hckrnws
In distant times (before Microsoft's Satya era) I was the maintainer of a popular OSS product that scratched an important itch for specialist people who were doing work in the early cloud days. It solved my own problems, and I didn't want to make a business out of it, so I was content to release it as OSS.
A Microsoft director who ran a portfolio of product teams reached out to ask about a "collaboration". I said I'd be happy to send them my consulting agreement. There was a little grumbling about the rate but I just reiterated that it was my rate. After a lot of legal back and forth, they signed, I answered a bunch of questions for them in a 2-day workshop, and they paid.
If they want you badly enough, they'll pay. Don't work for free.
They want you to be intimidated by their reputation because it's easier if you make concessions first hoping to get some benefit later. Keep in mind, these are business people and they're very good at it (otherwise they wouldn't be giants). The benefit will never materialize. Working for free just means it was an easy win and you left money on the table.
Do not work for free. Large companies have a shit ton of money. All you need to do is provide an economical argument in the form of your rate (which should take into account their expenses for having an employee / team work on it instead, hint: 2 x total compensation). Getting paid is just a matter of the guy who reached out to you to talk to his skip manager to get a verbal 'ok', and then the accounting department takes care of it. They're not going to pass on you just because you asked to be paid for your time - a business is used to paying for services. If they do pass on you without even negotiating your rate, then they were definitely not serious and nothing good would have come out of it for you.
Source: dev working at FAANG with 3rd party companies.
> these are business people and they're very good at it (otherwise they wouldn't be giants)
just adding the point that the people who made them giants have all left by now, and the people they have now are incredibly good at internal politics rather than actual biz. You will probably find that they are more interested in how you can make them look good rather than how you can make their company money.
But yes, do not work for free. Large companies have a shit ton of money. Agree 100% with parent.
And as you illustrated, for a one-off project, rate doesn't really matter. It just needs to get approved by someone senior enough, who will ask "Do we have anyone in-house that knows this?" and "How much will it cost to do all this ourselves?"
If the answer to the first question is "No" then you'll be very cheap compared to the second answer no matter how much you cost.
Even just the salaried hourly rate of the people that work at the company that attend a 2 day workshop is already likely to be more than your megacorp rate. It doesn't matter to them, it's a rounding error to their initiative.
Before the economy tanked the last time I was at a couple of places that still sent people to conventions. I took a notebook and went to a mix of talks about stuff I was interested in and stuff my company was interested in. I don’t think there has ever been a conference that cost more to send devs to than what we cost the company for a day, so having us out of the office is the most expensive part of the deal (maybe that’s why some conferences go into the weekend).
I usually came back with enough notes to save me at least a couple of weeks of work. If you know how to listen, talking to an SME can save you a ton of time.
And from what I understand Microsoft is good at planning interviews to sound like they’re extemporaneous while they’ve actually worked out ahead of time what questions they need to ask you to get what they want.
I always tell this cautionary tale when talking to friends turned founders. I was going to a 1-1 with a Director (Bob) in a FANG company. As I was walking to his desk, another Director and a Senior Director (Gus) called out to him that the meeting was starting and he should join -- he asked me to come along and tell him my thoughts.
It was a sales call with a 2-person tech company building some tools in the cloud native space. They were super eager, walking through the product. My manager put the phone on mute and asked "So what are we trying to do here" to the other directors. They replied "We just want to kick the tires to figure out how they built it, we're not going to buy". They let these guys pitch for 20 minutes, periodically asking questions and then muting to mock them. My manager nudged me to ask something, since I ran a similar initiative internally. I asked how they would handle a gnarly case we had and they didn't have a solution yet, but could come up with one (super eager, wanted the deal).
At the end of the call, Gus un-muted the phone and said "This looks great but I'm having a hard time following the demo. Can you fly out and show us in person?". The sellers paused and then started asking when the other was free etc, one was going on vacation but could "make it work" to come out the next week. Gus replied "Great, see you next week".
I left that meeting realizing they were all psychopaths. Notably, Gus had the charism of Gus Fring from Breaking Bad.
This happens at all levels of scale. Many years ago I was a PHP freelancer for a while and as often as not prospective "customers" would try to 20-question me out of the shape of a solution for them so they could avoid paying me.
Did you eat any of these people and if not, why not?
This article and your comment reminds me of the story about winget/appget https://medium.com/@keivan/the-day-appget-died-e9a5c96c8b22
Note - maybe they don't pay you the developer sometimes, however.
Steve Jobs and Winamp
[dead]
> Don't work for free.
I may encounter this situation some day. Could you share how you structured your fees (and give the hourly rate you charged them :P) ?
There was no hourly rate. It was roughly US$125,000 in today's dollars for the 2-day workshop with some other riders (e.g. additional consultation rate).
This factored in my prep time, prototyping, flights (since I didn't live in Redmond, where this team was headquartered, and this was before video calls were more popular), et cetera.
I worked for them for six months just to help them collaborate with Mozilla, about 20 years ago. They will absolutely pay.
> There was a little grumbling about the rate but I just reiterated that it was my rate.
Would you be willing to share what your rate was? I think it'd be useful for other FOSS maintainers to get a better understanding of their worth.
I'm curious as well, but simply to understand why Microsoft would even waste time discussing the rate for a 2-day workshop.
I'm guessing that somebody pitched it to their superiors as a free solution with all the source code they could just take over and use, and now they had to have an awkward conversation about spending some money on the author. At which point it behooved them for it to at least be as cheap as possible.
jxf replied here about the rate:
Wow! That is a lot more than I would've expected. Good for him!
They definitely will open the checkbook pretty quick for small, well-defined projects like this. Stuff where they don't want to waste their internal resources; stuff that has an end game, like "build this complete widget and then go away."
They got a good deal; a ready-made solution (at least suitable for some real-world purposes similar to, if not quite theirs) for the price of 2 days of consulting.
A good reminder that we're allowed to value our time and expertise, especially when dealing with companies that can pay but often hope you'll give it away for free in the name of "collaboration."
Hi Philip, I'm Lachlan from the Cloud Native Ecosystem team at Microsoft. Our team works in the cloud native open-source community with a goal of being great open-source collaborators in these projects and communities, and I’m sorry that this happened.
We appreciate your leadership and collaboration on Spegel and see your project solving a real challenge for the cloud native community. I wanted to thank you for your blog post https://philiplaine.com/posts/getting-forked-by-microsoft/, let you know what we’re doing, and address a few points.
We’ve just raised a pull request https://github.com/Azure/peerd/pull/110 amending the license headers in the source files. We absolutely should have done better here: our company policy is to maintain copyright headers in files – we have added headers to the files to attribute your work.
I also wanted to share why we felt making a new project was the appropriate path: the primary reason peerd was created was to add artifact streaming support. When you spoke with our engineers about implementing artifact streaming you said it was probably out of scope for Spegel at that time, which made sense. We made sure to acknowledge the work in Spegel and that it was used as a source of inspiration for peerd which you noted in your blog but we failed to give you the attribution you, that was a mistake and I’m sorry. We hear you loud and clear and are going to make sure we improve our processes to help us be better stewards in the open-source community.
Thanks again for bringing this to our attention. We will improve the way we work and collaborate in open source and are always open to feedback.
Now that you got caught you are fixing it and writing fancy PR fluff. An org the size of MS should have clear policies and processes of how to handle open source forks like this. Unless we assume “bad faith” here. This is a pretty bad look.
I wonder how many other projects are not attributed correctly. Are you checking up on them also or just waiting for the next HN post?
That said, the author of Spegel should have used another license if he wanted more “recognition” or the like.
> Now that you got caught you are fixing it and writing fancy PR fluff. An org the size of MS should have clear policies and processes of how to handle open source forks like this. Unless we assume “bad faith” here. This is a pretty bad look.
What would you prefer them do? A public flogging? Bring back the stocks?
I agree with the sentiment with these types of comments (I hate PR fluff too), but the aggression when a company has screwed up and not only admits it but tells you their plan going forward is silly. The best case scenario is it does nothing, worst case it encourages them to ignore it next time it happrns.
I’d like them to explicitly set out how they’re going to avoid such an issue occurring in the future, rather than symptomatically commenting on an HN post that’s now a top post.
They say:
> We hear you loud and clear and are going to make sure we improve our processes to help us be better stewards in the open-source community. Thanks again for bringing this to our attention. We will improve the way we work and collaborate in open source and are always open to feedback.
…which is a lot of nice words with absolutely NO accountability. They could write a sticky note “do better” and technically that’s all that’s required from their side. Is that okay with you?
Their plan? “We hear you loud and clear and are going to make sure we improve our processes to help us be better stewards in the open-source community”? That’s not a plan. It’s PR fluff.
Nobody is expecting this one incident to make Microsoft change. It’s about reputation, which can take a long time to shift, but can be important in the long term.
We don’t have to just accept it when a company issues a statement apologizing for their screwup. It’s perfectly acceptable to say “this apology means little to me, and if you want your reputation to change you need to do more”.
What would Microsoft do if I forked their repo, removed all the licenses and then held talks at conferences about my amazing new tool?
Pretty sure their legal department would have my fork obliterated from the face of the earth and I would be crossing my fingers that all I got was a cease and desist letter instead of a lawsuit in Texas.
Well how does Microsoft react if some company "forgets" to licence windows/office/some other product? Because that is what happened here a clear licence violation so Microsoft essentially pirated the software.
I bet Microsoft would do something similar. If Microsoft entered an agreement with another company, Apple for instance, to build a version of word for the Mac, a fork, and part of the license has a requirement to attribute in the help file or something like branding requirements, and then Apple doesn't do it right, then Microsoft reaches out to Apple and tells them to fix it else be in breach of the license. They fix it, happy happy. They don't fix it and lawyers get paid.
This was MIT licensed open source software and an attribution clause was not properly respected. Hardly piracy.
>A public flogging? Bring back the stocks? Yes, great idea.
> I wonder how many other projects are not attributed correctly. Are you checking up on them also or just waiting for the next HN post?
As I wrote in my parallel post (https://news.ycombinator.com/item?id=43756102): these copyright violations (not giving proper attribution of the license requires it is copyright violation) from Microsoft's side (the more, the "better", and the clearer the message) can be considered de-facto, implicitly stated corporate messages from Microsoft's side that they are from now on officially fine with copyright violations, and thus everybody is from now on free to violate the copyright on every software product that Microsoft has ever produced.
Sounds like a very expensive legal gambit.
Comment was deleted :(
You have to prove the mens rea, and even then, people committing crimes don't automatically deserve crimes committed upon them.
In reality they do, in some cases, e.g. capital punishment.
I think I am being misunderstood here. I do not agree with it, I am just referring to practices in some countries.
This tsk-tsk is misguided. There's a time and place to shame companies for acting in bad faith, and we should do it, but I don't think it's the case here. It does not seem like damage control for intentional malice.
The TL on the project should have done better, but it was a good sign that they had originally taken the time to acknowledge Spegel's author's help. It's very likely that someone else dealt with the actual code and license text and didn't know any better.
The PR text is reviewed by lawyers. The default advice from lawyers is "do not admit any wrongdoing". They probably suggested that the license text be fixed silently with no apology. The PR department likely convinced them that a public apology would be good for optics and it doesn't seem soulless either.
They should have done better. They admitted that. They may or may not change their internal processes, but it's now in the record book. Case closed.
And the author of Spegel should not have used a different license if he wanted "more <<recognition>>". He wanted the recognition specified by the MIT license.
I mean what else are they supposed to say or do to correct a mistake other than "sorry, here's what happened, we have fixed it, we are taking steps to reduce the chances of it happening again"? Sometimes you just have to correct an error.
Ideally a list of other projects they have since found and attributed.
From the tone of the response to Microsoft response, people will not be happy unless Microsoft publicly executed the engineers that did it.
I think people tend to forget that large companies are made up of flawed individuals and their policies mitigate but don't eliminate mistakes
They are also fully funded to compensate when they do something wrong. An apology from a Fortune 500 company with a history of unethical behavior is worthless.
That would be a start yeah
What if there aren't any or they have not yet done that because they wanted to respond to this person first?
> Now that you got caught you are fixing it and writing fancy PR fluff.
Nope, "the revenge of Clippy" is doing the writing.
Comment was deleted :(
He is lucky microsoft doesn't have 30,000 ai-agents out there just stealing everything he has ever done and spinning up 10 competitors to each project all with new license and money flow into microsoft in any number of ways.
I mean they made sure to get all the consent from all authors on github before training on it right
Comment was deleted :(
[flagged]
> but we failed to give you the attribution you, that was a mistake and I’m sorry.
In other words: there exists some responsible person at Microsoft who violated the copyright (yes, removing the attribution is also a copyright violation!) for Microsoft.
In consideration how Microsoft has been treating copyyright violators for decades, if Microsoft does not give this responsible person the same crual treatment, it should be considered an honest, clear, implicit official statement from Microsoft's side that they are perfectly fine if hackers violate all of Microsoft's copyright. In other words: it means that all of Microsoft's software now (spiritually!) will become public domain.
Also, if Microsot does not make make this responsible person pay the caused damage from their own pocket to the original author of Spegel with the same monatery magnitude as if Microsoft would sue other entities for a violation of copyyright of Microsoft's software, the same statement applies.
Based on the initial commits and the logs after that surely there’s someone unethical person at MS. This might have been brushed under the carpet and due to sheer luck it reached HN frontpage.
https://github.com/Azure/peerd/commit/64b8928943ddd73691d0b5...
> it means that all of Microsoft's software now (spiritually!) will become public domain.
You have said many things like this in this thread. I don't think you understand how laws or courts or legal fees work. Good luck defending yourself against MS's army of lawyers during your court proceedings though!
> I don't think you understand how laws or courts or legal fees work. Good luck defending yourself against MS's army of lawyers during your court proceedings though!
I have no hope that the courts currently (!) agree with this. But let us spread the gospel so that as many people as possible know how Microsoft's "real" stance on copyright is. If a lot of people become aware of this and this truth stays in lots of people's heads for a sufficiently long time, the public opinion might change so that juries (representing the public opinion in courts) will indeed begin to judge against Microsoft in the way that I described.
If I accidentally pick up your jacket instead of mine and apologize when you point it out this doesn't mean I give you blanket rights to steal my stuff forever. If I keep doing it, then it's probably worth looking into, but you're going to have to bring up evidence of serial abuse for that.
What if someone takes your jacket and removes your name tag and sews his own tag to your jacket though?
You still can't steal their jacket.
> the public opinion might change so that juries (representing the public opinion in courts) will indeed begin to judge against Microsoft in the way that I described
I'm pretty sure that's exactly how juries shouldn't work.
> When you spoke with our engineers about implementing artifact streaming you said it was probably out of scope for Spegel at that time, which made sense.
It seems like it would have been a much better strategy to add artifact streaming, submit a pull request and then if the maintainer isn't interested in adding it, proceeding with a fork.
"Probably out of scope" sounds like "I dont have time to implement a feature of that scope"
It sounds more like "I don't want to maintain a feature of that scope" or "I don't want to commit to the design decisions this feature would require". Both of those aren't solved by a PR.
If you're discussing with potential collaborators and want to communicate that you don't have time to develop such and such a feature but would be open to accepting a PR, it's very natural to say "I don't have time to develop this feature but would be open to accepting a PR".
"probably out of scope" sounds like "there would need to be some major refactors and you're the only user who wants it, so I am turning this down for now"
try to assume good faith :)
> It seems like it would have been a much better strategy
Better for whom? Now there is Peerd and Spegel that are different projects. Imagine if Microsoft had opened PRs into Spegel and the maintainer had merged them. Then at some later point Microsoft had decided that they need to have ownership of that project (maybe because they want to have the control over what gets merged into the project because they depend on it). Imagine this ended up with a Microsoft fork of Spegel, becoming more popular than the original one. What would people say?
Probably something along the lines of "embrace, extend, extinguish", right?
Kudos for stepping in here, but I think the team at Microsoft need to do some more investigation, no?
Microsoft is a large, wealthy corporation has a big target painted on its back, and, consequently, CELA (corporate, external, and legal affairs) are, for good reason, a very strong force inside Microsoft. You can't just grab some code from someplace at Microsoft. Your PM has to run it past your division's CELA rep, look at the terms, assess exposure, etc. Did that happen?
If not, that's a big hole and you should probably beg forgiveness from them as you ask for an audit of every other piece of code you've picked up.
If it didn't happen, well, I suspect someone in your group just became the new Nelson, the hapless developer, in Microsoft's Standards of Business Conduct videos. You really don't want to be Nelson.
I think this is a good case for applying Hanlon's Razor. The person that did the forking and removal of copyright text may simply not know that it needed to stay there.
I would love to know what processes MS is considering to prevent this in the future as well as what kind of auditing might be done to look at other projects that started as forks.
> The person that did the forking and removal of copyright text may simply not know that it needed to stay there.
That person never learned what plagiarism is throughout their entire academic career, much less once they landed at Microsoft?
There are other possibilities, for example, the person may have thought that they were complying with the MIT licence by releasing the new project under the MIT licence too + including a mention of the original project in the README.
This, of course, is incorrect, and a cursory read of the very short licence text would show it to be incorrect.
But I, too, am strongly favouring Hanlon's razor.
Hanlon's razor can indicate an absence of malice, but that doesn't mean what they did wasn't wrong, nor should Microsoft skimp on taking steps so it never happens again.
I agree on both points, and with the earlier comment:
> I would love to know what processes MS is considering to prevent this in the future as well as what kind of auditing might be done to look at other projects that started as forks.
In response to:
> ... going to make sure we improve our processes to help us be better stewards in the open-source community.
Most software developers I know have no clue how open source licences work.
Hell, I have been reading a lot about them (including the licences themselves and stuff like the GPL FAQ) many times, and in situations like this it's still not entirely clear to me what Microsoft should do (surely there are different valid ways to handle this).
Would you consider yourself competent as a lawyer regarding open source licences? If not, can I say that "you apparently never learned it" and aren't better than the rest of us?
Compliance here is simple — preserve the original license and copyright.
This isn’t complicated, but if you truly don’t understand it then you should speak to a lawyer before incorporating someone else’s code into your or your employer’s project.
> Compliance here is simple
Have you read the threads here? My feeling is that there are many mutually exclusive interpretations of what can/should be done.
I don't know if it's simple or not, but what I see is that it's obviously not 100% clear for everybody (me included).
Ignorance is not a surprise or a fault. Anyone choosing to act from ignorance very much is.
I reiterate that this is not complicated. If you still find it complicated, then you need to speak to an attorney or someone else qualified to give you direction before attempting to use someone else’s code.
We have been doing this for nearly 60 years. Correct examples abound if you’re willing to do basic research.
I will reiterate that most developers I know have almost no idea how open source licences work.
That’s willful ignorance at this point, and they shouldn’t be incorporating open source code into their projects without speaking to an attorney or someone otherwise qualified to answer their questions.
Not good enough. All previous commits still infringe Spegel's copyright, given they are still available and distributed. I would assume the point release also infringes copyright.
You are Microsoft. You can do better.
Very silly, they can't rewrite the commit history nor would it be proper to update old packaged releases.
What do you mean they can't rewrite the commits? They can, they should, and it's really easy to do so. As for the packages, they should be taken offline.
They should neither rewrite the commits nor take the old packages offline. It's not worth a huge potential clusterfuck when the issue has been fixed on the latest version.
You might be overestimating how hard this is, because it's not hard at all. It takes less than half an hour to create a script that does it.
What is the benefit of re-writing the git history?
Complying with the terms of use instead of infringing copyright
The terms of the license don’t require you to modify the git history that’s a goofy interpretation.
The terms of the license require you to ship the copyright note. Their latest release is in violation…
They should absolutely do it. They made a serious mistake and should pay for it, even if that means every Microsoft developer having to rebase all their WIP branches. The more expensive it gets the more they’ll pay attention to those things in the future.
Why not just fire the entire division? Maybe they should shut down the company?
Rewriting those commits would effectively allow them to erase their mistake, which kind of lets Microsoft off the hook in a way.
Git isn't some kind of secure blockchain.
> We hear you loud and clear ..
oh, corporate wording. so you do not really care :D
Probably already approved by the legal department which is working in damage control mode :D
> oh, corporate wording. so you do not really care :D
Better do care a lot about it, and use every syllable of the corporate statement against Microsoft. :-)
I.e. the principle of some martial arts: use the force that the opponent applies against himself/herself.
Addendum: In this particular case
> We hear you loud and clear ..
can be considered as a very official statement from Microsoft that from now on, they cannot claim anymore that they didn't know of something ..., i.e. the hangman's noose is slowly closing. :-)
Comment was deleted :(
What about the allegations that people in MS did this for personal gains? Will there be any lessons learned from this?
I might not be up to speed, is naming this behaviour "source of inspiration" a common industry term to accurately represent an unacknowledged fork by the large company over the small?
It seems an option to not take free labour to build a commercial cloud largely as a wrapper of open-source, and maybe find other ways to support the creators.
If one person's labour is that valuable to a company, maybe it will help someone realize that supporting such individuals monetarily might help create the next thing with time that they can't get to today.
Comment was deleted :(
Give him a share of the money you make off of it.
Reducing costs (and then trying to drum up community goodwill by "releasing" an open source tool) is not the same thing as generating revenue. https://github.com/Azure/peerd does not have a "pricing" section.
60% of $0 is still $0.
They wouldn't be doing any of this if they thought it's 0$
Send a big fat cheque to him.
Considering how Microsoft behaved regarding copyright violations in the past, the original author should at least ask damages in court.
We could even crowdfund the lawsuit, I am sure he will win.
These practices have been an ongoing matter since 1975.
Hey how about doing the right thing first time next time instead of waiting until you get ass-blasted on social media?
Maybe as a show of good faith you could send the original creator 10 or 20k usd as a thank you. Talk is cheap
This sounds like a good idea but getting the checkbook out at a company like Microsoft probably takes 3-5 meetings, and saying you want to donate because you accidentally stole their code and put the company at (theoretical) risk of a lawsuit seems like a bad conversation starter with management.
I like the thought though
Not my experience with MS. They seemed to be pretty low on the "red tape" scale.
Maybe they should have 3-5 meetings before forking OSS projects though :)
Also it seems like in the original comment they already admitted to breaching the copyright, so sending him money doesn't increase the chance of a lawsuit succeeding.
10 or 20k USD for Copyright Violation sounds cheap.
yea, sure. but at least pay him for the "discussion". also, next time you people approach opensore maintainers, pay them for their time.
The maintainers are adults too - they can set their price.
Do better next time, eh?
[flagged]
I think the response is sincere and adequate.
It is indeed sincere:
> We absolutely should have done better here: our company policy is to maintain copyright headers in files – we have added headers to the files to attribute your work.
This is a more than clear corporate statement from Microsoft's side that Microsoft is perfectly fine if copyrights are violated (implicitly including Microsoft's), as long as, if they get caught, people start giving proper credits. This implicitly implies that Microsoft promises that from now on they will only sue for getting proper attribution in case of copyright violations, and not for monetary compensation for damages.
I find this implicit statement really nice from Microsoft's side - actually more than what I could ever have wished for. :-)
There's a lot of blame being assigned to Microsoft, the entire corporation. But I doubt this was a heavily contemplated decision by a room full of executives, or voted on by the shareholders.
More likely, this is a way for someone to get ahead in their career at Microsoft by passing off a successful open source project as their own accomplishment. They can steal users from the original project and justify using Microsoft's resources to maintain it, which puts more resources under their control, and gives them something to talk about during performance reviews.
The open source community should have a way to enforce professional consequences on individuals in situations like this. They are motivated by professional gains after all. That's the only way this will stop happening. Professional consequences does not mean doxxing or other personal attacks, it means losing career opportunities, losing contributor privileges, and becoming known as untrustworthy. These consequences have to be greater than the expected gain from passing a project off as your own at work.
I wonder if a new kind of license could be created which includes projects in some kind of portfolio and violating the license means losing access to the entire portfolio. Similar to how the tech companies added patents to a shared portfolio and patent treachery meant losing access to the portfolio.
Just because the shareholders didn't vote on it, or an exec didn't explicitly say "hey steal this" does not absolve the company. Leadership doesn't get to throw up their hands and say "not my fault" when something bad happens.
It is ultimately the responsibility of the company and its people to create a system where things like this are discouraged or prohibited. Not doing so is tacit approval, especially in this case where they have a significant history of doing the same thing.
It's fine that you think corporations are supposed to work that way, and I don't necessarily disagree. But they don't in practice. They don't feel the consequences of bad actions because of legal economies of scale. They also don't backpropagate consequences from the company's bottom line to the individuals responsible. If you were to rectify this so that it works exactly as you envision, you would have made incredible advances in the Principal-Agent problem as it pertains to corporate compensation.
Most corporate actions that 3rd parties consider "bad" are the result of someone inside the corporation having an asymmetric payoff from directing the corporation to do the bad thing. They get the upside from a success, but not the downside from failure.
If you want to stop a certain bad behavior, your best bet is to change individual incentives.
I think the point being made is that the executives are either responsible for the company, or they're not actually running the company at all.
Like this isn't some tragedy of the commons situation. This isn't some situation where the company is a cooperative confederation of equal partners. Either shit rolls uphill, or you don't have leadership at all. You don't get to pass the buck on criticism because you made a decision out of self interest, either.
"It's not technically illegal," is the most blasé, low-effort rule for behavior. It's why only twelve-year-olds and lawyers use it as a defense for poor behaviors and poor ethics.
Being a POS earns you a reputation for being a POS, and that includes people publicly pointing you out as a POS in public forums.
> or they're not actually running the company at all
Executives are not micro-managing day-to-day implementation decisions of every team, no. They set broad strategic goals, the management layers below them decide how to best operationalize those goals, and the layers below those middle managers make specific implementation decisions to execute those operations.
If you want to think of this as "not actually running the company at all", you're free to. The point is that's how the world works.
You don't have to be personally making the decisions in order to be responsible for them.
That's also the way the world works.
Microsoft has north of 100k SWEs working for them, the idea that corporate management could be personally responsible for the decisions of every single one is absurd.
It’s not “CEO must know everything a junior does”, but more of “If a junior messes up doing something for the company, the CEO is finally answerable” - be it to the board, the govt or the public etc.
Rephrasing it - there’s a reason it’s Zuckerberg and Pichai and Tim Cook who go to congress, and not the folks implementing it on the ground level.
What initiative will executive at microsoft take now that this post became popular?
No initiative? Then it's 100% their fault.
This post isn't popular, it has already fallen off the HN frontpage never to be seen again in any context. It did not and will never break into any sort of traditional media.
Not a single Microsoft C-suite exec, or anyone within spitting distance of the C-suite, will ever hear about this. Do not mistake your personal media bubble for the general media ecosystem.
Yeah managers aren't supposed to learn what's going on in their company from the press :D
Of all the bad arguments, this is the worse.
Comment was deleted :(
In reality executives are responsible when the company is doing well. When mistakes happen it is either handled by insurance or by firing an employee who was only partially involved.
The tricky part is how we, as a community, actually build those levers of individual accountability without veering into mob justice
Exactly. And this is why I think all US voters should be held to account for Abu Ghraib. Prison time at the least. The death penalty should be on the table.
My observation ( for other such (similiar) war events) is that investigations by the instigators country will lead to very less serious punishments for the instigators and "down playing" of the harm from such events
I think you misunderstand what direction leadership flows in our political system.
If you’ve funded Abu Ghraib (by paying the US government) then you’re criminally culpable. And don’t try the Nuremberg Defense on me: “I was just following orders to pay every April 15”
You're just repeating what you said above without incorporating what I posted.
Why don't you share in a direct sense the way you think leadership flows and we can see. It's impossible to incorporate your vagueposting.
> by paying the US government
Directly, or indirectly through taxes?
Indirectly is sufficient. You're paying for it to happen.
Yeah, but try not paying taxes. :/ You pay taxes even when you buy products at the grocery stores, too.
Indeed. Hence "just following orders". Ultimately, I don't believe in this kind of strong culpability but it's clear the people who claim they do don't either and just bring it up when convenient.
Do you have any solutions?
Yes, have a moral philosophy which does not lead to total contamination across the interaction graph. It’s okay to pay taxes into the US Government even if some representatives of it act poorly.
But you said "Indirectly is sufficient. You're paying for it to happen.", when I was talking about taxes. What if I have a moral philosophy but my taxes still go to whatever is we are being against? I am indirectly paying for it, but it is coercion, IMO. The "vote for someone else" does not play here, another head of the same dragon.
I was taking that position to illustrate that moral contagion inevitably leads to a declaration of everyone being immoral. Therefore, moral contagion is not a useful differentiator between people.
Reductio ad absurdum.
Yeah, but Microsoft's response to this will actually be a company official position.
It's a space to keep watching.
A flash in the pan about a random fork they have on Github with <100 stars, and no significant public usage, which fails to correctly follow the reproduction requirement of the MIT license will not generate a C-suite response. It won't get outside the local management of the team responsible for the fork. Maybe a few dozen people at MS will ever know about this, and most of those from seeing it on HN; who have zero connection to the responsible team.
It baffles me that HN has no idea how large organizations work. The boss's boss's boss has no idea what random worker bees are doing.
The way you underestimate how companies deal with potential PR problems tells me all I need to know about your corporate experience.
This is not a PR problem, no one cares about this. It's barely a thing on HN, and not something any traditional media cares about.
So what's your point? That megacorps shouldn't be accountable for the actions of their employees? That people saying otherwise are clueless and should shut up?
I don't have a point beyond thinking that this is "Microsoft", the corporate entity, making a strategic decision is wrong. This is Aditya, the random software engineer with 5 years of experience making a decision.
How you reckon with that, what you take away from it, is up to you. If you want to hold MS corporate responsible for every decision Aditya and Piotr and Zhong make, you can feel free to, but it won't help you understand how these decisions are made because it's wrong.
> More likely, this is a way for someone to get ahead in their career at Microsoft by passing off a successful open source project as their own accomplishment.
No, it was a whole team at MSFT: https://news.ycombinator.com/item?id=43755745
It's my personal experience that toxic behaviour is tolerated (and even encouraged) by toxic leadership.
Whilst there are always bad apples in a big company, a good company stamps out bad behaviour as soon as it becomes aware of it.
At my job the management sees not violating copyright as a nuisance. Then when a customer wants to know if we're violating copyright of something or not they suddenly go insane.
Licenses don’t matter and are rarely challenged in court.
This is the nature of OSS. Out right theft in hopes you will never know until it’s too late.
Very rarely do large corporations contribute their fair share back to any project.
Does this make me money and/or solve a problem quickly? Fork it and it’s mine.
Until we stop giving money to large corporations that profit off the free work of others, then it will never stop.
And it won’t because we like low cost solutions that work.
I think it’s a bit charitable to assume that something published under an official Microsoft public channel wouldn’t have some sort of legal review, at least for the initial publication.
Comment was deleted :(
They created the atmosphere that encourages or even necessitates shenanigans like these. Absolutely blame the corporation
Exactly. If you don't hold managers responsible for the results of the incentives they set, you give the most powerful people in a company the most moral leeway. It should be the other way around.
I initially was going to say:
Failing to abide by the MIT license is copyright infringement. My advice is to contact these guys: https://softwarefreedom.org/ They likely can file a cease and desist on your behalf.
However, I took a closer look at the files in question. The MIT license requires that they retain and provide copyright notices, but you never put copyright notices in your files. The only place where you appear to have placed a copyright notice is in the LICENSE file:
https://github.com/spegel-org/spegel/commit/23ed0d60f66dd292...
Things become interesting when I look at their LICENSE file. They appear to have tried to relicense this to Apache 2.0 before backpedaling and reinstating the MIT license:
https://github.com/Azure/peerd/commit/473a26c808907f2d9f7b7f...
Unless they forked from a very early version of the project that did not even have the LICENSE file, they removed the sole copyright notice you had in the repository. That brings us back to my original thoughts, which is that they have committed copyright infringement, and you should contact OSS friendly lawyers about it.
I am not a lawyer, but I do contribute to various OSS projects and all of the ones to which I have ever contributed have copyright notice headers at the top of every file to ensure proper attribution is maintained no matter where that code is used. Beyond having that sole missing copyright notice reinstated, I am not sure what else you could expect since none of your files have proper copyright headers in them. The SFLC guys would be in a better position to advise you, as they are actual lawyers.
It says "copyright microsoft" in that license file. Just because THAT file is MIT is irrelevant. They didn't retain the original license file. They should have APPENDED to it, keeping the original copyright holder name, otherwise it's just blatant copyright infringement that coincidentally is released under the same license.
I am not a lawyer, but I imagine a lawyer would find it alright if they just restore the missing notice. I do not imagine there is much else that can be done here since he cannot really claim to have been significantly damaged by the absence of a single line, but these matters are best discussed with attorneys.
IANAL but my understanding from floating around open source licensing circles is that you'd have a hard time with the judge if you didn't just ask for the license to be put back as step 1. Microsoft willingly not restoring the license would be more problematic.
The forgiveness clause in GPL 3 is as much an acknowledgement of actual reality than anything else.
I imagine a lawyer sending them a settlement offer for the blatant copyright violation they committed would get them to settle for a five-digit amount, since just the cost of discovery (and potentially having the "let's just fork it" dirty email laundry aired in public court) would be much higher.
I doubt this developer has the money to burn on a lawsuit like that.
The letter is cheap, and there might be law firms willing to fund it for a cut of the profits, making the threat credible.
Just the absence of a license generally means the creator has all right reserved by default. You don’t need a license in every file because in much of the world copyright is given by default to the creator. A licensed file is permission to do something with that copyright material.
He had a top level license file that presumably applies to all files. He would not be the first to do that and will not be the last.
That said, if Microsoft had forked before the LICENSE was added or stated somewhere, they were reusing all-rights-reserved code, which is definitely copyright infringement. Again, I am not a lawyer.
> but you never put copyright notices in your files.
I thought having a LICENSE file in the project's root directory was sufficient. Is it not the case?
It is a fairly standard practice in at least some open source communities to add copyright notices to files that people have changed significantly, although there is no well defined minimum threshold for how much permits them to add a copyright notice. Thus, someone else can come along, fork the project, add copyright notices to all of the files and then give the impression that they wrote them, since there is no attribution aside from the one LICENSE file that you wrote. The git history might show the truth, but if they copy the files into a fresh git repository, that metadata will be lost. Projects take files from one another all the time, so there is no guarantee that they will preserve your commit history and then anyone curious who wrote the code needs to do digital archaeology.
That said, file level copyright notices are not perfect (since only the VCS shows who added what lines and that might not be preserved), but it is better than nothing and it is something that is guaranteed to persist as long as people are abiding by licenses. If they are not, that is copyright infringement and the copyright holder can do things like send cease and desist notices in response to the copyright notices being removed.
Also, I must emphasize that I am not a lawyer, but one might argue that it was not willful infringement if someone removed a copyright notice from 1 file by claiming it had been a mistake. However, if they remove it from all files, then nobody is going to believe it was not willful.
Thanks! I have some open source projects where I only have one LICENSE file (it is also in README), but I will consider adding it to all files, there are just too many files. :/ I am inconsistent, because I have projects that contain the copyright notice in all files.
[flagged]
Why you think that LLM-generated legal advise is worth posting on forum for humans?
It is for inserting a copyright notice in the files, I will use a for loop and sed for it though. I'm old school. :P
> Why you think that LLM-generated legal advise is worth posting on forum for humans?
Can you quote which part of the LLM chat above constitutes legal advice? I read the whole chat and didn't see any.
for reference this was the chat that allegedly contained legal advice: https://chatgpt.com/share/6806382f-7944-800f-95aa-8c77027623...
It does not. It simply discusses ways of adding headers to arbitrary source code. The intention is to add license and copyright headers, but the reality is that these headers can say anything. It is discussing generic techniques for doing this.
It is advice for how to add headers to source files, not legal advice. This is a generic concept and the headers could literally say anything. They just happen to be license and copyright notices, since that is what he needs them to be. It is easier than opening each file in a text editor to manually add the header.
Comment was deleted :(
Sufficient but a good idea to put copyright in all files.
Technically if there's no license found then it should be considered automatically copyrighted, with no permissions to copy. So leaving copyright license out actually makes it less open source.
The license does not necessarily need to be in the files. It could be a project level license in LICENSE, which is what the author here did.
It really should be in all files, not because it’s legally necessary, but because it’s the best way to ensure that the correct license/copyright follows the code to which it applies.
Consider future contributions; the contributor’s copyright should apply only to the files to which they contributed.
Similarly, consider any code that you incorporate from external sources; that code’s copyright and license should only apply to the files in which it has been incorporated.
Lastly, consider the case where the code is copied out of your project to be incorporated in a different project. The license and copyright should follow with those files (and if your files don’t include copyright and license at the top, it’s very likely the person doing that copying will insert it themselves for this same reason).
I was responding to this:
Sufficient but a good idea to put copyright in all files.
Technically if there's no license found then it should be considered automatically copyrighted, with no permissions to copy. So leaving copyright license out actually makes it less open source.
It's not the license that's important, but the copyright notice.
Yes that's exactly what I said :)
It's not required, but it's generally safer to put a notice saying who owns the copyright and what license the file is released under at the top of each file. Some licenses like MIT, the BSD licenses, Zlib, etc are short enough that you can include the full license text in the notice, and others like GPL provide sample copyright header text to include. Here's an example of this from a random file in the SDL source code: https://github.com/libsdl-org/SDL/blob/main/src/video/SDL_bl...
Obviously Microsoft is still committing copyright infringement and in the wrong here. However, if the author had copyright notices in each file and then Microsoft stripped them out or changed the copyright information, it would make it harder for them to brush it off with "oops, we forgot to commit the correct LICENSE file" like I'm sure they'll do here.
Comment was deleted :(
I would say: absolutely no (ianal). But I've had stand up arguments with colleagues in the recent past that I was unable to win. They wouldn't even ask the legal team for an opinion. But it's nice to see some evidence here that I was correct.
If they forked from before the author had a license, it’s worse. MS had no right to use it.
I’ve contributed to plenty of project that don’t have the per-file copyrights. It’s a choice not a mistake.
> If they forked from before the author had a license, it’s worse. MS had no right to use it.
You are right, provided he did not have a notice saying it was MIT licensed elsewhere.
> I’ve contributed to plenty of project that don’t have the per-file copyrights. It’s a choice not a mistake.
I would consider it to be both a choice and a mistake. The two are not mutually exclusive. There is no evidence in the fork that he is the copyright holder of the original code and it looks like Microsoft is. Part of that is Microsoft’s fault, but part of that is the original author’s fault for not including per file copyright notices, such that Microsoft could add theirs and be the sole one listed in every file.
I would not be surprised if Microsoft’s legal department doing a scan of public repositories for stolen code mistook him for infringing on “their code” given that they have no information that he authored it rather than their employee. It sounds absurd, but it has happened. I know for a fact the sg3 utils author added copyright notices to his code examples because he was getting contacted by companies, whose engineers incorporated his code into their projects without attribution, that thought he had stolen their code:
https://github.com/doug-gilbert/sg3_utils
I know that because he told me by email in 2013.
> There is no evidence in the fork that he is the copyright holder of the original code and it looks like Microsoft is.
Only because they removed the license and copyright. If they were willing to do that in 1 file, they are willing to do it in many. It's not the authors mistake in any way shape or form.
It seems that only portions are from the original, so it is possible that they made the fork by copying files as they were needed. In that case, there was no removal of the notice. It just never was copied since they were using the project as an organ donor. That is a problem when using a single LICENSE file. It would have been handled had the original files had headers stating the license and copyright.
Comment was deleted :(
> but part of that is the original author’s fault
No: the original author could have made it easier to comply, and you could argue that he acted foolishly in not doing so, but that doesn't make it his fault.
Then who is responsible for his failure to add proper notices to the files? Microsoft?
If someone wanted to transplant only a subset of files from one project to another, there would have been no copyright notices to retain.
The copyright notice in the LICENSE file was still there. Bring it along for the ride -- either by putting all the files in one subdirectory, or by referencing it from each file, or by adding a note letting people know which files were under which copyright. They could even have also added copyright headers to each of the files in question.
There's more than one way for Microsoft to have retained the required attribution. The problem is that they didn't pick any of them. The author offered them valuable code, and the requirements of the license weren't onerous -- if they're unwilling to follow them, they should just not use the code.
> There is no evidence in the fork that he is the copyright holder of the original code and it looks like Microsoft is. Part of that is Microsoft’s fault, but part of that is his fault for not including per file copyright notices, such that Microsoft could add theirs and be the sole one listed in every file.
Absolutely not! This is completely and only M$'s fault, whichever way you look at it. Copying a file and slapping your own license on it, without consideration of the original one, is never acceptable. Don't blaim the victim please.
As for incompetence - well maybe they (M$) need to get better at managing licenses? Accusing others of stealing when the reverse is true only makes everything worse. Let's not try to change the standard way of licensing because some developers can't be bothered to check the license (and even fix typos in comments, apparently).
As an aside, there is no need to add copyright / license to every file. I would even consider it an anti-pattern, because it pollutes the code with noise.
He made it extremely easy for a fork to make this mistake by not putting headers in every file stating the license and copyright.
If you look at any major project, you are likely to see license and copyright notices at the top. You even have the Linux foundation pushing to have standardized license notices at the top of every source file:
https://en.wikipedia.org/wiki/Software_Package_Data_Exchange...
That said, the engineer who did this is fairly young (7 years out of college) and does not appear to have any experience working on a fork previously:
https://www.linkedin.com/in/aviraltakkar/
He probably did not realize he had goofed. It does not take much imagination to guess the sequence of events:
* He copies the source files into Visual Studio Code
* Someone internal tells him he needs a license, so he grabs whatever Microsoft suggests while following internal guidance, without realizing that is only for Microsoft originated code.
* Someone internal tells him to put it on GitHub, so it goes up with the wrong license.
* He realizes that the files already had a license and tries to fix it. Presumably someone told him.
* He misses the copyright notice that he failed to copy in the first place when fixing his earlier mistake.
* People here hear about it.
Don't use one of the most permissive licenses in existence and certainly not one that doesn't provide copyleft. This is all very well established at this point and yet somehow the GPL seems to have gone out of vogue.
> Don't use one of the most permissive licenses in existence
Does it matter what license you use if they actively ignore the terms in the license you did chose? MIT requires attribution, but they didn't. Why would any other terms be different? You surely could have put "You must license your project the same as the one you forked from" and they still would have ignored it, not sure what the difference would have been.
It matters because the only thing which can be claimed to have been ignored here is missing the line "Copyright (c) 2024 The Spegel Authors" in the main license file. Now that it's brought up https://github.com/Azure/peerd/issues/109 that'll probably be fixed.
What remains after full compliance with the MIT license choince will be the bulk of the complaints in the article.
> It matters because the only
So if the author instead used GPL, this wouldn't have been a problem? Call me pessimist, but I don't think Microsoft would have cared if it was MIT, GPL or even missing a license (so copyrighted by the author), they would have made the same choice as they just now did.
I'm sorry, but it's really hard to understand what you mean here, how choosing GPL would have somehow lead to a different outcome.
GPL would have helped with the concerns around the distributed software (instead of just source) not clearly including attribution/copies of the license (which would also lead to a better form of notification than the conference and webpage acknowledgement). These were also the types of points Tanenbaum famously regretted regarding MINIX https://www.cs.vu.nl/~ast/intel/ despite him not having the further regrets in the article.
I do agree for the author to be _fully_ happy they would probably have wanted something even more restrictive than any traditionally "open" license like GPL, but about any choice would have better aligned with their desires than MIT.
For the copyright part, it wouldn't have lead to a different outcome. What could have been different is that Microsoft could have had difficulties in working on a GPL fork which is harder to resell (you can, but people are sometimes afraid for good or bad reasons) and so Microsoft could have proposed to the author to sell them a copy with a different license.
But reading the article, the author appears to be more disgruntled by the fact that a behemoth forked his project than the mishandling of the copyright that can be fixed with one PR (he is right to be pissed about that, but that's an easily solvable problem, I doubt Microsoft will stand against it).
I suspect that damages may also play a role in practical resolution of infringement.
There is a large difference between "they didn't put in a sentence that they needed to," and "we have 30 users who didn't get the source code that they were required to receive."
When legal reads "GPL" they go completely crazy. Had it been GPL they'd have most likely told the developers to stay really really far away from that code.
> Does it matter what license you use if they actively ignore the terms in the license you did chose?
If they're breaking the license, go talk to a lawyer. You might start by approaching the SFLC [1] (although I haven't heard much from them recently).
Sometimes social pressure can be a cheaper approach, time will tell if it'll work in this case :)
I would suggest Software Freedom Conservancy instead:
Is there any for profit law firm which works without fee in cases like these and split the earnings? Needing to pay lawyer upfront makes it hard for individuals to sue mega corp even if they were clearly wronged.
MS has internal tools that scan dependencies etc and flag them against legal team if anything is fishy. License choice matters quite a bit, they will not risk litigation.
Guess they should start using those tools when they setup their "looks-like-acquihire-but-really-is-a-brain-dump" meetings so they could flag the FOSS projects they want to rewrite internally.
People who run the meetings are not people who run the scanners. See also: Microsoft’s org chart https://imgur.com/gallery/org-charts-uBcF28f
If you worked at a megacorp you’d know they care a whole lot about not allowing GPL code anywhere near their propertiary repos; this is usually enforced by IT security (NOT engineering) with dedicated scanners, confirmed matches are at least highest priority bugs.
Not just mega corps. Everywhere I've worked for the past 10+ years treats GPL code like leprosy. You just don't go anywhere near it for any reason. It's the first thing you look for when taking on a new external dependency.
Everywhere I've worked for the past 10+ years treats open source like a candy store to benefit from and wouldn't allow contributing code back
https://web.archive.org/web/20120620103603/http://zedshaw.co...
> Why I (A/L)GPL
> I want people to appreciate the work I’ve done and the value of what I’ve made.
> Not pass on by waving “sucker” as they drive their fancy cars.
Always choose AGPLv3 no matter what it is you're doing. If they want it, AGPLv3 gives you the leverage to negotiate a licensing deal. You sell them permission to violate it. I even emailed Stallman asking what he thought of this strategy. He thinks it's a net good.
Depends on the terms of the deal, I would want to at minimum get back any modifications they are making.
It's your work. Negotiate any terms you want. Extract as many benefits as you can get away with. If they accept it, you win. If they don't, they gotta abide by the AGPLv3 and everyone wins.
Yeah, giving massive corporations a free ride has been incredibly successful for corporations. For their users not so much.
There's a megacorp using my GPL library internally. They've even blogged about it.
> MIT requires attribution, but they didn't
I'm confused how you and others reach this conclusion. No, it doesn't.
The MIT license is one of the shortest free license that exists:
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
https://en.m.wikipedia.org/wiki/MIT_License
No where does that require attribution. It has basically one condition: perpetuate the license.
Maybe the author didn't actually use an MIT license, despite claiming to? But as far as the MIT license is concerned, as long as the other party provides the same license for the fork, that's all that's needed.
> > MIT requires attribution, but they didn't
> I'm confused how you and others reach this conclusion. No, it doesn't.
| Copyright (c) <year> <copyright holders> | | ... | | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
The copyright notice that must be preserved includes the copyright holders' names, and that is a form of attribution.
Ah okay, thank you
>You surely could have put "You must license your project the same as the one you forked from" and they still would have ignored it,
No, they would have found something else that wasn't a pain to steal.
I may be a hobbyist developer but I do have access to lawyers and I'm not afraid of using them. People get sued over the smallest matters every single day. Corporations should be no exception.
It matters because the GPL has been upheld in US courts.
Is this really true? Whats the point of even licensing our repo then?
Well, there are other companies than Microsoft out there, most of which tend to respect FOSS licenses when they fork projects/interact with the ecosystem, at least in my experience.
A major point is communicating your intentions to people who care about them and who will respect how you wish your project to be treated.
MIT doesn't need attribution. Original BSD does, but revised and most widespread BSDs do not.
GPL/AGPL would prevented this somehow, requiring proper attribution via mandatory source code release, and allowing to track project origins. This would make it harder to label it as a "a Microsoft Product from Ground Up", and prevent Sherlocking the original application to a greater degree.
As a result, this would probably forced Microsoft to develop a new one from scratch, because they're allergic to GPL, because if they have breached GPL, they would be forced to comply, since GPL is court tested already.
So, write Free Software. Not Open Source. Esp. for your personal projects.
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
Source: the MIT license.
Yes and they do redistribute under MIT as well, there is no foul play here
https://github.com/Azure/peerd/blob/main/LICENSE
I don't see "Copyright (c) 2024 The Spegel Authors" (the "above copyright notice" in https://github.com/spegel-org/spegel/blob/main/LICENSE) anywhere. Where do you see it?
They are essentially claiming copyright here for something they don't have the license for, no?
To remove the original copyright notice, they'd need a copyright assignment (possibly implicit, as when the work is made for hire). They've already got a licence and they've infringed it by doing this.
Funnily enough, they did add the copyright notice now, and since I didn't permalink to the commit, this looks a bit silly :P
To be fair, Spegel changed the copyright notice in 2024. It used to say someone else. That said, Microsoft is definitely missing the notice.
The original author can change their own notice. Why would that be a problem?
Well they could technically have proper attribution without the literal string "Copyright (c) 2024 The Spegel Authors" if they included an older copyright notice that was more appropriate. I think that was the point they were making.
This is correct and is roughly what I meant. My only nitpick is that I was thinking that if they forked at the time of the older notice, they would be fine to have used it, rather than a vague notion of appropriateness that probably was intended to mean the same thing, but is less precise.
The hacker news post reached someone high enough up at Microsoft to have things changed. They ended placing a combined copyright notice that is a mixture of both versions into the repository to play it safe.
There's no writing in that license which I can't change the copyright after forking the code.
There's a copyright line, check. There's the permission notice, check.
The rest is just goodwill and ethics, which is not a very valuable currency in software in these days.
You can't just remove the above copyright notice and replace it with your own and claim you retained the copyright notice lol
Can you give me a couple examples how this is done? I mean, in terms of actual repositories.
The easiest way to do it is to add your own copyright line above the original LICENSE copyright line.
That way anyone touching the project can just add their own line on top.
Done.
EDIT: Example: https://github.com/go-gitea/gitea/blob/main/LICENSE
A more complicated way to do it is to add a folder that contains the original LICENSE file or files. Sometimes there is more than one license, or the license texts differ. In that case, you must preserve all the different variants, even if they all call themselves MIT.
Then, you can optionally add your additional own LICENSE file * only iff* it is compatible with all existing LICENSES. In the case of the MIT license, you may relicense, sublicense, or use a different license in addition, provided it is MIT-compatible. With e.g. GPL you can't. Note that you still have to preserve all the original LICENSE files in the repo.
Original license of Redis is retained in the form Valkey:
https://github.com/valkey-io/valkey/blob/unstable/COPYING
Third party licenses retained in a THIRDPARTY file in MariaDB
https://github.com/MariaDB/server/blob/main/THIRDPARTY
Only two good examples I could quickly find.
No!
Once you change the copyright line, you no longer include "the above copyright notice". At that point you're violating the license.
You are also not allowed to change the copyright notice or license text in any way (you may however add to the license, which is a loophole other licenses such as GPL fix.)
Substantial is subject to (legal) debate as the Oracle vs. MS case has shown. Whole functions or large parts of files however should always be considered substantial, as the software would otherwise not work.
I'm seriously flabbergasted at how bad reading comprehension seems to be among coders.
> I'm seriously flabbergasted at how bad reading comprehension seems to be among coders.
Sorry to deflate your amazement, but I made the remark because I have never seen a permissively licensed repository which changed hands and had multiple copyright lines in the last 20 years or so.
Maybe it's not my reading comprehension (and English is not my native language to begin with), but the behaviors of other coders to begin with.
Maybe we shouldn't point fingers to others and not forget that three are pointing towards ourselves. Eh?
OpenZFS has many files with multiple copyright lines in them.
I've seen plenty of both. I've added one good example in my other comment. But it certainly depends on the community and programming language as to how serious licensing is treated.
But yes, many people are not complying with the license literally, and it's frustrating to see. I know it basically doesn't matter unless you go to court over it, but still it irks me and screams a sort of carelessness about the rules and social contract.
Sorry for criticising your reading comprehension, I did not mean it as a personal insult.
It's just that I see these types of responses so often, basically every time any licensing question comes up. Twice in this thread. And all that's required is to just read the very short and basic MIT license text itself, no lawyering required.
I can understand the native speaker part, but just know that I myself am not a native speaker either. But I understand that's a huge barrier.
But even native speakers on HN with serious software engineering jobs and skill don't understand it, or don't want to understand. I think it's a bit like when people see math proofs, they mentally just skip over it.
That's the part that continues to amaze me.
GPL/AGPL might have improved the attribution, but they would not have prevented anything else from happening because Microsoft is publishing the source code.
GPL doesn’t help you with them taking your idea and doing a clean room implementation.
You’d need to patent your idea to stop that.
I never claimed that?
Citing myself from my comment:
> As a result, this would probably forced Microsoft to develop a new one from scratch, because they're allergic to GPL, because if they have breached GPL, they would be forced to comply, since GPL is court tested already.
So, we seem to agree here.
And there is not only the GPL. MPL and EUPL are great, too!
> somehow the GPL seems to have gone out of vogue.
Which GPL is that? The GPL 2 and 3 are incompatible with each other, making cross contribution between different FOSS projects practically impossible. The "v2 or later" licensing model does nothing to remedy the problem. See Rob Landley's talk on this topic.
My personal thought is that we need a new kind of license: community open source. No corporations, just community.
The problem this addresses is not that Microsoft forked this project. The problem is that when a corporation like Microsoft does this, they harm our community[0]. Open source thrives because a bunch of individuals and groups collaborate.
Microsoft, is built around the concept of profit for stock owners at any cost. They may collaborate as long as their interest in profit is served, but otherwise, it is back to "Embrace, Extend, Extinguish" [1].
This lack of community ethic is endemic in corporations. It is also an existential threat to our community. Profit at any cost is not collaboration. It is predatory.
And yes, I know, corpies and other greedist will vote this down, blah, blah, blah.
[0] https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor...
[1] https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...
[edit clarity]
> My personal thought is that we need a new kind of license: community open source. No corporations, just community.
You are going exactly against the OSS philosophy. OSS shouldn't restrict the use of software just because you don't like it. It was created to fight exactly this. This is also why source available BS (like BSL) is against OSS. OSS is literally about being about hacking and changing software to suit your needs. It was never about the money part. You should create your software as proprietary if you are SO bothered with OSS. And you can always donate and contribute back to the OSS software you use. I don't think butchering OSS philosophy is the way.
The problem here is license illiteracy. Even I who for a while used to think I understood a lot about OSS license just had a doubt now:
When you fork, do you retain the copyright part? Copyright (c) 2024 The Spegel Authors
That is what we need to fix.
The OSS philosophy was conceived to help end users, not for-profit corporations. Then for-profit corporations co-opted the "Open Source"(tm) label to ensure they could benefit from all this free labor. You and many others are falling for it, and doing their work for them by scolding OSS developers for "going against the OSS philosophy".
So screw this corporate "OSS philosophy", and stop telling people what they "should" do. Those licenses exist and people can use them and this is what happens. We can and should also make different licenses which protect our interests as developers and we don't need corporate shills invoking some philosophical argument to discourage us.
> The OSS philosophy was conceived to help end users, not for-profit corporations
I beg to differ here. OSS and Free Software movement was conceived for the freedom to change the software to the user's needs. The entire meaning of free as is freedom means as long as I abide by the license properly, I can do whatever I want with it. Whether you like it or not, this means Microsoft can make money out of curl project if they want to. This is the same way we used to burn Ubuntu cd's and resell it back in the early 2000s. It's allowed and IIRC Ubuntu cd cover used to proudly advocate burning, sharing those cds.
This big tech and money in OSS is a new phenomenon. I am neither against them or with them. But just that it is not the reason why OSS or Free Software movement happened.
> the freedom to change the software to the user's needs.
How is this not exactly helping end-users? Corporations are producers, not users. And no one is complaining about MSFT or any other corporation using OSS as users, but only about co-opting it as a producer.
The corporations _are_ end-users. They're just using a project to make adoption of their platform easier. Just because a user passes on the benefit of their usage to more than a single human doesn't mean they're not a user.
Sometimes corporations are end-users. When someone creates a fork of a project, they are no longer an end-user; they have become a producer.
OK. But that is allowed right? "Sharing" and "redistribute" are words you should have heard if you know what OSS. You are missing the whole point of Open Sourcing code. What you want is source available or proprietary software if you are bothered by this. And at that point, this has nothing to do with OSS.
This is literally why when a company stops open sourcing something, community or other company continues the fork. When a product fails as business and when open sourced, the software itself thrives.
Let me re-iterate, Open Source is purely about the software and the capability to share and make changes. IT IS NOT ABOUT MONEY, BUSINESS, CAPITALISM etc etc etc.
It is not even about collaboration. That is something that came out of Linux development which is one of the most famous Open Source project. All that is necessary is to make the software licensed under an OSS license. And I don't have to get PR from you, I don't need to accept outside collaboration etc etc.
The license discussed above explicitly tries to prevent Microsoft from using the software.
> The OSS philosophy was conceived to help end users, not for-profit corporations
Citation needed here, if you're going to make such a bold claim.
The open source movement began as a counter to proprietary closed-source software, and nothing more. It has never been about "fairness" (however you define that) or about preventing anyone from profiting from OSS.
Now that said, fairness matters and I agree that some of what transpires today in the open source world doesn't feel fair.
But that's what new or difference licenses can accomplish, depending on the wants of the authors.
And that's different from the philosophy behind Open Source Software. We should be clear about that.
The GPL was "To prevent free code from being proprietarized" by for-profit corporations.
In addition the origin of Stallman's open source philosophy was a printer he couldn't use because of closed-source software. From the start it was about the rights of the users, not corporations.
https://www.free-soft.org/gpl_history/
> In the early years (1984 to 1988), the GNU Project did not have a single license to cover all its software. What led Stallman to the creation of this copyleft license was his experience with James Gosling, creator of NeWs and the Java programming language, and UniPress, over Emacs. While Stallman created the first Emacs in 1975, Gosling wrote the first C-based Emacs (Gosling Emacs) running on Unix in 1982. Gosling initally allowed free distribution of the Gosling Emacs source code, which Stallman used in early 1985 in the first version (15.34) of GNU Emacs. Gosling later sold rights to Gosling Emacs to UniPress, and Gosling Emacs became UniPress Emacs. UniPress threatened Stallman to stop distributing the Gosling source code, and Stallman was forced to comply. He later replace these parts with his own code. (Emacs version 16.56). (See the Emacs Timeline) To prevent free code from being proprietarized in this manner in the future, Stallman invented the GPL.
As someone else said GPL !== OSS.
> The GPL was "To prevent free code from being proprietarized" by for-profit corporations.
You are adding the "by for-profit corporations" here. That's not in the link you provided. Let's distinguish between what was actually said or meant, and your own personal interpretation or editorializing here.
In the GPL context "proprietarized" could apply to anyone. I could write and release proprietary code with restrictive usage limits, and I'm not a corporation. And the GPL wants to prevent me from doing that as well.
The right to see and modify the source code to the software you run is not restricted, or aimed at, individuals or corporations. I think the GPL's goals here are universal, meaning any entity should have those rights.
Which I think is a good thing. We agree on the ideals of free software here, I just think you're layering "for-profit corporations" on top of it in a manner that was never actually part of the philosophy, because it doesn't make those distinctions.
It can certainly be part of your philosophy, but be clear about that.
The GPL and Free Software, yes. Open Source not so much. The term "open source" was originally coined to make Free Software more easily understandable to newbies. Pretty much right away, though, it was used to water down Free Software licenses to make them more palatable to businesses by selling the end users' freedom.
https://opensource.com/article/18/2/coining-term-open-source... https://www.gnu.org/philosophy/open-source-misses-the-point....
The point is what do creators want to get out of their open source project. If it is the opportunity to sell, they can make it source available. If they don't want money, having open source license is better as it could mean more contributions.
In practice it doesn't mean more contributions though. If MSFT used his project for profit and contributed back, he wouldn't be complaining. Instead they forked his project, without even sufficient attribution, and now he has to do even more work to differentiate his original project from their derivative.
So the point is that we need another license that does gives open source rights to individuals, yet does not permit corporations to take everything and give nothing.
> So the point is that we need another license that does gives open source rights to individuals, yet does not permit corporations to take everything and give nothing.
Why doesn't the AGPL fill that role?
No. Free software was conceived to help end users. Open source was created to fight that and instead help megacorps take without giving anything back.
"It was never about the money part"
That seems to be the point being debated now. When a megacorp forks an OSS project and cuts out the author, how does that encourage developers? How does that encourage OSS?
And for that matter, perhaps less ideological but practical, how does that encourage small startups who want to be as open as possible while wanting to be able to scratch out a living working on something they care about?
You suggest staying closed source, rather than tweaking an open-source license to limit corporate forks, for the purpose of protecting OSS philosophy. It strikes me as odd.
It only discourages open source if people choose to care about it: it doesn't materially affect their life in any way.
If you stop people from using your software while they are at work, you stop people from using the software and it is no longer open.
> That seems to be the point being debated now. When a megacorp forks an OSS project and cuts out the author, how does that encourage developers? How does that encourage OSS?
When a megacorp forks an OSS project, the maintainer should know that it is allowed. If you are MIT licensed, that megacorp can resell your software, create a business around it and make billions in revenue. That is allowed. If they are bothered by it, they either should use a different license or take the software proprietary. To me, the problem here is that Microsoft hasn't properly followed OSS license here. My qtile window manager config file has copyright notice of all the authors. That is how you follow MIT license. Another problem I see here is not knowing how to do license compliance. Also, why should it matter if the one who forks it is an individual or a mega corp. As far as OSS is concerned, it's irrelevant.
> And for that matter, perhaps less ideological but practical, how does that encourage small startups who want to be as open as possible while wanting to be able to scratch out a living working on something they care about?
I have been an OSS guy for a long time. And think OSS in business is a very tricky and hard problem. If you don't have the reason to be OSS, it's better to be honest about it. There are other ways to support OSS. Just support like 10% or even 5% of the dependencies you use as a business and that will make wonders. And be honest about things. Obviously, there are success stories. But if you have seen the recent trend, people are in the mindset that someone forking your OSS is ripping off of them. Not stopping to think that it was allowed all along.
> You suggest staying closed source, rather than tweaking an open-source license to limit corporate forks, for the purpose of protecting OSS philosophy. It strikes me as odd.
Because the moment you "tweak" the OSS license the way you are talking, it stops being OSS. Also, your proprietary software still needs to abide by the OSS licenses it uses. If I use a OSS software, it should abide by the OSS license somewhere in the output.
I think it's better to be honest about OSS than being like... we love OSS (Just like Microsoft <3 Open SOurce) and saying.. you know what? Don't use this software in this industry because that where my business happens. Oh and since you don't agree with my politics, you can't use it. I am not gonna list them, but there are licenses which does these and they are exclusionary. Free as in Freedom is what brings in people to OSS. The moment you start excluding people, it's a slippery slope. It's already happening in politics and else where. Let's just keep software away from it all please.
> > My personal thought is that we need a new kind of license: community open source. No corporations, just community.
> You are going exactly against the OSS philosophy.
GPL is almost that: community, because if you want to use it in a commercial product you have to make sources available, not to the community but to those who ask for it.
I'm of the opinion that open source is a business tool, and one should use a license that helps one achieve business goals. Those goals can be very personal and about career advancement, or they can be those of a trillion dollar corporation. TFA might benefit from using GPL if they are upset at what MSFT did, or they might work with MSFT to have their work integrated into the original to end the fork, or...
The k8s community is mostly people who work for commercial interests and use k8s in their companies. If you develop a component of the k8s ecosystem, and you want people to use it, you can't really exclude businesses from using it. There just aren't enough installations outside of commercial spaces for it to be relevant.
Very good point. Trying to think this through.
I think community source should be accessible and usable outside the community. A community license should have a provision for paid use by corporations. If Microsoft wants to use it that is fine - if they pay.
But if Microsoft wants to fork things, to me that is predatory. If I can't fork windows, why should they be able to fork community software? If they argue that people should pay for their products, it just seems fair to me that they should not get community products for free.
I guess the concept is playing by the same rules?
> I think community source should be accessible and usable outside the community. A community license should have a provision for paid use by corporations. If Microsoft wants to use it that is fine - if they pay.
That violates the first clause of the open source definition:
It probably violates 5 and 6 too.
> But if Microsoft wants to fork things, to me that is predatory. If I can't fork windows, why should they be able to fork community software? If they argue that people should pay for their products, it just seems fair to me that they should not get community products for free.
Windows is not open source software.
Maybe the open source definition needs to change, or it is time to find a better way of protecting community software? This one is clearly (in some ways) not working.
> Maybe the open source definition needs to change
Maybe you rather don't actually want your software to be open source. Maybe you rather want your software to be under some copyleft license. Maybe you want to use an OSS license that is inconvenient for cloud providers (while still being an open source license) like the AGPL.
Choose wisely.
the OSCL turned 18 years old a month ago. maybe things have changed enough since then to validate revisiting it.
OSI is too busy trying to come up with an equally mid (at best) OSAID for another thing thing that corporations already don't and won't care about following, so I don't expect them to prioritize it even if it got raised
I think one of the most important parts of open source is that it's available to even those you don't like.
I simply do not get this corporate hate. Corporations and individuals can both use it for good and bad. A company might use open source to make a pacemaker to save lives or world improving research, or it might be Facebook and sell personal data.
AGPL tries to solve this
> The problem is that when a corporation like Microsoft does this, they harm our community
What is this "our community"? My releasing something under the MIT license doesn't mean I'm part of whatever community you're invoking. It means I'm releasing something with an MIT license. That's it.
I certainly don't want to give companies like MS a "pause" before they decide to fork my project. I'm explicitly telling them they can do that. I absolutely do not want them to be hampered by notions of "What will this action look like?"
Don't impose your values on other people's use of my software.
Adding an additional kind of license simply gives you an additional choice. There is nothing about you not being able to use the MIT, or any other license for your code. Providing options for people is not an instance of me imposing my values on you.
Your code, your license. My code, my license.
The license would no longer be open source if you limit use to only community.
See "6. No Discrimination Against Fields of Endeavor" in The Open Source Definition https://opensource.org/osd
> My personal thought is that we need a new kind of license: community open source. No corporations, just community.
It exists: https://creativecommons.org/licenses/by-nc-sa/4.0/
> > My personal thought is that we need a new kind of license: community open source. No corporations, just community.
> It exists: https://creativecommons.org/licenses/by-nc-sa/4.0/
CC-NC-SA violates the open source definition.
This license is incredibly vague, for example would it be a violation to use NC licensed code in your personal website with a few Google Ads on it that earns a few pennies a day? What about for another personal website/blog that earns hundreds of dollars a week?
As someone commented above, commercial use is an issue. Creative commons is good, but the non-commercial clause prevents it being useful in this case. It seems to be that the crucial issue here is the duplication of the project by forking.
I am unclear of where the boundaries could and should be, but in essence we want money to flow into community source projects. Corporations and commercial entities can and should pay a fair amount. If they don't want to pay, they should not be able to profit from the work of the community.
> the non-commercial clause prevents it being useful in this case. [...] Corporations and commercial entities can and should pay a fair amount.
There is nothing preventing the project owner from also granting individual paid commercial licenses. There are a number of GPLv3 (or other restrictive license) projects with a note like "contact us for commercial licenses" in the README.
Licenses aren't exclusive by default. If a company doesn't like the existing license, they are always free to contact the project owner(s) to request a custom license.
> There is nothing preventing the project owner from also granting individual paid commercial licenses.
Be careful. Changing the license presumably requires the consent of every copyright holder. It's trivial when it's just you but quickly become impossible in practice as the number of contributors increases. Stuff like this is why some projects ask you to reassign your copyright to them.
The corporations aren't going to pay anyway, they will just rewrite your code or something better from scratch and use their marketing money to beat you in the developer mindshare stakes.
So only hobbyist software? NC applies to use as well as contribution.
Yes! Another vote for CC-BY-NC-SA! I release my code under this license as well, even snippets I post on my (tiny) blog.
I think this is what a lot of people would use if it were more known about. I feel like a lot of people do not actually read what a license provides and just default to MIT because it is widely used.
Hard to word that language to prevent a corporation from forking it, as you have to "fork" the project locally to make modifications and send patches back. I'm sure nobody here wants to stop a random engineer at a corporation from contributing to a community project?
If you want a corporation to avoid it like the plague, just make it GPLv3. If you really want to screw them, go with AGPLv3. This way you keep a true open source license, but don't have to worry about corporate control.
Just thought I'd mention something...
Free Software (like GPL) has the philosophy that you can USE the software for any reason. The rights are for the USER. The responsibility kicks in when you redistribute the software. It ensures that you preserve the same freedoms you received when you pass it on.
But if you restrict USING the software, it's not free software anymore.
Who is going to be able to afford to enforce such a (not Open Source) license against the corporations who will inevitably violate it? The GPL is already violated very commonly but is very rarely enforced, although Conservancy are trying to make that easier, but their precedent-setting lawsuit against Vizio is taking years to get to trial.
These are not open source licenses; they violate the open source definition.
So? I never said they were for Open Source (as defined by some libertarian crusty hacker), and the parent comment never asked for it. Why do people like you always jump in, screaming "It's not Open Source!"?
Eh, just use the (L/A)GPL. It's already well understood and established; humans and well-meaning businesses can use the software ethically; corps won't use it even though they could because their intellectual property lawyers don't understand how intellectual property works.
They most likely understand, they don’t trust their engineering coworkers to not ignore it. Blanket ban is an easy sell when upside is limited and downside is basically unbounded.
My experience talking to big corp IP lawyers is they have a set of policies ("open source bad; protecting our IP good") and will make up any justification to support those policies, even if their justifications are plainly incorrect given the license text. Usually they just stop responding when you point out the obvious contradiction. It'd be one thing if they just said "no" with no justification, but my experience is they spout a bunch of false stuff about open source licensing, then explain how that false stuff violates their policies even though the real license actually doesn't, and then stop talking when you show them that they are wrong.
As you say, their job is to protect the company, not actually understand how IP works. But it's pretty silly when some stupid dev like me knows their supposed area of expertise better than they do.
Well, it's great that you have that understanding. But the internet is full of FOSS types fantasy IANALing based half-forgotten RMS FAQs, even in places where they really should know better. Most of these nerd arguments are pretty much worthless if it came to a courtroom.
Yeah, I said I was stupid. What's their excuse? :)
Does this exclude anyone who works for a corporation from contributing? I think the obvious answer is no, as long as someone is working in their own interests, but it would be very hard to establish. After all, Linus worked for the Transmeta Corporation during some of Linux's most seminal years.
Comment was deleted :(
Yup. But then you also limit the usage of your software in enterprises which do not try to compete with you. There are a number of licenses which tried to solve this exact problem (cloud protection licenses / fair licenses / ...), for example Commons Clause, but community usually doesn't accept them nicely, at least I don't know of a case where they were welcomed. Not sure why, maybe because most of such projects go from FOSS to fair license instead of starting with one? Anyway, to me it looks like opensource licenses nowadays serve mostly the interests of Big Tech and not those of regular users.
But what is the practical difference between that and Spegel's situation? Where is the deterrent?
Microsoft is currently violating the license, and the author's recourse is this HN post.
You can get pretty close with a copyleft license like GPL.
How about post-open license? https://postopen.org/
I think a lot of people in the OSS world are feeling this tension more acutely now.
While Microsoft is certainly in the wrong for removing the copyright notice, I think the author has zero basis for complaint otherwise. If you're going to release software with one of the most permissable licenses, you need to accept that for all it entails. Consider what you're comfortable with and pick an appropriate license relative to your values.
I think it's weird they didn't mention anything about Peerd or their plans on how to use Spegel to the author. They could've atleast said "btw we plan to do xyz" instead of leaving the author fantasizing about a collab.
"fantasizing about a collab" sounds like the world of sneakers, not software. What does that even mean in the world of software?
Dreaming of a contribution from Microsoft
In a reply from an Microsoft employee who's familiar with the situation, some group in Azure wanted support for some Azure-specific APIs. The spegel dev decided that was too far out of their wheelhouse, so they didn't want to add support in spegel for that Azure-specific API. The Azure subteam went ahead and added that support into their fork of spegel.
Other changes removed the spegel project's LICENSE and added in Microsoft's LICENCE file and copyrights on all files.
No legal basis. They still might have an ethical basis regarding Microsoft's behavior, because law != ethics.
If the author has ethical concerns with companies using their work there's a simple way to make that explicit and unambigious – the license. No one can read their mind otherwise.
If you consult with someone over their project, then proceed to fork it behind their back, that's just being a dick, even if it was perfectly legal. We should not accept that kind of behavior. And that's even ignoring that the consultation was unpaid and the project was actually even stolen.
> We should not accept that kind of behavior.
What exactly is this supposed to mean? We will not be asked. Only alienated teens care if strangers "accept" them.
It's not the first time I see something like this.
The flake8 (MIT license) maintainer is upset that ruff is copying his lints, for example.
I find the whole thing bizarre.
Comment was deleted :(
The author said that in the last line.
Highlight the part of the essay where he is claiming MS didn't have a right to do what they did.
The point of the article was that MS showed interest in his work, asked him about his designs. Said nothing about internal plans to fork it or use it. Then he shows up to a talk and sees them discussing his work.
Reading between the lines, it is 100% clear they didn't feel like telling him they planned to fork his software, and they danced around it. They didn't reach out to him afterward and say "thanks, we are building a fork and your free time was really useful".
The essay isn't claiming a legal issue. It's pointing out a substantial, practical issue with OSS that didn't exist nearly as prominently in the pre-cloud era: megacorps forking software and cutting out the OG developers.
Licenses communicate your intent; if you choose the most permissive one possible that is also implicitly communicated.
Did they complain about anything else?
Mostly no, but I read the overall piece as a complaint that they got a fork when they were hoping to get a collaborator.
I mean, the title is “Getting Forked by Microsoft,” not “Microsoft Removed My Copyright Notice.” They don’t even outright state that the fork is missing the required attribution, you have to infer it.
Anyways, the real question should be: what is the most productive form for the project/technology? Separate efforts may not the answer, we're looking for.
Yes, he complains in the last few paragraphs that he feels like this form is a competitor. Says that users sometimes come to him asking for help with the Microsoft fork, etc. Those all very much fall into the domain of "what did you think MIT meant exactly", imo at least.
I suspect that what's happening internally (at Microsoft) is that someone's leveraging your work towards their next promotion packet. They went to their manager with "hey I've got this great idea" and followed it up with your code a few weeks later. Of course, this only works if they claim they were "inspired" by Spegel to "write their own code".
> I suspect that what's happening internally (at Microsoft) is that someone's leveraging your work towards their next promotion packet.
It just so happens that the Microsoft engineer who originally changed the license in GitHub went from Senior to Principal engineer at Microsoft in the past two months (according to LinkedIn). So you probably aren't far off.
Dang, that is too good.
There is definitely a type of person who cheats, lies, throws people/teams under the bus, breaks the rules, and cuts corners to get ahead. The ones who are able to not get caught are rewarded.
This is not only a software phenomenon, but almost all aspects of life.
I wonder if there exists any system in place that this could backfire rapidly if this could be proved on some level. Unfortunately, world needs examples and consequences before anything changes. If this worked for this particular engineer, others will follow and will attempt the same. It will become a norm in big corps.
Causing a legal shitstorm is most likely not a sustainable way to get ahead at big corps.
If this is what happened, I suspect Microsoft will drop this person even quicker than a hot potato, and even quicker than if they told them to rewrite it from scratch but the person took a few shortcuts too many (which would be my guess).
If they wanted to fork it, they could - just keep the attribution and be done with it. The fact that they tried to rewrite it suggests that someone wanted it to be legally not a copy.
The commit histories for the LICENSE files in the two repositories are rather interesting. The original author placed a single copyright notice in that file. Microsoft on the other hand published it with their copyright notice and a Apache 2.0 license in place of the original copyright notice and MIT license. They also put copyright Microsoft and license apache 2.0 headers on all files. They then changed the Apache 2.0 license to MIT, but left their copyright notice in place of the original copyright notice in LICENSE:
https://github.com/Azure/peerd/commit/473a26c808907f2d9f7b7f...
Unless they forked a very early version that did not even have the LICENSE file, such that they never removed the original notice, this looks like copyright infringement to me. That said, I am not a lawyer.
>chore: change to MIT license
What does "chore" mean in this context? Is the license just leftover from some MS open source template? If so there is perhaps some leeway, and the author maybe just didn't realize he needed to use the original MIT license file including the notices and not just a template one grabbed from the internet.
Any other explanation for such a "relicensing" would be extremely worrisome.
"chore" is a common conventional commit message type, see https://www.conventionalcommits.org/en/v1.0.0/
"chore" just means the type of change; as opposed to a fix, a feature, refactoring, there are some things that you have to do in the repo that can be called "chores".
I'd say, in this case "chore" means "boring, nothing to see here".
It's interesting, because "chore" to me has strong connotations of "tedious, unpleasant".
Right. It derives from the idea that programmers are supposed to find "solving interesting problems" pleasant. On the other hand, boring, repetitive tasks are called "chores".
I don’t find it appropriate nor useful to place such a sentiment in a commit message, much less as a standard tag.
It's a nerdy colloquialism. ie, it's not that serious
That’s part of the reason why I’d object to it in a commit message, in a professional setting.
Some organizations strongly encourage marking all commits as one of a list of categories such as "feature/fix/chore/...". The tags are then bound to loose all meaning (literal or figurative) very soon.
Unless there was some "conspiracy" to violate the license (my original comment was an attempt at playfully hinting at that possibility, though I don't find it very likely), I'm sure the person who wrote that commit message thought about it for less than three seconds.
That was my initial guess as well. I am glad that the author chose to take a high ground instead of naming and shaming the people behind this egregious act.
It might be just a decision to own the code as it probably ends up in production, e.g. run codeql and other tools to scan it, have controlled releases and limit access to the repo. They might have had some other stuff to change and did not want to bother doing it in the original repo with unexpected timelines from the repo owner. A fork is a logical step for a company.
The future continues to be AGPL
https://vadosware.io/post/the-future-of-free-and-open-source...
We need an updated/modernized AGPL that more explicitly delineates what is dependent software. SSPL is probably too far, but it has the right idea.
What would be the goal of this? I ask because I think the nice thing about the current system is that the goals are well represented/easy to sum up and defendable.
What would be the goal of a license between AGPL and SSPL on the spectrum? Seems like such a license would at the very least be non-free? (which is perfectly ok)
Some projects choose AGPL because they incorrectly read that it requires dependencies like calling web services or the underlying configuration management to be open source (such as Minio). SSPL goes beyond this and requires an unsatisfiable amount of dependencies to be open source. There should be a middle ground for folks like Minio and others that want to prevent competitive hosted offerings as that's how they fund the open source version.
Whether this would be considered non-free is up for debate IMO. Why would a license like this be considered non-free when the GPL is free? Is it the scope of it? The OSI would hate it because they represent the organizations this is meant to curtail.
Though most of this is moot if you can just launder code through a LLM and magically remove any licensing for it.
> Why would a license like this be considered non-free when the GPL is free?
Do you consider the SSPL to be free? If so, this would be. If not, it probably would not be. Why does SSPL require unsatisfiable numbers of dependencies by the way? It seems pretty clear to me (though, clearly, not free).
> if you can just launder code through a LLM and magically remove any licensing for it.
If you can actually do this, I look forward to unencumbered Windows-compatible source code having run variously leaked source through copilot.
AGPL without CLA, to be precise. AGPL with CLA is a trap.
What's wrong with CLA? I've contributed to project with CLA. Have been using them and then wanted a feature and the project accepted my patch. Ther are still many people contributing to project with CLA.
In addition to what buzzy_hacker has written, in a normal FOSS project A I can ask maintainer X to include a feature from a compatible FOSS project B written by programmer Y. The maintainer can do it themselves, or I can adapt the code myself and submit a patch, referencing the original authors. That's how FOSS is supposed to work.
In a CLA-restricted project, there's only one entitity that can contribute copyleft code. Everyone else must donate the code to them, and they forbid themselves from using other people's copyleft code, because they can't relicense it.
For an argument from the other side, here is the GNU project's defence of CLAs:
> If there are multiple authors of a copyrighted work, successful enforcement depends on having the cooperation of all authors.
> In order to make sure that all of our copyrights can meet the recordkeeping and other requirements of registration, and in order to be able to enforce the GPL most effectively, FSF requires that each author of code incorporated in FSF projects provide a copyright assignment
FSF is not the average recipient of copyright assignments - I'd be much more comfortable giving copyright assignment to FSF than to pretty much any other entity:
* They're much less likely to rugpull on the contributors and change the licence to something non-free: even pessimistically assuming their leadership got subverted somehow, doing something like this would pretty much be the deathknell to FSF. So there's a known, very high cost to the negative side of CLAs.
* They're much more likely than the average project or corporation to actually use the positive benefits of copyright assignment, to pursue legal action and enforce the Free licences the way it empowers them to.
That doesn't really explain why.
It seems like what's bothering him is:
> give a single entity, the project steward, a special license distinct from the one that everyone else gets, so that they may use your contribution in any way they please
But that's not a justification.
The project steward is contributing more than 90% of the code, maintain the infrastructure and servers, do the promotion, ...
So yeah, they may give some condition to accept your contribution, but I think that's fair. They don't force you to contribute. And depending of the motivation for your contribution, you get what you want, eg, the feeling of contributing to an open source project presumably used by many people, or having that entity to maintain your patch for free.
I mean, you can fork if you like, but the likelihood that your fork is getting used is not that big, and mean more work from your side to maintain the change.
A CLA is what legally allowed Oracle to release the once copyleft OpenSolaris under a closed source license, including code contributed outside of the previous owner company, Sun. CLA is a tool for companies to change the deal after the deal.
There's a famous talk about this, which resulted in many us referring to Oracle and its billionaire CEO as the "lawn mower."
And of course, someone else here already mentioned the lawn mower lol.
I agree with this. It seems to be one of the licenses out there that scares the big three cloud providers.
And just to be really clear -- it's not actually a solution to cloud providers not reusing the code for profit (which I assume is the context you're implying, could be wrong here), because AGPL is free software, so people are free to reuse your code for commercial purposes. AGPL at least prevents making private improvements to open source networked code without contributing back.
I think in this situation it might have convinced Microsoft to contribute rather than fork... But then again, it's Microsoft. Also, they're well under their right to fork and keep the changes as long as the license stays the same, etc.
I think another important point might be that "free software" aims to protect the users of free software, not necessarily the profit-maximizing (I mean to use that phrase neutrally) ability of software developers.
The AGPL doesn't require them to contribute back. It only requires them to provide the code to end users upon request. No license as far as I know requires people to contribute back.
In many cases, project maintainers would not want the changed code anyway because it does not align with their vision for how things should be done. Linus Torvalds and his subsystem maintainers, for example, do not want people to send them code dumps containing the hacks people have done to private Linux source trees. They want proper commits that are done well and have been modified to comply with any feedback that they provide.
What the project maintainer here wanted were collaborators who would work with him as a team (which is not much different than what most OSS developers what), but no license requires that and it is rare to get that.
This is a good point, the AGPL and free software in general is really more about users than individual projects and developers.
AGPL may not have convinced Microsoft to collaborate.
It is in a roundabout way also about collaboration with upstream, since the users (or those working for them) are fully empowered to be developers if they so choose.
And the upstream and buy the product and get the same rights as a user.
But first and foremost it's about the users.
The biggest thing that GPL et al. enable is that customers are not locked in to their provider.
It's not as much about the collaboration by the vendor per se, though users would likely prefer it, and are themselves able to collaborate on equal footing.
The problem is that it scares away also others. Personally I avoid such projects for any purpose, they simply don't exist for me.
I also don't understand the cloud hosting argument, when we had a great whole era of Apache/PHP/MySQL stack based on exactly this idea of commercial hosting.
> The problem is that it scares away also others. Personally I avoid such projects for any purpose, they simply don't exist for me.
I think this isn’t a problem — not everyone has to contribute to any project! People sometimes struggle with the choice between GPL and MIT for similar reasons of popularity.
People who want the widest possible usage/corporate adoption can pick licenses that reflect that and embrace the tradeoff
> People who want the widest possible usage/corporate adoption can pick licenses that reflect that and embrace the tradeoff
This subthread started with the implication that people shouldn't be doing that. But you are right, that's exactly what most are doing.
The anger over cloud hosting came from a specific set of Open Source companies that produced cloud software with the intention of earning money by selling hosting. Mongo, Elastic, and Hashicorp were the big ones. These companies failed to realize that the licenses they chose were incompatible with the business model they chose and then blamed the resellers for their own failure to plan.
It was particularly problematic for the FOSS companies because each of these players' plans was to resell the Big Three clouds and live off of the margin, so the instant that the cloud providers decided to just directly compete in the hosting space the original company physically couldn't compete on price.
The moral of the story is that if you're releasing cloud software as FOSS you can't plan your business around the idea that you'll be the only hoster.
I dont see how that would’ve helped with authors complaints in this case
LGPL is sufficient (without the extra baggage of AGPL).
The extra baggage in AGPL is what makes it work for the purposes that OP wants it. LGPL takes the GPL a step towards MIT, where AGPL takes it the opposite direction.
I have to say every thing mentioning the license or GPL or variants is getting instantly downvoted. Not a good look HN.
[flagged]
It’s classified as free AFAIK, could you expand/lay down some points?
The FSF considers AGPL Free Software (of course).
The OSI considered AGPL, Open Source.
Debian considers AGPL to be compatible with Debian Free Software License Guidelines.
FreeBSD considers AGPL acceptable in its ports.
So when you say AGPL is non free, could you clarify exactly what you mean?
How is compliance as written impossible?
Whenever I see AGPL project, I close the page, and I believe many others would do the same.
Why?
Probably because the dependency scanner the lawyers at his company required be added to the code review system will instantly fail the review if he added an AGPL project as a dependency.
There’s no reason to worry about the AGPL unless you plan to conceal code from its users. Most software businesses take this approach because it’s hard to sell information that is publicly available, and code is just information. Some businesses make money operating software for others. AWS pays on-call engineers to keep RabbitMQ highly available.
Free Software protects the user from the developer. Permissive licenses protect the developer from the author.
A lot of professional software engineers get confused and think of themselves as the “user” when they’re actually more of a middle man.
Because they listen to fear mongering or would prefer to ask nicely that megacorps be kind to their users instead of just using a tool with legal teeth.
They have to wait for the AI scraper bots to steal it for them :(
> As a sole maintainer of an open source project, I was enthused when Microsoft reached out to set up a meeting to talk about Spegel. The meeting went well, and I felt there was going to be a path forward ripe with cooperation and hopefully a place where I could onboard new maintainers.
Seems it isn't the first time Microsoft leads open source maintainers on, trying to extract information about their projects so they can re-implement it themselves while also breaking the licenses that the authors use. Not sure how people fell so hard for "Microsoft <3 Open Source" but it's never been true, and seems it still isn't, just like "Security is the #1 priority" also never been true for them.
Here is the previous time I can remember that they did something similar:
- https://news.ycombinator.com/item?id=23331287 - The Day AppGet Died (keivan.io) 1930 points | May 27, 2020 | 550 comments
The best advice for open source maintainers who are being approached by large tech companies is to be very wary, and let them contribute/engage like everyone else if they're interested, instead of setting up private meetings and eventually get "forked-but-not-really" without attribution.
I agree, after this happened to me I learned of a few other situations where the same thing happened to other friends.
On my end if was a mix of naivete and flattery which made me want to take the meeting. I suspect it is the same case for others. I will not make the same mistake the next time it happens.
Do you think this stops the fork? It’s not like they can’t read the code.
Well your license is only as good as you are able to enforce it. Even with the law there is no guarantees.
I grew up thinking that people would follow the spirit of open source rather than the specific letter of the law. This is obviously not true, and probably never has been.
No license stops someone from spinning off an OSS project into their closed-sourced enterprise offering. It's just sad that most corps see nothing wrong with this
GPL definitely does.
The GPL (and AGPL) are easy to comply with for a corporation, or anyone else really. Just redistribute your modifications under the same license, and ensure users can run modified versions on devices you distribute and you are done.
> GPL definitely does.
Clearly it doesn't because companies get caught doing it with GPL software all the time.
... and the only recourse is to sue them into compliance.
Were folks under the impression there were other options for license violations? Your comment implies that a lawsuit being the only recourse to enforce a license renders that license moot.
Some people just hoped that picking a corporate-unfriendly license would be enough of a deterrent by itself, because most folks can't actually afford to sue. But infringers, big and small, are increasingly realising that these licenses are toothless by themselves, they need to be backed by money.
I don’t disagree with any of that, I think the challenge is certainly the costs of enforcement. For GPL licenses anyway (I realize the OP used the more permissive MIT license) I think their is (or there should be) a non-profit foundation established to collectivize the funding and legal actions necessary to support open source projects in these kinds of scenarios. Certainly, pursuing license violations in a manner that maximizes awareness and makes examples out of violators should prompt others to reconsider their actions.
> I think the challenge is certainly the costs of enforcement.
IMO, this is fundamentally a mismatch between how software is developed in practice and how copyright works.
If software was like a book, where it's finished and published once, then simply registering it with the copyright office would be all anyone needs to do: up to $10k/copy statutory damages is a stiff enough deterrent that few large companies would want to take the risk. And even if they did, it'd be easy to find a lawyer to take the case on contingency.
As a non-lawyer, that doesn't seem to match nearly as well with software as a constantly evolving work. But I'm not an expert - maybe periodically submitting versions is enough.
Software Freedom Conservancy are the most visible GPL enforcers these days. The FSF probably does some enforcement too, but doesn't seem to talk about it as much.
There is such a organization, it's called the Free Software Foundataion??? Where do you think the GPL comes from?
> For GPL licenses anyway...I think their[sic] is (or there should be) a non-profit foundation established to collectivize the funding and legal actions
Hence my thinking there is. I kept thinking EFF for some reason, but I knew that wasn't right. EFF are the ones who consistently predict which anti-privacy/anti-consumer laws will definitely get passed.
On the other side, some people hoped that picking a "corporate-friendly" license would make megacorps good citizens. It has worked out poorly.
Still doesn't waste your time.
Large corporations should and can be extremely clear about their intention, which is clear to them before they reach out.
Don’t entertain meetings without compensation from megacrop. But the project is open source. The author provided the right for them to take it in any way possible and copy it. If I’m not mistaken the MIT license allows what they did.
I’m assuming the complaint is more about Microsoft duplicity in asking for information as opposed to the forking of the code. The latter is fine - the license explicitly allows it.
You are mistaken. The license explicitly allows it subject to the terms of the license:
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
Microsoft didn't follow these terms. They copied "substantial portions of the Software" and didn't include the notice.
Which notice? None of the *.go source files I have opened in Spegel contain a notice. Microsoft cannot remove a notice that does not exist...
In my opinion, it's the Spegel author's fault: they should have added a notice in every single file!
The "notice" is the literal license file. It is illegal to strip someone else's license from their work. It doesn't matter that they replaced MIT with MIT, because they stripped the author and attribution from it.
https://github.com/Azure/peerd/blob/main/LICENSE
If you read that file you'd think that Microsoft was the copyright holder, but they very clearly aren't.
> but they very clearly aren't.
Peerd seems very different from Spegel, so Microsoft does hold quite a bit of copyright over Peerd.
Now I genuinely wonder if the main LICENSE should say "copyright Spegel and Microsoft", or if somewhere in the repo Microsoft should just have a copy of the Spegel LICENSE file?
Generally, you would want to do one of:
a) Keep any code that you've pulled in from another project in its own directory structure with a license file indicating where it came from and its licensing terms.
b) If you intend to modify the code or integrate it more tightly with your own, copy the notice into each source file that was taken and perhaps put a pre-amble along the lines of "Portions of this file were copied from XXX under the MIT license as follows:". Ideally you would make a commit with the file in its initial state as copied, and then if you ever need to determine what came from where and how it was licensed, it shouldn't be too difficult.
Generally, what I take from this discussion is that what you want to do is get as much inspiration as you want from the code, but absolutely rewrite it from scratch such that it is yours and yours only.
That would still be infringement.
Absolutely not. How would it be infringement to write your own code from scratch?
If you read someone else's code and copy it down, then you are infringing on it. There's a reason why https://en.wikipedia.org/wiki/Clean-room_design exists.
Where did I say that you copy it? I used the words "you rewrite it from scratch", not "you copy it".
That's a copy. Read the Wikipedia article I linked and it explains what people do to demonstrate they're not infringing.
Because people spend a lot of time making sure that they can prove that they did not infringe copyright does not prove anything here.
It just says that some people put a lot of effort into making sure that they could easily prove that they didn't infringe copyright.
From my own past experience working with F/OSS at Microsoft, they should at the minimum have "third party notices" file somewhere in the repo. Something like this: https://github.com/microsoft/debugpy/blob/main/src/debugpy/T...
What you're proposing, updating the license file to list the authors, is a pretty common way to do this. It does mean that the code is mixed a bit, so it would be hard to split who owns what, but this is only relevant if one of the copyright owners wants to change the license (as they can legally only do that to the code they own).
It looks like they relatively recently migrated the entire codebase from Apache to MIT. I wonder if that was in relation to pulling in code from Spegel. They updated ~every header.
> The best advice for open source maintainers who are being approached by large tech companies is to be very wary
Drop them a consultation fee in the thousands per hour, get something out of it at least. If they're going to reimplement your project, there's absolutely 0 you can do, they will just hire an intern and tell them the requirements for what you have built without having to meet you, ask them for expenses out of your day covered.
The cultural amnesia about how these companies have operated in the past and continue to operate just continues to boggle me.
It's as if we've learned nothing about exploitative corporation behavior for the last 20-30 years even though it's in the news EVERY other day.
What can you expect when the same group of folks has given the control of the Web to Google served on a plate?
Yeah. I remember the big hoo haw on here a few years back that Satya turning up was the table turning event that would fix all evils. Literally rainbow unicorn shit levels of brigading. I got downvoted to oblivion for suggesting we hold off judgement.
And here we are …
Microsoft at it again with Embrace, Extend, Extinguish.
MIT License.
Violated by the removal of author's copyright notice.
Adding the copyright notice to be in compliance, does not change the fact that the author has chosen a licence that allows anyone, including Microsoft, to do whatever they feel like, without giving back.
So eventually, with this bad publicity, they will add the copyright notice, and move on with whatever else they are doing, in full compliance.
Microsoft did not bother to respect even the MIT license, so clearly the license is not the problem.
Not arguing for Microsoft, rather the fact that people put out MIT licenced stuff out there, or similar, arguing how bad GPL happens to be, and then get all up in arms when companies do exactly what the licence allows for.
Microsoft might not have fully complied with the licence, adding the copyright notice to fix that, won't change a millimeter from what they are doing.
I don't disagree with the general point but in this case we're looking at what (seems to be) a blatant copyright violation. It would not be any more or less of a violation if the infringed license had been a more or less permissive one, because the license has not been followed.
Sure, the MIT is very permissive so it's very easy for Microsoft to correct their repository so that it's in compliance for the future, but they cannot correct the past. (Unless the original authors allow for it.) The MIT license, being so short, does not have a provision about curing infringements.
So Microsoft seems to be ok with the risk of being sued for infringement etc. That's not something you can correct with your personal decisions as author.
The point is that the author would not really be much happier if Microsoft had added a few lines admitting substantial portions of code were taken from Spegel. They probably will do this, but I doubt he will be satisfied with the result either way.
The comment above, which I mostly agree with, is that the point of the MIT license to permit anyone, including large corporations, doing this kind of thing. Since this doesn't seem like an outcome the author is happy with, maybe a different license would be better.
That doesn't mean that they would have completely ignored all implications of any other license. The author of the code chose a license that explicitly allows exactly what happened, other than Microsoft did not include a text file that nobody is going to read.
Everybody claims they removed the author's copyright notice. I checked many source files in Spegel, and none of them contain an MIT header with copyright.
I don't think Microsoft removed the copyright notice. I think that the original author did not add one...
https://github.com/spegel-org/spegel/blob/main/LICENSE
The license doesn't have to be in each file. It's a license for the software. A software is a thing.
> Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files
> ...
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
Right. So Microsoft should just have a copy of that LICENSE somewhere in their codebase?
Why are you doing this? Posting in a way that suggests purposely confuses/obfuscates the difference between the general concept of a copyright notice and the practice of putting a copyright comment at the top of every file in a project, then immediately get corrected, then post basically the same intentional misunderstanding on someone else's comment elsewhere in the thread.
You:
> I don't think Microsoft removed the copyright notice. I think that the original author did not add one...
Direct quote that from the file containing and requiring the copyright notice in derivative works that was not included in Microsoft's fork. This was also included in a comment which you have replied to:
> The above _copyright notice_ and this permission notice...
You have the timing wrong, I did not do that in the order you suggest :-).
I thought people were saying that Microsoft removed the copyright headers and replaced them with them, which they did not.
Microsoft replaced the LICENSE for the whole repository with their own, and thanked Spegel in their README. While this is some kind of attribution, it's not enough for the MIT LICENSE. I don't know exactly what would be good enough, I think having a copy of the Spegel LICENSE file somewhere in their repo would be enough (though possibly less visible than the line in the README, to be fair).
My overall point is that it feels like people are complaining a lot about what seems to be an honest mistake. And not just that: the way Peerd did it is arguably giving more visibility to Spegel than if they had just copied the licence somewhere in their repo. Peerd could possible just copy the licence somewhere less visible and remove the link from their README.
The file titled LICENSE contains a copyright notice. That's what a license file _is_ in the context of software a LICENSE to use someone's COPYRIGHTed software. You must abide by the terms under which you are granted the license, otherwise you don't have access via the license, and are thus violating the copyright. They aren't two unrelated concepts.
Anything else is noise, they violated the license. They blatantly copied copyrighted works. They can't "oopsie" that away or claim it as a mistake, honest or not. You simply are not allowed to do that.
Suggesting that they "could possible just copy the licence somewhere less visible and remove the link from their README." is wrong. They MUST include the copyright notice and the rest of the license. They don't get to choose whether or not to respect the license. And they don't need to remove the link, That's got nothing to do with the copyright issues. No one at Microsoft thought that call out was somehow the legally required attribution clearly explained in the MIT license.
> Suggesting that they "could possible just copy the licence somewhere less visible and remove the link from their README." is wrong. They MUST include the copyright notice and the rest of the license.
You do realise that those two statements are not incompatible? If they include the licence somewhere less visible and remove the link from their README, they are still including the copyright notice and the rest of the licence.
The MIT licence does NOT say that you MUST have it at the root of your repository in a file called LICENSE. It does not say that you must clearly identify the parts of the code for which you don't own the copyright or anything like this.
You can read it here: https://opensource.org/license/mit
The part I was indicating was incorrect was your usage of "could" It's not something they "could" do, it's something they MUST do.
Like saying I choose to not be the richest person in the world. Sure it could be technically true, but the statement is incorrectly implying that it's up to me, or within my power to make the alternative choice.
It's very strange that you keep using these intentionally awkwardly phrased, misleading-adjacent statements.
The rest of your comment is attempting to refute something no one made a case for in the first place, which coupled with the rest of it makes it seem like you are just trying to argument-bait, so I'll tap out here.
> It's not something they "could" do, it's something they MUST do.
Well, maybe I just can't English :-).
They must include the copyright notice and the permission notice. Now I can imagine different ways to achieve that. They could use one or the other, as long as what needs to be included is included.
Depending on how they do it (while staying in the realm of what they MUST do, i.e. include the copyright and permission notices), it gives more or less visibility do Spegel. My point was that linking to Spegel in the README arguably gives more visibility to Spegel than alternatives that they COULD choose. And to make it very very clear: what I consider alternatives that they COULD choose are those that honour the licence.
No, not somewhere. That’s the license. If they reuse it, they have to use that license.
This is wrong. Peerd can use whatever licence they want that is compatible with the MIT licence for the code they imported from Spegel.
the "fork" peerd is also MIT licensed and contains the same license file unless I'm mistaken.
So what does Microsoft need to do to be in compliance? I'm not being facetious here. Genuinely curious/want to learn.
They removed the attribution to the original authors and replaced it with their own name. So the copyright notice is not preserved. They could comply with the licence by adding back that attribution.
I've been downvoted for it before, but I still say that permissive licenses are charity to megacorps. If you want your work to get turned into a proprietary program without any compensation to you, use a permissive license. If you want to at least have a chance they'll contribute back & maybe pay you for a proprietary license, pick a free-software license.
If you pick a corporate charity license, don't act surprise when corporations take the charity!
Thinking about what you said - how much of the cloud providers might be an open-source wrapper?
Cloud providers have long taken hard work of open-source projects and packaged it up to be a web administered solution.
There is something to be said for putting together an experience. Including that it wouldn't be possible without everything it does.
> Gates: OH, I DIDN'T GET RICH BY WRITING A LOT OF CHECKS.
> Gates: ( fiendish laughter )
> Seems it isn't the first time Microsoft leads open source maintainers on, trying to extract information about their projects so they can re-implement it themselves while also breaking the licenses that the authors use.
Can’t they just read the source themselves? Why do they need the maintainer?
Maybe AI couldn't explain it to them?
It's very similar to being on the receiving end of what purports to be seeking an acquisition.
Both myself and my other half have separately been directly on the receiving end of the "brain rape" by major companies that everyone here will have heard of, both of which went nowhere except for the supposedly interested acquirer to become ever more angry that the crown jewels were simply not offered up on a plate.
This situation is surprising in that he did get an acknowledgement at all. These companies are not good actors, and have a casual disregard for the IP of everyone else that should be immediately obvious.
Or it was just a team inside Microsoft and he thought "Microsoft" talked to him and saw already dollar signs?
Open source license is there for reasons, he can sue them if they did it wrong.
Generally a court likes for a plaintiff to try to resolve a dispute before suing. The author should contact the Peerd team at Microsoft and point out that they seem to have overlooked their obligations under the license. Only if they refuse to do anything would it be worth considering a lawsuit.
> Not sure how people fell so hard for "Microsoft <3 Open Source" but it's never been true
I think it's important to highlight that the "Microsoft <3 Linux" narrative deserves some scrutiny too: (https://old.reddit.com/r/linux/comments/lbp1m8/for_anyone_th...)
Well it does love open-source, it lives free access to source code it would otherwise had to put money into developing the same thing xD
Reading this made me think of AppGet, too
Yeah, at this point I feel .NET could benefit from being made into a proper marketed as independent foundation (and not the failing .NET foundation that does very little).
Because all these actions will get associated with .NET teams even if the latter go to great lengths to collaborate with community and ensure that new feature work does not step onto the toes of existing popular community libraries (for example Swashbuckle or eventing/messaging framework that was postponed/cancelled not to interrupt the work of other libraries including MassTransit, which is a bit ironic as MassTransit went full commercial later).
Another example here, Google forked a GCS fuse driver and the author found out later and posted on HN about it: https://news.ycombinator.com/item?id=35790223
Edit: apparently Google did not use the author's codebase, instead using an Apache 2.0 licensed codebase [1] explained here [2].
[1]: https://github.com/kubernetes-sigs/gcp-filestore-csi-driver
Comment was deleted :(
Microsoft runs on trust... like a car runs on gasoline
See also https://isdotnetopen.com and https://ghuntley.com/fracture
I'm curious why are you still maintaining the first one where it clearly links to Miguel's comments who is less than fond of .NET nowadays and is advocating for Swift of all things? Moreover, it speaks more of the tools teams management and management outside of .NET than .NET itself and you should be very well aware of that. It's been a link people repost ad-nauseam here with no constructive dialogue whatsoever whenever .NET is suggested as an arguably better tool for solving problems it's good at solving.
@pjmlp, thoughts?
Nothing is new, I have mentioned multiple times that Microsoft management undoes the great work from .NET team.
Also as polyglot developer, while I happen to have my preferences in regards to technology, I am not married with any of them.
Being MVP, Champion, or whatever program each megacorp happens to have, was never something I saw value in.
Never make a specific technology, or company, part of your identity as person.
I'm only pinging you because I think a couple of days (or weeks, even) ago you or someone else mentioned it is open source (?), so I was wondering what's going on.
It is licensed as such, with some gaps versus .NET Framework and VS features.
Hmm, okay. In any case I have a lot of misconceptions about .NET, TBH.
.NET is open source and people working on it go into great lengths to ensure it is a good citizen to open-source projects and communities. It has been open source for almost 10 years damn it. All in all what other divisions or teams do is greatly unfortunate because it will get associated with the aforementioned. Personally, this annoys me because other languages like Go or Swift do not receive the same criticism for the bad practices their respective companies engage in. Go in particular.
Do these links have much if any merit? I would have to re-check their claims though.
As I said, I have misconceptions of .NET, so it is always useful to get to the bottom of it.
The hot reload drama was real, and the decision was backtracked. The rest? I don't think it has any relevance as of today. Many other languages have worse situation when it comes to tooling. Right now, in .NET you can use Visual Studio, Visual Studio Code or any of its forks, Rider, which is now free for non-commercial use, and also Neovim/Emacs/anything which supports LSP and DAP.
Hot reload in general is difficult to make work in something that is mainly compiled, for example it does not work with F# right now, but there is someone in community working on making it a possibility. It's regular activities you'd see in other ecosystems.
E.g. I think NetCoreDbg, as an alternative to closed vsdbg that has usage restrictions, works well enough to fully enable the standard workflow when using VSCodium/Cursor/Neovim/etc. I know people use the latter with both C# and F# without sacrificing user experience in comparison to languages like Rust. It's just text editor, language server + debugger integration and CLI. You would hear about "refactorings" and "advanced features" from those who are used to more IDE-like experience provided by VS or Rider but, for example, many refactorings are also available in VSC/VSCodium because they are just a feature of the language server based on Roslyn analyzers and auto-fixers. It works with anything that integrates that and the language server itself ships with SDK to my knowledge.
All in all, the tooling situation is pretty good with multiple IDEs, commercial and community tools offered to be able to program in .NET languages, most languages HN loves to sign praises to do not have this. The same applies to GUI frameworks too - it's funny to read how .NET is "anti-linux" because out of AvaloniaUI, Uno, MAUI and a bunch of smaller libraries MAUI does not happen to target Linux. Some people just like to hate something, and if the reason for that goes away they come up with a new one.
Comment was deleted :(
This feels like the scene from Silicon Valley about brain rape.
https://www.youtube.com/watch?v=_STfy0QQjJY
Also, many large orgs are known to do this.
Billion dollar companies are not hanging out with you to be your friend, even if you're at the table for a reason (you belong there because you know something they don't).
When speaking with big companies, you are not there to impress them.
Speak for impact + meaning, they are so big and brilliant and rich and should already know how.
There are examples where a large corporation simply sponsored the developer and development of an open source project. This should be the way.
The most depressing thing about such behavior from MegaCorp is that they are too lazy to even pretend to care. We meet lots of people in life who would appear sincere, talk sweetly etc, but it is all just a show, just acting. Now it is a different discussion on which is worse (acting like you care or just flat out being a dick) but acting takes some effort. These companies with near infinite money can't be bothered to even put in the slightest bit of effort - how much effort would it be to give a shout out to Keivan when they copied AppGet to make WinGet?
> Not sure how people fell so hard for "Microsoft <3 Open Source"
Give them a (somewhat) open source IDE and they start believing you are friend of open source in general.
There's also WSL, .NET Core, they own GitHub and continue to host a lot of stuff for free, and more things I'm forgetting. I think the IDE was the least of it frankly. People do seem a bit too gullible because all of these things serve Microsoft's bottom line more than it does open source developers' (isn't it nice that we can now run Linux things right in Windows? How convenient that you don't need to dual boot and boot out of Windows rather than using WINE to run Windows things on Linux..!), but to say that it was all because of the electron IDE version named after a much better IDE is misrepresenting the situation
Yep. Microsoft loves open source. Free Software and especially user freedom, not so much.
Thanks for sharing this old thread.
I think this behavior stems from how big companies do performance reviews and promotions for developers.
Contributing to someone else's open source project is for schmucks and juniors. Authoring a "new" open source project in the company's name, getting recognition and solving problems is seen as "leading the industry" and whatever other wankery sophistry they come up with to try to motivate employees with.
If a megacorp wants your help to explain ANYTHING to them, you better be paid handsomely per hour. Wtf are people doing charity for trillion dollar empires.
It's also very possible they had been working on it already and wanted to compare notes, I certainly would if I were working on something internal and found a similar project, but I agree, ask them for a consultation fee. I don't see why they wouldn't pay it.
Both projects also share in license, so I have less of an issue with it personally. They're both MIT licensed.
You are supposed to keep the original license for a fork.
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
Simply removing the copyright is a violation of the MIT license.
It seems like a pretty minor violation, to be fair. They do reference the project in the repo.
The real question is why did the author choose MIT if they didn’t want allow mega corps to benefit from their work without contributing back. That’s a feature of the license, not a bug.
It's not a "pretty minor violation", that's the only condition of the MIT license.
Yes, they mentioned Spegel, but only to thank the authors for "generously sharing their insights" -- that's not even close to the required statement that part of the project is owned and copyrighted by the authors of Spegel.
Ok, so MS will see this thread and re-add the missing header to a few files.
You really think the author is going to then feel 100% better about it?
They are just another data point in the long list of authors who chose a permissive license and are then shocked when a billion dollar company takes advantage of it.
I can't speak for the author, but I when I release code as open-source I think carefully about the license that I use (usually either MIT, GPL, or CC0). If I choose MIT, then it's because I'm fine with companies "taking advantage" of my code. I'd probably mainly feel glad that I created something useful to someone.
What I'm not OK with is a company doing that without attribution. If XYZ company's product is built on code I wrote, I want to be credited -- both so that I can show it to potential employers, and so that users of XYZ company's product are aware that some of the code in it is something they can use for free and modify for their own purposes. If the attribution wasn't important to me, I would have chosen CC0 instead of MIT.
So yeah, if I was the author, I'd probably feel a lot better about if MS re-added the correct attribution. I'd probably still feel miffed that they tried to pull one over on me in the first place -- but I wouldn't be offended by the fact that they're using my software.
There's a difference between what the license does/doesn't allow and what is/isn't a dick move.
MIT is commonly used for cases where you don't want to scare away potential corporate USERS by the "virality" of something like the GPL. This does not mean that the authors are completely fine with their work being repackaged and DISTRIBUTED as if the company wrote it themselves.
This is fundamentally my thoughts on it as well.
If I write something useful and convenient for people, something that makes peoples' lives better, it's probably not going to see a lot of use realistically speaking. I'm not out there making a name for myself, I'm just doing some stuff.
If Microsoft takes my code, turns it into a separate project with a separate name, distributes it as part of their own commercial offering, uses it in their marketing... great! It means that my ideas are making people's lives better. Yes, it's enriching a giant soulless megacorp who, at a high-level, does not actually care about how people feel and only cares about making money off my work, but I care about how people feel, and if it means that my work gets to make people's lives better then that's great - I wasn't going to make money off it anyway, so I lose nothing.
Unless they take implicit or explicit credit for what I made. I don't need my name on the marketing or an invitation to a launch party, but at least make a note in the docs somewhere that "this project was forked from ...." so that I can point to it and say hey, look at this cool thing I helped make happen.
I guess what would really irritate me, when it comes down to it, is not that the giant corporation did this, but that the individual developers did this - some dev out there found my project, decided to use my code, and made the conscious decision to strip out my attribution and claim it as their own. That's what would actually hurt.
I second that.
The D programming language code is all Boost licensed and billion dollar companies are welcome to take advantage of it.
How much consulting revenue does it generate for you?
I don't accept compensation from the D Foundation, but encourage donations to it instead.
I mean, the author understands the MIT license, and is upset that the terms of that license aren't being honored. If I were them, I would absolutely feel better getting credit where credit is due.
If they wanted a less permissive license, they could have used one.
Did you read the article? The missing attribution is a tiny part of it. That’s not really what the author is complaining about.
That seems to be exactly the thing they are complaining about:
> Spegel was published with an MIT license. Software released under an MIT license allows for forking and modifications, without any requirement to contribute these changes back. I default to using the MIT license as it is simple and permissive. The license does not allow removing the original license and purport that the code was created by someone else. It looks as if large parts of the project were copied directly from Spegel without any mention of the original source.
Can you share what you think the author is really complaining about?
> Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that".
Comment was deleted :(
Hacker News. Temporarily embarrassed billionaires who want to vouchsafe evil behavior in case their own future offers them an opportunity to steal from the community on a similar scale.
If you lose open source you lose a major resource. You should be looking for ways to protect these authors instead of explaining how "technically it's all actually their fault for being generous in the first place."
This position is absurdly scummy.
Ah yes, “temporarily embarrassed billionaires” — spoken by someone defending billion-dollar companies blowing past the only condition of a permissive license, then getting mad when people point that out.
You don’t get to posture as anti-corporate while handwaving away an actual license violation just because the license was permissive. That’s not protecting the community - that’s making it easier to exploit. You’re not railing against theft, you’re normalizing it.
Either the community’s rights matter, or they don’t. Pick a side.
> It seems like a pretty minor violation, to be fair.
Quite the contrary. The licence does not have many constraints, but this one is important. Volunteer developers let their code being used in closed source commercial programs. Recognition is the only thing they expect and the whole point of the licence.
"There won't be any money, but we won't properly credit you and you'll won't even get any exposure". Not even offering exposure anymore.
There won't be any money, but when you die, on your deathbed, you will receive _total consciousness_.
--Carl Spackler, quoting the Dalai Lama
It is literally the only violation that the license is concerned with therefore it is major!!!
MIT and BSD type licenses say you can do almost anything you want, but just don't plagiarize, because that would be intellectual misconduct.
In addition to not just removing the copyright notice from sources, the MIT license requires the copyright notice to be present in all derived works. It makes no mention that if you compile a program, the binaries don't have to have copyright notices.
Comment was deleted :(
People here keep saying that they removed copyright headers. I can't find a single copyright header in the Spegel source files. Can someone help me find which headers Microsoft actually removed?
What I see is that Microsoft added headers to their Peerd files. Now they read "Copyright Microsoft", which is correct because Microsoft owns some copyright over those modified files. If those files had had a "Copyright Spegel project" before, Microsoft should have kept it and added their own. But those files did not contain such a header as far as I can see.
It's in the license file: https://github.com/spegel-org/spegel/commits/main/LICENSE
Right. So Microsoft should just have a copy of this LICENSE file somewhere? Can't we just open a PR to add it to the repo? Did the author do that and did Microsoft decline the PR?
Feels like Microsoft was not necessarily trying to steal work (they link the original project in their README).
I think as a bare minimum, they should have kept the original LICENSE, and add theirs on top or something.
It needs to be present in the headers of each file that they took from. Attribution matters and in mixed projects you need that clarification at the file level.
Does the MIT licence text say that? I don't understand it like this. I understand that a copy of the licence should be preserved, not that the licence should be copied into source files.
I think the fork needs to preserve the LICENSE file in the repo and in distributed code (e.g. packages), right? But not replicated as a file header in every blessed file in the repo.
The author talks about changing his licensing as the only stone he can throw.
As I understand it, changing the licensing will do nothing to affect the fork Microsoft already made. It might affect the next megacorp from doing the same thing in the future, but Microsoft can keep working on their fork without giving it a second thought.
This is for sure a cautionary tale for every open source contributor. Choose the original open source license very carefully.
Edit: Might I suggest that when picking the original license, you try to imagine how you might feel if the company that you hate the most (could be Microsoft, Google, Amazon, or other) does the most extreme thing allowed by the license.
It would prevent MS from backporting new changes.
They might not be able to copy new code, but you can't stop them from fixing bugs that you also fixed, or adding similar new features as you (using code they wrote after carefully examining what you did).
It seems like a pretty minor violation, to be fair.
Why "to be fair?" This is a trillion-dollar company with enough lawyers on staff to populate a small city.
Why are we cutting Microsoft slack? If anything, it should be held to the highest of standards.
Attribution is an important aspect of open source culture. It is the only thing that most authors get out of the deal.
uh, no!
Microsoft got tremendous value for free by forking. Which makes the obligation to deal ethically and honestly very serious.
You don’t get to take something from anyone without meeting the terms they have set for you to take them. That is theft.
(For clarity, I am saying theft of a right. As it does negatively impact the original creator, in terms of competition and lost attribution to the code they wrote, and Microsoft is not paying the “fee” that taking that right depends on.)
And no third person can can ethically speak for the source of the value and state that it’s no big deal for another party to break some part of a contract/license.
How do you know how much this aspect of the license impacted the original creators decision to share their work, their choice of license, or how they feel and and practically impacted about it now!
In this case, we know they clearly feel the violation was harmful to them at some level. They were snubbed, their work left unacknowledged, while Microsoft leached off them, even though doing the right thing would cost Microsoft essentially nothing.
Please don’t socially absolve the powerful from bad behavior toward smaller parties. That’s bad faith, after the fact, and you are not even benefiting from your own disrespect for the license. Always support the (credibly) injured party.
As for offenses against you, you have every right to be generous and overlook those.
(I once took a year sabbatical to work collaboratively on a project, with the presumed (based on what was a clear discussion to me) attributions being a key factor in me deciding it was worth the time and effort, when other factors made that a difficult decision. Only to have my attribution expectations unfulfilled, and no attempt was made by other parties to work things out. The situation was fraught enough that I couldn’t but help feel bitter about it for some time. I am long over it, but I would certainly take the year back if I could.)
The other thing is that Microsoft does not own the copyright for any of the code they used. Facing their work on code they don’t own the copyright to is incredibly messy from an IP point of view.
It’s why con contributor licenses agreements exist in most open source popular projects.
> Simply removing the copyright is a violation of the MIT license.
Did they remove the copyright? All the source files I checked in Spegel don't have a copyright header. To me it feels like it's the author's mistake.
Forks don't get to pretend that licenses don't exist just because they don't like the placement in the source.
Correct the code is still under the license they just don't have to add it to every file if it's not there.
You don't understand my point (probably my mistake).
If the file starts with:
// <MIT header>
// Copyright evantbyrne
Then a fork should read:
// <MIT header>
// Copyright evantbyrne
// Copyright Microsoft
But if you did not add "// Copyright evantbyrne", the MIT license doesn't say that Microsoft should add it. I don't even know if it's legal for Microsoft to do it. You have to add your own copyright to the files where you own a copyright.
I understood and this is incorrect.
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
It needs to appear somewhere regardless of where exactly the license was placed in the source repository.
Right. So they should just copy this licence somewhere in a subfolder, saying "parts of this project derive from Spegel, with licence: <copy of the licence>"?
They can still do it now, and probably they should (someone can even open a PR?).
They have to say what code where is copied from the other project. It can't just be "parts", because that obscures the authorship.
You can open that PR, if you care to identify which parts were copied and label them all. Really, the people who copied the code in the first place should have done so, and really should have known better, given they work for a massive corporation that claims to love open source and has had a massive interest in copyright over the past three decades. It's not just a "mistake", it's unacceptable for a professional programmer for a corporation to take code from a FOSS project without crediting it. That's a level of incompetence bordering on malpractice for a profession that deals so heavily with copyright on a day to day basis.
edit: According to the MIT license, the notice itself just needs to accompany the code, so I was wrong about the specificity needed. Still, it does mean that any further forks would be unable to remove the license without personally identifying if all the original code was removed. It's always better to identify what code belongs to who.
> It can't just be "parts", because that obscures the authorship.
Wait. When I contribute to an open source project without signing a CLA, I keep the copyright over the lines I contributed. Still, I don't add a comment above every single line saying that it belongs to me. Nobody would accept such a contribution. Even for fairly big patches.
Are you saying that every single open source project that does not make contributors sign a CLA is doing it wrong?
Nope, I made a mistake there. It's good practice, when copying code from software with a different license, to call out what code is copied from where, but such a thing is not mandatory.
So... what would be the minimal, right thing to do here?
I'd say one of the things you have suggested. Copying the license file from spegel into a SPEGEL_LICENSE file in the repository would be sufficient. So would be actually crediting the project properly in the README with something like "portions of this code were taken from the Spegel project, under the MIT license" with a following copy of the MIT license.
Feels like opening a PR doing that would be faster than writing a blog post to complain.
You could open the PR and it would also be faster than writing all these comments here about opening a PR.
That's not the point, it is not the author's duty to do that and him pointing out Microsoft's wrongdoing is meaningful at least to me because I will be more cautious if I'm ever being approached in a similar way.
> Microsoft's wrongdoing is meaningful at least to me because I will be more cautious if I'm ever being approached in a similar way.
That's the thing: Microsoft approaching the author has nothing to do with the wrong attribution. And I am not sure if the original author here is frustrated because of the wrong attribution or just because they would have hope money and fame from the fact that Microsoft reused their code.
Because it's not like Spegel lacks visibility (given the numbers they shared in the article), the link on Peerd's README is probably not bad for Spegel, and the attention here is publicity again. Probably infinitely more than if Microsoft had done the attribution correctly.
Only the author knows about his motives.
Your point seems to be that the author should not have written the blog post and done a PR instead.
My point is that whatever the authors motives are and whether he did a PR or not, his blogpost was informative to me and has value on its own.
The MIT license does not seem to dictate the exact location of inclusion. Logically, I would think you would want to associate it with the specific parts of code that you are copying. In the past, I've listed licenses together in the root license file for forks, and other times when the included code was a minor part of the overall project placed forked licenses within impacted files.
There is even some sort of “de-facto” standard for this purposes: Debian COPYRIGHT files: <https://www.debian.org/doc/packaging-manuals/copyright-forma...>.
It may not be perfect for all cases (e.g. if some sort of dependency is linked but not present in the source tree it is naturally not really accounted for by Debian copyright files) but then there is always the options of either adding copyright information to every source code file (I don't like that style for redundancy but it is for sure a very clear way to do it) or to hand-craft a human-readable variant similar to the Debian approach but less formally.
In any case it seems that nothing is new aobut this and developers working with FOSS software should very well be aware of these concepts.
> I don't see why they wouldn't pay it.
It's not the money, it's the red tape. Setting up a new vendor, finding the right account, getting the PO approved. Even in a company where that stuff is relatively easy, it's way more friction than a simple meeting where you don't have to ask anyone for permission for anything.
The number one rule about creating clean source (and IP) is not to look at competing implementations / patents. Was drilled in to me by legal over the years to avoid such issues. Really easy to unconsciously incorporate ideas from other projects.
This is not that though. Seems to be exactly what the maintainer is asserting and that's not OK. :/
> I don't see why they wouldn't pay it.
Oh I do.
The person that wanted to setup the meeting likely has no budget control. Big corps like to keep the ability to pay for stuff out of the hands of individuals and isolated in bureaucratic nightmares.
You'd be more than reasonable to demand "$1000/hr with 1 hour minimum" for such a consulting and I'd see HR in MS doing an immediate "hell no" to that.
One of the prerequisites for a successful negotiation is the willingness to walk away. This applies to both sides. I did consulting for a few years, years ago, and you'd be surprised what people are willing to pay. You'd also never know that unless you named your rate and were willing to walk away. I'm pretty sure any manager at Microsoft could easily swing a couple K. The main complication would be that this wouldn't be just a "meeting" then, and you'd need to set up a contract etc. Not insurmountable, just onerous and time consuming. So I'd insist on a much larger minimum, and would be willing to trade that for a lower price.
> you'd be surprised what people are willing to pay.
At least in my company, it very much depends on who's initiating the meeting. If one of our VPs did, then easy, any amount could be approved. However, if it's a team lead, we'd be told to pound sand.
I assumed other companies would be pretty similar.
But realize, that from the standpoint of the OP someone who can't swing a couple of K also can't swing a couple hundred thousand K _per year_ to hire more contributors or provide other funding to the project. They are, therefore, completely pointless to talk to - the decision makers won't be in the room.
> Big corps like to keep the ability to pay for stuff out of the hands of individuals and isolated in bureaucratic nightmares
I'd say my experience is exactly the contrary. Middle managers in my experience in mega corps have a lot of expense latitude for these kinds of things, expedited approvals, corporate credit cards. At least in the finance and tech world.
Could very well just be my company that's jaded me a bit about spending along with the work I did at HP. Both have a pretty strong penny-pinching attitude for common employees and lower-level management.
This is not an HR decision. This is a Director or VP decision in the relevant business line... BUT those guys can absolutely be 'canny' enough to suggest trying to get the person to do it for free first.
Microsoft has mechanisms to enable exactly this kind of arrangement to happen.
Their trackrecord is such that if I got a similar call my first question when possible would be how I was being reimbursed. They are welcome to fork anything of mine if they observe the license attached. I will take a look at any PR. I will NOT spend time explaining anything to their engineers unless reimbursed at my regular rates.
I hope by regular rates you mean your Enterprise rate that is 10-50x your regular rate. :)
Blatantly copying the code without proper attribution is a violation. Regardless, it's not your issue to be OK with it, if the author himself is uncomfortable with it
> Blatantly copying the code without proper attribution is a violation
Except that they did not do that. They forked it (as the MIT licence permits), added an attribution to their README, and added their own header to the files with their own copyright. It's not their fault if the original author did not add a header in the first place...
Or where do you see that they actually removed a copyright header from the author? None of the source files I checked in Spegel have one.
MIT license requires attribution, not "a copyright header". It's not concerned when headers, or with sources being pristine, but with people being credited. If I release my software MIT-licenced, but don't have copyright headers, you are not free to copy files without crediting me.
And no, their note in the readme is not an attribution. It's thanking them for "sharing their insights", which in no way is code attribution.
Microsoft violated copyright here, bar none. There is no other reasonable interpretation.
Right, they should copy the LICENCE file somewhere in their repo. Why not opening a PR, before writing a blog against Microsoft?
They actually thanked the project, it doesn't feel like they were trying to steal it. Maybe they will just accept such a PR and that's all.
Maybe they will, maybe they won't. I refuse to believe that Microsoft doesn't understand how attribution, copyright, or open source licenses work, though. I believe this is a mistake, but it's a very egregious one that showcases a lack of respect for the communities that Microsoft is exploiting. This mistake should not be possible from an entity like Microsoft.
Maybe the engineers did not go through a 12 months process with their legal department and did it wrong.
And with the bad publicity coming back to Microsoft, maybe those engineers will now understand that they should just avoid re-using open source projects when possible. And the next HN post will be about "BigTech reinvents the wheel in order to have control".
We're all nitpicking here: they mentioned the original project in the README. Peerd is quite different from Spegel, it's not just a copy with a small patch.
Sure, they should do it right. But really, a polite, small PR fixing that would probably be a good first step.
You don't need a 12 month process with a legal department to not take code without giving credit. This is not untrodden ground.
> they mentioned the original project in the README
They thank them for their "generous insights". That's not the same thing. If I take chapters unmodified from Harry Potter and thank Rowling for her "generous insight", that's still not okay.
> Peerd is quite different from Spegel, it's not just a copy with a small patch.
Nobody said it was. It does, however, copy functions and other entire blocks of code with comments directly from Spegel without giving attribution. That is wrong. That is plagiarism.
> You don't need a 12 month process with a legal department to not take code without giving credit. This is not untrodden ground.
Well, I have been in big companies where it takes a lot of time for the legal department to check those things. Not because it's fundamentally hard, but because the queue of things they have to do is pretty big.
> They thank them for their "generous insights". That's not the same thing.
Sure, it's wrong. But it's not "purposely stealing without giving any credit at all" either. It feels like an engineer did that, tried to give credit and did it wrong. And now we go on and on saying how this engineer is evil.
It's not that an engineer is evil, it's that this mistake should not be happening in a company like Microsoft. It's professionally incompetent at the very best. No trained and professional programmer should be accidentally plagiarizing code.
> No trained and professional programmer should be accidentally plagiarizing code.
In this case I still feel like they are more attributing incorrectly (there is a link to the original repo with a "thank you" note) than plagiarizing.
If there was no mention of the original project at all, then I could call it "accidental plagiarism".
Your argument is fairly asinine. When you fork an open source project under the MIT license you have an obligation to include the original license in all copies or substantial copies of the code. The author of the fork may also sublicense, which allows them to add new terms to the license, but not remove the original license.
Forking and/or copying files from the Spegel code base into the Peerd code base is permitted, but since the Spegel code base had a single license file covering the entire repo, then the onus is on Microsofts engineers to update the code they copied and include the original license terms, for example, by including something like:
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
// Some code Copyright (c) 2024 The Spegel Authors, under MIT license
If your argument is that they aren't required to do this because the original code didn't have a license header in the file, then it would follow that you are arguing that the MIT license doesn't apply to the code that was copied, in which case Microsoft is using unlicensed code stolen from an open source project.
While I haven't worked at MS specifically, I would assume that like every other tech company I have worked at, they have a team or working group that specializes in adherence to open source licenses specifically to avoid both the legal implications and the bad PR implications of misusing open source software.
Do they have to copy the licence in every single file, or do they have to copy the licence somewhere in their fork?
The details are less important. The code that is copied needs to be attributed, either with comments, or a license file that states which files came from the project, or something else, but the specific code does need to be recognizable by a reader as coming from that other source. Comments and copyright headers are the easiest way to do this.
Still, to me it's not even clear if "substantial parts of the code" were copied. What the article shows is really small snippets of pretty generic code. Ok, it keeps the original comment and the overall form. But if it's 15 lines, it may even count as "fair use", couldn't it? Remembering how LLMs use the concept of "fair-use" by stealing everything everywhere...
My point is that Peerd seems like it's loosely based on Spegel. Maybe a fork that was heavily modified. Not sure if they should track all the code that looks like it was not modified enough and attribute it everywhere.
Probably they should keep a copy of the original LICENSE file somewhere, sure. And if one asks politely, maybe they will do it.
Again: they did credit the original project. So it feels a bit aggressive to say that they "stole it without giving any credit".
> Still, to me it's not even clear if "substantial parts of the code" were copied. What the article shows is really small snippets of pretty generic code. Ok, it keeps the original comment and the overall form. But if it's 15 lines, it may even count as "fair use", couldn't it? Remembering how LLMs use the concept of "fair-use" by stealing everything everywhere...
Fair use allows for commentary, news reporting, criticism, teaching, research, and scholarship and there are guidelines. Most cases where fair use is sought as a defense requires litigation to clear it up. The other alternative when forking an extremely permissive MIT license is to just follow the license.
> Probably they should keep a copy of the original LICENSE file somewhere, sure. And if one asks politely, maybe they will do it.
They are required to do so by the original license of Spegel. Does Microsoft ask politely when people violate MS licensing by say, pirating their software, or do they work with 3 letter agencies and a massive enforcement team to ensure their licenses are followed?
> My point is that Peerd seems like it's loosely based on Spegel. Maybe a fork that was heavily modified. Not sure if they should track all the code that looks like it was not modified enough and attribute it everywhere.
Yes. Every other tech company I have worked at, including Mozilla, a company that publishes almost everything they do as open source, has had folks dedicated to ensuring license compliance.
> Again: they did credit the original project. So it feels a bit aggressive to say that they "stole it without giving any credit".
They didn't provide credit in the way that the license requires. This isn't a case where a new community member forked or copied code into their first open source project. This is one of the biggest companies in the world with a well-known history of taking and using OSS without proper attribution. I like and use many MS products, but they absolutely do not deserve the benefit of the doubt.
> This isn't a case where a new community member forked or copied code into their first open source project. This is one of the biggest companies in the world with a well-known history of taking and using OSS without proper attribution.
Next time you work in a big company and you feel that the legal department is a PITA and slows you down, remember how people react when they are not, like here :-).
I don't know why you are trying so hard to carry water for a team of engineers at a company that has the history to know better.
The team that built peerd had the good sense to consult with the author of Spegel before moving forward with their project. A simple note to their business line lawyer (or whatever they call them at Microsoft) at work to say "hey, we are going to use some of this code from this open source project, what do we need to do?" would have taken less time and effort than setting up the meeting with the Spegel person/folks. That is assuming there isn't an easy to find page on how to consume open source software on Microsoft intranet. Every major company I have worked for (HSBC, Mozilla, Amazon, Fastly, Cisco, to name some) has had this going back to 2005. This isn't rocket science.
You also don't need to be a legal expert to comply with most open source licenses, and the MIT license in particular is really easy to comply with. Just copy the code, and whatever file you copy the code into gets an attribution comment at the top.
I'm all for going against leadership when they purposely abuse people (like Zuckerberg telling his engineers to torrent copyrighted data for their LLM).
I would be in favour of checking what small companies do with licences. In my experience, the vast majority of startups blatantly abuse open source all the time.
But here it seems like it's all about an engineer who did some kind of attribution, but didn't do it correctly. And people are happy to say that it's all part of a big evil plan by Microsoft to take over the world.
All this uncertainty is caused by Microsoft's copyright infringement.
It all depends if the code was copied for a big part or just snippets.
But it doesn't here! You are totally allowed to completely copy an MIT file, modify it and add your copyright to it!
You should just keep the copyright that is already present in the file! But in the case of Spegel, I don't think that the files contain a copyright header in the first place.
Nonsense. Copyright is implicit and assigned on creation.
The git history has a clear trail showing author and contributor details.
An explicit copyright notice for every file isn't needed.
This is a straightforward, unquestionable license violation, and no amount of corporate FUD will change that.
You're talking about copyright, I'm talking about attribution.
Of course, the author keeps their copyright on the lines of code. But that's completely different from how the attribution should be done.
> I don't see why they wouldn't pay it.
I have seen plenty of dev managers refuse to pay for something if they didn't have to.
Very possible, from the in repo documentation (which credits Spegel yet again) https://github.com/Azure/peerd/blob/main/docs/design.md it seems like there was a particular engineer at Microsoft who was working on Azure Container Registry who found it useful to integrate Azure Container Registry.
If they contributed it upstream, would we be discussing a blog post "how dare evil megacorp submit a PR that only implements their API! embrace extend extinguish!"? Probably.
> If they contributed it upstream, would we be discussing a blog post "how dare evil megacorp submit a PR that only implements their API! embrace extend extinguish!"? Probably.
Considering how often that happens VS how little times stories like that appear on the frontpage of HN, I'd wager a guess that we wouldn't be discussing it like we're discussing the current license violation.
Yes, charity. That's exactly what these trillion dollar empires think of those open source maintainers. Microsoft pulled this same stunt multiple times on os maintainers.
Open source has been hijacked by trillion dollar hyperscalers.
It's time we switch to "fair source" or "equitable source".
Put MAU/DAU/ARR/market cap limits in your license. Open to everyone with a market cap under $1B or revenues under $100M. All others, please see our "business@" email.
Place viral terms like the AGPL that requires that all other systems touched by your code to be open - especially the backend/server components that typically remain hidden.
We're giving away power to these companies for free, and they use their scale and reach to turn our software into a larger moat that ensnares us and taxes us in everything else we do.
Your contribution of open source in one area might bubble up as Microsoft or Google's ability to control what you see or how you distribute software to customers. It's intangible and hard to describe these insane advantages and network effects big players like this have to lay people, but I know we as software engineers understand this.
Open source has been weaponized against us. They get free labor and use our work to tax us, pin us down, out compete us, and control us. We need to fight back.
I did this with https://terminalwire.com/
I’m still tweaking the execution of the license, but in principle my thinking is, “if you’re using my software to make money, and you’re making a lot of money, you should probably be paying me to use my software”.
There was already a term - "free software".
"Open source" was literally created as a corporation-safe neutered form of "free software".
It still boggles my mind that people don't understand this. The FUD and misinformation that's been spreading about the GPL and the FSF the last decade almost seems like an intentional campaign brought on by exactly those who benefit from you using a "permissive" license the most.
The key is that "permissive" is passive voice. It's more permissive for corporations in that they are allowed to use it to tie their customers even tighter to them. Compare this with "restrictive" (for corporations) AKA "copyleft" which ensures that users' freedom is maintained, by restricting how corporations can limit them.
It's very akin to the paradox of tolerance.
Some folks are now calling them pushover licenses instead of permissive licenses.
I love this
Then the company just re-implements your project; they have the resources to.
Most software isn't hard to reverse-engineer, and most people aren't exceptional; if a group is big enough to create a GPL-licensed product that competes with Microsoft's, they're big enough to create an MIT-licensed product that competes with Microsoft's.
I like GP’s comment “don’t discuss anything in private and/or offer priority support without being paid”. Also:
- Ensure you get attribution, and support others who deserve attribution
- Develop open-source alternatives to paid programs
- Donate to others who write open-source
I disagree that open-source contributed much to companies becoming so rich. I believe it was more that people gave them (money and) private data, e.g. made posts and interactions that only exist on their locked-down platform. I doubt a lack of open-source and accessible development tools would’ve prevented Google and Facebook; if anything, they would've been founded by richer or more networked people. And it certainly won't prevent them now.
Those companies can produce legal abstraction hacking solutions faster then you can develop shielding ones. You needs something poisonous ,costing money or work with each usage preventing mass adoption without a complete rewrite .
Open source will inevitably succeed, but only in the long run. In the short term VC (or tech giant) cash will dominate any conversation. There's absolutely nothing you can legally do from preventing reimplementation (which is a good thing, because it means over the long term we will reimplement everything as free software).
>Open to everyone with a market cap under $1B or revenues under $100M.
That would also mirror what they do with tools like Visual Studio, which is free until you hit a certain number of developers or revenue.
I don't understand why we don't just lean into the "osi = corporate, copyleft = good faith" model that's worked perfectly well for the last thirty years.
Yes when projects like Alpine Linux are in the ropes due to lack of funding something needs to change.
Wait what? I didnt realize this was the case and I say this as a huge alpine fan. Will look into whether there is an option to setup a recurring donation and will do so if its the case.
We don't need yet another license, especially not a use license. Just use a GPL, the version (LGPL, GPL, or AGPL) depending on what you are concerned with.
> Open source has been weaponized against us.
This was always going to be the case. We Free Software advocates have been saying this for decades.
And you're not even to the most important part: this isn't about you, me, or megacorps. It's about users.
Getting someone who worked on the thing or someone close to the author to be hired by your company and bumped to a high prestige position probably has more effect on law than a license (just an intuition).
"Hey, that guy worked with the author, and he was hired and now is a super top dog there... he must be the true genius behind it"
I mean that for ideas, not materialized code. You guys are so focused on small text files and miss the big picture sometimes.
Licenses are a small angle for those things.
Look up the WRT54g sometime
https://sfconservancy.org/copyleft-compliance/enforcement-st...
Is it USA courts only? If it is, it's the same as nothing for people like me.
Also, GPL is about source code, not ideas. Source code is not that relevant.
The WRT54g led to a variety of user-serviceable firmware worldwide, including dd-wrt and openwrt. It gave, and continues to give, new life to otherwise wifi devices that shipped with a abandoned propeietary software. It was a revolution in wifi router firmware, and still is.
It was created because Linksys shipped GPL code to customers but didn't provide the source.
Sure. I understand.
My work is with DSLs: domain specific languages. The work is in the idea realm (most of the time is spent there), not the source code implementation, which is often trivial once the language is developed.
The gratification also is different. Seeing others use the language is the best one can hope to achieve nowadays. Maybe publish a book about it, but that sounds more trouble than it is worth (judging by how books on patterns, a similar realm, are often misquoted and misused).
That's why all this talk about licenses sounds like nonsense.
Ideas are not copyrightable, so you can't prevent anyone from using them without keeping them secret, and even then folks might come up with the same idea independently.
They are patentable though. Feels like you should have mentioned it.
I could have kept it a secret and made a book about it, tying my name to it forever.
However, I want my domain specific languages to run free. People not getting in my nerves about them anymore would be enough compensation.
True, although software patents aren't supposed to be a thing in some places, so your success in protecting software ideas might be location dependent, or time dependent as case law changes. Thats probably why I forgot about them.
That's incompatible with why I do OSS. For me OSS is the ratchet for humanity, the way we fight enshittification and force companies to innovate and compete with each other to make better things. As soon as you abandon that mission and split it into fiefdoms, you're now just the thing that true OSS has to disrupt in order for humanity as a whole to get better software.
A shame though it is, helping everybody the same amount is not likely to get your much gratitude from anyone. But that's the job.
[dead]
What else can you expect from the company that was founded by Gates?(Ref, SCP,QDOS, IBM)
Comment was deleted :(
Not just a megacorp. Anyone for a commercial purpose
Hmm, think we ought to judge on a case by case basis. However, for megacorp and especially banks that has almost 0 to 1% access to cost of capital, vs rest of us who at at 20 - 30 % ( for credit card, loan sharks), then there should be a different license for these people. There should be a GLP type license adjusted to the cost of the capital.
There should not be any difference between small or large entitise in how you deal with them as an opensource maintainer. Just because someone has more money (or less), should not automatically mean you treat them with more leniency or ethics.
You set up your standard, and stick to it whomever comes.
Companies are never just money. There is a monumental difference between:
1. A small company which is barely profitable but is building something which aligns with your values and you see as a positive to the world.
2. A massive mega corporation whose only purpose is profit, mistreats employees, and you view as highly unethical.
You shouldn’t treat those the same way. It’s perfectly ethical to offer your work for free to the first one (helping them succeed in creating a better world) and charging up the wazoo (or better yet, refusing to engage in any way with) the second one.
There is no such difference.
A company is not a person, and can literally have its entire staff changed in short order. Or be bought.
Companies have no morals. Sometimes people in companies do, but again, that person can vanish instantly.
You should treat a company as a person which may receive a brain transplant at any time. Most especially, when writing contracts or having any expectation of what that company will do.
This is an exceptionally ignorant viewpoint.
A business that is privately owned, is run by its founders and which represents the lion's share of its officers income and net worth can be dealt with like any other small business.
Some guy who makes bespoke firmware for industrial microcontrollers or very niche audio encoding software isn't Microsoft. You won't be able to do business with him in a useful way if you treat him like Microsoft.
If the business is run by its founders and has taken VC funding, the founder’s “values” no longer matters.
There exist companies which have taken VC money, and others which haven’t. We’ve carved out one exception, but this doesn’t indicate that small personally-run companies can’t exist, right?
Comment was deleted :(
The key is contract. Casual chat with a corporate representative who isn’t selling you something about something you own requires some sort of contractual relationship and consideration.
A sole proprietorship pretty much is a person.
Or a single member LLC.
How do you refuse to engage if you use the MIT license?
don't respond to their emails.
If you want to be extreme don't distribute it to them in the first place. Licenses do not come into effect until after distribution. So you could have a pay-to-download model that comes with a %100 discount if you're a lone developer or an organization with under X amount of revenue. You wouldn't be able to stop someone redistributing it after the fact, but you're not engaging.
Comment was deleted :(
Unfortunately now that everything is based on automated pipelines, something that doesn't integrate well is not so good.
Although at work we have a provider of proprietary software that has an APT repository where the URL includes a secret token, so they can track from where it's being accessed.
Interacting with faceless entities with the power to buy multiple countries the same way you'd interact with some interested independent young person wanting to learn.
Interesting moral proposition, I doubt you'd get many followers. I think it's perfectly reasonable to treat people differently from corporations, and random small and medium corporations differently than huge megacorps without losing any sleep.
Specially in business, charging more to those that can pay more is a very common approach.
> charging more to those that can pay more is a very common approach.
and all consumers dislike price discrimination. Airlines is the classic example.
It's just that those companies do this because they can. And i hate it. I much prefer a static, single price for a product.
No, it's also because some consumers can't pay the "original" price. Steam in "developing" countries is a classic example — you as a game developer can ask a guy from my country $60 for a game (and some companies do try that), but he will simply go back to torrent trackers because $60 is a week's worth of living expenses.
gaben figured that out and successfully expanded into many markets that were considered basket cases for software licensing.
> Interesting moral proposition, I doubt you'd get many followers.
But the US Supreme Court would be one of them.
> You set up your standard, and stick to it whomever comes.
Well, the standard for software licensing is to sell cheaper licenses to smaller businesses and more expensive licenses to larger businesses.
So you're equally like to give your change to a poor beggar and to a guy begging from inside his rolls royce?
If i ahead of time decided to give my next dollar to the next guy begging, why not?
That's a really silly precommitment. If you were sensible, your actual commitment should be "help the next person who requires help, provided that help can be provided in the form of one dollar".
That's why the premise in the grandparent post is ridiculous.
But the license of a piece of software is not ridiculous - if you chose a very permissive license, you cannot then go and choose who should or shouldnt be profiting off your software. The license was a pre-commitment.
But lots of people make this pre-commitment, but then makes a moral/ethical judgement post-facto when someone rich seems to be able to extract more value out of the software than what "they deserve", and complain about it.
"Permissive" licenses, in fields where abusive corporations are known to operate, are a really silly precommitment. Copyleft exists for a reason. But, even if you (foolishly) made that precommitment, that doesn't then mean you have to do free labour for the abusive corporations, out of some misguided ideological consistency. (Such consistency is the hobgoblin of little minds.)
I mean, the MIT license might be a “more permissive” license but it says very explicit things that Microsoft is explicitly ignoring. Your license choice doesn’t matter when they ignore the license anyway.
If a guy comes begging for money out of rolls royce, I guess they either are pretty bad at begging or have a pretty bad sense of humor. I guess I wouldn't give money to them, it doesn't seem like it'll help them regardless.
What is the difference between a rolls royce and a celebrity benefit? You shun Shriners if they have a catered $1000 fund-raising dinner?
> You set up your standard, and stick to it whomever comes.
Why? Most businesses don't entertain standard rates, either. It's case-by-case negotiations ("call us", "request quote"). Why should I, as a private person putting stuff out there for free, set up "my standard" and stick to it?
Comment was deleted :(
Because otherwise it's not a value, it's a whim.
But I guess they don't mean set the same price for everyone - but rather stick to your values in what you do.
Clearly you have yet to experience some of the less savoury behaviours from Megacorps sharks. You're looking at people trying to make a name for themselves internally and if this means being economical with attributions, this is the least they would do for their place in the California sun.
This is The Way
Why, if they are paying their employees and aim to earn from their enterprise, should so disrespect your time and IP as to attempt to not pay you?
Tho pricing tailored to customers works, as long as it's efficient and non-zero.
> Wtf are people doing charity for trillion dollar empires.
I agree with you 100% but I'm guessing getting approached by Microsoft can be pretty ego boosting, which is what these companies exploit.
Won't you think of the poor trillionaire corporations? They are just poor developers with nothing to their names.
https://zedshaw.com/blog/2022-02-05-the-beggar-barons/
> No, this begging is particularly different because it capitalizes on the good will of open source developers.
> Microsoft, Apple, and Google are standing on the internet in their trillion dollar business suits with a sign that reads "Starving and homeless. Any free labor will help."
> They aren't holding people up at gun point. Rather they hold out their Rolex encrusted hand and beg, plead, and shame open source developers until they get free labor.
> Once they get this free labor they rarely give credit.
> They're ungrateful beggars that take their donated work hours, jump in their Teslas, and ride off to make more trillions proclaiming, "Haha! That open source idiot just gave me 10 hours of free labor. What a loser."
Seems more like a networking opportunity personally
Because they're hoping not to antagonize the megacorp (too quickly). If a megacorp has you in their sights, especially in a country like the US where court battles are prohibitively expensive, pushing the envelope will just draw ire and aggression from that megacorp. A normal person has no negotiating leverage in front of MS especially when it comes to open source.
It's like negotiating with the mafia, you might get something out of it but if you cross the line you'll end up face down in a ditch and authorities will look the other way. Megacorps have stolen, copied, reverse engineered, replicated, etc. things since forever and it always worked out for them.
In this case MS didn't need any help. They could very well take everything and face no real repercussions (this is the reality when the majority is uneducated, and their elected representatives are greedy and spineless). So playing along gives some chance to get something positive out of it.
> especially in a country like the US where ending up in court is prohibitively expensive
What’s the scenario here where they could take you to court for refusing to (in GP’s words) doing charity for them?
Scenario 1: Microsoft contacts you and says they want to talk about your open-source project. You never reply.
Scenario 2: Microsoft contacts you (…). You reply “thank you, but I’m not interested. You are of course free to contribute or fork within the constraints of the license.”
Scenario 3: Microsoft contacts (…). You reply “sure! I charge $X/hour or I could do a flat rate of $Y for the meeting. Is that acceptable to you?”
What basis would they have for taking you to court in any situation? As soon as you got a legal letter for any of them, your first step should be to send it to as many news outlets you could think of.
Patent infringement. Microsoft has one of the largest patent portfolios in the world.
“Ending up in court” vs “Microsoft suing you.” I think the implication is that if MS simply decided to unilaterally fork the project and change the license, the OS maintainer’s only real recourse is the court system (and the court of public opinion), and that would be expensive.
Except MS did it anyway: the author cooperated and MS still forked and removed the original copyright notice.
Since this isn't the first time MS does this to a FOSS maintainer, it's clear this tactic doesn't help us.
> I felt there was going to be a path forward ripe with cooperation and hopefully a place where I could onboard new maintainers
He was hoping for a fruitful collaboration and offered the help towards this goal. MS taking whatever they wanted anyway just proves that they had no intention to cooperate, let alone to pay handsomely for something that was already free.
Ending up in court means you need to sue the megacorp to enforce the license. This makes it a free lunch for a megacorp.
With every single scenario MS takes whatever they need. They don't have to pay, don't need the help to read code, and you can't afford to force them to respect the license.
P.S.
> As soon as you got a legal letter for any of them, your first step should be to send it to as many news outlets you could think of.
There's a guy rotting away in a El Salvadorian prison with a lot of press to keep him comfort. Not sure your letter will capture the world's attention like you think it will.
Probably expectation of some monetary gain. At the very least getting hired to keep working on the same thing. I do not blame him at all for this. Though when things didn't work out, all he thought he could realistically do is start accepting donations.
I think that worldview leads to a much poorer world.
Normal people aren't constantly engaging in a fight for survival in every aspect of their lives, and I don't think it's a good thing to ask them to. We should expect the people we deal with to be acting in good faith. I think it would be bad actually if I had to consider if you're going to make money off of my idea when talking to you.
Asking everybody to be constantly vigilant of possible exploitation by megacorps puts an undue burden on individuals. We should have strong and durable protections against those megacorps in other ways.
What I'm saying is that this sort of copying should be criminal (not just illegal, but criminal) and Microsoft, the legal entity, should be held accountable and fined. I acknowledge that this isn't currently possible with our legal framework, but we should work to make it possible.
> Normal people aren't constantly engaging in a fight for survival in every aspect of their lives, and I don't think it's a good thing to ask them to. We should expect the people we deal with to be acting in good faith. I think it would be bad actually if I had to consider if you're going to make money off of my idea when talking to you.
I agree with you, if we're talking about people acting as individual humans collaborating together on FOSS.
But this is really about a for-profit corporation acting in its own interests, using people to do its "deeds". Then I think it makes a lot of sense to treat any "Hey, could we chat to you about your project?" with a great deal of skepticism, because they have a goal with that conversation, it it's unlikely to align with your own goals, in most cases.
Ultimately, people from that corporation is reaching out to you because there is a potential/perceived benefit coming out of that conversation that they want to have with you. If it isn't extremely clear to you what that exact benefit is, I'd say the smart thing to do is being cautious, to avoid situations like this which happen from time to time it seems.
A hugely successful megacorporation with a famously competent logistics department can cut a one time check without batting an eye.
You’re not bilking Ed’s Garage, you’re a rounding error on their petty cash account.
> We should have strong and durable protections against those megacorps in other ways
like what? continue to use (pay) for their products and wait for regulations coming from lobbyist countries? /s
NO, just NO!
And this is done by the owners of Github. Throw away open source licenses, create your own, make anyone who forks your code perpetually pay for your work, or ask money for your work.
"Luckily, I persisted. Spegel still continues strong with over 1.7k stars and 14.4 million pulls"
Yeah, your time is your most precious resource and what you get in return? Recognition? virtual stars, pulls, essentially numbers, essentially nothing. And then you get robbed.
WAKE THE FUCK UP PEOPLE.
"breaking the licenses"?
"without attribution"?
Did we read the same article?
If you'd care to be a bit more specific, I might be actually be able to explain something to you.
I am genuinely interested: everybody here says that they removed the copyright headers. But when I browse through the Spegel sources, they do not contain a copyright header...
To me it's the Spegel author's fault: there should be a copyright header in every single file, such that Microsoft would have to keep it.
It's in the LICENSE file. With a MIT license, you assign a copyright to the project, or to a certain set of files. The Spegel license attributes copyright to "the Spegel authors", while Peerd attributes it to "Microsoft Corporation".
If some of the peerd code was lifted from Spegel, it's blatant stealing. Code attribution is the only thing a MIT license asks people to honor, and Microsoft couldn't even do that.
Can’t help but feel no matter what they’d done there would be some route of thought that leads them to wronging the author other than just paying and using the code as is. I don’t know why a corporation would do that though as they likely have their own changes and direction they want for it and working with an unknown 3rd party on that could be a nightmare.
From the authors reaction they chose the wrong license for the project.
> If some of the peerd code was lifted from Spegel, it's blatant stealing.
Could we say "it's incorrect attribution"?
> and Microsoft couldn't even do that.
Did you consider it may have been done by an engineer who, in good faith, thought they were giving proper credit by adding it to the README? Would you want that engineer fired because of the bad attribution?
It's not like Microsoft is making millions out of this. Sure, they should fix the attribution. It's a mistake.
Most startups/small companies I've seen rely heavily on open source and fail to honour every single licence. This is bad and nobody cares. Here, Microsoft mentioned the project in the README (which is not enough, but not nothing), and I'm pretty sure that they can fix it if someone opens an issue. But overall, companies like Microsoft do honour licences a lot better than startups in my experience.
BigTech is evil for many reasons, but maybe we could consider that this is just an honest mistake.
Of course it was a mistake. In fact, as of 20 minutes ago, the mistake appears to be sorted out, with both the main license file and the offending files sporting new copyright headers.
But corporations hiding behind their workers is a no-go. Corporations get to enjoy their successes, and it's fair to hold them accountable for their failures. Least Microsoft can do is a bit of public comms work detailing what they will do to ensure these mistakes are not repeated in the future.
MIT license doesn't require copyright headers. You need to credit the authors even if the files don't have headers.
Microsoft does credit the authors on their README. Maybe it's not exactly the right way to do it, but they do it.
Now if it's not the right way to do it, what about opening a PR and asking to change it? Instead of writing a blog post to complain about them?
Now maybe those engineers thought they did well, will get issues internally because of the bad publicity for Microsoft, and next time they want to use an open source project their legal department will be even more of a pain in the ass because if they aren't, then random people on the Internet use that to do bad publicity for the company.
Why not assuming that they are in good faith here? There are enough reasons to hate Microsoft other than this one.
The question is who does the copyright belong to in this repository. It is both original author and Microsoft (because they took authors code and modified it). So the License file should mention both.
I am not convinced that the main LICENSE file should mention both. I feel like somewhere, in the project, there should be a copy of the original license.
When you depend on a third-party, you don't add their copyright in your main LICENSE file.
In case of deps, the dependency comes with its own LICENSE file.
In this case the code is essentially forked, integrated and intermingled, so that is why it should be in the LICENSE file.
If it was file or two, it would be fine to add a comment pointing to the license file in the repo, if it was a directory, or to copy it verbatim to that file. It all the copied code was in a directory then having it in directory would be fine.
In this case it looks like they took the original code and heavily modified it, so the simplest way to solve it is one LICENSE with both notices.
I don't read anything suggesting that in the MIT licence. I don't see why they couldn't say "the fork came with its own LICENSE file, which we moved in this subfolder, and now the root LICENSE file is the one of our new project".
The question is, "If I look at this repo, who owns the copyright?" Sure, you could move the original LICENSE into a directory. Still, if the files are intermingled, you should have a prominent notice that says, " Hey, these files have mixed copyright ownership."
> Still, if the files are intermingled, you should have a prominent notice that says, " Hey, these files have mixed copyright ownership."
I don't think that the licence asks to do anything like that. Where in the MIT licence do you see that?
They do not credit the authors. They thank them for their "insight". That's very much not credit for copied code.
Microsoft has almost always behaved unethically. Many examples similar to yours are easy to find. Their behavior in your case immediately reminded me of this 1994 example:
https://www.latimes.com/archives/la-xpm-1994-02-24-fi-26671-...
They've engaged many naive people/companies, milked them of their knowledge after signing NDAs, and then stabbed them in the back, stealing eveything.
They're big enough, and have unlimited legal resources to vigorously defend any legal challenge, and also to launch legal attacks at will.
After the DOJ anti-trust case, they preemptively put every major law firm on retainer, so nobody else could retain them in an effort vs. Microsoft, without creating a conflict of interest.
They are still evil, but less so after Gates and Ballmer.
There’s a Simpsons episode that’s older than many of the readers here where Bill Gates destroys (literally has goons smash) a business Homer accidentally started.
If Matt Groening thinks you’re a gaggle of assholes you’re probably even worse.
Good stuff. Been with Matt since "Life In Hell" in the Easy Reader.
As a maintainer, it is my duty to come across as unbiased and factual as possible
i disagree with that. factual? sure, but unbiased? why? it's your project, and you have every right to be biased towards it. on the contrary, i expect you to, and i actually believe that not being biased towards your own project is very difficult so that i don't expect many people to be able to not be biased.
I thought the same, as the sole maintainer he can be king and do as he pleases, his git, his baby.
Comment was deleted :(
Came to post the same thing.
How can you not be biased? You built something. You want people to use it (assumption).
This post is a great example why the choice of a license matters. You never know what your code will evolve into, so why give away your countless hours to a company/3rdparty that does not really care (aws, msft, goog, etc). License matters and large companies would not risk litigation and even if they do, that would be a great way to earn money down the road for the copyright holder. The only FOMO with MIT is that your code will prob not gonna be easily used by 3rd parties in production which would diminish the popularity effect. On the other hand, I think that code has more value if it uses a copyleft license and I am much more inclined to contribute to it.
https://github.com/Azure/peerd/pull/110
> fix: amend copyright attributions #110 > > This commit amends copyright attributions that were omitted due to an oversight on part of the Peerd authors. Copyright header attributions in a few files have been updated to include "2023 Xenit AB and 2024 The Spegel Authors". The attribution in the LICENSE file has also been updated to reflect the same.
This is not the first or last time this has happened. Microsoft does it intentionally and when they get caught they then give a fake apology and pretend it was a mistake. These mistakes keep happening and the pattern is always the same, MS teams engaging with a developer to learn all about their business idea and then they steal it:
I'll never understand why they didn't simply hire him.
There has been many, many stories of Microsoft doing just that, invite for some talk, learn what they need to know and then do it their way.
It's not a new practice, and it's not exclusive to Microsoft either, it's something every developer should be acutely aware of, in case they're interested in avoiding it.
They’ve been accused of using interview answers in their own products as well.
I’m still salty about teaching someone something they didn’t know about caching in an interview and not making it to another round of interviews after that. If it was a huge company I’d be furious.
Microsoft does, it because they know they can get away with it. Its in Microsofts DNA in my opinion. The company has a long history of such practices, decades. Occasionally they meet someone who has a enough clout to hold them to account. Sometimes they have even tried to copy patented information and get away with it. ( Example Microsoft tried to steal the idea of product activation. The owner had deep pockets enough for the court case cost ~$15M and won several hundred million from Microsoft.) Also, Many companies that disclosed information to Microsoft under NDA found Microsoft developed very similar products
"Can this feature land upstream?"
"No."
<Fork happens>
:shrug: - of course, the failure to preserve the license is an egregious error which amounts to infringement. But it's easily remedied.
And if the downstream project has a popular feature that can't / shouldn't land upstream, then that's okay - that's what everyone prefers.
"$BIGCO shouldn't be using my software, certainly not outside of how I intended it to be used!" - this attitude is totally contrary to both Free Software and Open Source IMO.
If you don't like it then you should probably consider a more restrictive license.
Forking might be the wrong word, what happened here looks more like (somewhat obfuscated) plagiarism.
I analyzed the 2 repositories for copy/pasted lines using PMD's CPD (copy/paste detector) - using the first commit of peerd and one from spegel that was from around the same time.
There are some clear duplications, e.g. 178 lines here: https://github.com/Azure/peerd/blob/64b8928943ddd73691d0b5d8... correspond to this: https://github.com/spegel-org/spegel/blob/ed21d4da925b9a179c...
Also 44 lines here: https://github.com/spegel-org/spegel/blob/ed21d4da925b9a179c... and https://github.com/Azure/peerd/blob/64b8928943ddd73691d0b5d8... but the full files are almost identical, only a few edits that break the complete equality.
Also https://github.com/spegel-org/spegel/blob/ed21d4da925b9a179c... matches https://github.com/Azure/peerd/blob/64b8928943ddd73691d0b5d8...
I haven't looked deep enough to see how much of the differences are obfuscation and how much are meaningful changes. File names are all changed, many structs and variable names as well.
See this gist for full list of duplications: https://gist.github.com/corneliusroemer/c58cf0faf957d9001b58...
To add some missing context: the MIT license is so small I can embed it into this post.
Here it is:
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
> I default to using the MIT license as it is simple and permissive
What's good about being "permissive"?
I keep hearing this argument, but I still don't understand, what's the incentive for authors of one-man projects to choose anything "permissive".
Do you enjoy your project getting forked, walled off and exploited for profit by someone who has never done you any good?
AGPLv3 still allows forking, still allows making profit (if your business model is sane). But it is at least backed by some prominent figures and organizations, and there are precedents where companies were forced to comply.
I’ve released some utility libraries under permissive libraries. I like it when they get used. Even when it’s part of a large company’s closed-source app. Many people don’t like that, and that’s perfectly fine, that’s why there are different choices available.
What I’ll never understand is people who release their project with a permissive license and then get upset when a big company distributes their own version of the project in accordance with the license. If you don’t want that sort of appropriation then you need to pick a license that doesn’t allow it.
Note that in this case Microsoft has not been following the license, as they removed the copyright notice
Copyright (c) 2024 The Spegel Authors
> The above copyright notice [...] shall be included in all copies or substantial portions of the Software.
So if they had left that line in, everything would be cool?
To me, licenses like MIT or BSD pretty much imply "do whatever you want with this" I know it's not exactly that but if you really care to keep some control over what others do with the code, you need a more restrictive license (and even then people are still going to copy it, especially in the LLM era).
You can "do whatever you want with this code", but there's a catch: you have to give credit to the original author. You might not care about the credit, but lots of people care.
You can't just cherrypick the things you like about a license. All of the conditions of the license apply.
You're thinking about what people can do with the code, like copying, editing, and distributing. This is not it. We're talking about giving credit to the original author, as per the license.
> So if they had left that line in, everything would be cool?
It certainly would be better.
Forks tend not to have -perfect- relationships and tend to cause a bit of mutual annoyance. But attribution is important-- it's the most basic step.
When this maintainer is asked how the projects are related, it'd sure be nice if both projects are telling the same story, instead of one illegally lying about it.
Well, it’s the difference between plagiarism and attribution. If your goal isn’t money but a bare minimum recognition for what was your work vs someone else taking credit for it, yes it’s enough.
A lot of open source software operates on the same principles of academic research. Most academic research is considered freely available, and other researchers can generally use your work as they please, so long as they cite the original author.
In this context, not "citing the original author" in the copyright statement, labeling the repository as a "fork" on GitHub, clearly crediting the original author in a way that clearly describes the fact that a significant portion of their code is used in the new project isn't just a violation of the license, it's plagiarism.
So in that sense it could be better potentially.
Yes, it would be cool, and it's the usual way to do these things. You can license code under a more restrictive license, and clarify licensing by adding an extra section to the main license, adding the license to a subdirectory, or adding license headers to the individual files.
Whether the MIT license is the right one to choose is probably a different debate.
Microsoft credited the original author and project in the README, which is far more visible than a hidden copyright line somewhere in the terms and conditions. If attribution was what he wanted he should be really happy about he outcome, but clearly that's not what this is about. He is simply pissed that Microsoft used his project.
If they had been factual I the credit I'd agree. When it's actually a fork, why not just say so. "This project is a fork (or based off) Spegel. Thanks to the authors etc" Maybe with a rationale why they forked it. You know, just common decency...
Because it's not a fork. They copied the API and like 100 lines of unit test code.
Maybe not a fork, but the author writes "It looks as if large parts of the project were copied directly from Spegel without any mention of the original source".
So they are exaggerating?
Comment was deleted :(
Still, it's illegal for Microsoft to remove the copyright as per the licence.
If I owe you $100 by contract, I can't just pay you with 1 ton of steel slab delivered to your garage and argue that this is worth more and therefore you should write the debt off.
Ignoring that Microsoft isn't following the MIT licensing requirements, this is my same approach with using the MIT license. I create open source software for the benefit of everyone, for profit or not for profit. The only thing I do wish in return is acknowledgement. That's why in this case, I'd reach out to Microsoft to fix that issue, and nothing more.
> I create open source software for the benefit of everyone, for profit or not for profit.
I have the same reasoning as to why I pick the AGPLv3 license as the default for my new projects. I want any benefits from my code to continue to benefit everyone, even if someone is profiting off of it.
> The only thing I do wish in return is acknowledgement.
Make sure you pick a license that reflects what you want, then.
> Make sure you pick a license that reflects what you want, then.
The MIT licence already requires attribution, and that is what the author picked.
The person I was responding to began with "Ignoring that Microsoft isn't following the MIT licensing requirements", and it is clear in his comment that he's not referring to the OP's issue, but the issue in general.
In other words, he's saying that even if it had been some other license, he wants attribution.
That's silly. If you want attribution, say it up front (which could simply mean picking the MIT license).
In the present case of Spegel, it wasn't in accordance with the license, because the fork removed the attribution.
I get that, but it doesn’t really seem to be what the author is complaining about.
Because the “payment” that you get for its permissive use is the attribution (which can be personal gratification or it can professionally boost your profile/opportunities). MSFT robbed them of that.
Yeah, as far as I can gather the only thing MS did wrong here is not explicitly crediting the project they forked the code from, and I don't get the impression the author would find adding that one sentence to the docs to be adequate redress. I don't get why you would take personal offense at a big company forking your code so they can mold it to their purposes - the license allows that. Now whether that's the right way for a "friend of the OSS community" to behave is a different question entirely, but anyone who ever bought that horseshit from them has had their head in the sand.
Using code per the terms of the license is one thing. Stealing it it another, and that is what Microsoft appear to have done.
I released a fun personal project under GPLv3 and the first filed issue was someone saying I should change the license to something friendlier to business interests.
Hell no. If they want to profit off my work, pay me. This is something I'm doing for fun, on my own terms. It’s Free for anyone to use as they want, so long as they keep it Free, too.
Right, dual license is the way in such cases.
Give downstream how much they are willing to give upstream.
At this point I'd include some of the code as binary blobs and "pay me for the source!". In addition to GPL!
Temping, but we don't fight their crummy tactics by using the same ones.
Why is it crummy? Open source benefits big tech now. Especially for cloud based stuff.
Only open source it if it fucks big tech. E.g. bittorrent or an alternative browser. Or an app on your local machine as a SaaS alternative.
Blobs violate clause 2 of the Open Source Definition:
We are no longer talking about open source software if you distribute blobs in place of source code.
They could distribute source code under AGPLv3 while also offering paid/propietary pre-compiled binaries
That is not what pyfon was suggesting. He was suggesting publishing binaries instead of source code.
Less permissive copyleft licenses like GPL and AGPL go a long way toward preventing that. It’s important to choose them over weaker licenses if you don't want companies using your work without giving back. If you do that, you don't have to do other unusual things to protect your users’ rights.
The GPL and AGPL don't prevent corporations from plagiarizing your code via AI.
It does make them legally liable for doing so.
[citation needed]
Any court cases supporting this form of liability?
Here are a few: https://en.wikipedia.org/wiki/Open_source_license_litigation
GPL does not allow binary blobs. MIT and BSD doe.
In the context of this thread (where the commenter is suggesting the author release a binary with a different license), your comment is meaningless.
The author of the GPL code can release binary-only blobs released under something other than the GPL. Suggesting that the copyright holder cannot relicense their code how they want is absurd.
Saying the "GPL does not allow binary blobs" implies that the author is not allowed to release binary blogs, which is not true in the slightest.
Can billg make a repo with win.com and win.bat, and use the GPL licence because the win.bat is the source code and win.com is only a binary blob?
Assuming that win.com is able to be stand alone and doesn't require win.bat, then yes, Bill can license both of these components separately, one under the GPL and another proprietary.
The Free Software Foundation (FSF) describes this copyleft aspect of the GPL in terms of "derivative works" associated with GPL-licensed software. When two components are related to each other in a derivative way, then the GPL says that the derivative must likewise be licensed accordingly.
So in this example, does win.bat simply execute commands to get win.com started? Is win.bat a glorified shell script wrapper? If so, then win.com would NOT be derived from win.bat. The cart follows the horse. But instead, if win.bat exposed some symbols or other binary API features that win.com was coupled to and depended on, then you could rightly argue that the win.com would be a derivative of win.bat.
More practical of an example, if a database is licensed under the GPL, clients that connect to the database using the socket interface do not constitute a derived work. Or components in a micro-service architecture do not necessarily need be licensed all under the GPL when a single component is.
Pluggable architectures are possible with the GPL. And of course, your interpretation of what exactly that means is subjective and requires case law to help understand.
[edit]
And to reinforce what the parent of yours is saying, the author in the original example can do whatever they want with the software, since they own the copyright for both the GPL and proprietary components.
The GPL is simply a license for non-copyright holders. It allows others to be able to use a piece of proprietary software without having to establish any additional authority with the owner. e.g. it's the means to convey how others can use the software and does not constrain the owners/authors of the software. Other licensing options may be available, if the copyright holder allows.
The GP says:
>>> At this point I'd include some of the code as binary blobs and "pay me for the source!". In addition to GPL!
So, the proposal is to hide the source code and IIUC if someone does this, the whole complete project can not be released as GPL.
That's incorrect. As the original author of the work, you can release the project under whatever license you choose. Doing so may make it impossible for someone else to meaningfully comply with it, but that's their problem, not yours. It doesn't stop you from choosing the GPL, even if it's a bizarre option for that particular project.
You are perfectly fine to include your own binary blobs with your own GPL licensed source, you are not violating the gpl as the binary blobs was never under GPL.
and as long as the binary blobs are not derivatives of GPL'ed code ...
It's bizarre to me how, despite people criticizing the GPL and GNU as too ideological, the people you refer to - the permissive people - somehow seem even MORE ideological. The GPL to me seems pragmatic - sure technically a minimal license like WTFPL (ignore all its legal issues for now) is some kind of minimalist idea of pure objective freedom. But the GPL has some key "restrictions" that aren't really restrictions and produce an ecosystem that WORKS. Meanwhile the permissive ecosystem is just waiting to be scooped up by bigcos at their whim.
well, it's worth noting that since microsoft is also releasing the source code, the same thing could have happened with GPL. Though I suspect the author would be even less happy if they had done all the same stuff (minus removing the copyright notice, even) and then not released the source, so that's not me arguing against the GPL
I also think in practice microsoft would have been less likely to actually take the code, and probably would just have reimplemented the ideas in it if it was GPL
Just wanted to highlight your last point so that it's clear. Microsoft reimplementing the authors project was exactly what they wanted! To see a different implementation. A different "take".
Have to agree with this. There's an endless list of open source maintainers who publish an MIT-licensed project then are surprised when it is treated as an MIT-licensed project. If you want rights, assert them. No one else is looking out for you. Especially not Microsoft.
Maybe many MIT license users want a big company to take in their projects.
Big companies have resources to mimic it anyway, right? If they really want some tech, they can reproduce it.
Having a good idea flourish, whether it is in Microsoft's hands, manifested within Clojure, or in any other fruitful form, is good enough.
There is no license for a raw idea anyway. For the essence of it. Seeing it used means success, it means "you were right".
The secret counsel of idea honor keepers will eventually figure it out and make some kind of repairs.
In this case, there's an open source maintainer who was fine with a MIT license, and even helping onboard people from a big tech firm, only to realize that even attribution was too much to ask.
Since the terms of the license were violated, there's not much to learn about which license was chosen. The only lesson to learn is that big tech will steal everything that isn't nailed to the ground, and then some.
> what's the incentive for authors of one-man projects to choose anything "permissive".
The incentive is generally that people enjoy having their projects used, be that by commercial companies or otherwise.
(A)GPLv3 does not prevent their projects from being used.
That's the point!
GPL family of licenses would've made a difference in this aspect for libraries (because afair if you link to GPL code, you must be GPL). But for an app? You can use it, fork it, modify it... Just make sure you make your changes available under the same license. Seems very fair to me.
> (A)GPLv3 does not prevent their projects from being used.
In practice, it does in many cases. Many companies have a blanket policy of avoiding these licences. But I agree that they make more sense for apps than libraries.
So they don't use Linux, bash, or GCC?
Not in their products. Internal use is fine, but where it gets dicey from a legal point of view is when you distribute GPLv3 binaries as an integrated part of your product.
Many vendors use Linux in their products.
Think: smartphones (Android), routers, smarthome/IoT devices, other embedded devices.
Linux in Android is GPLv2 not GPLv3. The v2-v3 difference is a big deal to some.
Linux developers made an intentional decision to stick with GPLv2 and to remove the "or later version" option, so you can't include it into GPLv3 projects as you can with most other GPLv2 software.
GPLv3 avoidance is why Apple ships ancient versions of Rsync, Bash and Make on its current OSes instead of the current versions, and replaced Samba with its own inferior SMB service.
Change "use" to "distribute" (what the license cares about) and you're bang on.
This is a huge difference. The GPL and its flavor are explicitly not about use. They place zero restrictions on use. Unlike, say, just about all proprietary software.
It only governs distribution and especially prevents distributors from locking their users in, and from placing restrictions on their users' use of the software.
If you count AGPLv3 as a "flavor" of GPL, then it absolutely does place restrictions on use.
Depends on your definition of "user"/"use" and "distribution" really.
If the service provider is the "user," and performing actions with it on behalf of the ultimate user is "use," and not "distribution," then you are technically correct. It restricts the service provider from forcing their customers to be dependent on the them and/or restricting the end users' use of the service, like the GPL does for proprietary software the user runs on their machine.
I personally disagree that running something on behalf of a user makes you the end user, but there's always the GPL if you think that.
Linux is GPLv2, not 3
From my past experience, it goes something like this.
If software is GPLv2, it's penalized relative to more permissive options when it comes to picking one. In practice it means that it's avoided unless it's "too big to avoid", or because the very nature of what you're doing requires it - this is the case for e.g. Linux and R.
If software is GPLv3, it's considered radioactive and is avoided at all costs, even if it means rewriting large amounts of code from scratch.
Notably, macOS ships mainly BSD-derived userland utils and for the rare GNU software, it's GPLv2 stuff (hence zsh as the default shell, while shipping bash 3.whatever for compatibility).
Apple doesn't ship any of these anymore.
And guess what application developers install immediately after getting their MacBooks?
The GPL licensed git.
If I'm forced to use MacOS, I'm fine installing git, GNU make or whatever I want for myself. But I don't see any downsides in Apple being unable to distribute those applications together with their OS.
> And guess what application developers install immediately after getting their MacBooks? The GPL licensed git.
Why would they do that? I didn't, because macOS ships with version 2.39.5 as /usr/bin/git. You're free to upgrade to a newer version, of course, but the included one is recent enough for most uses.
Does macOS include git? Oh. My bad. I concluded from the previous comment that Apple doesn't ship bash because it's GPL and hence doesn't ship anything GPL.
And my point was: this is fine. Even if it was true.
But as this is not the case, I see even fewer arguments against GPL licenses.
Apple shies away from GPLv3 code. They ship a ton of GPLv2 code, though. And as you mentioned, even if they didn't, it just takes a moment to install Homebrew and get whatever else you want. Apple doesn't stop me from installing a new Emacs.
Sure, Apple won't stop you. But the defaults matter. If you're writing a shell script and you want it to run on MacOS, you need to target the ancient version it's actually shipping, or you have to tell your whole team to install a later version. If your servers are running Linux then you'll be dealing with platform inconsistencies all day long. Ask me how I know.
Last time I was forced to use MacOS, I did all my work in a Linux VM. And still hated it.
[dead]
This is even more damning because it means the maintainers want their MIT-licensed projects to be used by for-profit companies, but bellyache when certain big-tech companies fulfill the maintainer's vision.
I’m wondering how’s it going with the whole dual-licensing schtik.
GPLv3 with interpreted code is a legal nightmare you do not want. Compiled is manageable.
Then again I've seen companies publishing stuff on GitHub, when asked about the license; slapping GPLv3 on it but also forcing you to take a license with them for commercial use. Yea no, thanks. You just made a poison pill somehow even more lethal.
> (A)GPLv3 does not prevent their projects from being used.
It really does. It stops it being used by people who need or want to use other licences. I believe it stops it being used on iOS and (probably) Android apps. The GPL world and the permissive licence worlds are walled off from each other in significant ways for lots of reasons.
Source: I maintain an app where I didn't choose and can't change the licence. And I come across code I can't touch almost every week.
> I believe it stops it being used on iOS and (probably) Android apps. The GPL world and the permissive licence worlds are walled off from each other in significant ways for lots of reasons.
I fully agree that (A)GPLv3 code effectively stops code from being used by many large companies (every place I’ve worked in the last decade has a near blanket policy on refusing to use code licensed that way except in very specific and exigent circumstances), but it isn’t necessarily true that app developers can’t use (or can’t choose to license) (A)GPL code in their iOS apps, provided they abide by the terms of the license.
Most developers won’t — or can’t — but the advent of dynamic linking of libraries in iOS, as well as the EU-mandated third-party app stores (which aren’t available outside the EU, but still), make the situation a lot more grey from the black and white stands the FSF attempted to take in the early 2010s. And to my knowledge there have been no legal challenges about the use of GPL code in iOS apps, so the issue is essentially unsettled.
That said, in most of the cases where I have seen iOS apps use GPL code, the full app source was available (and that may or may not fulfill the redistribution requirements but I’m not a lawyer and I’m not going to cosplay as one).
On Android, where full Google Play alternatives like F-Droid are available, plenty of GPLv3 apps exist, even if they aren’t available on Google Play.
But yes, when it comes to incorporating GPL code into a non-GPL app, that is much more difficult in the realm of mobile than it is for other types of applications.
> but the advent of dynamic linking of libraries in iOS
I'm not sure you can dynamically link to GPL in this case (LGPL maybe )? And I recall that there's also issues around signed bundles used on the various stores.
But the fact that we're not sure and the fact that we're having this conversation rather proves my point. People who aren't fully in the GPL world usually have to steer clear of GPL code entirely. This goes double for hobbyists and small orgs who can't afford a legal team.
> even if they aren’t available on Google Play.
As much as it's regretful this is a huge issue for most people who want to make apps that other people can use.
Apple famously migrated away from bash (stuck on 3.2 in macOS 15) to zsh to avoid the GPLv3 'problem'.
There was zero chance of them having problems shipping bash and I'm glad you put problem in quotes.
https://www.gnu.org/licenses/gpl-3.0.txt
11. Patents.
A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version.
https://fsfe.org/activities/gplv3/patents-and-gplv3.en.html#...
Eben Moglen speaking at the GPLv3 launch, January 16th 2006
...
We recognise that for parties who have extensive portfolios that are extensively cross-licensed, what we are saying here for the first time creates questions concerning their cross-licenses in relation to their distribution.
We recognise also that to say that you must "act to shield" is not explicit enough. We recognise that this is a very hard problem and though we have worked long at it we have no unique solution to offer you, even as a beginning for conversation.
...I am not a lawyer, but what I understand from that is, if Apple authorizes use of bash under GPLv3, and then Apple decides it has a patent on something and bash is infringing on that patent, Apple can't go sue their customers for patent infringement because they are using bash. I'm 99% sure that's the intent of the clause. Lawyers are famously pessimistic and so I can see why they wouldn't want to test that, but seriously, what. are. the. chances.
Like seriously, maybe Oracle comes and sues Apple for patent infringement, and Apples only defense is to counter sue Oracle for using bash on their Macbooks?? They lost that defense when they stopped distributing bash, why not just distribute it under GPLv3 anyway?
As I understand it, it's more difficult than that... though I'm not a lawyer.
Let's say {some company} and Apple have a cross patent licensing for some set of patents.
Apple releases some softer under GPLv3. {Some company} sues someone else for a patent in bash. Since Apple licenses that patent and distributes bash, Apple is now obligated ("must act to shield") the distribution of bash that includes that patent.
If you distribute a covered work knowingly relying on a patent license, you must act to shield downstream users against the possible patent infringement claims from which your license protects you.
https://github.com/apple-oss-distributions/bash/tree/bash-13...
There's Apple's bash distribution. If this was the GPLv3 version of bash and apple distributed a version that {some company} decided was infringing, and {some company} sued you - "I got it from Apple. Apple Legal, help me."
That's a helpful explanation, thank you. As a consumer of free software, that sounds great! I agree that it sounds pretty messy for big companies and all their patent deals. Sucks to be them, I guess
They still ship bash. It’s just not the default shell anymore.
They ship the last GPLv2-licensed version of bash — bash 3.2 was released in 2006, with minor bug fix patches released up until 2014.
All the replies to this spreading anti-GPL FUD are doing Microsoft's work for them. The idea that the GPL is "viral" and will latch onto any code it gets near is an Orwellian turn of phrase invented by Microsoft from what, 30 years ago? And it has worked because people are scared of the GPL! It's gonna get you! Don't even get close to it!
Nevermind that Red Hat built a billion dollar business on top of GPL licensed code. Never mind the millions of embedded systems being sold with GPL code in them. Nevermind Google, Facebook, Netflix, etc., etc. all eating Microsoft's lunch a thousand times over using GPL code. Businesses better stay away! It's dangerous!
I won't use GPL libraries in my code. I'm quite confident I'm not the only one.
If there was no other choice, I may consider something LGPL or with the linking exception, but not until I had exhausted a search for something more permissive. To this day, I've never used GPL in any of my code, open source or closed. I've been writing code for 35 years daily.
> I won't use GPL libraries in my code.
Why? Do you also avoid libraries with an even number of consonants in the name?
Strange comment given the obvious differences in GPL vs. non-GPL regardless your personal opinion. GPL code means if I decide to distribute my project in the future, I will have to distribute my source code. That isn't a risk I'm willing to take. Some of my projects are open source, but I want to retain the option of doing what I want with my code, so I don't use GPL licensed code.
> I keep hearing this argument, but I still don't understand, what's the incentive for authors of one-man projects to choose anything "permissive".
My JS canvas library is licensed using MIT. From my personal perspective, I wouldn't have any problem with some $MegaCorp coming along and forking it, and even claiming it as their own creation. But ... why? Because one of the main drivers for my development of the library over the past few years is to proof-of-concept the idea that 2D Canvas API based infographics and interactives can be made - with the help of a JS library - performant, responsive and (most importantly!) as accessible to every end user as reasonably possible. My ideal outcome would be to embarrass other JS canvas library maintainers into taking canvas responsiveness and accessibility seriously. If that needs a $MegaCorp to come along and fork the library to bring my dream closer to reality then I ain't gonna stand in their way!
Of course I'd still continue to develop my version of the library - it's become my passion and obsession and there's always improvements to be made, new ideas to be explored.
Remember EEE.
Very likely, you'll end up with a $MegaCorp-backed competitor driven by goals very different from yours.
EEE assumes open source software is only going to be created if it is widely used. As soon as that isn't true, it is irrelevant.
It was effective against companies that relied on interoperability and profited when people used their software projects. On the other hand, if someone wants to add features that my project can't support, it changes nothing about my life or work.
When the goal is "make the best software possible", the $MegaCorp would only compete by making software that is better that what is available in the open source ecosystem. That doesn't take anything away from anyone else. It is a Pareto improvement: people can pay and have even better software, or not pay and use the still-good free option.
As @diggan wrote[0] elsewhere in the thread, the issue is not that MIT is permissive but that Microsoft did not honor the requirements of the license (despite it being permissive!):
> Does it matter what license you use if they actively ignore the terms in the license you did chose? MIT requires attribution, but they didn't. Why would any other terms be different? You surely could have put "You must license your project the same as the one you forked from" and they still would have ignored it, not sure what the difference would have been.
> Do you enjoy your project getting forked, walled off and exploited for profit by someone who has never done you any good?
By far the biggest risk for most projects is "nobody notices it and nobody uses it".
And if someone "takes" your project and uses it - you've usually still got it. Software is funny like that.
If the project is good, the license is hardly ever an obstacle for adoption.
At least I can't recall any such cases.
Do you have any examples?
Yes. GPL libraries especially.
My app project is Apache for historical reasons and can't be changed. https://github.com/icosa-foundation/open-brush/actions
(and I'm not sure if I would move to GPL if I could but that's a separate discussion)
I regularly come across interesting libraries that I can't use (half of CGAL for example)
If it's GPL-like its usage would be mostly confined to open source projects.
That's the whole point. If you build something on top of open source code, your code should be open source too.
Even if this is the case I might not want my library or application to be copyleft. Or even if I do - I might not want everyone else in perpetuity who uses my code to have to use a copyleft licence.
This goes back to the fact that not everyone can choose to use a GPL licence and in a world of compromise and collaboration, that can be a blocker.
Those of us who disagree are happy to see our software used in any context in exchange for attribution.
The problem that occurred in this case is someone at Microsoft taking the code without following the license at all.
> What's good about being "permissive"?
it is good if you do not plan to go for violators anyway
I made some photos and published them on Wikimedia Commons (say, of random bicycle infrastructure).
I am fine with people using them without attribution, I expect that their use overall furthers my goals rather than damages it and if I would release it on CC-BY-SA 4.0 or similar I would not go to court over missing attribution.
Therefore I selected CC0, no reason to make things more complicated only to people following license.
I selected AGPL/GPL for some software where I would be happy to burn pile of money in case of license violation, up to and including litigating it in court for 10 years.
You might not care, but your downstream users might care about being locked in.
I initially had the same reaction to the MIT license; but it sort of looks like the GPL (or AGPL) wouldn't have really prevented this behavior. Microsoft (it sounds like) is making the code available; they've just extended and renamed the project. They could have done exactly the same thing (fork, rename, release under the same license), with the same effects he's complaining about (free-loading the consulting time, confusing the community) if he'd made it AGPL.
I mean, consider an alternate timeline. It's clear MS had their own, strong vision for the project, that overlapped with but wasn't identical to his. Is it actually that much more considerate to show up with two dozen new developers suddenly flooding a single-maintainer project with pull requests, some of which completely restructure the code and re-orient it towards a new vision that the original maintainer might not want?
Either the maintainer is now doing loads of unpaid labor for MS, and is the bottleneck; or he ends up having to step back and let the new MS developers bulldoze the project and take it over anyway.
What would have been a better approach?
I think the better approach would have been to give the author a choice of what happens.
i.e. they could have emailed the author to ask:
1. "Would you rather us fork your project (new name), or would you rather donate your project to us under its original name, as well as give us the ability to rename it (which we will)"
2. "Would you like a $300 microsoft store gift card as thanks for writing some code we're planning to use?"
3. "Would you be open to providing a paid ($600 microsoft gift card) 1-hour consulting meeting to ramp our engineers up on your codebase? We won't actually listen since our engineers can in fact read, but we'll pay you"
4. "Also, just in case you don't know who microsoft is, we do have a careers page over here, and our team doesn't have headcount but other teams do <link>"
It sounds like microsoft didn't do any of that, which as you say is well within their right, but emailing to ask is polite.
My god, a gift card? What am I going to do, buy FoxPro and a month of Xbox Live? Honestly I'd prefer to get no email at all than that miserable offer. If the project is only worth a couple of hundred dollars to them they're probably better off not bothering.
Don't know about the US but here giving a gift card would be an in kind payment which requires a contract. And all the associated mess with it.
MS would have gone nowhere near said project if it had a GPL license on it. Simply because those companies have fears of virality.
I agree that Microsoft seems identify more with parasites, but they're no strangers to symbiotic relationships with viruses.
In fact they do distribute and contribute to lots of GPL software, including Linux. I can't be sure their involvement benefits anyone other than themselves, but theybdo at least participate.
> In fact they do distribute and contribute to lots of GPL software, including Linux.
systemd author is employed by Microsoft.
Depending on your views on MS and systemd, that's either a net positive or negative for the linux community.
A tactical move in both good and evil MS scenarios.
One should choose a license that fits them. The problem with GPL licenses is they are viral and non-permissive. As a developer, as soon as I see the GPL I just click away to another repo no matter how good the lib is. I don't want people doing that to my projects, so I use Apache/MIT or whatever the permissive license that is most prominent for the language I'm using.
One could argue that GPL is very permissive. If you need to use it in a proprietary way in your own company for internal purposes, no problem; if you release software that others use, you have to release the code as well. I dont want to be using black boxes in this day and age.
Permissiveness is relative, so in relation to MIT/BSD/Apache, it is not.
As a user of code I feel it is more permissive to me to see the code. As a licenser of code I want what is best for me and for others as a user and future developer. Others are free to do anything as long as they dont remove the license and the modified code if they release a software.
If one wanted a different linguistic of pseudo philosophical spin, one could argue that a society would be more permissive than ours in a similar sense that MIT is more permissive than GNU, if it allowed free killing of random people for no reason. Nobody wants to live in such a society and it would not develop as fast as our society. I want to live in a society that permits collaboration, editing, and modification of software I use under the guarantee of the license.
> As a user of code I feel it is more permissive to me to see the code. As a licenser of code I want what is best for me and for others as a user and future developer.
That is a fair point. I admit I'm speaking purely from a selfish dev perspective. I am glad there are other licenses available, and that people are free to choose what fits them. I myself simply won't use GPL code, however, for the reasons I've specified.
Hi! Do you work for Microsoft? There is nothing "non-permissive" about the GPL. You can use the code however you want. "Viral" is a perjorative description that Microsoft pioneered the use of to describe the GPL. The GPL is not a virus that latches onto any code it gets near, without anyone's permission. You should not use that term.
> The GPL is not a virus that latches onto any code it gets near
Honestly, that is EXACTLY how I feel about it. If I use GPL code in my code then my code must also be GPL (if I distribute). The term seems to fit to me.
And no, I've never worked for MS.
Viruses are things that latch onto other things without their permission. If you choose to build off of GPL code then yes, you must preserve the GPL license. There's an important difference.
It's actually the same as any other copyrighted code (and in the US, all code is automatically copyrighted and restricted). You cannot just take code and use it in your project. GPL code is nothing special.
It is very easy to accidently use a GPL library without knowing it, especially if it is a dependency of a dependency and you aren't using a license scanner.
It’s very easy to do all sorts of incorrect stuff if you totally ignore your responsibilities.
If you're not redistributing the GPL library, then it doesn't matter. If you are, then there are all sorts of other licenses which come with the same (or greater) headaches.
> If you are, then there are all sorts of other licenses which come with the same (or greater) headaches.
I avoid those as well
> What's good about being "permissive"?
They want widespread usage of their project, but always decry not like that when Amazon or Microsoft is responsible for the usage.
This is the reason why I am so confused by the strain of open source thought which says that large companies exploit OSS maintainers and ought to pay them.
Maintainers often pick permissive licenses specifically because they want companies to use the code. They want their project to grow and be adopted, and they reason that GPL would stifle adoption.
I don't really like the tactic of making your code as convenient as possible for anyone to grab off the shelf when they want to use it, and then later turning around and saying they should pay you. Why not do the payment part up front (by GPL-licensing the code and then selling dual licenses to interested companies)? Because then you wouldn't have any takers. Better to wait until people have integrated it into their systems before informing them that they ought to pay you.
The author didn't seem to request payment in monetary form but expected some kind of contributions back which would have helped both sides. It would probably be difficult to include some guarantees about upstream contributions into the license but interesting takeaway.
Doesn't that bring us right back to GPL family licenses?
The GPL doesn't require contributing back, only contributing forward to users.
It seems pretty difficult to legally hide useful code from a GPL upstream.
But, if the argument is that the GPL is too permissive to achieve what the author wants, why on earth was the author using the MIT license?
With GPL you don't have to actively work to upstream your patches, but in practice you can't withhold your patches from upstream. If you add a feature, they get to have it too.
Unlike permissively licensed software, where you can add proprietary features.
Depends how savvy your users are, and what your users lose if they do send your patches upstream. For example, GRSec or RedHat both drop you as a customer (so no security updates) if you republish their patches publicly. Or a paid iPhone app's users probably wouldn't know what source code is, let alone where/how/bother to republish it for the benefit of other users.
I don’t mind sharing my software with others, even folks who want to make a profit. Of course, that’s easy for me to say since I’ve only released a few small projects open source. But when I do, I make my projects fully public domain. I’m not interested in feeling any sense of obligation to those who try the software out, so I free them from any obligation to me as well.
That said, I fully support larger projects being GPL, which I think is a more reasonable license for projects that involve dozens or hundreds of contributors and are depended on by millions around the world. But the role of the MIT and Apache style licenses has always felt a little more confusing.
This makes no sense, you want to make sure software gets updated in the future, however small. Permissive licensing allows companies to hide improvements and this in the long term erodes the original. Individuals on the other hand are not bound by legal teams and can work with GPL and similar.
The idea behind permissive licensing like this is that you don't particularly care about "eroding the original": you don't see its ineffable status in relation to others' work as something that must forever be maintained.
I've also leaned toward CC0-style licensing for some of my smaller projects, that are shared for explanatory or artistic purposes. The reasoning is that GPL-style licenses give the code its own 'weight' as a unit, that keeps others from lifing good ideas from the code and incorporating them into their own projects as they wish, at any point in the next ~135 years. (The barriers aren't just the stereotypical "how dare they make me share my code!" but also the realities of license compatibility, having to make sure never to lose any version of the source, and so on.)
I agree with GP that this isn't necessarily the best idea for large projects that exist for their own sake and that companies might find great profit in copying. But it's not like all projects fit that description.
But they wouldn't be under any obligation to you. They would be under obligation to whoever they distribute their modifications of your code. That's it.
It's very simple, the reason people favor a more permissive license is generally the same reason they open source their code: You want other people to use your project.
Obviously, a more permissive license is going to let people do whatever they want with "your" code, as it doesn't really belong to you anymore. If you want tight control then it's a bad choice, but a more permissive license is almost always going to mean your project is more widely used, for better or worse.
I always choose permissive licenses for personal project, and I often avoid depending on other projects that aren't permissive. If I want to know that, if I need to, I can grab the code and change something. And I want others to be able to remix what I make as needed.
The more limitations added on a license, the less open it is.
> And I want others to be able to remix what I make as needed. The more limitations added on a license, the less open it is.
It's unintuitive, but permissive licenses are not the best way to acheive this. GPL's "limitations" are designed to maintain the right and abilty to remix code for the end user. So if say Microsoft forks your library and its fork becomes more popular, they can't make it proprietary after capturing the market and effectively stop people from remixing what you made.
> So if say Microsoft forks your library and its fork becomes more popular, they can't make it proprietary after capturing the market and effectively stop people from remixing what you made.
Neither can they stop people from such remixing if the project used a permissive license. The GP's project will still be there, still freely available for anyone to use however they see fit. Nobody is stopped from using it in any way.
The GPs project will become less relevant as the Microsoft fork becomes more popular, when it is fully irrelevant due to incompatible changes they can rugpull and everyone will have to pay them.
Only for the next developer. They can do whatever they want, but they aren't obligated to contribute anything back.
I would like a relatively permissive software license which forbids any profiteering (CC-NC but then strictly software).
I'm fine with people using my code, not fine with companies profiteering off my work. If you want to use it commercially, pay for it.
If it can't be used commercially, then that's not an open-source license. If you choose to license your work that way, that's your choice, but you're not making something open-source.
Who said it can’t be used commercially? Just because they can’t profit from it doesn’t stop them using it.
From the post to which I replied: "If you want to use it commercially, pay for it.". I am replying to them talking about a license that prevent commercial use.
> What's good about being "permissive"?
For me personally, because I believe in freedom and permissive licenses grant more freedom than others do. I don't really care for licenses which attach unnecessary strings to what recipients can and cannot do with the software.
I think attitudes on license reflects on the whole a generational attitudes towards corporate use because the younger generation of software nerds grew up in epoch-boom-times.
During ZIRP-boom-times, having a successful popular open source project could be a ticket to kudos and a high paying job and a certain level of responsibility and satisfaction. BigCos spread the money around, and your job as a SWE ended up being gluing together a bunch of these open source pieces to solve corporate problems. And on the whole people felt like their corporate jobs were giving a fair deal, and a decent dividend for the open source work they were doing.
In that context why would you pick a license that your generous employer couldn't use?
The GPL and the free software movement is borne out of an earlier era, GenX and younger boomers who lived through seeing their hard work exploited and stolen from them. Or corporate entities that cut budgets, laid people off en masse, exploded in stock market crisis, etc and suddenly the good will was lost.
I think we'll see a bit of a resurgence in the GPL, as some people try to protect the work they've done.
(I do thnk the personality of Stallman himself has become a bit of a problem to be associated with)
My conspiracy theory: Stallman's "rough edges" were deliberately highlighted and blown out of proportion to discredit GPL and his overall ideology.
On one hand we have a guy, who just pointed out that the age of consent is a culture-dependent concept. On the other we have a guy who literally visited Epstein's island to fuck minors (as defined by his country of residence).
One is now considered "a bit of a problem". The other is a beloved public figure.
> The GPL and the free software movement is borne out of an earlier era, GenX and younger boomers who lived through seeing their hard work exploited and stolen from them.
There may be something to that, but speaking as a GenX'er myself, I release most of my OSS code using the Apache License. I really don't care if anybody - from a single student in a 3rd world country, to a Fortune 50 megacorp - uses the code, so long as they abide by the license.
I'm not going to say there's NO circumstance where that might ever change. But to date, that's been my approach and I don't particularly see it ever changing.
Due to some quirks of software developer hiring practices, people write OSS not because they want to write OSS, but because they want the kudos of having written OSS. The downside is someone might use their OSS.
While working for companies, many devs have had the frustrating experience of finding a library that perfectly solves their problem, only to discover that it’s GPL3 or similar and thus strictly off limits due to company policy. Especially if repeated a few times that’s enough to inspire use of permissive licenses, to help avoid that frustration for their future selves (should they change employers) as well as other fellow corporate devs.
To this I can't relate at all.
If you can't use a library because it's GPLv3, then the company would need to invest some time and money into reimplementing the features they want. Guess who gets more paid work?
Depends on the constraints. You might not get to build that proper reimplementation and instead get stuck with quickly duct taping together a rough approximation that never gets the requisite time and resources to make it good, whereafter it becomes a persistent thorn in your side until you change jobs.
Still that enough isn't working for most of my customers, without an assessment from legal and IT, many times getting a commercial one is much easier.
Comment was deleted :(
It means that more people and companies can use your software. Plenty of orgs will avoid GPL and especially AGPL software out of an abundance of caution or because they legitimately need to link and customize the software for it to be useful for their business case, but do not want to release these (often very small & customer dependant) modifications.
I think for me, I’ve been a beneficiary of using MIT licenses (in minor ways, no large or famous projects) and so when I publish code I prefer sharing as MIT.
Maybe I should reconsider, but I never thought anyone would remove an MIT license. That sounds like plagiarism (though they did put a thank you in their repo)
Because when people start an OS project, they want to help people and grow. MIT license is the best license if your goal is to help other people. It's the worst license for building a business, but that's usually not what people think about when starting a project
These days there is almost nothing good with permissive if your project gets used by mega corps specifically. They don’t want your opinions, your expertise, they don’t want to share anything back, they won’t pay you, and they will even avoid giving credit – the lowest of the low. And somehow we’re still worrying about inconveniencing megacorps as if that mattered, at all!
I would love a license that says if your company has a physical presence in 10+ countries, one of its executive owns a yacht, or even is publicly listed, you need to purchase a license from the owners. (As a bonus, if the company is primarily selling subscriptions, the license should be in subscription form in return). Free (GPL/MIT/whatever) for everyone else.
Even such a crude stupid license would be an improvement over today for many. Most importantly I think a large amount of code is already closed today, because of the risks. This results in worse technical solutions, eg SaaS instead of libs & docker images that are easy to fix yourself. I don’t understand the fear mongering about licenses that Amazon and Microsoft don’t like. At the absolute minimum, contribute the changes back.
Permissive licenses are about contributing to the trade as a whole, rather than individualism.
Some of us don't believe that the code we write is "ours" in any meaningful way, and don't think strangers using it have any obligation to us just because we typed it once long ago.
Personally, I am happy if my code is of use. If people are using it for evil I'll fight the evil, not try to withhold good things from the world to avoid that possible case. It is an approach that is rooted in sufficiency mindset, rather than capitalistic notions of false scarcity.
My project being forked doesn't cost me anything at all, but caring about it being forked or enforcing a license would cost me time and energy I have no desire to spend. Permissive licenses accurately communicate the levels of fucks I give, while keeping assholes from trying to sue me over having used my contributions to the collective wealth of the profession.
If I make the world better for everyone, of course a bunch of people who never did anything for me are going to be a part of "everyone", basically by definition. What is wild here is that Microsoft didn't follow the extremely minimal requirements of the permissive license.
The great thing about permissive licenses is that it maximizes the utility of the code. I don’t care if someone makes a mountain of money by forking my permissively licensed code, that is in some sense the objective and I lose nothing by it.
This strain of rent-seeking behavior by some that open source their code but then believe they are entitled to compensation or forced contributions if the wrong people use it per license is distasteful and a bad look. It highlights the extent to which for many people the motivations behind their “open source” are not actually, you know, open source. For many, open source is about the utility of the source code and nothing more.
Licenses like AGPLv3 aren’t just about the utility of open source, they try to litigate concepts like fairness and justice at the same time, and open source isn’t a great venue for that.
> I don’t care if someone makes a mountain of money by forking my permissively licensed code, that is in some sense the objective and I lose nothing by it.
What if your code is used to actively make the world worse? Is that part of your goal? There's no shortage of corporations making mountains of money doing exactly that, after all.
I'm sorry, but you are way off base. Use is not restricted by GPL licenses. People have expressed desires to restrict use of GPL code (what if terrorists or pedophiles or Republicans use this code??) and Stallman and it's defenders have not allowed any restrictions of use.
GPL code does not exist in a vacuum. To be maximally useful, GPL code must coexist with source code subject to different legal, regulatory, and licensing regimes. GPL use is only “not restricted” if you completely ignore that compliance with GPL can unavoidably result in civil and criminal liability. Sure, those potential users are not required to avoid civil and criminal liability but that is not a serious argument.
Permissive licenses generally allow source code to coexist within almost any legal scenario into which source code may be placed. This is why I only use permissive licenses both for my own open source and for the open source I use.
I don't think you understand the difference between use and distribution, between running code and copying code.
All source code is automatically copyrighted and restricted (at least in the US) and you must follow copyright laws and license agreements for all source code that you copy and distribute. GPL licensed code is not special in this regard. How you use GPL software has zero restrictions.
I understand just fine. Placing any obligations on distribution, either mandating or prohibiting, is a de facto restriction on use in many contexts. There is a lot of source code that you might want to remix with GPL code that the user has no control over the legality of its distribution. That situation comes up often enough, sometimes in unplanned or unexpected ways, to strongly incentivize the blanket bans on GPL source code you commonly see.
No one has to like it but that is the reality. Pretending these aren’t real and valid concerns, often by people who have no power to change these things even if they want to, does a disservice to the health of the open source ecosystem.
It is why I stopped releasing GPL code and went purely permissive. I’ve seen the issues it causes people who just want to use the code many times. (Ironically, even for me with my own GPL code but at least I can relicense.)
I'm trying to understand you here, but I'm failing. I might need concrete examples of "use" and "distribution" being the same thing if you want to help me out.
> exploited for profit by someone who has never done you any good
Yes, that's the whole point of open source? Most contributions to the most popular libraries and frameworks (not necessarily end products) are from employees on their paid corporate time to begin with.
> Most contributions
How did you count?
> most popular libraries
How did you measure?
I agree this is the case for Linux kernel, for example. But I don't know if it applies to entire ecosystem.
> Yes, that's the whole point of open source?
I think it's a gross oversimplification. For some reason there is not much code in public domain.
People do want different things in exchange for their work. Hence different licenses. Some want to receive credit for their work, some want to enrich the opensource ecosystem, make it more sustainable. Which brings me to my final point.
> are from employees on their paid corporate time to begin with
It's natural for companies to open their code under permissive licenses. Very often such code is just a first free sample of whatever they are selling: consulting services, a SaaS, etc.. So it makes sense to have an attitude "do whatever with the code, just please-please-please use it".
For an individual developer working on a one-man project the incentives structure can't be similar to one of a company. Hence my trouble understating why people pick MIT/Apache/BSD for their projects.
I want to make a point that might be misinterpreted, so I want to make clear I am not at all defending Microsoft.
That said, Microsoft isn't a person and has no agency by itself. It is specific persons/developers/managers violating the licenses and stringing along open source developers in bad faith.
Who are these people? Why is the blame not falling on them, specifically?
Comment was deleted :(
ehm, it doesn't work this way, fortunately ... Microsoft, the corporation, is definitively responsible if there's a copy right violation.
Who exactly did what it's a Microsoft internal thing, unless Microsoft demonstrates that this has been done in bad faith and Microsoft did everything what is "reasonable" to avoid this happening ...
It absolutely does work this way.
Could file a DMCA takedown over the license violation, or you know, just file a pull request correcting the license to include your name and explain the situation. They're technically violating the MIT license as-is.
Getting 'forked' (so to speak) by Microsoft was the norm, and might again be.
Up until the dotcom boom (and in the earlier days of it), one of the questions I'd heard of software startups was something like, "What will you do when Microsoft decides to own your space?"
Fortunately, the broad tech industry overall got a decade or two reprieve from that, though it might be starting to return.
A long related question, when partnering with Microsoft, which sounds like it still applies, is "What's your plan for when Microsoft stabs you in the back?"
Microsoft never had a self image of "Don't Be Evil", and is more a close releative of Cantrill's Lawnmower.
My suspicion is that ruthlessness and the long-con have deep roots in Microsoft's culture.
Microsoft only appears to play nice when it has to, and is shameless otherwise.
Obligatory Lawnmower context: https://www.youtube.com/watch?v=-zRN7XLCRhc&t=2040s
I find it unlikely that this is Microsoft policy, it does not benefit them in any way. Someone fucked up or claimed glory internally. Pointing this out to their legal department might get the Copyright notice fixed.
Yeah for a program (not a library) I'd really recommend the GPL. Although it sounds like they even violated the really permissive terms of the MIT license!
Use copyleft.
I know it isn't mainstream, but companies try to avoid those licenses as much as possible.
Tinfoil hat: sometimes I wonder if companies astroturfed support for permissive licenses. Getting the entire Rust ecosystem to avoid copyleft was a huge win, for example.
And now that copyleft Gnu tools are being replaced with permissive uutils in Ubuntu, it seems they won, whether or not they were the ones to push it.
Copyleft and the shift to static executables are incompatible.
The vast majority of the rust (and Go) ecosystems is non-copyleft because you cannot satisfy the GPL in any meaningful way and satisfy your corporate legal department’s IP lawyers.
Hence why advocates from going back into the days of static linking should consider the how and whys we moved from them, and better pick their toolchains.
I wish people would seriously consider (A)GPL for their projects more often. It hasn't happened here, though has certainly happened in the past without anyone knowing - (A)GPL would make it hard for them to make a closed source "fork".
In fact, I wish an even stronger license existed which allowed the original author to dictate who can build on top of the project to avoid exactly these kinds of situations where a powerful actor completely disempowers the authors while technically following the license (I assume MS will "fix" their error by fixing the licensing information but will continue to compete with Spegel with the intent to make it irrelevant).
> I wish an even stronger license existed which allowed the original author to dictate who can build on top of the project
Such licenses exist. They're just not Free or Open Source. They can't be, by definition.
Yep. This is called a commercial license.
What people who want such things really are after is the leverage to dictate a form of morality - if you dont have money, you are allowed to use the project for free, and give back advertising/clout. But if you have money, or could get a lot of money for said project, then they want their pay day.
Have you seen the license of llama models from Meta?
> 2. Additional Commercial Terms. If, on the Llama 2 version release date, the monthly active users of the products or services made available by or for Licensee, or Licensee's affiliates, is greater than 700 million monthly active users in the preceding calendar month, you must request a license from Meta...
ref: https://github.com/meta-llama/llama/blob/main/LICENSE
But again, not open source...
If you want them to contribute back changes, use a license that makes them contribute back changes, like GPL. Don’t ever “default to” a license.
GPL only requires you to contribute changes if you distribute the program (not if you just use it internally).
I think AGPL2 or newer and GPL3 helps a little too
The GPL does not require you to contribute back changes, only to contribute changes forward to your end users.
Defaulting to a license is the default behavior.
It's like when someone says they want to go birding with you and they really just want to get you alone in the woods so they can steal your binoculars.
I've been "on the other side," part of a big corporation forking an open-source project. In Laine's case, what I would suggest is to focus more on what Microsoft added and changed; try to understand why they did that; and see if you can get any value bringing it back into your project.
(IE, don't let your ego run away.)
Why?
In my case, I was working for an industry-leading product that required a bit of reverse-engineering into MacOS. We got stuck on a new release of MacOS, so we did a bit of digging and found an open-source project that successfully reverse-engineered what we were trying to do.
(Basically, integrating in the right-click menu in Finder required reverse engineering prior to 2014; and every version of MacOS required redoing the reverse engineering.)
It was a legal grey area to copy how the open-source project reverse engineered MacOS, so I reached out to the open-source project and tried to collaborate. We exchanged a few emails and then I found a problem...
Basically, their solution had rather large memory consumption in Finder if the user had very large folders. Our customers had very large folders. (Edit, 200,000+ files were common.) We still wanted to collaborate, so I proposed a fix that fixed the problem.
But, then "radio silence" from the original authors. We forked and complied with the license. I always hoped they never begrudged us.
(Ultimately, Apple released an API so we didn't have to reverse engineer MacOS.)
If you don't want people to fork your code, don't explicitly give them permission to fork your code. Its like if you put your couch on the curb with a sign on it saying "FREE COUCH" and then coming home and freaking out because your couch is gone.
Almost, except the sign said "Couch provided courtesy of Philip Laine as long as this sign is kept intact". And Microsoft removed the sign and replaced it with their own "Free couch from Microsoft" sign.
It's that a lot pof people want to use the 'free couch' label to attract a crowd, but when they spot someone rich, they want those marks to pay.
> Software released under an MIT license allows for forking and modifications, without any requirement to contribute these changes back.
This sentence is true but a bit confusing, because there are no licenses that require anyone to contribute changes back upstream.
To provide changes upstream, the maintainer must accept the change. Most opensource licenses are that you are required to publish your changes. But not upstream. As you wrote, there is no license that forces any "pull requests".
The MIT license is the "easiest" license because there are no responsibility for the maintainer..
> Most opensource licenses are that you are required to publish your changes
This isn't true either. You can privately fork AGPLv3 software without violating the license. You only have to provide the source (on demand!) to people who you provide the software to in executable form (where "executable form" includes network based access to the services executing the software in the case of the AGPL).
... and the network access clause is only triggered when you modify the software.
A bit. There are licenses that require people to publish their changes, though, and that is almost certainly what the poster meant.
No there aren't. You can make changes to AGPLv3 software without publishing it anywhere. The only requirement is that you make your changes available in source form to anyone that you distribute changes to, which may be entirely private, or involve no one besides yourself.
The AGPL requires that your publish your source to the people who use your software over the network.
The AGPL requires that you publish a notice that the source is available on demand to the people who use your software over the network. The easiest way to do this is usually to just publish your changes so you can link everyone to it, but that is not a requirement of the license.
You can run derivative AGPLv3 software to service the public without distributing your changes to the source code without violating the license as long as nobody asks for the code.
From the text of the AGPL:
> The GNU Affero General Public License is designed specifically to ensure that, in such cases, the modified source code becomes available to the community. It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version.
If you're interpreting that as something different than "publish", I think you're splitting hairs.
That's not in the terms of the license, that's in the preamble as a stated goal. Read sections 4-6. They're not that long and don't really have much legalese.
In practice, the goal is met because someone is likely to request the source for AGPL software. Publishing the code is not a requirement of the license though.
This happened with me and Google (Antbot/Cellbots stuff, circa 2011). The difference is that the Google person in charge of the fork of my project was actively hostile to me. He told me that I was just a hobbyist and that my product didn't exist.
So I put a PCB of my product in his hand (it had some through-hole components), and squeezed it really hard, and asked him "If it doesn't exist, why is it making you bleed?"
All this at a meeting/presentation where my bot was literally running circles around theirs because mine worked and theirs stalled.
I think I have video of this somewhere, but there's no audio.
The guy left Google a year later, tried to sell bots independently, and folded. I on the other hand am still here.
It was a bit of a weird interaction overall. Why would someone say "this doesn't exist" while staring at it? I figured that haptic feedback would help with their solipsism at the time.
> How can sole maintainers work with multi-billion corporations without being taken advantage of
GPLv3.
Microsoft has been a bully for years: https://www.fsf.org/news/microsoft_response
They can't change, regardless of how much marketing money they put into "We love opensource".
Not just forked. Microsoft stole the code without attribution, violating the license terms. Truly shameful behavior. Best case, it was a single engineer who was tasked with duplicating the functionality, but chose the lazier, fraudulent route and was even too lazy to clean things up entirely. Still, MS should own up, correct the record, and make this right.
“I choose a lazy person to do a hard job. Because a lazy person will find an easy way to do it.”
Copied, not stole. It's unfortunate that the two are so often conflated.
The term "research theft" is widely accepted in academia:
https://www.congress.gov/bill/116th-congress/house-bill/8356...
The original researchers still have their ideas and work, it was "just" copied. Still, we call it stealing and theft.
In this case, code was taken and the credit was stolen.
Leaving off the attribution makes it stolen. They stole credit for the code, in violation of its license.
No it doesn't. It makes it copied without authorization. Stolen means the original owner does not have access which is not the case[0]. This idea that copying is theft was propaganda invented by the MPA[1], and we ought to stop parroting it, even when it's Microsoft doing the unauthorized copying.
[0] https://github.com/spegel-org/spegel
[1] https://en.wikipedia.org/wiki/You_Wouldn%27t_Steal_a_Car
Plagiarism is theft because it does take something away from the original author (attribution). Plagiarism and piracy are different concepts. Making a copy and forking the code is not what they did wrong, that part was authorized. Deleting the author's name and pretending it was their original work is the issue.
The idea that piracy is theft was not invented by the MPAA. I arrived at that conclusion myself, and indeed most people I've interacted with find it to be pretty reasonable. It's only ever been a minority of giga-nerds who try to claim that "stealing" cannot cover situations involving a non-scarce resource.
Does it not need to be in each file for it to properly propagate to another source?
Do you own the word?
2 (transitive, of ideas, words, music, a look, credit, etc.) To appropriate without giving credit or acknowledgement.
Stole.
When you download a movie from torrents, you don't submit it for an Oscar nomination claiming you've made it. You just copy a file to your computer intending to kill a few hours of your time while playing it back.
Microsoft®™, however, not only copied the code, but claimed it's theirs.
Copied.
Claiming the code as authored by themselves did not leave the original author without their code. This would not be true had they stolen it.
Comment was deleted :(
That is why I only choose extremes with my open source licensing. If I really don't care then I go with a CC0 1.0 license. If I want any participation or credit for the work at all then I go the other extreme: AGPL 3.0. If that, and only that, means people will refuse to look at the project then I know I have chosen wisely.
I get a certain sense of pride every time a developer tells me to change my license and when I say no he tells me he'll go and use something else (and I'm supposed to feel bad about this, for some reason).
The best you could hope for in these situations is perhaps a job. It's not uncommon to see not just in open source but in business in general that the large player will try to extract business knowledge and reimplement themselves. The code isn't the value, it's the people maintaining it and the community or customers using it. I've seen it happen with Google and a real business also. So I think ultimately cooperation turns into coopetition where you're going to compete until some agreement can be reached. In a business case, Google fell flat on its face and acquired the company I was working at. In the case of open source I've raised seen it turn into an acquisition as we've seen the forks are really about code ownership for something they run as as managed services or use internally. They're rarely buying it for the people or community.
This sucks and I feel for the maintainer, but it really is their own fault for publishing as MIT. However, that is a pretty common mistake that most people never learn until they've been screwed by it. The OSI have done a good job at convincing devs to open themselves up to exploitation for the benefit of big tech companies, and I find it hard to fault people for falling for that. The social pressure is very high.
But giving a (presumably) free consultation to Microsoft is a self-own. History has shown that you should never give the benefit of the doubt to Microsoft, and you should certainly never trust them (unless you have a contract and a good lawyer). Not knowing this can only be the result of willful ignorance. I can't offer sympathy for that.
Hopefully, this person learned the right lessons from this experience.
Open source is very much like a party. You are perfectly entitled to expect the host to be gracious and the guests not to steal things.
“It’s your fault for inviting them in” is victim blaming and horizontal aggression. The people at the top of the pyramid love it when the peasants fight each other. Saves them getting callouses.
Open source is a licensing scheme, not a party.
What a terrible take. This is the kind of "social pressure" I was talking about.
Open source licensing isn't a party, it's a business decision you make as a participant in the intellectual property economy. If you make a stupid and/or uninformed decision, you're opening yourself up to exploitation. It is victim blaming because this situation is entirely the victim's fault.
I don't even know what you mean by "horizontal aggression", and your comment about peasants makes no sense in this context. How does advocating that people be informed and use appropriate licenses count as in-fighting, or beneficial to big tech companies? If anything it's literally the opposite.
You're blaming an author who offered his code to others (that's a social act) instead of a trillion dollar company.
What do you think I mean by horizontal aggression?
Comment was deleted :(
> Spegel was published with an MIT license. Software released under an MIT license allows for forking and modifications, without any requirement to contribute these changes back.
If that's what the license says, why is the author complaining? Microsoft is complying with the license.
That's what you get for not picking the one of the license from the GPL family.
> However, I am not the first and unfortunately not the last person to come across this David versus Goliath-esque experience.
Again, this situation was completely avoidable. Stallman had foreseen this kind of situations literally forty years ago. That's why the Free Software movement exists.
Tangentially related: has anyone notice how the whole Grafana ecosystem is going strong and unaffected by forks and corporate take-overs? I'm pretty sure that the AGPL license is playing a big role into that.
if only you had kept reading 2 more sentences after the one you quoted you'd know:
"The license does not allow removing the original license and purport that the code was created by someone else. It looks as if large parts of the project were copied directly from Spegel without any mention of the original source"Comment was deleted :(
Exactly. Microsoft has been doing exactly this kind of crap since their very founding. The counter to it has existed for decades: GPL. And now AGPL for web stuff. How do you think the Linux kernel and GNU runtime have survived this long without the MS Embrace and Extend? GPL.
Really poor form there from Microsoft, I hope that some of the wiser heads see this and educate the team responsible and ensure that this is made right.
Not to be mean, but if you don't like the consequences of using an MIT license then don't use it.
Using it then complaining about its effects because you don't like the company is silly.
Use a different license if this is important to you.
> This experience has also made me consider changing the license of Spegel, as it seems to be the only stone I can throw.
Well, yes, that seems to be the conclusion OP has come to.
Too late though. They can keep using the code he wrote before. He’d have to rearchitect it to add new features to even make it sting now.
Not a direct solution to your problem, but people should definitely consider Apache over MIT when reaching for a permissive license. In addition to being more robust about things like, notifying users of modifications that have been made to the original source code, it also explicitly requires that forkers maintain the NOTICE file in its entirety, and distribute that file to users receiving copies of the software (whether source or binary copies).
Even if megacorp does nothing else for you, that NOTICE file can at least contain information about who you are as the original author, links to your website, etc.
I considered forking an MIT repo once but had no idea how to communicate which parts were under the original MIT license and which weren’t. Unless I copied it into each file and deleted the root license, it seems like it would license all my changes as MIT, too, basically becoming a copy-left license.
Am a bit confused. Is Microsoft breaking MIT license here? I can see both projects are in MIT and I don't see the below
Copyright (c) 2024 The Spegel Authors
Which should be retained when you are forking it right? Or am I wrong?
Yes, indeed, that's missing. Though it should be: "Copyright (c) 2023 Xenit AB" as that was the license that was in place when the copy/paste took place: https://github.com/spegel-org/spegel/blob/ed21d4da925b9a179c...
Thanks for confirming.
They just updated the license and attribution. https://github.com/Azure/peerd/pull/110/files . Overall, it does not sit right with me. How can you be at the position you are and make a very obvious non-attribution mistake. I want to side on incompetence and give benefit of doubt but malice (for personal gains) is on the table as well.
> As a sole maintainer of an open source project, I was enthused when Microsoft reached out to set up a meeting to talk about Spegel. The meeting went well, and I felt there was going to be a path forward ripe with cooperation and hopefully a place where I could onboard new maintainers.
I bet the Spyglass people had the same thought.
> As a maintainer, it is my duty to come across as unbiased and factual as possible...
Sez who?
As usual pick carefully your license, doesn't matter if it is the neighbour down the street or Microsoft, when they play by the legalese of the license.
Well well well, if it isn't the consequences of my own licensing choices.
First, if Microsoft used any of the Spegel code then it should provide proper attribution. A best practice is to put the LICENSE file in the root of project (both peerd and spegel do). But also, you need to put the license in the header of each file as a best practice. Like Microsoft did here https://github.com/Azure/peerd/blob/main/api/docs.go#L1
spegel did not follow best practices to put the copyright in the file itself: https://github.com/spegel-org/spegel/blob/main/internal/web/...
Ideally starting with something like this
// SPDX-License-Identifier: MIT
FWIW one of the maintainer just added this to comply with the license: https://github.com/avtakkar/peerd/commit/57ebeeb853effb211ae...
That's why you release projects like these under restrictive licences.
Far too many times big company's take what they choose and give you nothing. Use licenses for your advantage, heck dual license if needed. Not sure what the desire is of a Eutopia open source world view, where not everyone has the vision or plays by the rules anyway.
I actually worked on an open source project, the maintainer was convinced by microsoft to relicense the project for "collaboration" - I left the project for this reason and as far as I can tell msft never did anything for them except for keep giving them the "honor" of being a microsoft mvp.
If you write open source code, expect it to be forked. It's kind of what open source is all about. Do it because sharing knowledge is a moral good. The wealth, influence, power, etc of whoever may decide to participate in your act of open source is completely and utterly irrelevant.
Regarding the removal of copyright notice, did anyone open an issue on the Microsoft GitHub repo to have it restored? It should be relatively simple to fix. Yes, I know, this won't dull the knife that Microsoft stuck into the back of the original author.
Yep, there's an issue with 200+ reactions: https://github.com/Azure/peerd/issues/109
Friends don't let friends release as MIT, except for trivial amounts of code.
Last week I relicensed most of my previously released Minecraft mods (except those with trivial code and those with missing source code) to AGPL plus a bunch of exceptions.
Never providing counselling free of charge for anyone.
I think you meant consulting, but it's not wrong for counselling either :)
You are not wrong either, consulting can be free of charge (it shouldn't be) but in this case Microsoft played with him (because he was expecting something good or big in return) and they attributed one line to him.
I feel for this person. I stopped using open source licenses a while ago, and I've recently started writing about how I've ended up where I am. One of my pieces got shared here last month and predictably didn't land with the readership.
Nevertheless, I'm going to keep writing (latest piece [1]) about my post-open source journey in the hopes of clicking with a handful of people in the next generation.
[1]: https://lgug2z.com/articles/on-evils-in-software-licensing/ - feel free to hit me up off-platform if you want to discuss
Why haven’t you threatened to sue yet? They very clearly violated the MIT license by getting rid of your copyright, which is literally the only requirement MIT imposes. Go after them, don’t let the corporation get away with
Comment was deleted :(
Microsoft doing this is expected, it is what big tech companies do, but what is surprising is the growing number of people defending its behavior and blaming the developer for what happened.
Microsoft loves open source, remember? It doesn't love you.
Hahahahah this sounds very much like what Microsoft did to one of my employers.
Meet for a week. Bring in one of their grey beards. Learn all our deets in anticipation of acquisition. Then silence...according to my understanding, not being privy to executive level discussions.
A bit later, release their own take on the problem area ... tragic.
It was very bad for us.
For the layman, acquisition rumours are almost always bad news.
Even as a premise. Your domain is enough of a concern for Bigcorp to spend executive time on. Bigcorp wants to acquire your employer because and they think they can get more value out of it than the asking price.
Your own executives will ignore the threat that due diligence means to your business in the case a deal fails to be completed, because this is their promotion cycle. But you are a potentially redundant cog that is unlikely to be a more efficient part at Bigcorp. After all, you don’t already work for them.
If a big tech company shows any interest in your open source project, don't ever assume there are any good intentions. Never agree to any meeting or unpaid work, or do any work or go out of your way for them unless you have a contract. Be extra careful when dealing with a big company, because they have a lot of resources and do not care about you or your project.
This is why when I'm at work, I advocate for a closed fork rather than an open one.
That being said, it's not cool to remove the attribution even internally. Then again, I use MIT without the attribution clause for this very reason.
This is good not bad.
Their improvements are available under MIT license. They would have been fully within their rights to not release and put in a proprietary product but did not do this.
Instead everyone can benefit from their improvements. Author can steal whatever he wants for his upstream.
(I can’t find any details of “Microsoft MIT” and the above is premised on it being functionally MIT.)
This is a candidate for name and shame. Microsoft is made up of people and actual real people made these decisions.
Who are they?
Comment was deleted :(
They all do it. Anytime a corporation comes calling, they're looking for something from you and there's an implicit quid pro quo. I'm not a lawyer, but anytime latin is involved, you better get it in writing and run it by someone who is.
Hey, this sucks. Unfortunately the MIT license doesn't do much to prevent this and (I think?) their licensing transgression is they haven't kept "Copyright (c) 2024 The Spegel Authors" in the LICENSE file. I suspect if you call them out on it that'll be the remediation.
Did you manage to reach out to any of the people at MSFT you originally spoke to to ask wtf?
Any copies of the code should include the notice according to the MIT license. I do agree that I could have used a less permissive license, and it is something that I am now considering to change.
The reality is that licenses do not mean anything unless you are actually able to enforce it. So I really do not think the license would have mattered in this case.
Licenses absolutely matter, that’s the whole point of using them! Big corps will absolutely not risk being sued over infringement, it’s not worth it to them. For the litigation cost they’ll throw a couple engineers and redo your project from scratch.
Sorry it happened to you but it seems like you just picked the wrong license.
Comment was deleted :(
> Unfortunately the MIT license doesn't do much to prevent this
Seems both you and Microsoft needs to actually read through the MIT license, it isn't that long or complicated :)
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
That part is even in it's own paragraph and everything, really hard to miss for anyone who even glances at the license.
Define “substantial”?
What percentage of copying is “substantial”?
That’s the problem with concisely written licenses, the legal world thrives on definitions and terms of art, and when you leave something open to interpretation you invite the probability that a nefarious (or even sufficiently amoral actor like a large corporation) actor will point to the language you use and interpret it differently.
To win any argument in a court of law you must now spend time and money to win the argument. Something an open source maintainer likely doesn’t have, and since the license doesn’t specify damages, there’s no way to even write in a penalty for failure to adhere such that a court of law would consider it under contract law, and then you have to prove damages.
At least in Virginia, each party pays their own lawyers fees, even if they win. You can only collect lawyers fees when statutes allow you to, or there has been sufficient bad faith from the other side that the court uses its own power to sanction.
Oh, and let’s say you win and somehow you are able to prove damages. Now you have to spend money to collect on the judgment. That’s money you’re not getting back.
The point here is that we’ve written software licenses as contracts that assume good faith and do not punish bad actors, when we would need to treat corporations as if they are bad actors and write licenses accordingly.
So if both versions use the same MIT license, the only difference is the line parent highlighted...
What they likely mean is that MS says "Good luck enforcing this. Have you met our legal team?" Nothing they can't walk around, or drown you in legal fees while they smile.
Comment was deleted :(
Anybody know what the differences between peerd and spegel actually are and why microsoft forked it?
I tend to disagree with the criticism of Microsoft here.
The author of Spegel released it as MIT, which means that anyone can fork it as long as they keep the attribution. So if every file of the original project has a header containing the copyright, Microsoft has to keep it. Looking at Spegel, I haven't found a single source file containing an MIT header and copyright.
Microsoft added their header with their copyright in Peerd (because now that they changed the files, they own a copyright over parts of those files). Nothing says that they must add a line for the original author, and I could imagine that it's legally a risk for them to do it.
Moreover, a copyleft license wouldn't have changed anything here (except maybe discouraging Microsoft from reusing any of that code).
If you don't want anyone to reuse your code, don't open source it. The whole point of open source it is that you allow others to reuse it.
The MIT license doesn't say anything about headers. The attribution requirement is:
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
The license is saying you have to retain the license itself; it doesn't say anything about any other attribution notices that exists in the source files or anywhere else. It doesn't specify where you have to put the license; it could be in a comment in the code, or it could be in a file next to the code, and that doesn't change anything about the terms of the license.
If the original author put the license in comments, you can keep it in comments, but you could also move it to a standalone file. If the original author put it in a standalone file, you can keep it there or you can move it to a comment, but you can't remove it. If you distribute a compiled binary, you need to be sure you're including the license alongside the binary as well.
If Microsoft distributes a "substantial portion" of the software, and they do not include a copy of the original license (including the copyright statement at the top attributing the original author), they're in violation.
Right. So they should just add a copy of that line somewhere in the repository, saying "some parts of this project come from this licence"?
Yes, that is the condition of the MIT license.
Ok, but then why not just opening a PR in the repo asking for that? Sounds like a very minor change. Yes, they have to do it and they should. But I feel like insulting them because they gave credit in the README but not exactly in the proper way is a bit aggressive.
Engineers in big companies are quick to criticise how the legal department is a pain in the ass, but when I see the reactions here, I completely understand why it is.
It definitely seems like this whole thing is known by maybe 5 individuals at Microsoft. It's not some big affront on open source software, they didn't relicense the code under a less permissive license or anything, they just updated the copyright notice improperly. And that part I wouldn't be shocked was a single individual dev's doing.
I agree, op should make a PR, state their case, and then complain if it's not merged.
License is a license. It doesn't provide legal advice for how to properly mark documents or source code. You should always mark every file and put it under configuration management. A single LICENSE file is step 1 for how the code can be treated/forked/etc. But all of spegel's files lacked any sort of copyright headers.
> How can sole maintainers work with multi-billion corporations without being taken advantage of?
Use AGPLv3.
So this is a peanut gallery esque reply, but this sort of thing is what GPL was meant to avoid. I know GNU has had a lot of detractors and criticism, but you cannot and should not expect large orgs to respect community norms around open source. Permissive licenses are NOT better in this world where different players have different levels of power relative to each other.
Sometimes I wonder if all the shitting on free software in general is in fact cynical and in bad faith by actors who want your labour for free.
The good old https://en.m.wikipedia.org/wiki/Embrace,_extend,_and_extingu... tactics.
"I default to using the MIT license as it is simple and permissive."
He already gave them permission. I think he is overemphasizing the meeting they had and under-emphasizing already giving away his work.
If you want to have the copyright license put into it do a DMCA take down. They're in breach of your copyright license and therefore do not have rights to distribute your copyrighted material.
The MIT license should have a provision to permit forks (without allowing daisy chaining of fork of forks). You can then decide & allow/reject fork requests.
Looks like Bill's old M.O. of embrace, extend, and extinguish has rubbed off on Satya. Except this time, MIT license has shielded the code from extinguish to emaciate.
Is it possible that there could be enough damages for Microsoft's violation of the license that a talented law firm would take up a lawsuit on a contingency basis?
FTA
> A negative impact from the creation of Peerd is that it has created confusion among new users. I am frequently asked about the differences between Spegel and Peerd.
I can't imagine any quantifiable damages here. No business or revenue was impacted. Just chatter in an open source project.
IANAL, so I am just guessing.
But I wonder if an argument can be made that by flagrantly violating the license, Microsoft is devaluing the whole concept of the relevant license and similar ones. The entire body of source code that was created partly because of trusting that those licenses mean something is worth an enormous amount.
So I'm guessing the perhaps there could be a class action lawsuit on behalf of the entire open source community that uses that class of license.
To every SE out there: “Insanity is doing the same thing over and over and expecting different results.”
Do. Not. Trust. Microsoft. Why is this a lesson that has to be learned over and over again by people? It's been extensively, exhaustively, documented over the years.
The leopard doesn't change its spots. The scorpion stings the frog. Microsoft screws over people. Lessons learned in childhood that still hold true today.
Bad form from Microsoft but maybe this is why the modern trend away from copyleft licenses isn't some piece of trivia.
Many of us dislike Microsoft and big corporations, but here’s my (possibly unpopular) take:
1. Open source worked as expected. Some MIT-licensed code was forked under the same licence, giving users more options and contributing further to the open-source codebase.
2. I don’t understand the claim about users being confused between Spegel and Peerd. These are two products with different names and maintainers. Maybe some users are also confused between Ubuntu and Red Hat Linux - so what? I’m glad users have more choices.
3. The point about the original author not being given enough credit is the only valid one. The legal side, discussed in other comments, seems to suggest they’re within their rights, but they could have done better.
Default for copyleft licenses for open source or life with the consequences.
Licenses like the GNU Affero General Public License (AGPL) might prevent some corporations from using an open-source project because they do not want to release the source code of their own modifications to it. Sadly, corporate compliance often prohibits the usage of copyleft projects altogether, even if nobody plans to modify anything. Especially the legal departments of large “enterprizy” organizations often prefer software with licenses like MIT as they want it simple and “risk”-free.
But who cares? If these corporate users do not contribute back, there is simply not benefit in having them as users.
Except you do not care about open source community but about hypergrowth. This seems not to be true for this case, but the impression comes to mind that many start-ups use open source not because of freedom but as an argument for adoption in the enterprise ecosystem. They avoid choosing (A)GPLv3 licenses to facilitate easier corporate adoption without generating enough revenue, while being funded by venture capital and without getting contributions back by organization who could easily afford giving back something. Then, after being adopted, they complain.
There’s a reason why Linux (GPL licensed) is still around, growing, and making money for so many while companies behind widespread open source projects often fail financially and burning insane amounts of money. It might work out for individuals and owners when getting bought, but it hurts users and ecosystems who relied on something.
Consider the AGPL, it is a criminally underutilized license ideal for the current zeitgeist.
This is not getting forked by Microsoft. This is getting forked by permissive licenses.
The solution is to change the license ASAP, add some must-have features from the pull requests (or your own imagination, you know best what's missing), and continue on your merry way.
Eventually the MS fork will be so far behind yours that they will come back to talk to you. And this time, you will be prepared.
If only you had used LGPL. It has the benefits of GPL licenses without the burdens.
Open source is becoming not much more than free labor for giant corporations and SaaS.
The OSI considers any open source license that tries to restrict or disincentivize this "not open source." Look into OSI and note that it is effectively captured and controlled by these corporations.
> Microsoft carries a large brand recognition […]
Especially amongst Linux users… :-)
So, let me get this straight. You published your software under a free license that stipulates they can't remove the license and are otherwise free to do as they please.
They took you by your word and did exactly that.
What did you think a license is for? For artistic expression? It's a contract. If you want to get paid, put that in your license.
I recommend AGPL 3. Then nobody will rip you off. And if they do, you can drag them to court over it.
Publishing free software is giving away a gift.
People using that gift is the point. Forks aren’t just permitted, they are encouraged. That’s why we release free software.
You aren’t in competition with Microsoft and their fork. There is no such thing as marketshare when there is no market.
Keeping his name in the license note is required by the terms and that is an expectation, even if you get the software for free.
That's certainly true, but that is by no means the only complaint the author has. His complaint that they aren't properly attributing the copyright is valid. His complaint that they are a "competitor" is not.
Reminds me of the scene in Silicon Valley where they team are excited to hear a VC interested in the details so they are explaining the technology on the whiteboard to the "investors" who were a team of engineers eager to copy their tech.
But seriously, it sounds like a weird version of "not invented here syndrome" where you are somehow OK with copy-pasting most of it.
That's why you want to use a GPL license.
Those who cannot remember the past are condemned to repeat it.
Pictures/oatmeal/exposure.png
He got Jeff’d. Or maybe Bill’d (or Satya’d). Regardless, any kind of non-gnu open-source collaboration with the Powers That Be in the tech world is just begging for punishment. Amazon will just blatantly rebrand something, but Microsoft seems especially comfortable wasting a dev’s time mining for details before stealing or copying their work entirely.
Boo Microsoft. Winget still sucks.
I read recently that Microsoft is adopting rust more and more. I think that’s a step in the right direction for an OS with such a huge marketshare. That said, I’m just waiting for Rust.Net or Managed Rust to get excreted in a thinly veiled attempt to split the community, steal mindshare, and take over the project.
> How can sole maintainers work with multi-billion corporations without being taken advantage of?
Use AGPL, Fair Source or BSL. That's the only way forward. I for one will be using AGPL in everything. If a trillion dollar company cannot pay for services it is a fucking shame. Absolutely disgusting. Microsoft should be ashamed.
Use GPLv3.
A lot of people in the comments blame the victim. Why isn't "go talk to a lawyer" the most common response?
Are American lawyers that can read three-paragraph licenses so prohibitively expensive?
WTF! I'd sue.
Very clever title
This is why Stallman is so vehement on GPLv3
Commercial entities will always exploit your work - you need to force them to give back, they will never do the positive sum game by default
Kudos to the author for sticking with Spegel and continuing to support the community, even after that kind of demoralizing experience
Obligatory "Silicon Valley" TV series clip: https://www.youtube.com/watch?v=JlwwVuSUUfc
Honestly? Stop using MIT licensing.
Use a GPL of some form, whichever one is up to you.
Bro releasing software under MIT. Others picking it up and use it under terms of MIT license. Bro gets upset.
Can someone please explain why?
A license term was not respected; the license allows to use, modify, etc. but not to remove the copyright message or change the copyright to Microsoft.
Too many developers don't really understand licensing. Everyone defaults to permissive to be politically correct, rather than on merit.
It's simply ignorance. For example, out of the 600 comments in this post, yours is the only one which was able to clearly articulate what actually happened. And it's all the way at the bottom. It goes to show the headspace most developers are in. This mistake will be repeated by many others until the end of time.
There is a very long storied history of Microsoft being an extremely scummy anticompetitive company...
[dead]
Comment was deleted :(
[dead]
Microsoft avoided any licensing issues because its code was not copied but came out of their AI. /s
[flagged]
[flagged]
Could people say they used "AI" to build the new code?
Comment was deleted :(
Open source developer now learns why open source is stupid first hand. Thank you everyone for making free software!
When you're a teenager sometimes you are into a girl that you like and she notices and acts all snobby.
Then sometimes you get into a date with her, but discovers she isn't what you expected. It was the snobbiness that made you more eager to know her.
Then, disappointed, you break up with her and she starts telling everyone you have bad breath, your friends are idiots, and that you are dumb and ugly (but she secretly still likes you).
When you're adult you start to realize that none of it is really that important. She is probably nicer than you remember. And you were just a kid.
All this HN discussion reminds me of those teenage years somehow. Like a twisted psychology distortion of it. It is kind of funny actually.
Seems like we need a GPL/fuck off amazon/microsoft license.
Is there a template license that says open source unless your market cap is or goes above x million? Would like companies to be able to use things to grow but then if they hit it big the have to start paying.
Reading story after story about big corporations abusing single/small group opensource developers, I think we need a license that, otherwise permissive, explicitly denies the use of the code for companies that took VC money or are worth a billion or more.
Let's create a license where companies with X number of employees that create a fork automatically owe the original owner Y amount.
It's ridiculous that companies with literal trillion dollar market caps coast on the back open source.
Not including original license may well be oversight, It is very unlikely Microsoft would intentionally to do something like this, which costs them really nothing, but not doing it can post a lot in the future in the legal costs.
For the rest - if you chose MIT license for your work you should expect it can be used by someone to create software based on it, including commercially licenses
I would treat anything you're releasing as MIT as the gift to the world. This is how Open Source suppose to work - people building on each other work, often without properly thanking authors and maintainers.
If you want to reserve some rights - chose who can use your software and for what purpose, ie ensure "Microsofts" of this world can't use your code in a way you do not approve, you should not release it as Open Source.
This is why I wrote the SAUCR license [1] for my full-stack JavaScript framework.
A lot of OSS developers get "got" by the ideological arguments of OSS and shy away from doing "source available" (which if we set down the Kool-Aid, is in effect open source because...the source is open).
If you're an independent or small team and want to protect your IP as best you can while keeping source available for learning/auditing, check it out.
That's not a license, it's wishful thinking in template form.
The fact that you have "fill in the blanks here" in a "legal" document makes this actively harmful.
I respect the sentiment, but it's entirely the wrong direction. Better looking at the Creative Commons license picker/builder as a better example of a starting point.
> The fact that you have "fill in the blanks here" in a "legal" document makes this actively harmful.
It doesn't. At the end of the day, all legal documents are just words on a page. When in doubt, you can hire a lawyer or paralegal to review what you've written to ensure it's sound.
This is why people keep getting burned. They make foolish excuses, use the wrong licenses, and then they're surprised when a big fish swallows them whole.
Forked up the wazoo.
That said, Microsoft provides extremely generous Startup Assistance (to the tune of > 150K of Azure credits). Disclaimer: I'm not affiliated with MS but I did their program, also did the Gcloud and AWS programs back in the day. No negative comparisons, but off the top of my head the Azure program is awesome. I really enjoyed working with Azure, and it does what it says on the tin.
You can apply here: https://www.microsoft.com/en-us/startups/
Oh boy, credits that only work in their cloud. That’ll cover rent.
This might as well be a LLM generated ad roll performance
Comment was deleted :(
Crafted by Rajat
Source Code