if they so choose.
|
| And the upstream and buy the product and get the same
| rights as a user.
|
| But first and foremost it's about the _users._
| trelane wrote:
| The biggest thing that GPL et al. enable is that
| customers are not locked in to their provider.
|
| It's not as much about the collaboration by the vendor
| per se, though users would likely prefer it, and are
| themselves able to collaborate on equal footing.
| jezek2 wrote:
| The problem is that it scares away also others. Personally I
| avoid such projects for any purpose, they simply don't exist
| for me.
|
| I also don't understand the cloud hosting argument, when we
| had a great whole era of Apache/PHP/MySQL stack based on
| exactly this idea of commercial hosting.
| lolinder wrote:
| The anger over cloud hosting came from a specific set of
| Open Source companies that produced cloud software with the
| intention of earning money by selling hosting. Mongo,
| Elastic, and Hashicorp were the big ones. These companies
| failed to realize that the licenses they chose were
| incompatible with the business model they chose and then
| blamed the resellers for their own failure to plan.
|
| It was particularly problematic for the FOSS companies
| because each of these players' plans was to resell the Big
| Three clouds and live off of the margin, so the instant
| that the cloud providers decided to just directly compete
| in the hosting space the original company physically
| couldn't compete on price.
|
| The moral of the story is that if you're releasing cloud
| software as FOSS you can't plan your business around the
| idea that you'll be the only hoster.
| hardwaresofton wrote:
| > The problem is that it scares away also others.
| Personally I avoid such projects for any purpose, they
| simply don't exist for me.
|
| I think this isn't a problem -- not everyone has to
| contribute to any project! People sometimes struggle with
| the choice between GPL and MIT for similar reasons of
| popularity.
|
| People who want the widest possible usage/corporate
| adoption can pick licenses that reflect that and embrace
| the tradeoff
| layer8 wrote:
| > People who want the widest possible usage/corporate
| adoption can pick licenses that reflect that and embrace
| the tradeoff
|
| This subthread started with the implication that people
| shouldn't be doing that. But you are right, that's
| exactly what most are doing.
| candiddevmike wrote:
| We need an updated/modernized AGPL that more explicitly
| delineates what is dependent software. SSPL is probably too
| far, but it has the right idea.
| hardwaresofton wrote:
| What would be the goal of this? I ask because I think the
| nice thing about the current system is that the goals are
| well represented/easy to sum up and defendable.
|
| What would be the goal of a license between AGPL and SSPL on
| the spectrum? Seems like such a license would at the very
| least be non-free? (which is perfectly ok)
| candiddevmike wrote:
| Some projects choose AGPL because they incorrectly read
| that it requires dependencies like calling web services or
| the underlying configuration management to be open source
| (such as Minio). SSPL goes beyond this and requires an
| unsatisfiable amount of dependencies to be open source.
| There should be a middle ground for folks like Minio and
| others that want to prevent competitive hosted offerings as
| that's how they fund the open source version.
|
| Whether this would be considered non-free is up for debate
| IMO. Why would a license like this be considered non-free
| when the GPL is free? Is it the scope of it? The OSI would
| hate it because they represent the organizations this is
| meant to curtail.
|
| Though most of this is moot if you can just launder code
| through a LLM and magically remove any licensing for it.
| OutOfHere wrote:
| LGPL is sufficient (without the extra baggage of AGPL).
| lolinder wrote:
| The extra baggage in AGPL is what makes it work for the
| purposes that OP wants it. LGPL takes the GPL a step towards
| MIT, where AGPL takes it the opposite direction.
| orthoxerox wrote:
| AGPL without CLA, to be precise. AGPL with CLA is a trap.
| jenadine wrote:
| What's wrong with CLA? I've contributed to project with CLA.
| Have been using them and then wanted a feature and the
| project accepted my patch. Ther are still many people
| contributing to project with CLA.
| buzzy_hacker wrote:
| https://discourse.writefreesoftware.org/t/anti-cla-action-
| wh...
| joshuaissac wrote:
| For an argument from the other side, here is the GNU
| project's defence of CLAs:
|
| https://www.gnu.org/licenses/why-assign.html
| sundarurfriend wrote:
| > If there are multiple authors of a copyrighted work,
| successful enforcement depends on having the cooperation
| of all authors.
|
| > In order to make sure that all of our copyrights can
| meet the recordkeeping and other requirements of
| registration, and in order to be able to enforce the GPL
| most effectively, FSF requires that each author of code
| incorporated in FSF projects provide a copyright
| assignment
|
| FSF is not the average recipient of copyright assignments
| - I'd be much more comfortable giving copyright
| assignment to FSF than to pretty much any other entity:
|
| * They're much less likely to rugpull on the contributors
| and change the licence to something non-free: even
| pessimistically assuming their leadership got subverted
| somehow, doing something like this would pretty much be
| the deathknell to FSF. So there's a known, very high cost
| to the negative side of CLAs.
|
| * They're much more likely than the average project or
| corporation to actually use the positive benefits of
| copyright assignment, to pursue legal action and enforce
| the Free licences the way it empowers them to.
| jenadine wrote:
| That doesn't really explain why.
|
| It seems like what's bothering him is:
|
| > give a single entity, the project steward, a special
| license distinct from the one that everyone else gets, so
| that they may use your contribution in any way they
| please
|
| But that's not a justification.
|
| The project steward is contributing more than 90% of the
| code, maintain the infrastructure and servers, do the
| promotion, ...
|
| So yeah, they may give some condition to accept your
| contribution, but I think that's fair. They don't force
| you to contribute. And depending of the motivation for
| your contribution, you get what you want, eg, the feeling
| of contributing to an open source project presumably used
| by many people, or having that entity to maintain your
| patch for free.
|
| I mean, you can fork if you like, but the likelihood that
| your fork is getting used is not that big, and mean more
| work from your side to maintain the change.
| orthoxerox wrote:
| In addition to what buzzy_hacker has written, in a normal
| FOSS project A I can ask maintainer X to include a feature
| from a compatible FOSS project B written by programmer Y.
| The maintainer can do it themselves, or I can adapt the
| code myself and submit a patch, referencing the original
| authors. That's how FOSS is supposed to work.
|
| In a CLA-restricted project, there's only one entitity that
| can contribute copyleft code. Everyone else must donate the
| code to them, and they forbid themselves from using other
| people's copyleft code, because they can't relicense it.
| sneak wrote:
| The AGPL is a nonfree license, and compliance with it is, as it
| is written, impossible.
| hardwaresofton wrote:
| It's classified as free AFAIK, could you expand/lay down some
| points?
| aryonoco wrote:
| The FSF considers AGPL Free Software (of course).
|
| The OSI considered AGPL, Open Source.
|
| Debian considers AGPL to be compatible with Debian Free
| Software License Guidelines.
|
| FreeBSD considers AGPL acceptable in its ports.
|
| So when you say AGPL is non free, could you clarify exactly
| what you mean?
| Xelynega wrote:
| How is compliance as written impossible?
| lonelyprograMer wrote:
| Whenever I see AGPL project, I close the page, and I believe
| many others would do the same.
| Xelynega wrote:
| Why?
| trelane wrote:
| Because they listen to fear mongering or would prefer to
| _ask nicely_ that megacorps be kind to their users instead
| of just using a tool with legal teeth.
| bobthecowboy wrote:
| They have to wait for the AI scraper bots to steal it for
| them :(
| dilyevsky wrote:
| I dont see how that would've helped with authors complaints in
| this case
| hresvelgr wrote:
| While Microsoft is certainly in the wrong for removing the
| copyright notice, I think the author has zero basis for complaint
| otherwise. If you're going to release software with one of the
| most permissable licenses, you need to accept that for all it
| entails. Consider what you're comfortable with and pick an
| appropriate license relative to your values.
| skywhopper wrote:
| Did they complain about anything else?
| hoistbypetard wrote:
| Mostly no, but I read the overall piece as a complaint that
| they got a fork when they were hoping to get a collaborator.
| masswerk wrote:
| Anyways, the real question should be: what is the most
| productive form for the project/technology? Separate
| efforts may not the answer, we're looking for.
| wat10000 wrote:
| I mean, the title is "Getting Forked by Microsoft," not
| "Microsoft Removed My Copyright Notice." They don't even
| outright state that the fork is missing the required
| attribution, you have to infer it.
| bigstrat2003 wrote:
| Yes, he complains in the last few paragraphs that he feels
| like this form is a competitor. Says that users sometimes
| come to him asking for help with the Microsoft fork, etc.
| Those all very much fall into the domain of "what did you
| think MIT meant exactly", imo at least.
| layer8 wrote:
| No legal basis. They still might have an ethical basis
| regarding Microsoft's behavior, because law != ethics.
| paxys wrote:
| If the author has ethical concerns with companies using their
| work there's a simple way to make that explicit and
| unambigious - the license. No one can read their mind
| otherwise.
| veber-alex wrote:
| It's not the first time I see something like this.
|
| The flake8 (MIT license) maintainer is upset that ruff is
| copying his lints, for example.
|
| I find the whole thing bizarre.
| minus7 wrote:
| If you consult with someone over their project, then
| proceed to fork it behind their back, that's just being a
| dick, even if it was perfectly legal. We should not accept
| that kind of behavior. And that's even ignoring that the
| consultation was unpaid and the project was actually even
| stolen.
| pessimizer wrote:
| > We should not accept that kind of behavior.
|
| What exactly is this supposed to mean? We will not be
| asked. Only alienated teens care if strangers "accept"
| them.
| hnlurker22 wrote:
| I think it's weird they didn't mention anything about Peerd or
| their plans on how to use Spegel to the author. They could've
| atleast said "btw we plan to do xyz" instead of leaving the
| author fantasizing about a collab.
| finnh wrote:
| "fantasizing about a collab" sounds like the world of
| sneakers, not software. What does that even mean in the world
| of software?
| hnlurker22 wrote:
| Dreaming of a contribution from Microsoft
| canucker2016 wrote:
| In a reply from an Microsoft employee who's familiar with the
| situation, some group in Azure wanted support for some Azure-
| specific APIs. The spegel dev decided that was too far out of
| their wheelhouse, so they didn't want to add support in
| spegel for that Azure-specific API. The Azure subteam went
| ahead and added that support into their fork of spegel.
|
| Other changes removed the spegel project's LICENSE and added
| in Microsoft's LICENCE file and copyrights on all files.
|
| see https://news.ycombinator.com/item?id=43755745
| unethical_ban wrote:
| The author said that in the last line.
|
| Highlight the part of the essay where he is claiming MS didn't
| have a right to do what they did.
|
| The point of the article was that MS showed interest in his
| work, asked him about his designs. Said _nothing_ about
| internal plans to fork it or use it. Then he shows up to a talk
| and sees them discussing _his_ work.
|
| Reading between the lines, it is 100% clear they didn't feel
| like telling him they planned to fork his software, and they
| danced around it. They didn't reach out to him afterward and
| say "thanks, we are building a fork and your free time was
| really useful".
|
| The essay isn't claiming a legal issue. It's pointing out a
| substantial, practical issue with OSS that didn't exist nearly
| as prominently in the pre-cloud era: megacorps forking software
| and cutting out the OG developers.
| koiueo wrote:
| > I default to using the MIT license as it is simple and
| permissive
|
| What's good about being "permissive"?
|
| I keep hearing this argument, but I still don't understand,
| what's the incentive for authors of one-man projects to choose
| anything "permissive".
|
| Do you enjoy your project getting forked, walled off and
| exploited for profit by someone who has never done you any good?
|
| AGPLv3 still allows forking, still allows making profit (if your
| business model is sane). But it is at least backed by some
| prominent figures and organizations, and there are precedents
| where companies were forced to comply.
| skywhopper wrote:
| I don't mind sharing my software with others, even folks who
| want to make a profit. Of course, that's easy for me to say
| since I've only released a few small projects open source. But
| when I do, I make my projects fully public domain. I'm not
| interested in feeling any sense of obligation to those who try
| the software out, so I free them from any obligation to me as
| well.
|
| That said, I fully support larger projects being GPL, which I
| think is a more reasonable license for projects that involve
| dozens or hundreds of contributors and are depended on by
| millions around the world. But the role of the MIT and Apache
| style licenses has always felt a little more confusing.
| sublimefire wrote:
| This makes no sense, you want to make sure software gets
| updated in the future, however small. Permissive licensing
| allows companies to hide improvements and this in the long
| term erodes the original. Individuals on the other hand are
| not bound by legal teams and can work with GPL and similar.
| LegionMammal978 wrote:
| The idea behind permissive licensing like this is that you
| don't particularly care about "eroding the original": you
| don't see its ineffable status in relation to others' work
| as something that must forever be maintained.
|
| I've also leaned toward CC0-style licensing for some of my
| smaller projects, that are shared for explanatory or
| artistic purposes. The reasoning is that GPL-style licenses
| give the code its own 'weight' as a unit, that keeps others
| from lifing good ideas from the code and incorporating them
| into their own projects as they wish, at any point in the
| next ~135 years. (The barriers aren't just the
| stereotypical "how dare they make me share my code!" but
| also the realities of license compatibility, having to make
| sure never to lose any version of the source, and so on.)
|
| I agree with GP that this isn't necessarily the best idea
| for large projects that exist for their own sake and that
| companies might find great profit in copying. But it's not
| like all projects fit that description.
| pferde wrote:
| But they wouldn't be under any obligation to you. They would
| be under obligation to whoever they distribute their
| modifications of your code. That's it.
| cmrdporcupine wrote:
| I think attitudes on license reflects on the whole a
| generational attitudes towards corporate use because the
| younger generation of software nerds grew up in epoch-boom-
| times.
|
| During ZIRP-boom-times, having a successful popular open source
| project could be a ticket to kudos and a high paying job and a
| certain level of responsibility and satisfaction. BigCos spread
| the money around, and your job as a SWE ended up being gluing
| together a bunch of these open source pieces to solve corporate
| problems. And on the whole people felt like their corporate
| jobs were giving a fair deal, and a decent dividend for the
| open source work they were doing.
|
| In that context why would you pick a license that your generous
| employer couldn't use?
|
| The GPL and the free software movement is borne out of an
| earlier era, GenX and younger boomers who lived through seeing
| their hard work exploited and stolen from them. Or corporate
| entities that cut budgets, laid people off en masse, exploded
| in stock market crisis, etc and suddenly the good will was
| lost.
|
| I think we'll see a bit of a resurgence in the GPL, as some
| people try to protect the work they've done.
|
| (I do thnk the personality of Stallman himself has become a bit
| of a problem to be associated with)
| koiueo wrote:
| My conspiracy theory: Stallman's "rough edges" were
| deliberately highlighted and blown out of proportion to
| discredit GPL and his overall ideology.
|
| On one hand we have a guy, who just pointed out that the age
| of consent is a culture-dependent concept. On the other we
| have a guy who literally visited Epstein's island to fuck
| minors (as defined by his country of residence).
|
| One is now considered "a bit of a problem". The other is a
| beloved public figure.
| mindcrime wrote:
| > The GPL and the free software movement is borne out of an
| earlier era, GenX and younger boomers who lived through
| seeing their hard work exploited and stolen from them.
|
| There may be something to that, but speaking as a GenX'er
| myself, I release most of my OSS code using the Apache
| License. I really don't care if anybody - from a single
| student in a 3rd world country, to a Fortune 50 megacorp -
| uses the code, so long as they abide by the license.
|
| I'm not going to say there's NO circumstance where that might
| ever change. But to date, that's been my approach and I don't
| _particularly_ see it ever changing.
| gwd wrote:
| I initially had the same reaction to the MIT license; but it
| sort of looks like the GPL (or AGPL) wouldn't have really
| prevented this behavior. Microsoft (it sounds like) is making
| the code available; they've just extended and renamed the
| project. They could have done exactly the same thing (fork,
| rename, release under the same license), with the same effects
| he's complaining about (free-loading the consulting time,
| confusing the community) if he'd made it AGPL.
|
| I mean, consider an alternate timeline. It's clear MS had their
| own, strong vision for the project, that overlapped with but
| wasn't identical to his. Is it actually that much more
| considerate to show up with two dozen new developers suddenly
| flooding a single-maintainer project with pull requests, some
| of which completely restructure the code and re-orient it
| towards a new vision that the original maintainer might not
| want?
|
| Either the maintainer is now doing loads of unpaid labor for
| MS, and is the bottleneck; or he ends up having to step back
| and let the new MS developers bulldoze the project and take it
| over anyway.
|
| What would have been a better approach?
| TheDong wrote:
| I think the better approach would have been to give the
| author a choice of what happens.
|
| i.e. they could have emailed the author to ask:
|
| 1. "Would you rather us fork your project (new name), or
| would you rather donate your project to us under its original
| name, as well as give us the ability to rename it (which we
| will)"
|
| 2. "Would you like a $300 microsoft store gift card as thanks
| for writing some code we're planning to use?"
|
| 3. "Would you be open to providing a paid ($600 microsoft
| gift card) 1-hour consulting meeting to ramp our engineers up
| on your codebase? We won't actually listen since our
| engineers can in fact read, but we'll pay you"
|
| 4. "Also, just in case you don't know who microsoft is, we do
| have a careers page over here, and our team doesn't have
| headcount but other teams do <link>"
|
| It sounds like microsoft didn't do any of that, which as you
| say is well within their right, but emailing to ask is
| polite.
| Y_Y wrote:
| My god, a gift card? What am I going to do, buy FoxPro and
| a month of Xbox Live? Honestly I'd prefer to get no email
| at all than that miserable offer. If the project is only
| worth a couple of hundred dollars to them they're probably
| better off not bothering.
| consp wrote:
| Don't know about the US but here giving a gift card would
| be an in kind payment which requires a contract. And all
| the associated mess with it.
| cmrdporcupine wrote:
| MS would have gone nowhere near said project if it had a GPL
| license on it. Simply because those companies have fears of
| virality.
| Y_Y wrote:
| I agree that Microsoft seems identify more with parasites,
| but they're no strangers to symbiotic relationships with
| viruses.
|
| In fact they do distribute and contribute to lots of GPL
| software, including Linux. I can't be sure their
| involvement benefits anyone other than themselves, but
| theybdo at least participate.
| devsda wrote:
| > In fact they do distribute and contribute to lots of
| GPL software, including Linux.
|
| systemd author is employed by Microsoft.
|
| Depending on your views on MS and systemd, that's either
| a net positive or negative for the linux community.
|
| A tactical move in both good and evil MS scenarios.
| kstrauser wrote:
| I released a fun personal project under GPLv3 and the first
| filed issue was someone saying I should change the license to
| something friendlier to business interests.
|
| Hell no. If they want to profit off my work, pay me. This is
| something I'm doing for fun, on my own terms. It's Free for
| anyone to use as they want, so long as they keep it Free, too.
| pyfon wrote:
| At this point I'd include some of the code as binary blobs
| and "pay me for the source!". In addition to GPL!
| kstrauser wrote:
| Temping, but we don't fight their crummy tactics by using
| the same ones.
| pyfon wrote:
| Why is it crummy? Open source benefits big tech now.
| Especially for cloud based stuff.
|
| Only open source it if it fucks big tech. E.g. bittorrent
| or an alternative browser. Or an app on your local
| machine as a SaaS alternative.
| ryao wrote:
| Blobs violate clause 2 of the Open Source Definition:
|
| https://opensource.org/osd
|
| We are no longer talking about open source software if
| you distribute blobs in place of source code.
| akdev1l wrote:
| They could distribute source code under AGPLv3 while also
| offering paid/propietary pre-compiled binaries
| ryao wrote:
| That is not what pyfon was suggesting. He was suggesting
| publishing binaries instead of source code.
| kstrauser wrote:
| Less permissive copyleft licenses like GPL and AGPL go a
| long way toward preventing that. It's important to choose
| them over weaker licenses if you don't want companies
| using your work without giving back. If you do that, you
| don't have to do other unusual things to protect your
| users' rights.
| throwaway87464 wrote:
| The GPL and AGPL don't prevent corporations from
| plagiarizing your code via AI.
| cestith wrote:
| It does make them legally liable for doing so.
| warkdarrior wrote:
| [citation needed]
|
| Any court cases supporting this form of liability?
| kstrauser wrote:
| Here are a few: https://en.wikipedia.org/wiki/Open_source
| _license_litigation
| gus_massa wrote:
| GPL does not allow binary blobs. MIT and BSD doe.
| jasonlotito wrote:
| In the context of this thread (where the commenter is
| suggesting the author release a binary with a different
| license), your comment is meaningless.
|
| The author of the GPL code can release binary-only blobs
| released under something other than the GPL. Suggesting
| that the copyright holder cannot relicense their code how
| they want is absurd.
|
| Saying the "GPL does not allow binary blobs" implies that
| the author is not allowed to release binary blogs, which
| is not true in the slightest.
| gus_massa wrote:
| Can billg make a repo with win.com and win.bat, and use
| the GPL licence because the win.bat is the source code
| and win.com is only a binary blob?
| taftster wrote:
| Assuming that win.com is able to be stand alone and
| doesn't require win.bat, then yes, Bill can license both
| of these components separately, one under the GPL and
| another proprietary.
|
| The Free Software Foundation (FSF) describes this
| copyleft aspect of the GPL in terms of "derivative works"
| associated with GPL-licensed software. When two
| components are related to each other in a derivative way,
| then the GPL says that the derivative must likewise be
| licensed accordingly.
|
| So in this example, does win.bat simply execute commands
| to get win.com started? Is win.bat a glorified shell
| script wrapper? If so, then win.com would NOT be derived
| from win.bat. The cart follows the horse. But instead, if
| win.bat exposed some symbols or other binary API features
| that win.com was coupled to and depended on, then you
| could rightly argue that the win.com would be a
| derivative of win.bat.
|
| More practical of an example, if a database is licensed
| under the GPL, clients that connect to the database using
| the socket interface do not constitute a derived work. Or
| components in a micro-service architecture do not
| necessarily need be licensed all under the GPL when a
| single component is.
|
| Pluggable architectures are possible with the GPL. And of
| course, your interpretation of what exactly that means is
| subjective and requires case law to help understand.
|
| [edit]
|
| And to reinforce what the parent of yours is saying, the
| author in the original example can do whatever they want
| with the software, since they own the copyright for both
| the GPL and proprietary components.
|
| The GPL is simply a license for non-copyright holders. It
| allows others to be able to use a piece of proprietary
| software without having to establish any additional
| authority with the owner. e.g. it's the means to convey
| how _others_ can use the software and does not constrain
| the owners /authors of the software. Other licensing
| options may be available, if the copyright holder allows.
| gus_massa wrote:
| The GP says:
|
| >>> _At this point I 'd include some of the code as
| binary blobs and "pay me for the source!". In addition to
| GPL!_
|
| So, the proposal is to hide the source code and IIUC if
| someone does this, the whole complete project can not be
| released as GPL.
| kstrauser wrote:
| That's incorrect. As the original author of the work, you
| can release the project under whatever license you
| choose. Doing so may make it impossible for someone else
| to meaningfully comply with it, but that's their problem,
| not yours. It doesn't stop you from choosing the GPL,
| even if it's a bizarre option for that particular
| project.
| gunalx wrote:
| You are perfectly fine to include your own binary blobs
| with your own GPL licensed source, you are not violating
| the gpl as the binary blobs was never under GPL.
| PaulDavisThe1st wrote:
| and as long as the binary blobs are not derivatives of
| GPL'ed code ...
| pjmlp wrote:
| Right, dual license is the way in such cases.
|
| Give downstream how much they are willing to give upstream.
| nicoburns wrote:
| > what's the incentive for authors of one-man projects to
| choose anything "permissive".
|
| The incentive is generally that people enjoy having their
| projects used, be that by commercial companies or otherwise.
| koiueo wrote:
| (A)GPLv3 does not prevent their projects from being used.
|
| That's the point!
|
| GPL family of licenses would've made a difference in this
| aspect for libraries (because afair if you link to GPL code,
| you must be GPL). But for an app? You can use it, fork it,
| modify it... Just make sure you make your changes available
| under the same license. Seems _very_ fair to me.
| nicoburns wrote:
| > (A)GPLv3 does not prevent their projects from being used.
|
| In practice, it does in many cases. Many companies have a
| blanket policy of avoiding these licences. But I agree that
| they make more sense for apps than libraries.
| notpushkin wrote:
| I'm wondering how's it going with the whole dual-
| licensing schtik.
| panzi wrote:
| So they don't use Linux, bash, or GCC?
| vinceguidry wrote:
| Apple doesn't ship any of these anymore.
| koiueo wrote:
| And guess what application developers install immediately
| after getting their MacBooks?
|
| The GPL licensed git.
|
| If I'm forced to use MacOS, I'm fine installing git, GNU
| make or whatever I want for myself. But I don't see any
| downsides in Apple being unable to distribute those
| applications together with their OS.
| vinceguidry wrote:
| Last time I was forced to use MacOS, I did all my work in
| a Linux VM. And still hated it.
| kstrauser wrote:
| > And guess what application developers install
| immediately after getting their MacBooks? The GPL
| licensed git.
|
| Why would they do that? I didn't, because macOS ships
| with version 2.39.5 as /usr/bin/git. You're free to
| upgrade to a newer version, of course, but the included
| one is recent enough for most uses.
| koiueo wrote:
| Does macOS include git? Oh. My bad. I concluded from the
| previous comment that Apple doesn't ship bash because
| it's GPL and hence doesn't ship anything GPL.
|
| And my point was: this is fine. Even if it was true.
|
| But as this is not the case, I see even fewer arguments
| against GPL licenses.
| kstrauser wrote:
| Apple shies away from GPLv3 code. They ship a ton of
| GPLv2 code, though. And as you mentioned, even if they
| didn't, it just takes a moment to install Homebrew and
| get whatever else you want. Apple doesn't stop me from
| installing a new Emacs.
| zamadatix wrote:
| Change "use" to "distribute" (what the license cares
| about) and you're bang on.
| trelane wrote:
| This is a huge difference. The GPL and its flavor are
| explicitly not about _use_. They place zero restrictions
| on use. Unlike, say, just about _all_ proprietary
| software.
|
| It only governs _distribution_ and especially prevents
| distributors from locking their users in, and from
| placing restrictions on their users ' use of the
| software.
| chungy wrote:
| If you count AGPLv3 as a "flavor" of GPL, then it
| absolutely does place restrictions on use.
| trelane wrote:
| Depends on your definition of "user"/"use" and
| "distribution" really.
|
| If the service provider is the "user," and performing
| actions with it on behalf of the _ultimate_ user is
| "use," and not "distribution," then you are technically
| correct. It restricts the service provider from forcing
| their customers to be dependent on the them and/or
| restricting the end users' use of the service, like the
| GPL does for proprietary software the user runs on their
| machine.
|
| I personally disagree that running something on behalf of
| a user makes _you_ the end user, but there 's always the
| GPL if you think that.
| HideousKojima wrote:
| Linux is GPLv2, not 3
| layer8 wrote:
| Not in their products. Internal use is fine, but where it
| gets dicey from a legal point of view is when you
| distribute GPLv3 binaries as an integrated part of your
| product.
| Tijdreiziger wrote:
| Many vendors use Linux in their products.
|
| Think: smartphones (Android), routers, smarthome/IoT
| devices, other embedded devices.
| jlokier wrote:
| Linux in Android is GPLv2 not GPLv3. The v2-v3 difference
| is a big deal to some.
|
| Linux developers made an intentional decision to stick
| with GPLv2 and to remove the "or later version" option,
| so you can't include it into GPLv3 projects as you can
| with most other GPLv2 software.
|
| GPLv3 avoidance is why Apple ships ancient versions of
| Rsync, Bash and Make on its current OSes instead of the
| current versions, and replaced Samba with its own
| inferior SMB service.
| GuinansEyebrows wrote:
| Notably, macOS ships mainly BSD-derived userland utils
| and for the rare GNU software, it's GPLv2 stuff (hence
| zsh as the default shell, while shipping bash 3.whatever
| for compatibility).
| int_19h wrote:
| From my past experience, it goes something like this.
|
| If software is GPLv2, it's penalized relative to more
| permissive options when it comes to picking one. In
| practice it means that it's avoided unless it's "too big
| to avoid", or because the very nature of what you're
| doing requires it - this is the case for e.g. Linux and
| R.
|
| If software is GPLv3, it's considered radioactive and is
| avoided at all costs, even if it means rewriting large
| amounts of code from scratch.
| consp wrote:
| GPLv3 with interpreted code is a legal nightmare you do
| not want. Compiled is manageable.
|
| Then again I've seen companies publishing stuff on
| GitHub, when asked about the license; slapping GPLv3 on
| it but also forcing you to take a license with them for
| commercial use. Yea no, thanks. You just made a poison
| pill somehow even more lethal.
| overfeed wrote:
| This is even more damning because it means the
| maintainers _want_ their MIT-licensed projects to be used
| by for-profit companies, but bellyache when certain big-
| tech companies fulfill the maintainer 's vision.
| p_ing wrote:
| Apple famously migrated away from bash (stuck on 3.2 in
| macOS 15) to zsh to avoid the GPLv3 'problem'.
| krupan wrote:
| There was zero chance of them having problems shipping
| bash and I'm glad you put problem in quotes.
| shagie wrote:
| https://www.gnu.org/licenses/gpl-3.0.txt
| 11. Patents. A "contributor" is a copyright
| holder who authorizes use under this License of the
| Program or a work on which the Program is based. The
| work thus licensed is called the contributor's
| "contributor version". A contributor's
| "essential patent claims" are all patent claims owned or
| controlled by the contributor, whether already acquired
| or hereafter acquired, that would be infringed by some
| manner, permitted by this License, of making, using, or
| selling its contributor version, but do not include
| claims that would be infringed only as a consequence of
| further modification of the contributor version. For
| purposes of this definition, "control" includes the right
| to grant patent sublicenses in a manner consistent with
| the requirements of this License. Each
| contributor grants you a non-exclusive, worldwide,
| royalty-free patent license under the contributor's
| essential patent claims, to make, use, sell, offer for
| sale, import and otherwise run, modify and propagate the
| contents of its contributor version.
|
| This is a "some companies might not want to have to
| litigate that". Whether or not there _would_ be a problem
| is an open question. Legal likely advised not touching
| GPL version 3 out of an abundance of caution.
|
| https://fsfe.org/activities/gplv3/patents-and-
| gplv3.en.html#...
|
| Eben Moglen speaking at the GPLv3 launch, January 16th
| 2006 ... We recognise that
| for parties who have extensive portfolios that are
| extensively cross-licensed, what we are saying here for
| the first time creates questions concerning their cross-
| licenses in relation to their distribution.
| We recognise also that to say that you must "act to
| shield" is not explicit enough. We recognise that this is
| a very hard problem and though we have worked long at it
| we have no unique solution to offer you, even as a
| beginning for conversation. ...
| cestith wrote:
| They still ship bash. It's just not the default shell
| anymore.
| frumplestlatz wrote:
| They ship the last GPLv2-licensed version of bash -- bash
| 3.2 was released in 2006, with minor bug fix patches
| released up until 2014.
| andybak wrote:
| > (A)GPLv3 does not prevent their projects from being used.
|
| It really does. It stops it being used by people who need
| or want to use other licences. I believe it stops it being
| used on iOS and (probably) Android apps. The GPL world and
| the permissive licence worlds are walled off from each
| other in significant ways for lots of reasons.
|
| Source: I maintain an app where I didn't choose and can't
| change the licence. And I come across code I can't touch
| almost every week.
| filmgirlcw wrote:
| > I believe it stops it being used on iOS and (probably)
| Android apps. The GPL world and the permissive licence
| worlds are walled off from each other in significant ways
| for lots of reasons.
|
| I fully agree that (A)GPLv3 code effectively stops code
| from being used by many large companies (every place I've
| worked in the last decade has a near blanket policy on
| refusing to use code licensed that way except in very
| specific and exigent circumstances), but it isn't
| necessarily true that app developers can't use (or can't
| choose to license) (A)GPL code in their iOS apps,
| provided they abide by the terms of the license.
|
| Most developers won't -- or can't -- but the advent of
| dynamic linking of libraries in iOS, as well as the EU-
| mandated third-party app stores (which aren't available
| outside the EU, but still), make the situation a lot more
| grey from the black and white stands the FSF attempted to
| take in the early 2010s. And to my knowledge there have
| been no legal challenges about the use of GPL code in iOS
| apps, so the issue is essentially unsettled.
|
| That said, in most of the cases where I have seen iOS
| apps use GPL code, the full app source was available (and
| that may or may not fulfill the redistribution
| requirements but I'm not a lawyer and I'm not going to
| cosplay as one).
|
| On Android, where full Google Play alternatives like
| F-Droid are available, plenty of GPLv3 apps exist, even
| if they aren't available on Google Play.
|
| But yes, when it comes to incorporating GPL code into a
| non-GPL app, that is much more difficult in the realm of
| mobile than it is for other types of applications.
| andybak wrote:
| > but the advent of dynamic linking of libraries in iOS
|
| I'm not sure you can dynamically link to GPL in this case
| (LGPL _maybe_ )? And I recall that there 's also issues
| around signed bundles used on the various stores.
|
| But the fact that we're not _sure_ and the fact that we
| 're having this conversation rather proves my point.
| People who aren't fully in the GPL world usually have to
| steer clear of GPL code entirely. This goes double for
| hobbyists and small orgs who can't afford a legal team.
|
| > even if they aren't available on Google Play.
|
| As much as it's regretful this is a huge issue for most
| people who want to make apps that other people can use.
| nu11ptr wrote:
| I won't use GPL libraries in my code. I'm quite confident
| I'm not the only one.
|
| If there was no other choice, I may consider something LGPL
| or with the linking exception, but not until I had
| exhausted a search for something more permissive. To this
| day, I've never used GPL in any of my code, open source or
| closed. I've been writing code for 35 years daily.
| Xelynega wrote:
| > I won't use GPL libraries in my code.
|
| Why? Do you also avoid libraries with an even number of
| consonants in the name?
| nu11ptr wrote:
| Strange comment given the obvious differences in GPL vs.
| non-GPL regardless your personal opinion. GPL code means
| if I decide to distribute my project in the future, I
| will have to distribute my source code. That isn't a risk
| I'm willing to take. Some of my projects are open source,
| but I want to retain the option of doing what I want with
| my code, so I don't use GPL licensed code.
| krupan wrote:
| All the replies to this spreading anti-GPL FUD are doing
| Microsoft's work for them. The idea that the GPL is "viral"
| and will latch onto any code it gets near is an Orwellian
| turn of phrase invented by Microsoft from what, 30 years
| ago? And it has worked because people are scared of the
| GPL! It's gonna get you! Don't even get close to it!
|
| Nevermind that Red Hat built a billion dollar business on
| top of GPL licensed code. Never mind the millions of
| embedded systems being sold with GPL code in them.
| Nevermind Google, Facebook, Netflix, etc., etc. all eating
| Microsoft's lunch a thousand times over using GPL code.
| Businesses better stay away! It's dangerous!
| 0xTJ wrote:
| I always choose permissive licenses for personal project, and I
| often avoid depending on other projects that aren't permissive.
| If I want to know that, if I need to, I can grab the code and
| change something. And I want others to be able to remix what I
| make as needed.
|
| The more limitations added on a license, the less open it is.
| Panzer04 wrote:
| Only for the next developer. They can do whatever they want,
| but they aren't obligated to contribute anything back.
| GrantMoyer wrote:
| > And I want others to be able to remix what I make as
| needed. The more limitations added on a license, the less
| open it is.
|
| It's unintuitive, but permissive licenses are not the best
| way to acheive this. GPL's "limitations" are designed to
| maintain the right and abilty to remix code _for the end
| user_. So if say Microsoft forks your library and its fork
| becomes more popular, they can 't make it proprietary after
| capturing the market and effectively stop people from
| remixing what you made.
| bigstrat2003 wrote:
| > So if say Microsoft forks your library and its fork
| becomes more popular, they can't make it proprietary after
| capturing the market and effectively stop people from
| remixing what you made.
|
| Neither can they stop people from such remixing if the
| project used a permissive license. The GP's project will
| still be there, still freely available for anyone to use
| however they see fit. Nobody is stopped from using it in
| any way.
| consp wrote:
| I would like a relatively permissive software license which
| forbids any profiteering (CC-NC but then strictly software).
|
| I'm fine with people using my code, not fine with companies
| profiteering off my work. If you want to use it commercially,
| pay for it.
| 0xTJ wrote:
| If it can't be used commercially, then that's not an open-
| source license. If you choose to license your work that
| way, that's your choice, but you're not making something
| open-source.
| simondotau wrote:
| Who said it can't be used commercially? Just because they
| can't profit from it doesn't stop them using it.
| 0xTJ wrote:
| From the post to which I replied: "If you want to use it
| commercially, pay for it.". I am replying to them talking
| about a license that prevent commercial use.
| wat10000 wrote:
| I've released some utility libraries under permissive
| libraries. I like it when they get used. Even when it's part of
| a large company's closed-source app. Many people don't like
| that, and that's perfectly fine, that's why there are different
| choices available.
|
| What I'll never understand is people who release their project
| with a permissive license and then get upset when a big company
| distributes their own version of the project in accordance with
| the license. If you don't want that sort of appropriation then
| you need to pick a license that doesn't allow it.
| ghostly_s wrote:
| Yeah, as far as I can gather the only thing MS did wrong here
| is not explicitly crediting the project they forked the code
| from, and I don't get the impression the author would find
| adding that one sentence to the docs to be adequate redress.
| I don't get why you would take personal offense at a big
| company forking your code so they can mold it to their
| purposes - the license allows that. Now whether that's the
| right way for a "friend of the OSS community" to behave is a
| different question entirely, but anyone who ever bought that
| horseshit from them has had their head in the sand.
| jen20 wrote:
| Using code per the terms of the license is one thing.
| Stealing it it another, and that is what Microsoft appear
| to have done.
| layer8 wrote:
| In the present case of Spegel, it wasn't in accordance with
| the license, because the fork removed the attribution.
| wat10000 wrote:
| I get that, but it doesn't really seem to be what the
| author is complaining about.
| jenadine wrote:
| Note that in this case Microsoft has not been following the
| license, as they removed the copyright notice
| Copyright (c) 2024 The Spegel Authors
|
| To replace it by their own. Despite the license says
|
| > The above copyright notice [...] shall be included in all
| copies or substantial portions of the Software.
| SoftTalker wrote:
| So if they had left that line in, everything would be cool?
|
| To me, licenses like MIT or BSD pretty much imply "do
| whatever you want with this" I know it's not _exactly_ that
| but if you really care to keep some control over what
| others do with the code, you need a more restrictive
| license (and even then people are still going to copy it,
| especially in the LLM era).
| mlyle wrote:
| > So if they had left that line in, everything would be
| cool?
|
| It certainly would be better.
|
| Forks tend not to have -perfect- relationships and tend
| to cause a bit of mutual annoyance. But attribution is
| important-- it's the most basic step.
|
| When this maintainer is asked how the projects are
| related, it'd sure be nice if _both projects_ are telling
| the same story, instead of one illegally lying about it.
| fnordpiglet wrote:
| Well, it's the difference between plagiarism and
| attribution. If your goal isn't money but a bare minimum
| recognition for what was your work vs someone else taking
| credit for it, yes it's enough.
| vvillena wrote:
| Yes, it would be cool, and it's the usual way to do these
| things. You can license code under a more restrictive
| license, and clarify licensing by adding an extra section
| to the main license, adding the license to a
| subdirectory, or adding license headers to the individual
| files.
|
| Whether the MIT license is the right one to choose is
| probably a different debate.
| optymizer wrote:
| You can "do whatever you want with this code", but
| there's a catch: you have to give credit to the original
| author. You might not care about the credit, but lots of
| people care.
|
| You can't just cherrypick the things you like about a
| license. All of the conditions of the license apply.
|
| You're thinking about what people can do with the code,
| like copying, editing, and distributing. This is not it.
| We're talking about giving credit to the original author,
| as per the license.
| odo1242 wrote:
| A lot of open source software operates on the same
| principles of academic research. Most academic research
| is considered freely available, and other researchers can
| generally use your work as they please, so long as they
| cite the original author.
|
| In this context, not "citing the original author" in the
| copyright statement, labeling the repository as a "fork"
| on GitHub, clearly crediting the original author in a way
| that clearly describes the fact that a significant
| portion of their code is used in the new project isn't
| just a violation of the license, it's _plagiarism_.
|
| So in that sense it could be better potentially.
| paxys wrote:
| Microsoft credited the original author and project in the
| README, which is far more visible than a hidden copyright
| line somewhere in the terms and conditions. If attribution
| was what he wanted he should be really happy about he
| outcome, but clearly that's not what this is about. He is
| simply pissed that Microsoft used his project.
| palata wrote:
| Still, it's illegal for Microsoft to remove the copyright
| as per the licence.
| olejorgenb wrote:
| If they had been factual I the credit I'd agree. When
| it's actually a fork, why not just say so. "This project
| is a fork (or based off) Spegel. Thanks to the authors
| etc" Maybe with a rationale why they forked it. You know,
| just common decency...
| paxys wrote:
| Because it's not a fork. They copied the API and like 100
| lines of unit test code.
| olejorgenb wrote:
| Maybe not a fork, but the author writes "It looks as if
| large parts of the project were copied directly from
| Spegel without any mention of the original source".
|
| So they are exaggerating?
| Aperocky wrote:
| If I owe you $100 by contract, I can't just pay you with
| 1 ton of steel slab delivered to your garage and argue
| that this is worth more and therefore you should write
| the debt off.
| insane_dreamer wrote:
| Because the "payment" that you get for its permissive use is
| the attribution (which can be personal gratification or it
| can professionally boost your profile/opportunities). MSFT
| robbed them of that.
| Salgat wrote:
| Ignoring that Microsoft isn't following the MIT licensing
| requirements, this is my same approach with using the MIT
| license. I create open source software for the benefit of
| everyone, for profit or not for profit. The only thing I do
| wish in return is acknowledgement. That's why in this case,
| I'd reach out to Microsoft to fix that issue, and nothing
| more.
| BeetleB wrote:
| > The only thing I do wish in return is acknowledgement.
|
| Make sure you pick a license that reflects what you want,
| then.
| joshuaissac wrote:
| > Make sure you pick a license that reflects what you
| want, then.
|
| The MIT licence already requires attribution, and that is
| what the author picked.
| BeetleB wrote:
| The person I was responding to began with "Ignoring that
| Microsoft isn't following the MIT licensing
| requirements", and it is clear in his comment that he's
| not referring to the OP's issue, but the issue in
| general.
|
| In other words, he's saying that even if it had been some
| other license, he wants attribution.
|
| That's silly. If you want attribution, say it up front
| (which could simply mean picking the MIT license).
| Xelynega wrote:
| > I create open source software for the benefit of
| everyone, for profit or not for profit.
|
| I have the same reasoning as to why I pick the AGPLv3
| license as the default for my new projects. I want any
| benefits from my code to continue to benefit everyone, even
| if someone is profiting off of it.
| rikroots wrote:
| > I keep hearing this argument, but I still don't understand,
| what's the incentive for authors of one-man projects to choose
| anything "permissive".
|
| My JS canvas library is licensed using MIT. From my personal
| perspective, I wouldn't have any problem with some $MegaCorp
| coming along and forking it, and even claiming it as their own
| creation. But ... why? Because one of the main drivers for my
| development of the library over the past few years is to proof-
| of-concept the idea that 2D Canvas API based infographics and
| interactives can be made - with the help of a JS library -
| performant, responsive and (most importantly!) as accessible to
| every end user as reasonably possible. My ideal outcome would
| be to embarrass other JS canvas library maintainers into taking
| canvas responsiveness and accessibility seriously. If that
| needs a $MegaCorp to come along and fork the library to bring
| my dream closer to reality then I ain't gonna stand in their
| way!
|
| Of course I'd still continue to develop my version of the
| library - it's become my passion and obsession and there's
| always improvements to be made, new ideas to be explored.
| koiueo wrote:
| Remember EEE.
|
| Very likely, you'll end up with a $MegaCorp-backed competitor
| driven by goals very different from yours.
| roguecoder wrote:
| EEE assumes open source software is only going to be
| created if it is widely used. As soon as that isn't true,
| it is irrelevant.
|
| It was effective against companies that relied on
| interoperability and profited when people used their
| software projects. On the other hand, if someone wants to
| add features that my project can't support, it changes
| nothing about my life or work.
|
| When the goal is "make the best software possible", the
| $MegaCorp would only compete by making software that is
| better that what is available in the open source ecosystem.
| That doesn't take anything away from anyone else. It is a
| Pareto improvement: people can pay and have even better
| software, or not pay and use the still-good free option.
| paxys wrote:
| Have to agree with this. There's an endless list of open source
| maintainers who publish an MIT-licensed project then are
| surprised when it is treated as an MIT-licensed project. If you
| want rights, assert them. No one else is looking out for you.
| _Especially_ not Microsoft.
| alganet wrote:
| Maybe many MIT license users want a big company to take in
| their projects.
|
| Big companies have resources to mimic it anyway, right? If
| they really want some tech, they can reproduce it.
|
| Having a good idea flourish, whether it is in Microsoft's
| hands, manifested within Clojure, or in any other fruitful
| form, is good enough.
|
| There is no license for a raw idea anyway. For the essence of
| it. Seeing it used means success, it means "you were right".
|
| The secret counsel of idea honor keepers will eventually
| figure it out and make some kind of repairs.
| pyrale wrote:
| In this case, there's an open source maintainer who was fine
| with a MIT license, and even helping onboard people from a
| big tech firm, only to realize that even attribution was too
| much to ask.
|
| Since the terms of the license were violated, there's not
| much to learn about which license was chosen. The only lesson
| to learn is that big tech will steal everything that isn't
| nailed to the ground, and then some.
| cosmic_cheese wrote:
| While working for companies, many devs have had the frustrating
| experience of finding a library that perfectly solves their
| problem, only to discover that it's GPL3 or similar and thus
| strictly off limits due to company policy. Especially if
| repeated a few times that's enough to inspire use of permissive
| licenses, to help avoid that frustration for their future
| selves (should they change employers) as well as other fellow
| corporate devs.
| koiueo wrote:
| To this I can't relate at all.
|
| If you can't use a library because it's GPLv3, then the
| company would need to invest some time and money into
| reimplementing the features they want. Guess who gets more
| paid work?
| cosmic_cheese wrote:
| Depends on the constraints. You might not get to build that
| proper reimplementation and instead get stuck with quickly
| duct taping together a rough approximation that never gets
| the requisite time and resources to make it good,
| whereafter it becomes a persistent thorn in your side until
| you change jobs.
| pjmlp wrote:
| Still that enough isn't working for most of my customers,
| without an assessment from legal and IT, many times getting a
| commercial one is much easier.
| andybak wrote:
| > Do you enjoy your project getting forked, walled off and
| exploited for profit by someone who has never done you any
| good?
|
| By far the biggest risk for most projects is "nobody notices it
| and nobody uses it".
|
| And if someone "takes" your project and uses it - you've
| usually still got it. Software is funny like that.
| koiueo wrote:
| If the project is good, the license is hardly ever an
| obstacle for adoption.
|
| At least I can't recall any such cases.
|
| Do you have any examples?
| KTibow wrote:
| If it's GPL-like its usage would be mostly confined to open
| source projects.
| maleldil wrote:
| That's the whole point. If you build something on top of
| open source code, your code should be open source too.
| frumplestlatz wrote:
| Those of us who disagree are happy to see our software
| used in any context in exchange for attribution.
|
| The problem that occurred in this case is someone at
| Microsoft taking the code without following the license
| at all.
| andybak wrote:
| Even if this is the case I might not want my library or
| application to be copyleft. Or even if I do - I might not
| want everyone _else_ in perpetuity who uses _my_ code to
| have to use a copyleft licence.
|
| This goes back to the fact that not everyone can choose
| to use a GPL licence and in a world of compromise and
| collaboration, that can be a blocker.
| andybak wrote:
| Yes. GPL libraries especially.
|
| My app project is Apache for historical reasons and can't
| be changed. https://github.com/icosa-foundation/open-
| brush/actions
|
| (and I'm not sure if I would move to GPL if I could but
| that's a separate discussion)
|
| I regularly come across interesting libraries that I can't
| use (half of CGAL for example)
| boramalper wrote:
| As @diggan wrote[0] elsewhere in the thread, the issue is not
| that MIT is permissive but that Microsoft did not honor the
| requirements of the license (despite it being permissive!):
|
| > Does it matter what license you use if they actively ignore
| the terms in the license you did chose? MIT requires
| attribution, but they didn't. Why would any other terms be
| different? You surely could have put "You must license your
| project the same as the one you forked from" and they still
| would have ignored it, not sure what the difference would have
| been.
|
| [0] https://news.ycombinator.com/item?id=43750670
| nu11ptr wrote:
| One should choose a license that fits them. The problem with
| GPL licenses is they are viral and non-permissive. As a
| developer, as soon as I see the GPL I just click away to
| another repo no matter how good the lib is. I don't want people
| doing that to my projects, so I use Apache/MIT or whatever the
| permissive license that is most prominent for the language I'm
| using.
| krupan wrote:
| Hi! Do you work for Microsoft? There is nothing "non-
| permissive" about the GPL. You can use the code however you
| want. "Viral" is a perjorative description that Microsoft
| pioneered the use of to describe the GPL. The GPL is not a
| virus that latches onto any code it gets near, without
| anyone's permission. You should not use that term.
| nu11ptr wrote:
| > The GPL is not a virus that latches onto any code it gets
| near
|
| Honestly, that is EXACTLY how I feel about it. If I use GPL
| code in my code then my code must also be GPL (if I
| distribute). The term seems to fit to me.
|
| And no, I've never worked for MS.
| krupan wrote:
| Viruses are things that latch onto other things _without
| their permission_. If you _choose_ to build off of GPL
| code then yes, you must preserve the GPL license. There
| 's an important difference.
|
| It's actually the same as any other copyrighted code (and
| in the US, all code is automatically copyrighted and
| restricted). You cannot just take code and use it in your
| project. GPL code is nothing special.
| nu11ptr wrote:
| It is very easy to accidently use a GPL library without
| knowing it, especially if it is a dependency of a
| dependency and you aren't using a license scanner.
| kstrauser wrote:
| It's very easy to do all sorts of incorrect stuff if you
| totally ignore your responsibilities.
|
| If you're not redistributing the GPL library, then it
| doesn't matter. If you are, then there are all sorts of
| other licenses which come with the same (or greater)
| headaches.
| pama wrote:
| One could argue that GPL is very permissive. If you need to
| use it in a proprietary way in your own company for internal
| purposes, no problem; if you release software that others
| use, you have to release the code as well. I dont want to be
| using black boxes in this day and age.
| nu11ptr wrote:
| Permissiveness is relative, so in relation to
| MIT/BSD/Apache, it is not.
| jandrewrogers wrote:
| The great thing about permissive licenses is that it maximizes
| the utility of the code. I don't care if someone makes a
| mountain of money by forking my permissively licensed code,
| that is in some sense the objective and I lose nothing by it.
|
| This strain of rent-seeking behavior by some that open source
| their code but then believe they are entitled to compensation
| or forced contributions if the wrong people use it per license
| is distasteful and a bad look. It highlights the extent to
| which for many people the motivations behind their "open
| source" are not actually, you know, open source. For many, open
| source is about the utility of the source code and nothing
| more.
|
| Licenses like AGPLv3 aren't just about the utility of open
| source, they try to litigate concepts like fairness and justice
| at the same time, and open source isn't a great venue for that.
| krupan wrote:
| I'm sorry, but you are way off base. Use is not restricted by
| GPL licenses. People have expressed desires to restrict use
| of GPL code (what if terrorists or pedophiles or Republicans
| use this code??) and Stallman and it's defenders have not
| allowed any restrictions of use.
| jandrewrogers wrote:
| GPL code does not exist in a vacuum. To be maximally
| useful, GPL code must coexist with source code subject to
| different legal, regulatory, and licensing regimes. GPL use
| is only "not restricted" if you completely ignore that
| compliance with GPL can unavoidably result in civil and
| criminal liability. Sure, those potential users are not
| _required_ to avoid civil and criminal liability but that
| is not a serious argument.
|
| Permissive licenses generally allow source code to coexist
| within almost any legal scenario into which source code may
| be placed. This is why I only use permissive licenses both
| for my own open source and for the open source I use.
| krupan wrote:
| I don't think you understand the difference between use
| and distribution, between running code and copying code.
|
| All source code is automatically copyrighted and
| restricted (at least in the US) and you must follow
| copyright laws and license agreements for all source code
| that you copy and distribute. GPL licensed code is not
| special in this regard. How you _use_ GPL software has
| zero restrictions.
| jandrewrogers wrote:
| I understand just fine. Placing any obligations on
| distribution, either mandating or prohibiting, is a _de
| facto_ restriction on use in many contexts. There is a
| lot of source code that you might want to remix with GPL
| code that the user has no control over the legality of
| its distribution. That situation comes up often enough,
| sometimes in unplanned or unexpected ways, to strongly
| incentivize the blanket bans on GPL source code you
| commonly see.
|
| No one has to like it but that is the reality. Pretending
| these aren't real and valid concerns, often by people who
| have no power to change these things even if they want
| to, does a disservice to the health of the open source
| ecosystem.
|
| It is why I stopped releasing GPL code and went purely
| permissive. I've seen the issues it causes people who
| just want to use the code many times. (Ironically, even
| for me with my own GPL code but at least I can
| relicense.)
| throwaway87464 wrote:
| > I don't care if someone makes a mountain of money by
| forking my permissively licensed code, that is in some sense
| the objective and I lose nothing by it.
|
| What if your code is used to actively make the world worse?
| Is that part of your goal? There's no shortage of
| corporations making mountains of money doing exactly that,
| after all.
| matkoniecz wrote:
| > What's good about being "permissive"?
|
| it is good if you do not plan to go for violators anyway
|
| I made some photos and published them on Wikimedia Commons
| (say, of random bicycle infrastructure).
|
| I am fine with people using them without attribution, I expect
| that their use overall furthers my goals rather than damages it
| and if I would release it on CC-BY-SA 4.0 or similar I would
| not go to court over missing attribution.
|
| Therefore I selected CC0, no reason to make things more
| complicated only to people following license.
|
| I selected AGPL/GPL for some software where I would be happy to
| burn pile of money in case of license violation, up to and
| including litigating it in court for 10 years.
| trelane wrote:
| You might not care, but your downstream users might care
| about being locked in.
| bigstrat2003 wrote:
| > What's good about being "permissive"?
|
| For me personally, because I believe in freedom and permissive
| licenses grant more freedom than others do. I don't really care
| for licenses which attach unnecessary strings to what
| recipients can and cannot do with the software.
| atomicnumber3 wrote:
| It's bizarre to me how, despite people criticizing the GPL and
| GNU as too ideological, the people you refer to - the
| permissive people - somehow seem even MORE ideological. The GPL
| to me seems pragmatic - sure technically a minimal license like
| WTFPL (ignore all its legal issues for now) is some kind of
| minimalist idea of pure objective freedom. But the GPL has some
| key "restrictions" that aren't really restrictions and produce
| an ecosystem that WORKS. Meanwhile the permissive ecosystem is
| just waiting to be scooped up by bigcos at their whim.
| asddubs wrote:
| well, it's worth noting that since microsoft is also
| releasing the source code, the same thing could have happened
| with GPL. Though I suspect the author would be even less
| happy if they had done all the same stuff (minus removing the
| copyright notice, even) and then not released the source, so
| that's not me arguing against the GPL
|
| I also think in practice microsoft would have been less
| likely to actually take the code, and probably would just
| have reimplemented the ideas in it if it was GPL
| oehpr wrote:
| Just wanted to highlight your last point so that it's
| clear. Microsoft reimplementing the authors project was
| exactly what they wanted! To see a different
| implementation. A different "take".
| klabb3 wrote:
| These days there is almost nothing good with permissive if your
| project gets used by mega corps specifically. They don't want
| your opinions, your expertise, they don't want to share
| anything back, they won't pay you, and they will even avoid
| giving credit - the lowest of the low. And somehow we're still
| worrying about inconveniencing megacorps as if that mattered,
| at all!
|
| I would love a license that says if your company has a physical
| presence in 10+ countries, one of its executive owns a yacht,
| or even is publicly listed, you need to purchase a license from
| the owners. (As a bonus, if the company is primarily selling
| subscriptions, the license should be in subscription form in
| return). Free (GPL/MIT/whatever) for everyone else.
|
| Even such a crude stupid license would be an improvement over
| today for many. Most importantly I think a large amount of code
| is already closed today, because of the risks. This results in
| worse technical solutions, eg SaaS instead of libs & docker
| images that are easy to fix yourself. I don't understand the
| fear mongering about licenses that Amazon and Microsoft don't
| like. At the absolute minimum, contribute the changes back.
| overfeed wrote:
| > What's good about being "permissive"?
|
| They want widespread usage of their project, but always decry
| _not like that_ when Amazon or Microsoft is responsible for the
| usage.
| kweingar wrote:
| This is the reason why I am so confused by the strain of open
| source thought which says that large companies exploit OSS
| maintainers and ought to pay them.
|
| Maintainers often pick permissive licenses specifically because
| they _want_ companies to use the code. They want their project
| to grow and be adopted, and they reason that GPL would stifle
| adoption.
|
| I don't really like the tactic of making your code as
| convenient as possible for anyone to grab off the shelf when
| they want to use it, and then later turning around and saying
| they should pay you. Why not do the payment part up front (by
| GPL-licensing the code and then selling dual licenses to
| interested companies)? Because then you wouldn't have any
| takers. Better to wait until people have integrated it into
| their systems before informing them that they ought to pay you.
| laeri wrote:
| The author didn't seem to request payment in monetary form
| but expected some kind of contributions back which would have
| helped both sides. It would probably be difficult to include
| some guarantees about upstream contributions into the license
| but interesting takeaway.
| ahepp wrote:
| Doesn't that bring us right back to GPL family licenses?
| stogot wrote:
| I think for me, I've been a beneficiary of using MIT licenses
| (in minor ways, no large or famous projects) and so when I
| publish code I prefer sharing as MIT.
|
| Maybe I should reconsider, but I never thought anyone would
| remove an MIT license. That sounds like plagiarism (though they
| did put a thank you in their repo)
| golergka wrote:
| > exploited for profit by someone who has never done you any
| good
|
| Yes, that's the whole point of open source? Most contributions
| to the most popular libraries and frameworks (not necessarily
| end products) are from employees on their paid corporate time
| to begin with.
| koiueo wrote:
| > Most contributions
|
| How did you count?
|
| > most popular libraries
|
| How did you measure?
|
| I agree this is the case for Linux kernel, for example. But I
| don't know if it applies to entire ecosystem.
|
| > Yes, that's the whole point of open source?
|
| I think it's a gross oversimplification. For some reason
| there is not much code in public domain.
|
| People do want different things in exchange for their work.
| Hence different licenses. Some want to receive credit for
| their work, some want to enrich the opensource ecosystem,
| make it more sustainable. Which brings me to my final point.
|
| > are from employees on their paid corporate time to begin
| with
|
| It's natural for companies to open their code under
| permissive licenses. Very often such code is just a first
| free sample of whatever they are selling: consulting
| services, a SaaS, etc.. So it makes sense to have an attitude
| "do whatever with the code, just please-please-please use
| it".
|
| For an individual developer working on a one-man project the
| incentives structure can't be similar to one of a company.
| Hence my trouble understating why people pick MIT/Apache/BSD
| for their projects.
| calibas wrote:
| It's very simple, the reason people favor a more permissive
| license is generally the same reason they open source their
| code: You want other people to use your project.
|
| Obviously, a more permissive license is going to let people do
| whatever they want with "your" code, as it doesn't really
| belong to you anymore. If you want tight control then it's a
| bad choice, but a more permissive license is almost always
| going to mean your project is more widely used, for better or
| worse.
| aftbit wrote:
| It means that more people and companies can use your software.
| Plenty of orgs will avoid GPL and especially AGPL software out
| of an abundance of caution or because they legitimately need to
| link and customize the software for it to be useful for their
| business case, but do not want to release these (often very
| small & customer dependant) modifications.
| roguecoder wrote:
| Permissive licenses are about contributing to the trade as a
| whole, rather than individualism.
|
| Some of us don't believe that the code we write is "ours" in
| any meaningful way, and don't think strangers using it have any
| obligation to us just because we typed it once long ago.
|
| Personally, I am happy if my code is of use. If people are
| using it for evil I'll fight the evil, not try to withhold good
| things from the world to avoid that possible case. It is an
| approach that is rooted in sufficiency mindset, rather than
| capitalistic notions of false scarcity.
|
| My project being forked doesn't cost me anything at all, but
| caring about it being forked or enforcing a license would cost
| me time and energy I have no desire to spend. Permissive
| licenses accurately communicate the levels of fucks I give,
| while keeping assholes from trying to sue me over having used
| my contributions to the collective wealth of the profession.
|
| If I make the world better for everyone, of course a bunch of
| people who never did anything for me are going to be a part of
| "everyone", basically by definition. What is wild here is that
| Microsoft didn't follow the extremely minimal requirements of
| the permissive license.
| guywithahat wrote:
| Because when people start an OS project, they want to help
| people and grow. MIT license is the best license if your goal
| is to help other people. It's the worst license for building a
| business, but that's usually not what people think about when
| starting a project
| asdefghyk wrote:
| Microsoft does, it because they know they can get away with it.
| Its in Microsofts DNA in my opinion. The company has a long
| history of such practices, decades. Occasionally they meet
| someone who has a enough clout to hold them to account. Sometimes
| they have even tried to copy patented information and get away
| with it. ( Example Microsoft tried to steal the idea of product
| activation. The owner had deep pockets enough for the court case
| cost ~$15M and won several hundred million from Microsoft.) Also,
| Many companies that disclosed information to Microsoft under NDA
| found Microsoft developed very similar products
| skywhopper wrote:
| Not just forked. Microsoft stole the code without attribution,
| violating the license terms. Truly shameful behavior. Best case,
| it was a single engineer who was tasked with duplicating the
| functionality, but chose the lazier, fraudulent route and was
| even too lazy to clean things up entirely. Still, MS should own
| up, correct the record, and make this right.
| Zambyte wrote:
| Copied, not stole. It's unfortunate that the two are so often
| conflated.
| skywhopper wrote:
| Leaving off the attribution makes it stolen. They stole
| credit for the code, in violation of its license.
| Zambyte wrote:
| No it doesn't. It makes it copied without authorization.
| Stolen means the original owner does not have access which
| is not the case[0]. This idea that copying is theft was
| propaganda invented by the MPA[1], and we ought to stop
| parroting it, even when it's Microsoft doing the
| unauthorized copying.
|
| [0] https://github.com/spegel-org/spegel
|
| [1]
| https://en.wikipedia.org/wiki/You_Wouldn%27t_Steal_a_Car
| bitblender wrote:
| Plagiarism is theft because it does take something away
| from the original author (attribution). Plagiarism and
| piracy are different concepts. Making a copy and forking
| the code is not what they did wrong, that part was
| authorized. Deleting the author's name and pretending it
| was their original work is the issue.
| bigstrat2003 wrote:
| The idea that piracy is theft was not invented by the
| MPAA. I arrived at that conclusion myself, and indeed
| most people I've interacted with find it to be pretty
| reasonable. It's only ever been a minority of giga-nerds
| who try to claim that "stealing" cannot cover situations
| involving a non-scarce resource.
| sublimefire wrote:
| Does it not need to be in each file for it to properly
| propagate to another source?
| koiueo wrote:
| Stole.
|
| When you download a movie from torrents, you don't submit it
| for an Oscar nomination claiming you've made it. You just
| copy a file to your computer intending to kill a few hours of
| your time while playing it back.
|
| Microsoft(r)(tm), however, not only copied the code, but
| claimed it's theirs.
| Zambyte wrote:
| Copied.
|
| Claiming the code as authored by themselves did not leave
| the original author without their code. This would not be
| true had they stolen it.
| bgwalter wrote:
| The term "research theft" is widely accepted in academia:
|
| https://www.congress.gov/bill/116th-congress/house-
| bill/8356...
|
| The original researchers still have their ideas and work, it
| was "just" copied. Still, we call it stealing and theft.
|
| In this case, code was taken and the credit was stolen.
| kgwgk wrote:
| Do you own the word? 2 (transitive, of ideas,
| words, music, a look, credit, etc.) To appropriate without
| giving credit or acknowledgement.
|
| https://en.wiktionary.org/wiki/steal#Verb
| achairapart wrote:
| "I choose a lazy person to do a hard job. Because a lazy person
| will find an easy way to do it."
|
| -- Bill Gates
| CommenterPerson wrote:
| Could people say they used "AI" to build the new code?
| martin-t wrote:
| I wish people would seriously consider (A)GPL for their projects
| more often. It hasn't happened here, though has certainly
| happened in the past without anyone knowing - (A)GPL would make
| it hard for them to make a closed source "fork".
|
| In fact, I wish an even stronger license existed which allowed
| the original author to dictate who can build on top of the
| project to avoid exactly these kinds of situations where a
| powerful actor completely disempowers the authors while
| technically following the license (I assume MS will "fix" their
| error by fixing the licensing information but will continue to
| compete with Spegel with the intent to make it irrelevant).
| kstrauser wrote:
| > I wish an even stronger license existed which allowed the
| original author to dictate who can build on top of the project
|
| Such licenses exist. They're just not Free or Open Source. They
| can't be, by definition.
| chii wrote:
| Yep. This is called a commercial license.
|
| What people who want such things really are after is the
| leverage to dictate a form of morality - if you dont have
| money, you are allowed to use the project for free, and give
| back advertising/clout. But if you have money, or could get a
| lot of money for said project, then they want their pay day.
| nathabonfim59 wrote:
| Have you seen the license of llama models from Meta?
|
| > 2. Additional Commercial Terms. If, on the Llama 2 version
| release date, the monthly active users of the products or
| services made available by or for Licensee, or Licensee's
| affiliates, is greater than 700 million monthly active users in
| the preceding calendar month, you must request a license from
| Meta...
|
| ref: https://github.com/meta-llama/llama/blob/main/LICENSE
|
| But again, not open source...
| Zambyte wrote:
| > Software released under an MIT license allows for forking and
| modifications, without any requirement to contribute these
| changes back.
|
| This sentence is true but a bit confusing, because there are no
| licenses that require anyone to contribute changes back upstream.
| hoistbypetard wrote:
| A bit. There are licenses that require people to publish their
| changes, though, and that is almost certainly what the poster
| meant.
| Zambyte wrote:
| No there aren't. You can make changes to AGPLv3 software
| without publishing it anywhere. The only requirement is that
| you make your changes available in source form to anyone that
| you distribute changes to, which may be entirely private, or
| involve no one besides yourself.
| hoistbypetard wrote:
| The AGPL requires that your publish your source to the
| people who use your software over the network.
| Zambyte wrote:
| The AGPL requires that you publish a _notice_ that the
| source is available _on demand_ to the people who use
| your software over the network. The easiest way to do
| this is usually to just publish your changes so you can
| link everyone to it, but that is not a requirement of the
| license.
|
| You can run derivative AGPLv3 software to service the
| public without distributing your changes to the source
| code without violating the license as long as nobody asks
| for the code.
| hoistbypetard wrote:
| From the text of the AGPL:
|
| > The GNU Affero General Public License is designed
| specifically to ensure that, in such cases, the modified
| source code becomes available to the community. It
| requires the operator of a network server to provide the
| source code of the modified version running there to the
| users of that server. Therefore, public use of a modified
| version, on a publicly accessible server, gives the
| public access to the source code of the modified version.
|
| If you're interpreting that as something different than
| "publish", I think you're splitting hairs.
| Zambyte wrote:
| That's not in the terms of the license, that's in the
| preamble as a stated goal. Read sections 4-6. They're not
| that long and don't really have much legalese.
|
| In practice, the goal is met because _someone_ is likely
| to request the source for AGPL software. Publishing the
| code is not a requirement of the license though.
| xaerise wrote:
| To provide changes upstream, the maintainer must accept the
| change. Most opensource licenses are that you are required to
| publish your changes. But not upstream. As you wrote, there is
| no license that forces any "pull requests".
|
| The MIT license is the "easiest" license because there are no
| responsibility for the maintainer..
| Zambyte wrote:
| > Most opensource licenses are that you are required to
| publish your changes
|
| This isn't true either. You can privately fork AGPLv3
| software without violating the license. You only have to
| provide the source (on demand!) to people who you provide the
| software to in executable form (where "executable form"
| includes network based access to the services executing the
| software in the case of the AGPL).
| znpy wrote:
| > Spegel was published with an MIT license. Software released
| under an MIT license allows for forking and modifications,
| without any requirement to contribute these changes back.
|
| If that's what the license says, why is the author complaining?
| Microsoft is complying with the license.
|
| That's what you get for not picking the one of the license from
| the GPL family.
|
| > However, I am not the first and unfortunately not the last
| person to come across this David versus Goliath-esque experience.
|
| Again, this situation was completely avoidable. Stallman had
| foreseen this kind of situations literally forty years ago.
| That's why the Free Software movement exists.
|
| Tangentially related: has anyone notice how the whole Grafana
| ecosystem is going strong and unaffected by forks and corporate
| take-overs? I'm pretty sure that the AGPL license is playing a
| big role into that.
| ABS wrote:
| if only you had kept reading 2 more sentences after the one you
| quoted you'd know: "The license does not allow
| removing the original license and purport that the code was
| created by someone else. It looks as if large parts of the
| project were copied directly from Spegel without any mention of
| the original source"
| krupan wrote:
| Exactly. Microsoft has been doing exactly this kind of crap
| since their very founding. The counter to it has existed for
| decades: GPL. And now AGPL for web stuff. How do you think the
| Linux kernel and GNU runtime have survived this long without
| the MS Embrace and Extend? GPL.
| asim wrote:
| The best you could hope for in these situations is perhaps a job.
| It's not uncommon to see not just in open source but in business
| in general that the large player will try to extract business
| knowledge and reimplement themselves. The code isn't the value,
| it's the people maintaining it and the community or customers
| using it. I've seen it happen with Google and a real business
| also. So I think ultimately cooperation turns into coopetition
| where you're going to compete until some agreement can be
| reached. In a business case, Google fell flat on its face and
| acquired the company I was working at. In the case of open source
| I've raised seen it turn into an acquisition as we've seen the
| forks are really about code ownership for something they run as
| as managed services or use internally. They're rarely buying it
| for the people or community.
| sherburt3 wrote:
| If you don't want people to fork your code, don't explicitly give
| them permission to fork your code. Its like if you put your couch
| on the curb with a sign on it saying "FREE COUCH" and then coming
| home and freaking out because your couch is gone.
| chii wrote:
| It's that a lot pof people want to use the 'free couch' label
| to attract a crowd, but when they spot someone rich, they want
| those marks to pay.
| ptx wrote:
| Almost, except the sign said "Couch provided courtesy of Philip
| Laine as long as this sign is kept intact". And Microsoft
| removed the sign and replaced it with their own "Free couch
| from Microsoft" sign.
| znpy wrote:
| To add some missing context: the MIT license is so small I can
| embed it into this post.
|
| Here it is: Copyright (c) <year> <copyright
| holders> Permission is hereby granted, free of
| charge, to any person obtaining a copy of this software
| and associated documentation files (the "Software"), to
| deal in the Software without restriction, including without
| limitation the rights to use, copy, modify, merge,
| publish, distribute, sublicense, and/or sell copies of
| the Software, and to permit persons to whom the Software
| is furnished to do so, subject to the following conditions:
| The above copyright notice and this permission notice shall be
| included in all copies or substantial portions of the
| Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT
| WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
| NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
| SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
| CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
| OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
| IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
| IN THE SOFTWARE.
|
| Further reference: https://en.wikipedia.org/wiki/MIT_License
| CommanderData wrote:
| That's why you release projects like these under restrictive
| licences.
|
| Far too many times big company's take what they choose and give
| you nothing. Use licenses for your advantage, heck dual license
| if needed. Not sure what the desire is of a Eutopia open source
| world view, where not everyone has the vision or plays by the
| rules anyway.
| ryao wrote:
| I initially was going to say:
|
| Failing to abide by the MIT license is copyright infringement. My
| advice is to contact these guys: https://softwarefreedom.org/
| They likely can file a cease and desist on your behalf.
|
| However, I took a closer look at the files in question. The MIT
| license requires that they retain and provide copyright notices,
| but you never put copyright notices in your files. The only place
| where you appear to have placed a copyright notice is in the
| LICENSE file:
|
| https://github.com/spegel-org/spegel/commit/23ed0d60f66dd292...
|
| Things become interesting when I look at their LICENSE file. They
| appear to have tried to relicense this to Apache 2.0 before
| backpedaling and reinstating the MIT license:
|
| https://github.com/Azure/peerd/commit/473a26c808907f2d9f7b7f...
|
| Unless they forked from a very early version of the project that
| did not even have the LICENSE file, they removed the sole
| copyright notice you had in the repository. That brings us back
| to my original thoughts, which is that they have committed
| copyright infringement, and you should contact OSS friendly
| lawyers about it.
|
| I am not a lawyer, but I do contribute to various OSS projects
| and all of the ones to which I have ever contributed have
| copyright notice headers at the top of every file to ensure
| proper attribution is maintained no matter where that code is
| used. Beyond having that sole missing copyright notice
| reinstated, I am not sure what else you could expect since none
| of your files have proper copyright headers in them. The SFLC
| guys would be in a better position to advise you, as they are
| actual lawyers.
| johnisgood wrote:
| > but you never put copyright notices in your files.
|
| I thought having a LICENSE file in the project's root directory
| was sufficient. Is it not the case?
| ryao wrote:
| It is a fairly standard practice in at least some open source
| communities to add copyright notices to files that people
| have changed significantly, although there is no well defined
| minimum threshold for how much permits them to add a
| copyright notice. Thus, someone else can come along, fork the
| project, add copyright notices to all of the files and then
| give the impression that they wrote them, since there is no
| attribution aside from the one LICENSE file that you wrote.
| The git history might show the truth, but if they copy the
| files into a fresh git repository, that metadata will be
| lost. Projects take files from one another all the time, so
| there is no guarantee that they will preserve your commit
| history and then anyone curious who wrote the code needs to
| do digital archaeology.
|
| That said, file level copyright notices are not perfect
| (since only the VCS shows who added what lines and that might
| not be preserved), but it is better than nothing and it is
| something that is guaranteed to persist as long as people are
| abiding by licenses. If they are not, that is copyright
| infringement and the copyright holder can do things like send
| cease and desist notices in response to the copyright notices
| being removed.
|
| Also, I must emphasize that I am not a lawyer, but one might
| argue that it was not willful infringement if someone removed
| a copyright notice from 1 file by claiming it had been a
| mistake. However, if they remove it from all files, then
| nobody is going to believe it was not willful.
| johnisgood wrote:
| Thanks! I have some open source projects where I only have
| one LICENSE file (it is also in README), but I will
| consider adding it to all files, there are just too many
| files. :/ I am inconsistent, because I have projects that
| contain the copyright notice in all files.
| veltas wrote:
| Sufficient but a good idea to put copyright in all files.
|
| Technically if there's no license found then it should be
| considered automatically copyrighted, with no permissions to
| copy. So leaving copyright license out actually makes it less
| open source.
| ryao wrote:
| The license does not necessarily need to be in the files.
| It could be a project level license in LICENSE, which is
| what the author here did.
| veltas wrote:
| Yes that's exactly what I said :)
| dboreham wrote:
| It's not the license that's important, but the copyright
| notice.
| frumplestlatz wrote:
| It really should be in all files, not because it's
| legally necessary, but because it's the best way to
| ensure that the correct license/copyright follows the
| code to which it applies.
|
| Consider future contributions; the contributor's
| copyright should apply only to the files to which they
| contributed.
|
| Similarly, consider any code that you incorporate from
| external sources; that code's copyright and license
| should only apply to the files in which it has been
| incorporated.
|
| Lastly, consider the case where the code is copied out of
| your project to be incorporated in a different project.
| The license and copyright should follow with those files
| (and if your files don't include copyright and license at
| the top, it's very likely the person doing that copying
| will insert it themselves for this same reason).
| dboreham wrote:
| I would say: absolutely no (ianal). But I've had stand up
| arguments with colleagues in the recent past that I was
| unable to win. They wouldn't even ask the legal team for an
| opinion. But it's nice to see some evidence here that I was
| correct.
| ndiddy wrote:
| It's not required, but it's generally safer to put a notice
| saying who owns the copyright and what license the file is
| released under at the top of each file. Some licenses like
| MIT, the BSD licenses, Zlib, etc are short enough that you
| can include the full license text in the notice, and others
| like GPL provide sample copyright header text to include.
| Here's an example of this from a random file in the SDL
| source code: https://github.com/libsdl-
| org/SDL/blob/main/src/video/SDL_bl...
|
| Obviously Microsoft is still committing copyright
| infringement and in the wrong here. However, if the author
| had copyright notices in each file and then Microsoft
| stripped them out or changed the copyright information, it
| would make it harder for them to brush it off with "oops, we
| forgot to commit the correct LICENSE file" like I'm sure
| they'll do here.
| mikeortman wrote:
| Just the absence of a license generally means the creator has
| all right reserved by default. You don't need a license in
| every file because in much of the world copyright is given by
| default to the creator. A licensed file is permission to do
| something with that copyright material.
| ryao wrote:
| He had a top level license file that presumably applies to
| all files. He would not be the first to do that and will not
| be the last.
|
| That said, if Microsoft had forked before the LICENSE was
| added or stated somewhere, they were reusing all-rights-
| reserved code, which is definitely copyright infringement.
| Again, I am not a lawyer.
| boxed wrote:
| It says "copyright microsoft" in that license file. Just
| because THAT file is MIT is irrelevant. They didn't retain the
| original license file. They should have APPENDED to it, keeping
| the original copyright holder name, otherwise it's just blatant
| copyright infringement that coincidentally is released under
| the same license.
| ryao wrote:
| I am not a lawyer, but I imagine a lawyer would find it
| alright if they just restore the missing notice. I do not
| imagine there is much else that can be done here since he
| cannot really claim to have been significantly damaged by the
| absence of a single line, but these matters are best
| discussed with attorneys.
| tgsovlerkhgsel wrote:
| I imagine a lawyer sending them a settlement offer for the
| blatant copyright violation they committed would get them
| to settle for a five-digit amount, since just the cost of
| discovery (and potentially having the "let's just fork it"
| dirty email laundry aired in public court) would be much
| higher.
| cflewis wrote:
| IANAL but my understanding from floating around open source
| licensing circles is that you'd have a hard time with the
| judge if you didn't just ask for the license to be put back
| as step 1. Microsoft willingly not restoring the license
| would be more problematic.
|
| The forgiveness clause in GPL 3 is as much an
| acknowledgement of actual reality than anything else.
| scosman wrote:
| If they forked from before the author had a license, it's
| worse. MS had no right to use it.
|
| I've contributed to plenty of project that don't have the per-
| file copyrights. It's a choice not a mistake.
| ryao wrote:
| > If they forked from before the author had a license, it's
| worse. MS had no right to use it.
|
| You are right, provided he did not have a notice saying it
| was MIT licensed elsewhere.
|
| > I've contributed to plenty of project that don't have the
| per-file copyrights. It's a choice not a mistake.
|
| I would consider it to be both a choice and a mistake. The
| two are not mutually exclusive. There is no evidence in the
| fork that he is the copyright holder of the original code and
| it looks like Microsoft is. Part of that is Microsoft's
| fault, but part of that is the original author's fault for
| not including per file copyright notices, such that Microsoft
| could add theirs and be the sole one listed in every file.
|
| I would not be surprised if Microsoft's legal department
| doing a scan of public repositories for stolen code mistook
| him for infringing on "their code" given that they have no
| information that he authored it rather than their employee.
| It sounds absurd, but it has happened. I know for a fact the
| sg3 utils author added copyright notices to his code examples
| because he was getting contacted by companies, whose
| engineers incorporated his code into their projects without
| attribution, that thought he had stolen their code:
|
| https://github.com/doug-gilbert/sg3_utils
|
| I know that because he told me by email in 2013.
| bornfreddy wrote:
| > There is no evidence in the fork that he is the copyright
| holder of the original code and it looks like Microsoft is.
| Part of that is Microsoft's fault, but part of that is his
| fault for not including per file copyright notices, such
| that Microsoft could add theirs and be the sole one listed
| in every file.
|
| Absolutely not! This is completely and only M$'s fault,
| whichever way you look at it. Copying a file and slapping
| your own license on it, without consideration of the
| original one, is never acceptable. Don't blaim the victim
| please.
|
| As for incompetence - well maybe they (M$) need to get
| better at managing licenses? Accusing others of stealing
| when the reverse is true only makes everything worse. Let's
| not try to change the standard way of licensing because
| some developers can't be bothered to check the license (and
| even fix typos in comments, apparently).
|
| As an aside, there is no need to add copyright / license to
| every file. I would even consider it an anti-pattern,
| because it pollutes the code with noise.
| scosman wrote:
| > There is no evidence in the fork that he is the copyright
| holder of the original code and it looks like Microsoft is.
|
| Only because they removed the license and copyright. If
| they were willing to do that in 1 file, they are willing to
| do it in many. It's not the authors mistake in any way
| shape or form.
| andrewaylett wrote:
| > but part of that is the original author's fault
|
| No: the original author could have made it easier to
| comply, and you could argue that he acted foolishly in not
| doing so, but that doesn't make it his _fault_.
| gwerbret wrote:
| I suspect that what's happening internally (at Microsoft) is that
| someone's leveraging your work towards their next promotion
| packet. They went to their manager with "hey I've got this great
| idea" and followed it up with your code a few weeks later. Of
| course, this only works if they claim they were "inspired" by
| Spegel to "write their own code".
| ryao wrote:
| The commit histories for the LICENSE files in the two
| repositories are rather interesting. The original author placed
| a single copyright notice in that file. Microsoft on the other
| hand published it with their copyright notice and a Apache 2.0
| license in place of the original copyright notice and MIT
| license. They also put copyright Microsoft and license apache
| 2.0 headers on all files. They then changed the Apache 2.0
| license to MIT, but left their copyright notice in place of the
| original copyright notice in LICENSE:
|
| https://github.com/Azure/peerd/commit/473a26c808907f2d9f7b7f...
|
| Unless they forked a very early version that did not even have
| the LICENSE file, such that they never removed the original
| notice, this looks like copyright infringement to me. That
| said, I am not a lawyer.
| throwaway277432 wrote:
| > _chore: change to MIT license_
|
| What does "chore" mean in this context? Is the license just
| leftover from some MS open source template? If so there is
| perhaps some leeway, and the author maybe just didn't realize
| he needed to use the _original_ MIT license file including
| the notices and not just a template one grabbed from the
| internet.
|
| Any other explanation for such a "relicensing" would be
| extremely worrisome.
| jeremyjh wrote:
| "chore" just means the type of change; as opposed to a fix,
| a feature, refactoring, there are some things that you have
| to do in the repo that can be called "chores".
| staunton wrote:
| I'd say, in this case "chore" means "boring, nothing to see
| here".
| layer8 wrote:
| It's interesting, because "chore" to me has strong
| connotations of "tedious, unpleasant".
| staunton wrote:
| Right. It derives from the idea that programmers are
| supposed to find "solving interesting problems" pleasant.
| On the other hand, boring, repetitive tasks are called
| "chores".
| layer8 wrote:
| I don't find it appropriate nor useful to place such a
| sentiment in a commit message, much less as a standard
| tag.
| skc wrote:
| It's a nerdy colloquialism. ie, it's not that serious
| layer8 wrote:
| That's part of the reason why I'd object to it in a
| commit message, in a professional setting.
| staunton wrote:
| Some organizations strongly encourage marking all commits
| as one of a list of categories such as
| "feature/fix/chore/...". The tags are then bound to loose
| all meaning (literal or figurative) very soon.
|
| Unless there was some "conspiracy" to violate the license
| (my original comment was an attempt at playfully hinting
| at that possibility, though I don't find it very likely),
| I'm sure the person who wrote that commit message thought
| about it for less than three seconds.
| croemer wrote:
| "chore" is a common conventional commit message type, see
| https://www.conventionalcommits.org/en/v1.0.0/
| sublimefire wrote:
| It might be just a decision to own the code as it probably ends
| up in production, e.g. run codeql and other tools to scan it,
| have controlled releases and limit access to the repo. They
| might have had some other stuff to change and did not want to
| bother doing it in the original repo with unexpected timelines
| from the repo owner. A fork is a logical step for a company.
| nosequel wrote:
| > I suspect that what's happening internally (at Microsoft) is
| that someone's leveraging your work towards their next
| promotion packet.
|
| It just so happens that the Microsoft engineer who originally
| changed the license in GitHub went from Senior to Principal
| engineer at Microsoft in the past two months (according to
| LinkedIn). So you probably aren't far off.
| nicce wrote:
| I wonder if there exists any system in place that this could
| backfire rapidly if this could be proved on some level.
| Unfortunately, world needs examples and consequences before
| anything changes. If this worked for this particular
| engineer, others will follow and will attempt the same. It
| will become a norm in big corps.
| tgsovlerkhgsel wrote:
| Causing a legal shitstorm is most likely _not_ a
| sustainable way to get ahead at big corps.
|
| If this is what happened, I suspect Microsoft will drop
| this person even quicker than a hot potato, and even
| quicker than if they told them to rewrite it from scratch
| but the person took a few shortcuts too many (which would
| be my guess).
|
| If they wanted to fork it, they could - just keep the
| attribution and be done with it. The fact that they tried
| to rewrite it suggests that someone wanted it to be legally
| not a copy.
| __turbobrew__ wrote:
| Dang, that is too good.
|
| There is definitely a type of person who cheats, lies, throws
| people/teams under the bus, breaks the rules, and cuts
| corners to get ahead. The ones who are able to not get caught
| are rewarded.
|
| This is not only a software phenomenon, but almost all
| aspects of life.
| FlyingSnake wrote:
| That was my initial guess as well. I am glad that the author
| chose to take a high ground instead of naming and shaming the
| people behind this egregious act.
| hobs wrote:
| I actually worked on an open source project, the maintainer was
| convinced by microsoft to relicense the project for
| "collaboration" - I left the project for this reason and as far
| as I can tell msft never did anything for them except for keep
| giving them the "honor" of being a microsoft mvp.
| that_guy_iain wrote:
| If you want to have the copyright license put into it do a DMCA
| take down. They're in breach of your copyright license and
| therefore do not have rights to distribute your copyrighted
| material.
| talkingtab wrote:
| My personal thought is that we need a new kind of license:
| community open source. No corporations, just community.
|
| The problem this addresses is not that Microsoft forked this
| project. The problem is that when a corporation like Microsoft
| does this, they harm our community[0]. Open source thrives
| because a bunch of individuals and groups collaborate.
|
| Microsoft, is built around the concept of profit for stock owners
| at any cost. They may collaborate as long as their interest in
| profit is served, but otherwise, it is back to "Embrace, Extend,
| Extinguish" [1].
|
| This lack of community ethic is endemic in corporations. It is
| also an existential threat to our community. Profit at any cost
| is not collaboration. It is predatory.
|
| And yes, I know, corpies and other greedist will vote this down,
| blah, blah, blah.
|
| [0]
| https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor...
|
| [1]
| https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...
|
| [edit clarity]
| jeremyjh wrote:
| The k8s community is mostly people who work for commercial
| interests and use k8s in their companies. If you develop a
| component of the k8s ecosystem, and you want people to use it,
| you can't really exclude businesses from using it. There just
| aren't enough installations outside of commercial spaces for it
| to be relevant.
| talkingtab wrote:
| Very good point. Trying to think this through.
|
| I think community source should be accessible and usable
| outside the community. A community license should have a
| provision for paid use by corporations. If Microsoft wants to
| use it that is fine - if they pay.
|
| But if Microsoft wants to fork things, to me that is
| predatory. If I can't fork windows, why should they be able
| to fork community software? If they argue that people should
| pay for their products, it just seems fair to me that they
| should not get community products for free.
|
| I guess the concept is playing by the same rules?
| ryao wrote:
| > I think community source should be accessible and usable
| outside the community. A community license should have a
| provision for paid use by corporations. If Microsoft wants
| to use it that is fine - if they pay.
|
| That violates the first clause of the open source
| definition:
|
| https://opensource.org/osd
|
| It probably violates 5 and 6 too.
|
| > But if Microsoft wants to fork things, to me that is
| predatory. If I can't fork windows, why should they be able
| to fork community software? If they argue that people
| should pay for their products, it just seems fair to me
| that they should not get community products for free.
|
| Windows is not open source software.
| bornfreddy wrote:
| Maybe the open source definition needs to change, or it
| is time to find a better way of protecting community
| software? This one is clearly (in some ways) not working.
| aleph_minus_one wrote:
| > Maybe the open source definition needs to change
|
| Maybe you rather don't actually want your software to be
| open source. Maybe you rather want your software to be
| under some copyleft license. Maybe you want to use an OSS
| license that is inconvenient for cloud providers (while
| still being an open source license) like the AGPL.
|
| Choose wisely.
| starkparker wrote:
| the OSCL turned 18 years old a month ago. maybe things
| have changed enough since then to validate revisiting it.
|
| OSI is too busy trying to come up with an equally mid (at
| best) OSAID for another thing thing that corporations
| already don't and won't care about following, so I don't
| expect them to prioritize it even if it got raised
| daedrdev wrote:
| I think one of the most important parts of open source is
| that it's available to even those you don't like.
|
| I simply do not get this corporate hate. Corporations and
| individuals can both use it for good and bad. A company
| might use open source to make a pacemaker to save lives or
| world improving research, or it might be Facebook and sell
| personal data.
| philipwhiuk wrote:
| > My personal thought is that we need a new kind of license:
| community open source. No corporations, just community.
|
| It exists: https://creativecommons.org/licenses/by-nc-sa/4.0/
| talkingtab wrote:
| As someone commented above, commercial use is an issue.
| Creative commons is good, but the non-commercial clause
| prevents it being useful in this case. It seems to be that
| the crucial issue here is the duplication of the project by
| forking.
|
| I am unclear of where the boundaries could and should be, but
| in essence we want money to flow into community source
| projects. Corporations and commercial entities can and should
| pay a fair amount. If they don't want to pay, they should not
| be able to profit from the work of the community.
| layer8 wrote:
| > the non-commercial clause prevents it being useful in
| this case. [...] Corporations and commercial entities can
| and should pay a fair amount.
|
| There is nothing preventing the project owner from also
| granting individual paid commercial licenses. There are a
| number of GPLv3 (or other restrictive license) projects
| with a note like "contact us for commercial licenses" in
| the README.
|
| Licenses aren't exclusive by default. If a company doesn't
| like the existing license, they are always free to contact
| the project owner(s) to request a custom license.
| bdcravens wrote:
| So only hobbyist software? NC applies to use as well as
| contribution.
| Hyperlisk wrote:
| Yes! Another vote for CC-BY-NC-SA! I release my code under
| this license as well, even snippets I post on my (tiny) blog.
|
| I think this is what a lot of people would use if it were
| more known about. I feel like a lot of people do not actually
| read what a license provides and just default to MIT because
| it is widely used.
| aleph_minus_one wrote:
| > > My personal thought is that we need a new kind of
| license: community open source. No corporations, just
| community.
|
| > It exists: https://creativecommons.org/licenses/by-nc-
| sa/4.0/
|
| CC-NC-SA violates the open source definition.
| eriksjolund wrote:
| The license would no longer be open source if you limit use to
| only community.
|
| See "6. No Discrimination Against Fields of Endeavor" in The
| Open Source Definition https://opensource.org/osd
| coldpie wrote:
| Eh, just use the (L/A)GPL. It's already well understood and
| established; humans and well-meaning businesses can use the
| software ethically; corps won't use it even though they could
| because their intellectual property lawyers don't understand
| how intellectual property works.
| baq wrote:
| They most likely understand, they don't trust their
| engineering coworkers to not ignore it. Blanket ban is an
| easy sell when upside is limited and downside is basically
| unbounded.
| coldpie wrote:
| My experience talking to big corp IP lawyers is they have a
| set of policies ("open source bad; protecting our IP good")
| and will make up any justification to support those
| policies, even if their justifications are plainly
| incorrect given the license text. Usually they just stop
| responding when you point out the obvious contradiction.
| It'd be one thing if they just said "no" with no
| justification, but my experience is they spout a bunch of
| false stuff about open source licensing, then explain how
| that false stuff violates their policies even though the
| real license actually doesn't, and then stop talking when
| you show them that they are wrong.
|
| As you say, their job is to protect the company, not
| actually understand how IP works. But it's pretty silly
| when some stupid dev like me knows their supposed area of
| expertise better than they do.
| flomo wrote:
| Well, it's great that you have that understanding. But
| the internet is full of FOSS types fantasy IANALing based
| half-forgotten RMS FAQs, even in places where they really
| should know better. Most of these nerd arguments are
| pretty much worthless if it came to a courtroom.
| coldpie wrote:
| Yeah, I said I was stupid. What's their excuse? :)
| bdcravens wrote:
| Does this exclude anyone who works for a corporation from
| contributing? I think the obvious answer is no, as long as
| someone is working in their own interests, but it would be very
| hard to establish. After all, Linus worked for the Transmeta
| Corporation during some of Linux's most seminal years.
| bornfreddy wrote:
| Yup. But then you also limit the usage of your software in
| enterprises which do not try to compete with you. There are a
| number of licenses which tried to solve this exact problem
| (cloud protection licenses / fair licenses / ...), for example
| Commons Clause, but community usually doesn't accept them
| nicely, at least I don't know of a case where they were
| welcomed. Not sure why, maybe because most of such projects go
| from FOSS to fair license instead of starting with one? Anyway,
| to me it looks like opensource licenses nowadays serve mostly
| the interests of Big Tech and not those of regular users.
| unsungNovelty wrote:
| > My personal thought is that we need a new kind of license:
| community open source. No corporations, just community.
|
| You are going exactly against the OSS philosophy. OSS shouldn't
| restrict the use of software just because you don't like it. It
| was created to fight exactly this. This is also why source
| available BS (like BSL) is against OSS. OSS is literally about
| being about hacking and changing software to suit your needs.
| It was never about the money part. You should create your
| software as proprietary if you are SO bothered with OSS. And
| you can always donate and contribute back to the OSS software
| you use. I don't think butchering OSS philosophy is the way.
|
| The problem here is license illiteracy. Even I who for a while
| used to think I understood a lot about OSS license just had a
| doubt now:
|
| When you fork, do you retain the copyright part? _Copyright (c)
| 2024 The Spegel Authors_
|
| That is what we need to fix.
| saulpw wrote:
| The OSS philosophy was conceived to help end users, not for-
| profit corporations. Then for-profit corporations co-opted
| the "Open Source"(tm) label to ensure they could benefit from
| all this free labor. You and many others are falling for it,
| and doing their work for them by scolding OSS developers for
| "going against the OSS philosophy".
|
| So screw this corporate "OSS philosophy", and stop telling
| people what they "should" do. Those licenses exist and people
| can use them and this is what happens. We can and should also
| make different licenses which protect our interests as
| developers and we don't need corporate shills invoking some
| philosophical argument to discourage us.
| YetAnotherNick wrote:
| The point is what do creators want to get out of their open
| source project. If it is the opportunity to sell, they can
| make it source available. If they don't want money, having
| open source license is better as it could mean more
| contributions.
| saulpw wrote:
| In practice it doesn't mean more contributions though. If
| MSFT used his project for profit and contributed back, he
| wouldn't be complaining. Instead they forked his project,
| without even sufficient attribution, and now he has to do
| even more work to differentiate his original project from
| their derivative.
|
| So the point is that we need another license that does
| gives open source rights to individuals, yet does not
| permit corporations to take everything and give nothing.
| ahepp wrote:
| > So the point is that we need another license that does
| gives open source rights to individuals, yet does not
| permit corporations to take everything and give nothing.
|
| Why doesn't the AGPL fill that role?
| sbarre wrote:
| > The OSS philosophy was conceived to help end users, not
| for-profit corporations
|
| Citation needed here, if you're going to make such a bold
| claim.
|
| The open source movement began as a counter to proprietary
| closed-source software, and nothing more. It has never been
| about "fairness" (however you define that) or about
| preventing anyone from profiting from OSS.
|
| Now that said, fairness matters and I agree that some of
| what transpires today in the open source world doesn't feel
| fair.
|
| But that's what new or difference licenses can accomplish,
| depending on the wants of the authors.
|
| And that's different from the philosophy behind Open Source
| Software. We should be clear about that.
| saulpw wrote:
| The GPL was "To prevent free code from being
| proprietarized" by for-profit corporations.
|
| In addition the origin of Stallman's open source
| philosophy was a printer he couldn't use because of
| closed-source software. From the start it was about the
| rights of the users, not corporations.
|
| https://www.free-soft.org/gpl_history/
|
| > In the early years (1984 to 1988), the GNU Project did
| not have a single license to cover all its software. What
| led Stallman to the creation of this copyleft license was
| his experience with James Gosling, creator of NeWs and
| the Java programming language, and UniPress, over Emacs.
| While Stallman created the first Emacs in 1975, Gosling
| wrote the first C-based Emacs (Gosling Emacs) running on
| Unix in 1982. Gosling initally allowed free distribution
| of the Gosling Emacs source code, which Stallman used in
| early 1985 in the first version (15.34) of GNU Emacs.
| Gosling later sold rights to Gosling Emacs to UniPress,
| and Gosling Emacs became UniPress Emacs. UniPress
| threatened Stallman to stop distributing the Gosling
| source code, and Stallman was forced to comply. He later
| replace these parts with his own code. (Emacs version
| 16.56). (See the Emacs Timeline) To prevent free code
| from being proprietarized in this manner in the future,
| Stallman invented the GPL.
| trelane wrote:
| The GPL and Free Software, yes. Open Source not so much.
| The term "open source" was originally coined to make Free
| Software more easily understandable to newbies. Pretty
| much right away, though, it was used to water down Free
| Software _licenses_ to make them more palatable to
| businesses by selling the end users ' freedom.
|
| https://opensource.com/article/18/2/coining-term-open-
| source... https://www.gnu.org/philosophy/open-source-
| misses-the-point....
| unsungNovelty wrote:
| > The OSS philosophy was conceived to help end users, not
| for-profit corporations
|
| I beg to differ here. OSS and Free Software movement was
| conceived for the freedom to change the software to the
| user's needs. The entire meaning of free as is freedom
| means as long as I abide by the license properly, I can do
| whatever I want with it. Whether you like it or not, this
| means Microsoft can make money out of curl project if they
| want to. This is the same way we used to burn Ubuntu cd's
| and resell it back in the early 2000s. It's allowed and
| IIRC Ubuntu cd cover used to proudly advocate burning,
| sharing those cds.
|
| This big tech and money in OSS is a new phenomenon. I am
| neither against them or with them. But just that it is not
| the reason why OSS or Free Software movement happened.
| saulpw wrote:
| > the freedom to change the software to the user's needs.
|
| How is this not exactly helping end-users? Corporations
| are producers, not users. And no one is complaining about
| MSFT or any other corporation using OSS as users, but
| only about co-opting it as a producer.
| unethical_ban wrote:
| "It was never about the money part"
|
| That seems to be the point being debated now. When a megacorp
| forks an OSS project and cuts out the author, how does that
| encourage developers? How does that encourage OSS?
|
| And for that matter, perhaps less ideological but practical,
| how does that encourage small startups who _want_ to be as
| open as possible while wanting to be able to scratch out a
| living working on something they care about?
|
| You suggest staying closed source, rather than tweaking an
| open-source license to limit corporate forks, for the purpose
| of protecting OSS philosophy. It strikes me as odd.
| unsungNovelty wrote:
| > That seems to be the point being debated now. When a
| megacorp forks an OSS project and cuts out the author, how
| does that encourage developers? How does that encourage
| OSS?
|
| When a megacorp forks an OSS project, the maintainer should
| know that it is allowed. If you are MIT licensed, that
| megacorp can resell your software, create a business around
| it and make billions in revenue. That is allowed. If they
| are bothered by it, they either should use a different
| license or take the software proprietary. To me, the
| problem here is that Microsoft hasn't properly followed OSS
| license here. My qtile window manager config file has
| copyright notice of all the authors. That is how you follow
| MIT license. Another problem I see here is not knowing how
| to do license compliance. Also, why should it matter if the
| one who forks it is an individual or a mega corp. As far as
| OSS is concerned, it's irrelevant.
|
| > And for that matter, perhaps less ideological but
| practical, how does that encourage small startups who want
| to be as open as possible while wanting to be able to
| scratch out a living working on something they care about?
|
| I have been an OSS guy for a long time. And think OSS in
| business is a very tricky and hard problem. If you don't
| have the reason to be OSS, it's better to be honest about
| it. There are other ways to support OSS. Just support like
| 10% or even 5% of the dependencies you use as a business
| and that will make wonders. And be honest about things.
| Obviously, there are success stories. But if you have seen
| the recent trend, people are in the mindset that someone
| forking your OSS is ripping off of them. Not stopping to
| think that it was allowed all along.
|
| > You suggest staying closed source, rather than tweaking
| an open-source license to limit corporate forks, for the
| purpose of protecting OSS philosophy. It strikes me as odd.
|
| Because the moment you "tweak" the OSS license the way you
| are talking, it stops being OSS. Also, your proprietary
| software still needs to abide by the OSS licenses it uses.
| If I use a OSS software, it should abide by the OSS license
| somewhere in the output.
|
| I think it's better to be honest about OSS than being
| like... we love OSS (Just like Microsoft <3 Open SOurce)
| and saying.. you know what? Don't use this software in this
| industry because that where my business happens. Oh and
| since you don't agree with my politics, you can't use it. I
| am not gonna list them, but there are licenses which does
| these and they are exclusionary. Free as in Freedom is what
| brings in people to OSS. The moment you start excluding
| people, it's a slippery slope. It's already happening in
| politics and else where. Let's just keep software away from
| it all please.
| roguecoder wrote:
| It only discourages open source if people choose to care
| about it: it doesn't materially affect their life in any
| way.
|
| If you stop people from using your software while they are
| at work, you stop people from using the software and it is
| no longer open.
| seqizz wrote:
| How about post-open license? https://postopen.org/
| HexDecOctBin wrote:
| It already exists:
|
| https://polyformproject.org/licenses/small-business/1.0.0/
|
| https://writing.kemitchell.com/2022/01/26/Big-Time-2.0.0
| aleph_minus_one wrote:
| These are _not_ open source licenses; they violate the open
| source definition.
| HexDecOctBin wrote:
| So? I never said they were open source, and the parent
| comment never asked for it. Why do people like you always
| jump in, screaming "It's not open source!"?
| BeetleB wrote:
| > The problem is that when a corporation like Microsoft does
| this, they harm our community
|
| What is this "our community"? My releasing something under the
| MIT license doesn't mean I'm part of whatever community you're
| invoking. It means I'm releasing something with an MIT license.
| That's it.
|
| I certainly don't want to give companies like MS a "pause"
| before they decide to fork my project. I'm explicitly telling
| them they can do that. I absolutely do not want them to be
| hampered by notions of "What will this action look like?"
|
| Don't impose your values on other people's use of my software.
| 0xbadcafebee wrote:
| Hard to word that language to prevent a corporation from
| forking it, as you have to "fork" the project locally to make
| modifications and send patches back. I'm sure nobody here wants
| to stop a random engineer at a corporation from contributing to
| a community project?
|
| If you want a corporation to avoid it like the plague, just
| make it GPLv3. If you really want to screw them, go with
| AGPLv3. This way you keep a true open source license, but don't
| have to worry about corporate control.
| mpalmer wrote:
| But what is the practical difference between that and Spegel's
| situation? Where is the deterrent?
|
| Microsoft is currently violating the license, and the author's
| recourse is this HN post.
| h4ck_th3_pl4n3t wrote:
| We should call it the Ethical Source License.
|
| I actually think this would be a really nice counter movement
| that questions the sustainability of open source.
|
| Especially given that a lot of OSS projects had a business
| model with support/maintenance as their revenue to fund the
| project's development - and eversince Amazon and Azure behaved
| like assholes these funding models are essentially gone. BSL
| and other licenses don't really work, in my opinion, and
| something like the AGPL is to GPL should be created, and the
| ESL could be the same to the BSL as AGPL is to GPL.
| looofooo0 wrote:
| https://de.m.wikipedia.org/wiki/Embrace,_Extend_and_Extingui...
| looofooo0 wrote:
| The good old
| https://en.m.wikipedia.org/wiki/Embrace,_extend,_and_extingu...
| tactics.
| rvz wrote:
| > How can sole maintainers work with multi-billion corporations
| without being taken advantage of?
|
| Use AGPLv3.
| sublimefire wrote:
| This post is a great example why the choice of a license matters.
| You never know what your code will evolve into, so why give away
| your countless hours to a company/3rdparty that does not really
| care (aws, msft, goog, etc). License matters and large companies
| would not risk litigation and even if they do, that would be a
| great way to earn money down the road for the copyright holder.
| The only FOMO with MIT is that your code will prob not gonna be
| easily used by 3rd parties in production which would diminish the
| popularity effect. On the other hand, I think that code has more
| value if it uses a copyleft license and I am much more inclined
| to contribute to it.
| mhh__ wrote:
| Bad form from Microsoft but maybe this is why the modern trend
| away from copyleft licenses isn't some piece of trivia.
| Starlevel004 wrote:
| Well well well, if it isn't the consequences of my own licensing
| choices.
| titaphraz wrote:
| Microsoft loves open source, remember? It doesn't love you.
| shahzaibmushtaq wrote:
| Never providing counselling free of charge for anyone.
| croemer wrote:
| I think you meant consulting, but it's not wrong for
| counselling either :)
| shahzaibmushtaq wrote:
| You are not wrong either, consulting can be free of charge
| (it shouldn't be) but in this case Microsoft played with him
| (because he was expecting something good or big in return)
| and they attributed one line to him.
| dankle wrote:
| Bro releasing software under MIT. Others picking it up and use it
| under terms of MIT license. Bro gets upset.
|
| Can someone please explain why?
| AdrianB1 wrote:
| A license term was not respected; the license allows to use,
| modify, etc. but not to remove the copyright message or change
| the copyright to Microsoft.
| zitsarethecure wrote:
| Too many developers don't really understand licensing. Everyone
| defaults to permissive to be politically correct, rather than
| on merit.
| jhatemyjob wrote:
| It's simply ignorance. For example, out of the 600 comments in
| this post, yours is the only one which was able to clearly
| articulate what actually happened. And it's all the way at the
| bottom. It goes to show the headspace most developers are in.
| This mistake will be repeated by many others until the end of
| time.
| OutOfHere wrote:
| If only you had used LGPL. It has the benefits of GPL licenses
| without the burdens.
| panzi wrote:
| Yeah for a program (not a library) I'd really recommend the GPL.
| Although it sounds like they even violated the really permissive
| terms of the MIT license!
| jxf wrote:
| In distant times (before Microsoft's Satya era) I was the
| maintainer of a popular OSS product that scratched an important
| itch for specialist people who were doing work in the early cloud
| days. It solved my own problems, and I didn't want to make a
| business out of it, so I was content to release it as OSS.
|
| A Microsoft director who ran a portfolio of product teams reached
| out to ask about a "collaboration". I said I'd be happy to send
| them my consulting agreement. There was a little grumbling about
| the rate but I just reiterated that it was my rate. After a lot
| of legal back and forth, they signed, I answered a bunch of
| questions for them in a 2-day workshop, and they paid.
|
| If they want you badly enough, they'll pay. Don't work for free.
| mathattack wrote:
| And as you illustrated, for a one-off project, rate doesn't
| really matter. It just needs to get approved by someone senior
| enough, who will ask "Do we have anyone in-house that knows
| this?" and "How much will it cost to do all this ourselves?"
|
| If the answer to the first question is "No" then you'll be very
| cheap compared to the second answer no matter how much you
| cost.
| hinkley wrote:
| Before the economy tanked the last time I was at a couple of
| places that still sent people to conventions. I took a
| notebook and went to a mix of talks about stuff I was
| interested in and stuff my company was interested in. I don't
| think there has ever been a conference that cost more to send
| devs to than what we cost the company for a day, so having us
| out of the office is the most expensive part of the deal
| (maybe that's why some conferences go into the weekend).
|
| I usually came back with enough notes to save me at least a
| couple of weeks of work. If you know how to listen, talking
| to an SME can save you a ton of time.
|
| And from what I understand Microsoft is good at planning
| interviews to sound like they're extemporaneous while they've
| actually worked out ahead of time what questions they need to
| ask you to get what they want.
| vasco wrote:
| Even just the salaried hourly rate of the people that work at
| the company that attend a 2 day workshop is already likely to
| be more than your megacorp rate. It doesn't matter to them,
| it's a rounding error to their initiative.
| hypercube33 wrote:
| This article and your comment reminds me of the story about
| winget/appget https://medium.com/@keivan/the-day-appget-
| died-e9a5c96c8b22
|
| Note - maybe they don't pay you the developer sometimes,
| however.
| optymizer wrote:
| They want you to be intimidated by their reputation because
| it's easier if you make concessions first hoping to get some
| benefit later. Keep in mind, these are business people and
| they're very good at it (otherwise they wouldn't be giants).
| The benefit will never materialize. Working for free just means
| it was an easy win and you left money on the table.
|
| Do not work for free. Large companies have a shit ton of money.
| All you need to do is provide an economical argument in the
| form of your rate (which should take into account their
| expenses for having an employee / team work on it instead,
| hint: 2 x total compensation). Getting paid is just a matter of
| the guy who reached out to you to talk to his skip manager to
| get a verbal 'ok', and then the accounting department takes
| care of it. They're not going to pass on you just because you
| asked to be paid for your time - a business is used to paying
| for services. If they do pass on you without even negotiating
| your rate, then they were definitely not serious and nothing
| good would have come out of it for you.
|
| Source: dev working at FAANG with 3rd party companies.
| burnte wrote:
| I worked for them for six months just to help them collaborate
| with Mozilla, about 20 years ago. They will absolutely pay.
| 1970-01-01 wrote:
| Looks like Bill's old M.O. of embrace, extend, and extinguish has
| rubbed off on Satya. Except this time, MIT license has shielded
| the code from extinguish to emaciate.
| em-bee wrote:
| _As a maintainer, it is my duty to come across as unbiased and
| factual as possible_
|
| i disagree with that. factual? sure, but unbiased? why? it's your
| project, and you have every right to be biased towards it. on the
| contrary, i expect you to, and i actually believe that not being
| biased towards your own project is very difficult so that i don't
| expect many people to be able to not be biased.
| jacobyoder wrote:
| Came to post the same thing.
|
| How can you not be biased? You built something. You want people
| to use it (assumption).
| seb1204 wrote:
| I thought the same, as the sole maintainer he can be king and
| do as he pleases, his git, his baby.
| sneak wrote:
| Publishing free software is giving away a gift.
|
| People using that gift is the point. Forks aren't just permitted,
| they are encouraged. That's _why_ we release free software.
|
| You aren't in competition with Microsoft and their fork. There is
| no such thing as marketshare when there is no market.
| AdrianB1 wrote:
| Keeping his name in the license note is required by the terms
| and that is an expectation, even if you get the software for
| free.
| bigstrat2003 wrote:
| That's certainly true, but that is by no means the only
| complaint the author has. His complaint that they aren't
| properly attributing the copyright is valid. His complaint
| that they are a "competitor" is not.
| donatj wrote:
| Could file a DMCA takedown over the license violation, or you
| know, just file a pull request correcting the license to include
| your name and explain the situation. They're technically
| violating the MIT license as-is.
| adultSwim wrote:
| "I default to using the MIT license as it is simple and
| permissive."
|
| He already gave them permission. I think he is overemphasizing
| the meeting they had and under-emphasizing already giving away
| his work.
| dusted wrote:
| There has been many, many stories of Microsoft doing just that,
| invite for some talk, learn what they need to know and then do it
| their way.
|
| It's not a new practice, and it's not exclusive to Microsoft
| either, it's something every developer should be acutely aware
| of, in case they're interested in avoiding it.
| hinkley wrote:
| They've been accused of using interview answers in their own
| products as well.
|
| I'm still salty about teaching someone something they didn't
| know about caching in an interview and not making it to another
| round of interviews after that. If it was a huge company I'd be
| furious.
| pjmlp wrote:
| As usual pick carefully your license, doesn't matter if it is the
| neighbour down the street or Microsoft, when they play by the
| legalese of the license.
| andreashaerter wrote:
| Default for copyleft licenses for open source or life with the
| consequences.
|
| Licenses like the GNU Affero General Public License (AGPL) might
| prevent some corporations from using an open-source project
| because they do not want to release the source code of their own
| modifications to it. Sadly, corporate compliance often prohibits
| the usage of copyleft projects altogether, even if nobody plans
| to modify anything. Especially the legal departments of large
| "enterprizy" organizations often prefer software with licenses
| like MIT as they want it simple and "risk"-free.
|
| But who cares? If these corporate users do not contribute back,
| there is simply not benefit in having them as users.
|
| Except you do not care about open source community but about
| hypergrowth. This seems not to be true for this case, but the
| impression comes to mind that many start-ups use open source not
| because of freedom but as an argument for adoption in the
| enterprise ecosystem. They avoid choosing (A)GPLv3 licenses to
| facilitate easier corporate adoption without generating enough
| revenue, while being funded by venture capital and without
| getting contributions back by organization who could easily
| afford giving back something. Then, after being adopted, they
| complain.
|
| There's a reason why Linux (GPL licensed) is still around,
| growing, and making money for so many while companies behind
| widespread open source projects often fail financially and
| burning insane amounts of money. It might work out for
| individuals and owners when getting bought, but it hurts users
| and ecosystems who relied on something.
| austin-cheney wrote:
| That is why I only choose extremes with my open source licensing.
| If I really don't care then I go with a CC0 1.0 license. If I
| want any participation or credit for the work at all then I go
| the other extreme: AGPL 3.0. If that, and only that, means people
| will refuse to look at the project then I know I have chosen
| wisely.
| garyrob wrote:
| Is it possible that there could be enough damages for Microsoft's
| violation of the license that a talented law firm would take up a
| lawsuit on a contingency basis?
| not_a_bot_4sho wrote:
| FTA
|
| > A negative impact from the creation of Peerd is that it has
| created confusion among new users. I am frequently asked about
| the differences between Spegel and Peerd.
|
| I can't imagine any quantifiable damages here. No business or
| revenue was impacted. Just chatter in an open source project.
| garyrob wrote:
| IANAL, so I am just guessing.
|
| But I wonder if an argument can be made that by flagrantly
| violating the license, Microsoft is devaluing the whole
| concept of the relevant license and similar ones. The entire
| body of source code that was created partly because of
| trusting that those licenses mean something is worth an
| enormous amount.
|
| So I'm guessing the perhaps there could be a class action
| lawsuit on behalf of the entire open source community that
| uses that class of license.
| anonymousiam wrote:
| Microsoft has almost always behaved unethically. Many examples
| similar to yours are easy to find. Their behavior in your case
| immediately reminded me of this 1994 example:
|
| https://www.latimes.com/archives/la-xpm-1994-02-24-fi-26671-...
|
| They've engaged many naive people/companies, milked them of their
| knowledge after signing NDAs, and then stabbed them in the back,
| stealing eveything.
|
| They're big enough, and have unlimited legal resources to
| vigorously defend any legal challenge, and also to launch legal
| attacks at will.
|
| After the DOJ anti-trust case, they preemptively put every major
| law firm on retainer, so nobody else could retain them in an
| effort vs. Microsoft, without creating a conflict of interest.
|
| They are still evil, but less so after Gates and Ballmer.
| hinkley wrote:
| There's a Simpsons episode that's older than many of the
| readers here where Bill Gates destroys (literally has goons
| smash) a business Homer accidentally started.
|
| If Matt Groening thinks you're a gaggle of assholes you're
| probably even worse.
| bsnnkv wrote:
| I feel for this person. I stopped using open source licenses a
| while ago, and I've recently started writing about how I've ended
| up where I am. One of my pieces got shared here last month and
| predictably didn't land with the readership.
|
| Nevertheless, I'm going to keep writing (latest piece [1]) about
| my post-open source journey in the hopes of clicking with a
| handful of people in the next generation.
|
| [1]: https://lgug2z.com/articles/on-evils-in-software-licensing/
| - feel free to hit me up off-platform if you want to discuss
| api wrote:
| Open source is becoming not much more than free labor for giant
| corporations and SaaS.
|
| The OSI considers any open source license that tries to restrict
| or disincentivize this "not open source." Look into OSI and note
| that it is effectively captured and controlled by these
| corporations.
| eptcyka wrote:
| Seems like we need a GPL/fuck off amazon/microsoft license.
| monai wrote:
| Reading story after story about big corporations abusing
| single/small group opensource developers, I think we need a
| license that, otherwise permissive, explicitly denies the use of
| the code for companies that took VC money or are worth a billion
| or more.
| empath75 wrote:
| Anybody know what the differences between peerd and spegel
| actually are and why microsoft forked it?
| klaussilveira wrote:
| > How can sole maintainers work with multi-billion corporations
| without being taken advantage of
|
| GPLv3.
|
| Microsoft has been a bully for years:
| https://www.fsf.org/news/microsoft_response
|
| They can't change, regardless of how much marketing money they
| put into "We love opensource".
| gavinhoward wrote:
| Use copyleft.
|
| I know it isn't mainstream, but companies try to avoid those
| licenses as much as possible.
|
| Tinfoil hat: sometimes I wonder if companies astroturfed support
| for permissive licenses. Getting the entire Rust ecosystem to
| avoid copyleft was a huge win, for example.
|
| And now that copyleft Gnu tools are being replaced with
| permissive uutils in Ubuntu, it seems they won, whether or not
| they were the ones to push it.
| indrora wrote:
| Copyleft and the shift to static executables are incompatible.
|
| The vast majority of the rust (and Go) ecosystems is non-
| copyleft because you cannot satisfy the GPL in any meaningful
| way and satisfy your corporate legal department's IP lawyers.
| pjmlp wrote:
| Hence why advocates from going back into the days of static
| linking should consider the how and whys we moved from them,
| and better pick their toolchains.
| eduction wrote:
| This is good not bad.
|
| Their improvements are available under MIT license. They would
| have been fully within their rights to not release and put in a
| proprietary product but did not do this.
|
| Instead everyone can benefit from their improvements. Author can
| steal whatever he wants for his upstream.
|
| (I can't find any details of "Microsoft MIT" and the above is
| premised on it being functionally MIT.)
| NanoYohaneTSU wrote:
| Open source developer now learns why open source is stupid first
| hand. Thank you everyone for making free software!
| alganet wrote:
| When you're a teenager sometimes you are into a girl that you
| like and she notices and acts all snobby.
|
| Then sometimes you get into a date with her, but discovers she
| isn't what you expected. It was the snobbiness that made you
| more eager to know her.
|
| Then, disappointed, you break up with her and she starts
| telling everyone you have bad breath, your friends are idiots,
| and that you are dumb and ugly (but she secretly still likes
| you).
|
| When you're adult you start to realize that none of it is
| really that important. She is probably nicer than you remember.
| And you were just a kid.
|
| All this HN discussion reminds me of those teenage years
| somehow. Like a twisted psychology distortion of it. It is kind
| of funny actually.
| qntmfred wrote:
| If you write open source code, expect it to be forked. It's kind
| of what open source is all about. Do it because sharing knowledge
| is a moral good. The wealth, influence, power, etc of whoever may
| decide to participate in your act of open source is completely
| and utterly irrelevant.
| radicalbyte wrote:
| Really poor form there from Microsoft, I hope that some of the
| wiser heads see this and educate the team responsible and ensure
| that this is made right.
| gwbas1c wrote:
| I've been "on the other side," part of a big corporation forking
| an open-source project. In Laine's case, what I would suggest is
| to focus more on what Microsoft added and changed; try to
| understand why they did that; and see if you can get any value
| bringing it back into your project.
|
| (IE, don't let your ego run away.)
|
| Why?
|
| In my case, I was working for an industry-leading product that
| required a bit of reverse-engineering into MacOS. We got stuck on
| a new release of MacOS, so we did a bit of digging and found an
| open-source project that successfully reverse-engineered what we
| were trying to do.
|
| (Basically, integrating in the right-click menu in Finder
| required reverse engineering prior to 2014; and every version of
| MacOS required redoing the reverse engineering.)
|
| It was a legal grey area to copy how the open-source project
| reverse engineered MacOS, so I reached out to the open-source
| project and tried to collaborate. We exchanged a few emails and
| then I found a problem...
|
| Basically, their solution had rather large memory consumption in
| Finder if the user had very large folders. Our customers had very
| large folders. (Edit, 200,000+ files were common.) We still
| wanted to collaborate, so I proposed a fix that fixed the
| problem.
|
| But, then "radio silence" from the original authors. We forked
| and complied with the license. I always hoped they never
| begrudged us.
|
| (Ultimately, Apple released an API so we didn't have to reverse
| engineer MacOS.)
| croemer wrote:
| Forking might be the wrong word, what happened here looks more
| like (somewhat obfuscated) plagiarism.
|
| I analyzed the 2 repositories for copy/pasted lines using PMD's
| CPD (copy/paste detector) - using the first commit of peerd and
| one from spegel that was from around the same time.
|
| There are some clear duplications, e.g. 178 lines here:
| https://github.com/Azure/peerd/blob/64b8928943ddd73691d0b5d8...
| correspond to this: https://github.com/spegel-
| org/spegel/blob/ed21d4da925b9a179c...
|
| Also 44 lines here: https://github.com/spegel-
| org/spegel/blob/ed21d4da925b9a179c... and
| https://github.com/Azure/peerd/blob/64b8928943ddd73691d0b5d8...
| but the full files are almost identical, only a few edits that
| break the complete equality.
|
| Also https://github.com/spegel-
| org/spegel/blob/ed21d4da925b9a179c... matches
| https://github.com/Azure/peerd/blob/64b8928943ddd73691d0b5d8...
|
| I haven't looked deep enough to see how much of the differences
| are obfuscation and how much are meaningful changes. File names
| are all changed, many structs and variable names as well.
|
| See this gist for full list of duplications:
| https://gist.github.com/corneliusroemer/c58cf0faf957d9001b58...
| wavemode wrote:
| Not a direct solution to your problem, but people should
| definitely consider Apache over MIT when reaching for a
| permissive license. In addition to being more robust about things
| like, notifying users of modifications that have been made to the
| original source code, it also explicitly requires that forkers
| maintain the NOTICE file in its entirety, and distribute that
| file to users receiving copies of the software (whether source or
| binary copies).
|
| Even if megacorp does nothing else for you, that NOTICE file can
| at least contain information about who you are as the original
| author, links to your website, etc.
| jon_richards wrote:
| I considered forking an MIT repo once but had no idea how to
| communicate which parts were under the original MIT license and
| which weren't. Unless I copied it into each file and deleted
| the root license, it seems like it would license all my changes
| as MIT, too, basically becoming a copy-left license.
| aantix wrote:
| Let's create a license where companies with X number of employees
| that create a fork automatically owe the original owner Y amount.
|
| It's ridiculous that companies with literal trillion dollar
| market caps coast on the back open source.
| unsungNovelty wrote:
| Am a bit confused. Is Microsoft breaking MIT license here? I can
| see both projects are in MIT and I don't see the below
|
| _Copyright (c) 2024 The Spegel Authors_
|
| Which should be retained when you are forking it right? Or am I
| wrong?
| croemer wrote:
| Yes, indeed, that's missing. Though it should be: "Copyright
| (c) 2023 Xenit AB" as that was the license that was in place
| when the copy/paste took place: https://github.com/spegel-
| org/spegel/blob/ed21d4da925b9a179c...
| unsungNovelty wrote:
| Thanks for confirming.
| nwellinghoff wrote:
| Is there a template license that says open source unless your
| market cap is or goes above x million? Would like companies to be
| able to use things to grow but then if they hit it big the have
| to start paying.
| atmosx wrote:
| > Microsoft carries a large brand recognition [...]
|
| Especially amongst Linux users... :-)
| throwaway2037 wrote:
| Regarding the removal of copyright notice, did anyone open an
| issue on the Microsoft GitHub repo to have it restored? It should
| be relatively simple to fix. Yes, I know, this won't dull the
| knife that Microsoft stuck into the back of the original author.
| croemer wrote:
| Yep, there's an issue with 200+ reactions:
| https://github.com/Azure/peerd/issues/109
| vzaliva wrote:
| Many of us dislike Microsoft and big corporations, but here's my
| (possibly unpopular) take:
|
| 1. Open source worked as expected. Some MIT-licensed code was
| forked under the same licence, giving users more options and
| contributing further to the open-source codebase.
|
| 2. I don't understand the claim about users being confused
| between Spegel and Peerd. These are two products with different
| names and maintainers. Maybe some users are also confused between
| Ubuntu and Red Hat Linux - so what? I'm glad users have more
| choices.
|
| 3. The point about the original author not being given enough
| credit is the only valid one. The legal side, discussed in other
| comments, seems to suggest they're within their rights, but they
| could have done better.
| a2tech wrote:
| Do. Not. Trust. Microsoft. Why is this a lesson that has to be
| learned over and over again by people? It's been extensively,
| exhaustively, documented over the years.
|
| The leopard doesn't change its spots. The scorpion stings the
| frog. Microsoft screws over people. Lessons learned in childhood
| that still hold true today.
| palata wrote:
| I tend to disagree with the criticism of Microsoft here.
|
| The author of Spegel released it as MIT, which means that anyone
| can fork it as long as they keep the attribution. So if every
| file of the original project has a header containing the
| copyright, Microsoft has to keep it. Looking at Spegel, I haven't
| found a single source file containing an MIT header and
| copyright.
|
| Microsoft added their header with their copyright in Peerd
| (because now that they changed the files, they own a copyright
| over parts of those files). Nothing says that they must add a
| line for the original author, and I could imagine that it's
| legally a risk for them to do it.
|
| Moreover, a copyleft license wouldn't have changed anything here
| (except maybe discouraging Microsoft from reusing any of that
| code).
|
| If you don't want anyone to reuse your code, don't open source
| it. The whole point of open source it is that you allow others to
| reuse it.
| NobodyNada wrote:
| The MIT license doesn't say anything about headers. The
| attribution requirement is:
|
| > The above copyright notice and this permission notice shall
| be included in all copies or substantial portions of the
| Software.
|
| The license is saying you have to retain _the license itself_ ;
| it doesn't say anything about any other attribution notices
| that exists in the source files or anywhere else. It doesn't
| specify where you have to put the license; it could be in a
| comment in the code, or it could be in a file next to the code,
| and that doesn't change anything about the terms of the
| license.
|
| If the original author put the license in comments, you can
| keep it in comments, but you could also move it to a standalone
| file. If the original author put it in a standalone file, you
| can keep it there or you can move it to a comment, but you
| can't remove it. If you distribute a compiled binary, you need
| to be sure you're including the license alongside the binary as
| well.
|
| If Microsoft distributes a "substantial portion" of the
| software, and they do not include a copy of the original
| license (including the copyright statement at the top
| attributing the original author), they're in violation.
| palata wrote:
| Right. So they should just add a copy of that line somewhere
| in the repository, saying "some parts of this project come
| from this licence"?
| NobodyNada wrote:
| Yes, that is the condition of the MIT license.
| palata wrote:
| Ok, but then why not just opening a PR in the repo asking
| for that? Sounds like a _very minor change_. Yes, they
| have to do it and they should. But I feel like insulting
| them because they gave credit in the README but not
| exactly in the proper way is a bit aggressive.
|
| Engineers in big companies are quick to criticise how the
| legal department is a pain in the ass, but when I see the
| reactions here, I completely understand why it is.
| ApolloFortyNine wrote:
| It definitely seems like this whole thing is known by
| maybe 5 individuals at Microsoft. It's not some big
| affront on open source software, they didn't relicense
| the code under a less permissive license or anything,
| they just updated the copyright notice improperly. And
| that part I wouldn't be shocked was a single individual
| dev's doing.
|
| I agree, op should make a PR, state their case, and then
| complain if it's not merged.
| firesteelrain wrote:
| License is a license. It doesn't provide legal advice for how
| to properly mark documents or source code. You should always
| mark every file and put it under configuration management. A
| single LICENSE file is step 1 for how the code can be
| treated/forked/etc. But all of spegel's files lacked any sort
| of copyright headers.
| AndriyKunitsyn wrote:
| A lot of people in the comments blame the victim. Why isn't "go
| talk to a lawyer" the most common response?
|
| Are American lawyers that can read three-paragraph licenses so
| prohibitively expensive?
| bogwog wrote:
| This sucks and I feel for the maintainer, but it really is their
| own fault for publishing as MIT. However, that is a pretty common
| mistake that most people never learn until they've been screwed
| by it. The OSI have done a good job at convincing devs to open
| themselves up to exploitation for the benefit of big tech
| companies, and I find it hard to fault people for falling for
| that. The social pressure is very high.
|
| But giving a (presumably) free consultation to Microsoft is a
| self-own. History has shown that you should never give the
| benefit of the doubt to Microsoft, and you should certainly never
| trust them (unless you have a contract and a good lawyer). Not
| knowing this can only be the result of willful ignorance. I can't
| offer sympathy for that.
|
| Hopefully, this person learned the right lessons from this
| experience.
| hinkley wrote:
| Open source is very much like a party. You are perfectly
| entitled to expect the host to be gracious and the guests not
| to steal things.
|
| "It's your fault for inviting them in" is victim blaming and
| horizontal aggression. The people at the top of the pyramid
| love it when the peasants fight each other. Saves them getting
| callouses.
| bogwog wrote:
| What a terrible take. This is the kind of "social pressure" I
| was talking about.
|
| Open source licensing isn't a party, it's a business decision
| you make as a participant in the intellectual property
| economy. If you make a stupid and/or uninformed decision,
| you're opening yourself up to exploitation. It _is_ victim
| blaming because this situation is entirely the victim 's
| fault.
|
| I don't even know what you mean by "horizontal aggression",
| and your comment about peasants makes no sense in this
| context. How does advocating that people be informed and use
| appropriate licenses count as in-fighting, or beneficial to
| big tech companies? If anything it's literally the opposite.
| hinkley wrote:
| You're blaming an author who offered his code to others
| (that's a social act) instead of a trillion dollar company.
|
| What do you think I mean by horizontal aggression?
| fefe23 wrote:
| So, let me get this straight. You published your software under a
| free license that stipulates they can't remove the license and
| are otherwise free to do as they please.
|
| They took you by your word and did exactly that.
|
| What did you think a license is for? For artistic expression?
| It's a contract. If you want to get paid, put that in your
| license.
|
| I recommend AGPL 3. Then nobody will rip you off. And if they do,
| you can drag them to court over it.
| qarl wrote:
| Those who cannot remember the past are condemned to repeat it.
| carambacreator wrote:
| The MIT license should have a provision to permit forks (without
| allowing daisy chaining of fork of forks). You can then decide &
| allow/reject fork requests.
| cenobyte wrote:
| Not to be mean, but if you don't like the consequences of using
| an MIT license then don't use it.
|
| Using it then complaining about its effects because you don't
| like the company is silly.
|
| Use a different license if this is important to you.
| rexpop wrote:
| > This experience has also made me consider changing the
| license of Spegel, as it seems to be the only stone I can
| throw.
|
| Well, yes, that seems to be the conclusion OP has come to.
| hinkley wrote:
| Too late though. They can keep using the code he wrote
| before. He'd have to rearchitect it to add new features to
| even make it sting now.
| glitchc wrote:
| The solution is to change the license ASAP, add some must-have
| features from the pull requests (or your own imagination, you
| know best what's missing), and continue on your merry way.
|
| Eventually the MS fork will be so far behind yours that they will
| come back to talk to you. And this time, you will be prepared.
| nrabulinski wrote:
| Why haven't you threatened to sue yet? They very clearly violated
| the MIT license by getting rid of your copyright, which is
| literally the only requirement MIT imposes. Go after them, don't
| let the corporation get away with
| AlgebraFox wrote:
| This is not getting forked by Microsoft. This is getting forked
| by permissive licenses.
| devrandoom wrote:
| This is a candidate for name and shame. Microsoft is made up of
| people and actual real people made these decisions.
|
| Who are they?
| nabla9 wrote:
| I find it unlikely that this is Microsoft policy, it does not
| benefit them in any way. Someone fucked up or claimed glory
| internally. Pointing this out to their legal department might get
| the Copyright notice fixed.
| firesteelrain wrote:
| First, if Microsoft used any of the Spegel code then it should
| provide proper attribution. A best practice is to put the LICENSE
| file in the root of project (both peerd and spegel do). But also,
| you need to put the license in the header of each file as a best
| practice. Like Microsoft did here
| https://github.com/Azure/peerd/blob/main/api/docs.go#L1
|
| spegel did not follow best practices to put the copyright in the
| file itself: https://github.com/spegel-
| org/spegel/blob/main/internal/web/...
|
| Ideally starting with something like this
|
| // SPDX-License-Identifier: MIT
| akagusu wrote:
| Microsoft doing this is expected, it is what big tech companies
| do, but what is surprising is the growing number of people
| defending its behavior and blaming the developer for what
| happened.
| tadeegan wrote:
| WTF! I'd sue.
| dvektor wrote:
| Reminds me of the scene in Silicon Valley where they team are
| excited to hear a VC interested in the details so they are
| explaining the technology on the whiteboard to the "investors"
| who were a team of engineers eager to copy their tech.
|
| But seriously, it sounds like a weird version of "not invented
| here syndrome" where you are somehow OK with copy-pasting most of
| it.
| indigodaddy wrote:
| Very clever title
| doublextremevil wrote:
| Consider the AGPL, it is a criminally underutilized license ideal
| for the current zeitgeist.
| karussell wrote:
| Microsoft avoided any licensing issues because its code was not
| copied but came out of their AI. /s
| alphazard wrote:
| There's a lot of blame being assigned to Microsoft, the entire
| corporation. But I doubt this was a heavily contemplated decision
| by a room full of executives, or voted on by the shareholders.
|
| More likely, this is a way for someone to get ahead in their
| career at Microsoft by passing off a successful open source
| project as their own accomplishment. They can steal users from
| the original project and justify using Microsoft's resources to
| maintain it, which puts more resources under their control, and
| gives them something to talk about during performance reviews.
|
| The open source community should have a way to enforce
| professional consequences on individuals in situations like this.
| They are motivated by professional gains after all. That's the
| only way this will stop happening. Professional consequences does
| not mean doxxing or other personal attacks, it means losing
| career opportunities, losing contributor privileges, and becoming
| known as untrustworthy. These consequences have to be greater
| than the expected gain from passing a project off as your own at
| work.
|
| I wonder if a new kind of license could be created which includes
| projects in some kind of portfolio and violating the license
| means losing access to the entire portfolio. Similar to how the
| tech companies added patents to a shared portfolio and patent
| treachery meant losing access to the portfolio.
| jeanlucas wrote:
| Yeah, but Microsoft's response to this will actually be a
| company official position.
|
| It's a space to keep watching.
| nickelpro wrote:
| A flash in the pan about a random fork they have on Github
| with <100 stars, and no significant public usage, which fails
| to correctly follow the reproduction requirement of the MIT
| license will not generate a C-suite response. It won't get
| outside the local management of the team responsible for the
| fork. Maybe a few dozen people at MS will ever know about
| this, and most of those from seeing it on HN; who have zero
| connection to the responsible team.
|
| It baffles me that HN has no idea how large organizations
| work. The boss's boss's boss has no idea what random worker
| bees are doing.
| billllll wrote:
| Just because the shareholders didn't vote on it, or an exec
| didn't explicitly say "hey steal this" does not absolve the
| company. Leadership doesn't get to throw up their hands and say
| "not my fault" when something bad happens.
|
| It is ultimately the responsibility of the company and its
| people to create a system where things like this are
| discouraged or prohibited. Not doing so is tacit approval,
| especially in this case where they have a significant history
| of doing the same thing.
| alphazard wrote:
| It's fine that you think corporations are supposed to work
| that way, and I don't necessarily disagree. But they don't in
| practice. They don't feel the consequences of bad actions
| because of legal economies of scale. They also don't
| backpropagate consequences from the company's bottom line to
| the individuals responsible. If you were to rectify this so
| that it works exactly as you envision, you would have made
| incredible advances in the Principal-Agent problem as it
| pertains to corporate compensation.
|
| Most corporate actions that 3rd parties consider "bad" are
| the result of someone inside the corporation having an
| asymmetric payoff from directing the corporation to do the
| bad thing. They get the upside from a success, but not the
| downside from failure.
|
| If you want to stop a certain bad behavior, your best bet is
| to change individual incentives.
| da_chicken wrote:
| I think the point being made is that the executives are
| either responsible for the company, or they're not actually
| running the company at all.
|
| Like this isn't some tragedy of the commons situation. This
| isn't some situation where the company is a cooperative
| confederation of equal partners. Either shit rolls uphill,
| or you don't have leadership at all. You don't get to pass
| the buck on criticism because you made a decision out of
| self interest, either.
|
| "It's not technically illegal," is the most blase, low-
| effort rule for behavior. It's why only twelve-year-olds
| and lawyers use it as a defense for poor behaviors and poor
| ethics.
|
| Being a POS earns you a reputation for being a POS, and
| that includes people publicly pointing you out as a POS in
| public forums.
| nickelpro wrote:
| > or they're not actually running the company at all
|
| Executives are not micro-managing day-to-day
| implementation decisions of every team, no. They set
| broad strategic goals, the management layers below them
| decide how to best operationalize those goals, and the
| layers below those middle managers make specific
| implementation decisions to execute those operations.
|
| If you want to think of this as "not actually running the
| company at all", you're free to. The point is that's how
| the world works.
| da_chicken wrote:
| You don't have to be personally making the decisions in
| order to be responsible for them.
|
| That's also the way the world works.
| LtWorf wrote:
| What initiative will executive at microsoft take now that
| this post became popular?
|
| No initiative? Then it's 100% their fault.
| renewiltord wrote:
| Exactly. And this is why I think all US voters should be held
| to account for Abu Ghraib. Prison time at the least. The
| death penalty should be on the table.
| asdefghyk wrote:
| My observation ( for other such (similiar) war events) is
| that investigations by the instigators country will lead to
| very less serious punishments for the instigators and "down
| playing" of the harm from such events
| darepublic wrote:
| They created the atmosphere that encourages or even
| necessitates shenanigans like these. Absolutely blame the
| corporation
| awesome_dude wrote:
| It's my personal experience that toxic behaviour is tolerated
| (and even encouraged) by toxic leadership.
|
| Whilst there are always bad apples in a big company, a good
| company stamps out bad behaviour as soon as it becomes aware of
| it.
| aydyn wrote:
| I want to make a point that might be misinterpreted, so I want to
| make clear I am not at all defending Microsoft.
|
| That said, Microsoft isn't a person and has no agency by itself.
| It is specific persons/developers/managers violating the licenses
| and stringing along open source developers in bad faith.
|
| Who are these people? Why is the blame not falling on them,
| specifically?
| vb-8448 wrote:
| ehm, it doesn't work this way, fortunately ... Microsoft, the
| corporation, is definitively responsible if there's a copy
| right violation.
|
| Who exactly did what it's a Microsoft internal thing, unless
| Microsoft demonstrates that this has been done in bad faith and
| Microsoft did everything what is "reasonable" to avoid this
| happening ...
| kshri24 wrote:
| > How can sole maintainers work with multi-billion corporations
| without being taken advantage of?
|
| Use AGPL, Fair Source or BSL. That's the only way forward. I for
| one will be using AGPL in everything. If a trillion dollar
| company cannot pay for services it is a fucking shame. Absolutely
| disgusting. Microsoft should be ashamed.
| immibis wrote:
| Friends don't let friends release as MIT, except for trivial
| amounts of code.
|
| Last week I relicensed most of my previously released Minecraft
| mods (except those with trivial code and those with missing
| source code) to AGPL plus a bunch of exceptions.
| rglover wrote:
| This is why I wrote the SAUCR license [1] for my full-stack
| JavaScript framework.
|
| A lot of OSS developers get "got" by the ideological arguments of
| OSS and shy away from doing "source available" (which if we set
| down the Kool-Aid, is in effect open source because...the source
| is open).
|
| If you're an independent or small team and want to protect your
| IP as best you can while keeping source available for
| learning/auditing, check it out.
|
| [1] https://saucr.org
| ramses0 wrote:
| That's not a license, it's wishful thinking in template form.
|
| The fact that you have "fill in the blanks here" in a "legal"
| document makes this actively harmful.
|
| I respect the sentiment, but it's entirely the wrong direction.
| Better looking at the Creative Commons license picker/builder
| as a better example of a starting point.
| rglover wrote:
| > The fact that you have "fill in the blanks here" in a
| "legal" document makes this actively harmful.
|
| It doesn't. At the end of the day, all legal documents are
| just words on a page. When in doubt, you can hire a lawyer or
| paralegal to review what you've written to ensure it's sound.
|
| This is why people keep getting burned. They make foolish
| excuses, use the wrong licenses, and then they're surprised
| when a big fish swallows them whole.
| iamleppert wrote:
| If a big tech company shows any interest in your open source
| project, don't ever assume there are any good intentions. Never
| agree to any meeting or unpaid work, or do any work or go out of
| your way for them unless you have a contract. Be extra careful
| when dealing with a big company, because they have a lot of
| resources and do not care about you or your project.
| alexfromapex wrote:
| There is a very long storied history of Microsoft being an
| extremely scummy anticompetitive company...
| neilv wrote:
| Getting 'forked' (so to speak) by Microsoft was the norm, and
| might again be.
|
| Up until the dotcom boom (and in the earlier days of it), one of
| the questions I'd heard of software startups was something like,
| "What will you do when Microsoft decides to own your space?"
|
| Fortunately, the broad tech industry overall got a decade or two
| reprieve from that, though it might be starting to return.
|
| A long related question, when partnering with Microsoft, which
| sounds like it still applies, is "What's your plan for when
| Microsoft stabs you in the back?"
|
| Microsoft never had a self image of "Don't Be Evil", and is more
| a close releative of Cantrill's Lawnmower.
|
| My suspicion is that ruthlessness and the long-con have deep
| roots in Microsoft's culture.
|
| Microsoft only appears to play nice when it has to, and is
| shameless otherwise.
| tobinfekkes wrote:
| Obligatory Lawnmower context:
| https://www.youtube.com/watch?v=-zRN7XLCRhc&t=2040s
| adfm wrote:
| They all do it. Anytime a corporation comes calling, they're
| looking for something from you and there's an implicit quid pro
| quo. I'm not a lawyer, but anytime latin is involved, you better
| get it in writing and run it by someone who is.
| neilv wrote:
| Obligatory "Silicon Valley" TV series clip:
| https://www.youtube.com/watch?v=JlwwVuSUUfc
| cobbaut wrote:
| > As a sole maintainer of an open source project, I was enthused
| when Microsoft reached out to set up a meeting to talk about
| Spegel. The meeting went well, and I felt there was going to be a
| path forward ripe with cooperation and hopefully a place where I
| could onboard new maintainers.
|
| I bet the Spyglass people had the same thought.
|
| https://en.wikipedia.org/wiki/Spyglass,_Inc.
| PeterZaitsev wrote:
| Not including original license may well be oversight, It is very
| unlikely Microsoft would intentionally to do something like this,
| which costs them really nothing, but not doing it can post a lot
| in the future in the legal costs.
|
| For the rest - if you chose MIT license for your work you should
| expect it can be used by someone to create software based on it,
| including commercially licenses
|
| I would treat anything you're releasing as MIT as the gift to the
| world. This is how Open Source suppose to work - people building
| on each other work, often without properly thanking authors and
| maintainers.
|
| If you want to reserve some rights - chose who can use your
| software and for what purpose, ie ensure "Microsofts" of this
| world can't use your code in a way you do not approve, you should
| not release it as Open Source.
| mmaunder wrote:
| If you want them to contribute back changes, use a license that
| makes them contribute back changes, like GPL. Don't ever "default
| to" a license.
| alganet wrote:
| Defaulting to a license is the default behavior.
| sokoloff wrote:
| GPL only requires you to contribute changes if you distribute
| the program (not if you just use it internally).
| davidkwast wrote:
| I think AGPL2 or newer and GPL3 helps a little too
| joshka wrote:
| https://github.com/Azure/peerd/pull/110
|
| > fix: amend copyright attributions #110 > > This commit amends
| copyright attributions that were omitted due to an oversight on
| part of the Peerd authors. Copyright header attributions in a few
| files have been updated to include "2023 Xenit AB and 2024 The
| Spegel Authors". The attribution in the LICENSE file has also
| been updated to reflect the same.
| touristtam wrote:
| FWIW one of the maintainer just added this to comply with the
| license:
| https://github.com/avtakkar/peerd/commit/57ebeeb853effb211ae...
| lachie83 wrote:
| Hi Philip, I'm Lachlan from the Cloud Native Ecosystem team at
| Microsoft. Our team works in the cloud native open-source
| community with a goal of being great open-source collaborators in
| these projects and communities, and I'm sorry that this happened.
|
| We appreciate your leadership and collaboration on Spegel and see
| your project solving a real challenge for the cloud native
| community. I wanted to thank you for your blog post
| https://philiplaine.com/posts/getting-forked-by-microsoft/, let
| you know what we're doing, and address a few points.
|
| We've just raised a pull request
| https://github.com/Azure/peerd/pull/110 amending the license
| headers in the source files. We absolutely should have done
| better here: our company policy is to maintain copyright headers
| in files - we have added headers to the files to attribute your
| work.
|
| I also wanted to share why we felt making a new project was the
| appropriate path: the primary reason peerd was created was to add
| artifact streaming support. When you spoke with our engineers
| about implementing artifact streaming you said it was probably
| out of scope for Spegel at that time, which made sense. We made
| sure to acknowledge the work in Spegel and that it was used as a
| source of inspiration for peerd which you noted in your blog but
| we failed to give you the attribution you, that was a mistake and
| I'm sorry. We hear you loud and clear and are going to make sure
| we improve our processes to help us be better stewards in the
| open-source community.
|
| Thanks again for bringing this to our attention. We will improve
| the way we work and collaborate in open source and are always
| open to feedback.
| kyleee wrote:
| Maybe as a show of good faith you could send the original
| creator 10 or 20k usd as a thank you. Talk is cheap
| rererereferred wrote:
| 10 or 20k USD for Copyright Violation sounds cheap.
| guywithahat wrote:
| This sounds like a good idea but getting the checkbook out at
| a company like Microsoft probably takes 3-5 meetings, and
| saying you want to donate because you accidentally stole
| their code and put the company at (theoretical) risk of a
| lawsuit seems like a bad conversation starter with
| management.
|
| I like the thought though
| tacker2000 wrote:
| Now that you got caught you are fixing it and writing fancy PR
| fluff. An org the size of MS should have clear policies and
| processes of how to handle open source forks like this. Unless
| we assume "bad faith" here. This is a pretty bad look.
|
| I wonder how many other projects are not attributed correctly.
| Are you checking up on them also or just waiting for the next
| HN post?
|
| That said, the author of Spegel should have used another
| license if he wanted more "recognition" or the like.
| aleph_minus_one wrote:
| > I wonder how many other projects are not attributed
| correctly. Are you checking up on them also or just waiting
| for the next HN post?
|
| As I wrote in my parallel post
| (https://news.ycombinator.com/item?id=43756102): these
| copyright violations (not giving proper attribution of the
| license requires it _is_ copyright violation) from Microsoft
| 's side (the more, the "better", and the clearer the message)
| can be considered de-facto, implicitly stated corporate
| messages from Microsoft's side that they are from now on
| officially fine with copyright violations, and thus
| _everybody_ is from now on free to violate the copyright on
| _every_ software product that Microsoft has ever produced.
| beefnugs wrote:
| He is lucky microsoft doesn't have 30,000 ai-agents out there
| just stealing everything he has ever done and spinning up 10
| competitors to each project all with new license and money
| flow into microsoft in any number of ways.
|
| I mean they made sure to get all the consent from all authors
| on github before training on it right
| wilg wrote:
| I mean what else are they supposed to say or do to correct a
| mistake other than "sorry, here's what happened, we have
| fixed it, we are taking steps to reduce the chances of it
| happening again"? Sometimes you just have to correct an
| error.
| aleph_minus_one wrote:
| > but we failed to give you the attribution you, that was a
| mistake and I'm sorry.
|
| In other words: there exists some responsible person at
| Microsoft who violated the copyright (yes, removing the
| attribution is also a copyright violation!) for Microsoft.
|
| In consideration how Microsoft has been treating copyyright
| violators for decades, if Microsoft does not give this
| responsible person the same crual treatment, it should be
| considered an honest, clear, implicit official statement from
| Microsoft's side that they are perfectly fine if hackers
| violate all of Microsoft's copyright. In other words: it means
| that all of Microsoft's software now (spiritually!) will become
| public domain.
|
| Also, if Microsot does not make make this responsible person
| pay the caused damage _from their own pocket_ to the original
| author of Spegel with the same monatery magnitude as if
| Microsoft would sue other entities for a violation of
| copyyright of Microsoft 's software, the same statement
| applies.
| throwaway642012 wrote:
| Based on the initial commits and the logs after that surely
| there's someone unethical person at MS. This might have been
| brushed under the carpet and due to sheer luck it reached HN
| frontpage.
|
| https://github.com/Azure/peerd/commit/64b8928943ddd73691d0b5.
| ..
| 9_ZPK7- wrote:
| > it means that all of Microsoft's software now
| (spiritually!) will become public domain.
|
| You have said many things like this in this thread. I don't
| think you understand how laws or courts or legal fees work.
| Good luck defending yourself against MS's army of lawyers
| during your court proceedings though!
| aleph_minus_one wrote:
| > I don't think you understand how laws or courts or legal
| fees work. Good luck defending yourself against MS's army
| of lawyers during your court proceedings though!
|
| I have no hope that the courts currently (!) agree with
| this. But let us spread the gospel so that as many people
| as possible know how Microsoft's "real" stance on copyright
| is. If a lot of people become aware of this and this truth
| stays in lots of people's heads for a sufficiently long
| time, the public opinion might change so that juries
| (representing the public opinion in courts) will indeed
| begin to judge against Microsoft in the way that I
| described.
| deknos wrote:
| > We hear you loud and clear ..
|
| oh, corporate wording. so you do not really care :D
| aleph_minus_one wrote:
| > oh, corporate wording. so you do not really care :D
|
| Better _do_ care a lot about it, and use every syllable of
| the corporate statement against Microsoft. :-)
|
| I.e. the principle of some martial arts: use the force that
| the opponent applies against himself/herself.
|
| Addendum: In this particular case
|
| > We hear you loud and clear ..
|
| can be considered as a _very_ official statement from
| Microsoft that from now on, they cannot claim anymore that
| they didn 't know of something ..., i.e. the hangman's noose
| is slowly closing. :-)
| h4ck_th3_pl4n3t wrote:
| Probably already approved by the legal department which is
| working in damage control mode :D
| vvillena wrote:
| Not good enough. All previous commits still infringe Spegel's
| copyright, given they are still available and distributed. I
| would assume the point release also infringes copyright.
|
| You are Microsoft. You can do better.
| wilg wrote:
| Very silly, they can't rewrite the commit history nor would
| it be proper to update old packaged releases.
| vvillena wrote:
| What do you mean they can't rewrite the commits? They can,
| they should, and it's really easy to do so. As for the
| packages, they should be taken offline.
| throwaway642012 wrote:
| What about the allegations that people in MS did this for
| personal gains? Will there be any lessons learned from this?
| cmgriffing wrote:
| I think this is a good case for applying Hanlon's Razor. The
| person that did the forking and removal of copyright text may
| simply not know that it needed to stay there.
|
| I would love to know what processes MS is considering to
| prevent this in the future as well as what kind of auditing
| might be done to look at other projects that started as forks.
| frumplestlatz wrote:
| > The person that did the forking and removal of copyright
| text may simply not know that it needed to stay there.
|
| That person never learned what plagiarism is throughout their
| entire academic career, much less once they landed at
| Microsoft?
| isp wrote:
| There are other possibilities, for example, the person may
| have thought that they were complying with the MIT licence
| by releasing the new project under the MIT licence too +
| including a mention of the original project in the README.
|
| This, of course, is incorrect, and a cursory read of the
| very short licence text would show it to be incorrect.
|
| But I, too, am strongly favouring Hanlon's razor.
| DrillShopper wrote:
| Hey how about doing the right thing first time next time
| instead of waiting until you get ass-blasted on social media?
| spiritplumber wrote:
| Do better next time, eh?
| detective_bosch wrote:
| They just updated the license and attribution.
| https://github.com/Azure/peerd/pull/110/files . Overall, it does
| not sit right with me. How can you be at the position you are and
| make a very obvious non-attribution mistake. I want to side on
| incompetence and give benefit of doubt but malice (for personal
| gains) is on the table as well.
| hondo77 wrote:
| > As a maintainer, it is my duty to come across as unbiased and
| factual as possible...
|
| Sez who?
| dustedcodes wrote:
| This is not the first or last time this has happened. Microsoft
| does it intentionally and when they get caught they then give a
| fake apology and pretend it was a mistake. These mistakes keep
| happening and the pattern is always the same, MS teams engaging
| with a developer to learn all about their business idea and then
| they steal it:
|
| https://keivan.io/the-day-appget-died/
| spiritplumber wrote:
| This happened with me and Google (Antbot/Cellbots stuff, circa
| 2011). The difference is that the Google person in charge of the
| fork of my project was actively hostile to me. He told me that I
| was just a hobbyist and that my product didn't exist.
|
| So I put a PCB of my product in his hand (it had some through-
| hole components), and squeezed it really hard, and asked him "If
| it doesn't exist, why is it making you bleed?"
|
| All this at a meeting/presentation where my bot was literally
| running circles around theirs because mine worked and theirs
| stalled.
|
| I think I have video of this somewhere, but there's no audio.
|
| The guy left Google a year later, tried to sell bots
| independently, and folded. I on the other hand am still here.
|
| It was a bit of a weird interaction overall. Why would someone
| say "this doesn't exist" while staring at it? I figured that
| haptic feedback would help with their solipsism at the time.
___________________________________________________________________
(page generated 2025-04-21 23:01 UTC)