For a SaaS app, wouldn't that copyright attribution be on the server side, where the code is (hidden from the end user)?
Is John stating he expects that copyright attribution to be in the "view source" of the HTML or some other user accessible location? What happens if that HTML/JS is minified/stripped/"compiled"?
IANAL: but I'm genuinely curious how this situation is handled.
However, the js shipped to clients is usually minified and transformed which means it may count as "compiled" and thus the same rules as for binaries would apply.
Cases like these are the reason why the AGPL exists.
Exactly. Not sure why they Ghost doesn't use AGPL. Still, it would have been kind of fair from Substack to approach this more open and collaboratively...
It's unfair to complain about Substack doing exactly what they are explicitly allowed to do by the company that released Ghost under that specific licence that they choose to.
But then again I'm not a lawyer :)
--rename-properties WARNING: renaming properties requires deeper analysis, considered compilation in the US
You probably already knew this, I don't mean to point out the obvious. I am just confused by your comment, and others like it that frequently come up on HN these days. People saying or implying that there is something unfair about using open source software under the license terms that its developers have chosen to release it.
If the OSS developers want to generate revenue, there are plenty of paths they can follow.
I agree and my take on this is based on the way compilers generate binaries. I would not expect a compiler to inject random copyright notices in sdtout, for example. Ghost, in this case, is acting like "compiler" and the HTML can be thought of as the "output" akin to a binary generated by a traditional compiler. The MIT license (and similarly permissive ones) do not dictate software usage and thus it's output is not required to have any attribution, only source code.
> If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode ...
> The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an “about box”.
This is to say it is not entire unusual to have copyright notices in output.
I'm curious about this because the end user's browser is where the (copied) code is run, not on the server. That's why they need to hot-load additional code from Ghost's CDN, rather than doing so on build servers.
The way they used our search library is kind of interesting. They could've
copied the code locally and modified it to work with the Substack API, but I
guess Substack doesn’t have an API?
As for the bloat, I can't really comment, but would note that Substack did substantial layoffs like everyone else.
As for what they're doing: they built mobile apps, adding podcasting and video, etc, better discoverability.
I can't say whether they've done "enough" to satisfy you, but I also don't think we should pretend Substack hasn't done any new product development work since inception.
I would prefer if Substack spent more resources on improving its "core" newsletter/blog experience, but I can understand, given their status as a home for controversial writers, their desire to be a self-contained service.
Edit: this looks like a good list for my standards: https://on.substack.com/p/product-news-dispatch-nov-22
And Substack discoverability is becoming a big thing for writers. I know the impact from a lot of anedoctes.
Writers can embed youtube videos in their posts. When they do, those are hosted on youtube.
However, Substack also has our own hosted videos (see https://on.substack.com/p/video-on-substack).
Last I looked, a bunch of it was going to pay writers to publish on Substack: https://www.vox.com/recode/22338802/substack-pro-newsletter-...
Padding the paycheques of America's biggest contrarian writers apparently. Greenwald, Taibbi, Andrew Sullivan all have paid gigs there.
Then again that's what you get when you build two bipartisan monocultures of echo chambers...
You say that like it's a bad thing.
Being a contrarian means that the mainstream media doesn't like them, but apparently enough readers do that they can make bank.
It can be, yes.
Exhibit A: Alex Jones. Whacky conspiracy theory and snake oil peddler. It's literally in nobody's interest he be published anywhere, apart his own personal financial one.
In most cases there's probably a good reason for someone to be shunned by everyone "mainstream".
No one is worth reading solely because the “mainstream media” doesn’t like them. People who jabber complete fiction are disliked in that way. Doesn’t mean they’re worth the time.
Glenn Greenwald in particular depresses me. The days of his blockbuster stories feel like distant memories, now he just posts poorly edited (or more likely not edited at all) opinion pieces powered by nothing but rage. I genuinely don’t get why people would pay for it.
> But the advances also had limitations. On a per-deal basis, we could never really do better than break-even. A Substack advance was effectively an interest-free loan that would never be paid back if a publication failed.
> With Substack Pro, we pay a writer an upfront sum to cover their first year on the platform. The idea is that the payment can be more attractive to a writer than a salary, so they don’t have to stay in a job (or take one) that’s less interesting to them than being independent. In return for that financial security, a Pro writer agrees to let Substack keep 85% of the subscription revenue in that first year. After that year, the deal flips, so that the writer no longer gets a minimum guarantee but from then on keeps 90% of the subscription revenue
- https://on.substack.com/p/why-we-pay-writers
Depending on the payment it's possible that a writer could lose money on this, because they would have made more from subscriptions than they did from Substack, but I'm guessing for very big names Substack is paying quite a bit more than they would have made from their first year of subscriptions.
Also, this wasn't public for a while and there's probably more that is still not public.
> We haven’t said anything about Substack Pro in public until now because we have been in a “figuring it out” phase, seeing what resonates with writers and how the deals perform over time.
You are otherwise correct about them not having a “paid gig”. They each built their own large paid subscriber base from which Substack takes a 10% cut. They pay Substack for the service, not the other way around.
I don't like that you are suggesting that the visual look must change. Nothing is wrong with leaving things the way they are.
>They don't have discoverability.
What does this mean? Suggested posts and authors, which are nothing but thinly-veiled ads so you stay in the page? Good that they don't have those.
It's just another Medium, except for some reason the writers there are _even more_ pompous and full of themselves.
--
A response to @JohnONolan here to clear up some serious misunderstandings https://twitter.com/JohnONolan/status/1602330377812643850
First of all, huge respect to the Ghost team. Their open source contributions are valuable, and their approach to theming enables some great-looking things. That said, some important corrections:
Substack is not "powered by Ghost". Rather, we built our own theming API that’s compatible with themes built for Ghost, including those built by third parties.
The Free Press is using a modified Tripoli theme, built by Ahmad Ajmi, under a paid license. This is how this is supposed to work. It's good for the theme developer if we support this – you should check them out here. https://aspirethemes.com/themes/tripoli
This was relatively quick to build for Substack devs, because the structure of Ghost sites matches Substack fairly closely.
With respect to the search library, this is an open source library that we are using in a fully compliant way. John's own screen shot shows that we don't load it "from Ghost’s own CDN", it comes from jsDelivr https://www.jsdelivr.com
This is a standard way to use an open source library. It's pulling from the version that the sodo-search maintainers published to NPM (thank you!).
It is a good point that we should lock a version, so that if they accidentally published a minor version revision with breaking changes it doesn't cause problems for us. We’ve fixed that.
We’re grateful to the developer of the Tripoli theme and to Ghost for its contributors to open source work. We’re exploring ways to give writers more customization on Substack. This is one approach we’re considering but it’s too early to know if we’ll scale it up.
And @JohnONolan, thanks for the note at the end about potential collaboration. In our minds, we’re on the same side of an important battle for a better internet. We’re definitely up to chat.
> John's own screen shot shows that we don't load it "from Ghost’s own CDN", it comes from jsDelivr
That bit was the strangest part of the accusations, this is the Ghost CEO, he should know jsDelivr is not really "their" CDN but a generic asset host.
> "However, directly loading scripts from our CDN on their platform is very bad for security." https://twitter.com/JohnONolan/status/1602330410490396672
jsDelivr is meant exactly for this purpose though, isn't it? For JS files to be reused across different sites so it can be cached easier? Not locking versions is the only real issue here.
CDN caching was never that useful anyway, non-cached jQuery etc downloads fast these days. Publishing libraries on a centralized public CDN, where the same URL is used across different sites is still the primary value prop for jsDelivr regardless.
Over the past year, I've only read high quality Substack posts - and my brain has sort of come to instinctively believe that if I see that specific layout, the post will be high quality. E.g. (not a very nice one) but in general, if I see the Medium layout, my brain almost immediately get turned off, believing the quality of the content to be sub-par.
I think individual theming, as in the case of The Free Press, takes away that immediate notion. I understand that the vast majority of people will not face this issue, but I think I will. I just wanted to know if you think this is an issue, and if it is, what you'll do to 'counter' it. I'd really like to hear your thoughts on this!
Ideally, I would love to have both:
- Writers and creators on Substack are in complete control of the brand and feel of their publication
And:
- All publications look & work well - Readers get the benefit of already understanding some of what this thing is, which makes it easier to subscribe with confidence - We can continue to ship rapid improvements across all of Substack
In practice, there are tradeoffs involved here and we're trying to figure out how to push both sides as far as possible, while maintaining a simple and powerful product.
What you're saying about Substack is what people said about Medium in 2013. Just as Medium didn't go into the toilet overnight, Substack's universal theme isn't going to save it from irrelevance if the content isn't there.
It’s not only the quality point - which I agree with - but the fact that you know it’s Substack means that readers immediately know it’s a newsletter.
Plus it stops you wasting time fiddling with themes too much!
Unfortunately, there is no other method for syntax highlighting on Substack.
Support responded after a few weeks that its on their roadmap, but considering how long its been, I'm not hopeful.
I've always found commercial entities to build superior products that open source projects always end up adopting.
One makes the tools, the other assembles them and sells it.
Must be the focus on profits that helps push companies to build products users want, while the love of the craft pushes developers to make the best foundations.
Shamelessly stealing this line of thinking to use in the future.
And this is also how I separate my work from my hobby. I'm proud of those who can make money from a hobby, but I simply do not try. The motivations are fundamentally different and it changes how much I enjoy my hobby. I wish I learned this in my early 20s. I spent years thinking, "if it can't make money or someone's done it better, it's not worth doing."
Ghost is a non-profit organization that publishes it code as MIT.
You don't structure your company as such because you're wanting to generate a lot of profits nor prevent others from profiting from your work.
It seems like Substack is just embarrassing what Ghost set its charter as: a non-profit that allows others to benefit from its work.
(emphasis mine). Nice Freudian Slip there, buddy :-)
How, exactly, is open source "basic research funded by the public"?
And they didn’t even copy the JavaScript to their own CDN …
As long as they provide appropriate attribution, which apparently¹ they are not so it isn't fine.
> but damn would have been nice to have at least some kind of attribution...
Not just nice, but required. From the licence: “The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.”
Many projects, commercial and other OSS ones, get conformance with MIT and similar licences wrong in this way.
----
[1] Caveat: Going by the Twitter thread. I've not verified this. Maybe they have it somewhere hidden away, so are compliant but minimally so².
[2] Which would be a dick move³, but compliant.
[3] Which I wouldn't put past them as they are using Ghost's CDN to include some of the stuff instead of covering the hosting for that themselves, which is hard to think is accidental. If this is accidental then I'd never trust them from either a code quality PoV or an infrastructure security PoV.
This is literally no different from any reason person using bootstrap on their site in terms of license. Does every site powered by bootstrap have a link or attribution to Twitter?
[knee jerks back]
Though I'm assuming here, as I reply without having yet revisited the full thread, you have checked or otherwise have been furnished with new information, and are right!
Quick everyone, to the research-o-tron!
----
Update: it looks like the library was being drawn in by a 3rd party theme/add-in that isn't included in the main distribution at all. More detail elsewhere in this thread (above, unless voting has for some reason reversed).
That's the problem. The Twitter thread is wrong.
If someone makes a fact claim that doesn't hold up under scrutiny, then consider what effect comments have when they uncritically take those claims at face value. They end up demanding/diverting attention towards what is just noise.
We have enough experience by now that we shouldn't have to relearn where hot takes go wrong, and yet here we are: in the comments on what was a #1 story on HN with dozens of people getting a false impression after swallowing unsubstantiated (and ultimately untrue) alleged facts.
An honour system with no enforcement against bad actors will usually do that.
On the other hand, this seems like what success looks like for an MIT licensed project. A big company using the code to power their product without even having to contact, let alone ask permission of, anyone.
It seems to feel different for end-user applications like Ghost. But it's not actually any different than if they had powered Substack with SQLite or Postgres.
I disagree. It's more comprable to if they used WordPress instead of Ghost. The database is a few layers further down, whereas Ghost is basically 90% of the end product (not sure how much they've adapted, but looks like a lot from John's Tweet)
Substack is positioning themselves to their customers, which are journalists/authors, as a comprehensive alternative to having a normal job working at a newspaper or magazine. That seems to include high-touch customer support, an integrated business model with payments, a mailing list system, a distribution method, etc. It's more of a service than a piece of software.
Ghost actually seems to have jumped on Substack's bandwagon by trying to skew their blog software toward being a direct Substack alternative.
So Ghost seems to have adopted Substack's business model and Substack seems to have adopted some of their blog technology.
Hotlinking Ghost CDN URLs in Substack production HTML.
Yes this is a bad look for Substack. And it puts them - and their users - at Ghost's mercy.
The asset that thefp.com is using is the one that gets loaded from the latter (the one served from the public CDN), and you can see that this was true even at the time that O'Nolan's screenshots were taken. For some reason, he mixed them up; the only evidence that we have of anyone here using the CDN that Ghost is (presumably) paying for is Ghost's own use of it themselves.
It just 2-3 lines in your nginx/apache config file that blocks hot linking, and many people consider this a standard practice to do regardless.
Otherwise, corporations can and will make immense profits from your unpaid work without contributing anything in return.
The goal of FOSS should be to create a new ecosystem that puts users in control, not to provide free labor to private enterprises.
The attribution aspect of it seems intentionally misleading in my view. Are the MSM, who'll be chomping at the bit to attack their competitor, Substack, going to delve into the finer points of software licenses or rather just quote the tweet?
Substack support has been nonexistent for the past 6 months. I've reached out about a handful of broken features and get no response, except in one case months ago where they dismissed it in the weirdest way. Archive search does not work; ex. I have a post about monkeys, it has "monkey" in the title and the body, and when I search "monkey" it doesn't come up in results. The support response said "this is normal, just because a post has a keyword in the title or body doesn't mean it's always included in search results"...what? I asked for clarification and they never replied.
It feels like Substack has strayed from the promise of being focused on writing and email. They added "Save" and "Listen" buttons to the top of emails, which are visually prominent; and those buttons make no sense in an email. They're a trick to take people to the iOS app.
They endlessly promote new features to writers and readers and it all feels like their trying to lock you into something that's harder to migrate out of.
Possibly you're not a writer? They make it possible for writers to earn a decent amount of money (not that I am) and keep their copyright. Can you tell us another platform that does that better?
Since July I've sent emails about 3 issues and the only response I got was the one I mentioned above.
I'm a writer with a few paid subscribers.
The Browser Substack -> Ghost
and seemed quite happy with the move last time I checked.
Completely permissive license but companies pay for support (or custom features).
This thread is really making me rethink the latter.
He's just so confidently wrong in every tweet.
1 & 2: "substack is powered by ghost"
A customer of substack is using a port of an open source ghost theme.
3: some screenshots
Of the substack sourcecode showing that they're loading an open source ghost JS search UI library from the jsdelivr CDN service.
Substack are using an open source front-end lib that the Ghost team open sourced. For other people to use.
4. Screenshots of the substack HTML sourcecode showing the classes are the same as ghost
Because they're using an open source theme ported from ghost...
6 & 7. Substack are loading the open source library from "Ghost’s own CDN"
First I've heard that Ghost have acquired Jsdelivr.
8. "directly loading scripts from our CDN on their platform is very bad for security [...] Any updates or changes we ship could inadvertently brick their whole platform"
I actually do agree that using 3rd party CDNs like Jsdelivr is bad for security (supply chain attacks are a real pain with package managers, using other people's CDNs increase that pain significantly). But... it's not Ghost's CDN & the implication that Ghost could push a release of their open source JS lib to jsdelivr that would brick consumers is pretty sinister.
9. Substack are using MIT without attribution
They're not. Already covered by multiple comments on HN & in the Twitter replies. John just doesn't understand how the MIT license he chose works.
Tbh he doesn't really seem to understand how open source works in general.
---
Note: large companies using open source code and not contributing back is a big problem. It's what Substack are doing and we should talk about it. But that conversation should be informed and fact-based. This thread is ignorance start to finish.
I then listened to a podcast [0] he was on and basically changed my mind on the guy. I still feel he desperately needs to hire a communications director for Ghost but I've softened my view on him as a person.
[0] - https://www.notoverthinking.com/episodes/john-onolan-on-life...
He can't be that bad if he's behind what Ghost have to date presented themselves as. He does seem to have some pretty severe gaps in technical literacy though: which is very excusable if it's not coupled with blind confidence.
A more direct, yes we use some code, oops we will add attribution, thanks again, much appreciated, would have sufficed.
By putting this on Twitter, it immediately gets turned into something that could spawn clickbait headlines and could tarnish the company's reputation long term. Maybe John didn't mean for any of that, but his tweets don't mention the MIT licence initially and seem like they're building up an allegation.
I think Chris responded exactly like a for-profit company's CEO should, pre-emptively countering tech journalist headlines, clearly and concisely describing the situation, and still reaching out for the potential of collaboration.
There is no mention of O'Nolan being rude (although he did make a number of untrue claims, which at least pretty negligent—but that's not a charge that the linked tweets say, either...)
There was no code use, and there was no copyright violation/failure of attribution, so there is no "yes we use some code, oops we will add attribution" called for, nor would it even be logical to do so.
Over the past year, I've only read high quality Substack posts - and my brain has sort of come to instinctively believe that if I see that specific layout, the post will be high quality. E.g. (not a very nice one) but in general, if I see the Medium layout, my brain almost immediately get turned off, believing the quality of the content to be sub-par.
I think individual theming, as in the case of The Free Press, takes away that immediate notion. I understand that the vast majority of people will not face this issue, but I think I will. I just wanted to know if you think this is an issue, and if it is, what you'll do to 'counter' it. I'd really like to hear your thoughts on this!
Substack is not "powered by Ghost". Rather, we built our own theming API that’s compatible with themes built for Ghost, including those built by third parties.
The Free Press is using a modified Tripoli theme, built by Ahmad Ajmi, under a paid license. This is how this is supposed to work. It's good for the theme developer if we support this – you should check them out here.
Hopefully Substack do the right thing here and correct those two problems openly. It would only be a good thing for blogging/publishing if they actually contributed back as well.
AFAIK there's no formal mechanism for bidding on naming rights, but Twitter could easily set up an auction platform, take a small cut off the top, and do quite nicely.
They may not do anything about it, though, if @substack is being used. Logging into Twitter is enough to keep the account active. I don't know if that is changing with the new owner. I know that Musk said they will be making names for inactive accounts available soon.
Or, to take a page from 'Radical Markets', twitter accounts could be associated with a reservation price (a price at which a person would definitely sell), and 'taxed' (re: charged) a proportion of that reservation price. I believe it was Patio11 who observed that his upper limit on willingness to pay for twitter would be very high. Right now, Twitter doesn't capture any of that.
That might only work for bluecheck accounts, not sure. I don't want to lose my random 10 follower account for $100, but neither do I want to pay to be a lurker
If one brand becomes large then the other one's can just have context added like appending "Norton" to Ghost. Or just say "Ghost blog service".
https://mobile.twitter.com/cjgbest/status/160237030788431872...
Seems like this is a bit of a clickbait. The theme is made by the substack user, substack is only using a single library from ghost to show search, and the cdn in question is jsdeliver which isn't ghost's cdn, it is basically a cdn for any open source javascript.
https://www.indiehackers.com/podcast/139-john-onolan-of-ghos...
Notably, the first line is "For license information please see sodo-search.min.js.LICENSE.txt". But if you go to that file [2], it's not the license _for this file_; it's the licenses _for the OSS code it includes_. I suspect that Substack thought that link pointed to the actual license; I did too before I started writing this comment. Possibly that confusion has lead to some talking past each other.
The actual license is at [3], which is obvious if you know how npm packages work, and probably not obvious otherwise. I don't see a link to that file anywhere.
[1] https://cdn.jsdelivr.net/npm/@tryghost/sodo-search@1.1/umd/s...
[2] https://cdn.jsdelivr.net/npm/@tryghost/sodo-search@1.1/umd/s...
[3] https://cdn.jsdelivr.net/npm/@tryghost/sodo-search@1.1/LICEN...
https://opensource.stackexchange.com/questions/11467/can-i-u...
Good job!