A Microsoft director who ran a portfolio of product teams reached out to ask about a "collaboration". I said I'd be happy to send them my consulting agreement. There was a little grumbling about the rate but I just reiterated that it was my rate. After a lot of legal back and forth, they signed, I answered a bunch of questions for them in a 2-day workshop, and they paid.
If they want you badly enough, they'll pay. Don't work for free.
Do not work for free. Large companies have a shit ton of money. All you need to do is provide an economical argument in the form of your rate (which should take into account their expenses for having an employee / team work on it instead, hint: 2 x total compensation). Getting paid is just a matter of the guy who reached out to you to talk to his skip manager to get a verbal 'ok', and then the accounting department takes care of it. They're not going to pass on you just because you asked to be paid for your time - a business is used to paying for services. If they do pass on you without even negotiating your rate, then they were definitely not serious and nothing good would have come out of it for you.
Source: dev working at FAANG with 3rd party companies.
If the answer to the first question is "No" then you'll be very cheap compared to the second answer no matter how much you cost.
I usually came back with enough notes to save me at least a couple of weeks of work. If you know how to listen, talking to an SME can save you a ton of time.
And from what I understand Microsoft is good at planning interviews to sound like they’re extemporaneous while they’ve actually worked out ahead of time what questions they need to ask you to get what they want.
It was a sales call with a 2-person tech company building some tools in the cloud native space. They were super eager, walking through the product. My manager put the phone on mute and asked "So what are we trying to do here" to the other directors. They replied "We just want to kick the tires to figure out how they built it, we're not going to buy". They let these guys pitch for 20 minutes, periodically asking questions and then muting to mock them. My manager nudged me to ask something, since I ran a similar initiative internally. I asked how they would handle a gnarly case we had and they didn't have a solution yet, but could come up with one (super eager, wanted the deal).
At the end of the call, Gus un-muted the phone and said "This looks great but I'm having a hard time following the demo. Can you fly out and show us in person?". The sellers paused and then started asking when the other was free etc, one was going on vacation but could "make it work" to come out the next week. Gus replied "Great, see you next week".
I left that meeting realizing they were all psychopaths. Notably, Gus had the charism of Gus Fring from Breaking Bad.
Note - maybe they don't pay you the developer sometimes, however.
I may encounter this situation some day. Could you share how you structured your fees (and give the hourly rate you charged them :P) ?
Would you be willing to share what your rate was? I think it'd be useful for other FOSS maintainers to get a better understanding of their worth.
We appreciate your leadership and collaboration on Spegel and see your project solving a real challenge for the cloud native community. I wanted to thank you for your blog post https://philiplaine.com/posts/getting-forked-by-microsoft/, let you know what we’re doing, and address a few points.
We’ve just raised a pull request https://github.com/Azure/peerd/pull/110 amending the license headers in the source files. We absolutely should have done better here: our company policy is to maintain copyright headers in files – we have added headers to the files to attribute your work.
I also wanted to share why we felt making a new project was the appropriate path: the primary reason peerd was created was to add artifact streaming support. When you spoke with our engineers about implementing artifact streaming you said it was probably out of scope for Spegel at that time, which made sense. We made sure to acknowledge the work in Spegel and that it was used as a source of inspiration for peerd which you noted in your blog but we failed to give you the attribution you, that was a mistake and I’m sorry. We hear you loud and clear and are going to make sure we improve our processes to help us be better stewards in the open-source community.
Thanks again for bringing this to our attention. We will improve the way we work and collaborate in open source and are always open to feedback.
I wonder how many other projects are not attributed correctly. Are you checking up on them also or just waiting for the next HN post?
That said, the author of Spegel should have used another license if he wanted more “recognition” or the like.
In other words: there exists some responsible person at Microsoft who violated the copyright (yes, removing the attribution is also a copyright violation!) for Microsoft.
In consideration how Microsoft has been treating copyyright violators for decades, if Microsoft does not give this responsible person the same crual treatment, it should be considered an honest, clear, implicit official statement from Microsoft's side that they are perfectly fine if hackers violate all of Microsoft's copyright. In other words: it means that all of Microsoft's software now (spiritually!) will become public domain.
Also, if Microsot does not make make this responsible person pay the caused damage from their own pocket to the original author of Spegel with the same monatery magnitude as if Microsoft would sue other entities for a violation of copyyright of Microsoft's software, the same statement applies.
Microsoft is a large, wealthy corporation has a big target painted on its back, and, consequently, CELA (corporate, external, and legal affairs) are, for good reason, a very strong force inside Microsoft. You can't just grab some code from someplace at Microsoft. Your PM has to run it past your division's CELA rep, look at the terms, assess exposure, etc. Did that happen?
If not, that's a big hole and you should probably beg forgiveness from them as you ask for an audit of every other piece of code you've picked up.
If it didn't happen, well, I suspect someone in your group just became the new Nelson, the hapless developer, in Microsoft's Standards of Business Conduct videos. You really don't want to be Nelson.
It seems like it would have been a much better strategy to add artifact streaming, submit a pull request and then if the maintainer isn't interested in adding it, proceeding with a fork.
"Probably out of scope" sounds like "I dont have time to implement a feature of that scope"
I would love to know what processes MS is considering to prevent this in the future as well as what kind of auditing might be done to look at other projects that started as forks.
You are Microsoft. You can do better.
oh, corporate wording. so you do not really care :D
It seems an option to not take free labour to build a commercial cloud largely as a wrapper of open-source, and maybe find other ways to support the creators.
If one person's labour is that valuable to a company, maybe it will help someone realize that supporting such individuals monetarily might help create the next thing with time that they can't get to today.
We could even crowdfund the lawsuit, I am sure he will win.
More likely, this is a way for someone to get ahead in their career at Microsoft by passing off a successful open source project as their own accomplishment. They can steal users from the original project and justify using Microsoft's resources to maintain it, which puts more resources under their control, and gives them something to talk about during performance reviews.
The open source community should have a way to enforce professional consequences on individuals in situations like this. They are motivated by professional gains after all. That's the only way this will stop happening. Professional consequences does not mean doxxing or other personal attacks, it means losing career opportunities, losing contributor privileges, and becoming known as untrustworthy. These consequences have to be greater than the expected gain from passing a project off as your own at work.
I wonder if a new kind of license could be created which includes projects in some kind of portfolio and violating the license means losing access to the entire portfolio. Similar to how the tech companies added patents to a shared portfolio and patent treachery meant losing access to the portfolio.
It is ultimately the responsibility of the company and its people to create a system where things like this are discouraged or prohibited. Not doing so is tacit approval, especially in this case where they have a significant history of doing the same thing.
It's a space to keep watching.
No, it was a whole team at MSFT: https://news.ycombinator.com/item?id=43755745
Whilst there are always bad apples in a big company, a good company stamps out bad behaviour as soon as it becomes aware of it.
This is the nature of OSS. Out right theft in hopes you will never know until it’s too late.
Very rarely do large corporations contribute their fair share back to any project.
Does this make me money and/or solve a problem quickly? Fork it and it’s mine.
Until we stop giving money to large corporations that profit off the free work of others, then it will never stop.
And it won’t because we like low cost solutions that work.
Failing to abide by the MIT license is copyright infringement. My advice is to contact these guys: https://softwarefreedom.org/ They likely can file a cease and desist on your behalf.
However, I took a closer look at the files in question. The MIT license requires that they retain and provide copyright notices, but you never put copyright notices in your files. The only place where you appear to have placed a copyright notice is in the LICENSE file:
https://github.com/spegel-org/spegel/commit/23ed0d60f66dd292...
Things become interesting when I look at their LICENSE file. They appear to have tried to relicense this to Apache 2.0 before backpedaling and reinstating the MIT license:
https://github.com/Azure/peerd/commit/473a26c808907f2d9f7b7f...
Unless they forked from a very early version of the project that did not even have the LICENSE file, they removed the sole copyright notice you had in the repository. That brings us back to my original thoughts, which is that they have committed copyright infringement, and you should contact OSS friendly lawyers about it.
I am not a lawyer, but I do contribute to various OSS projects and all of the ones to which I have ever contributed have copyright notice headers at the top of every file to ensure proper attribution is maintained no matter where that code is used. Beyond having that sole missing copyright notice reinstated, I am not sure what else you could expect since none of your files have proper copyright headers in them. The SFLC guys would be in a better position to advise you, as they are actual lawyers.
That said, if Microsoft had forked before the LICENSE was added or stated somewhere, they were reusing all-rights-reserved code, which is definitely copyright infringement. Again, I am not a lawyer.
I thought having a LICENSE file in the project's root directory was sufficient. Is it not the case?
That said, file level copyright notices are not perfect (since only the VCS shows who added what lines and that might not be preserved), but it is better than nothing and it is something that is guaranteed to persist as long as people are abiding by licenses. If they are not, that is copyright infringement and the copyright holder can do things like send cease and desist notices in response to the copyright notices being removed.
Also, I must emphasize that I am not a lawyer, but one might argue that it was not willful infringement if someone removed a copyright notice from 1 file by claiming it had been a mistake. However, if they remove it from all files, then nobody is going to believe it was not willful.
Technically if there's no license found then it should be considered automatically copyrighted, with no permissions to copy. So leaving copyright license out actually makes it less open source.
Obviously Microsoft is still committing copyright infringement and in the wrong here. However, if the author had copyright notices in each file and then Microsoft stripped them out or changed the copyright information, it would make it harder for them to brush it off with "oops, we forgot to commit the correct LICENSE file" like I'm sure they'll do here.
I’ve contributed to plenty of project that don’t have the per-file copyrights. It’s a choice not a mistake.
You are right, provided he did not have a notice saying it was MIT licensed elsewhere.
> I’ve contributed to plenty of project that don’t have the per-file copyrights. It’s a choice not a mistake.
I would consider it to be both a choice and a mistake. The two are not mutually exclusive. There is no evidence in the fork that he is the copyright holder of the original code and it looks like Microsoft is. Part of that is Microsoft’s fault, but part of that is the original author’s fault for not including per file copyright notices, such that Microsoft could add theirs and be the sole one listed in every file.
I would not be surprised if Microsoft’s legal department doing a scan of public repositories for stolen code mistook him for infringing on “their code” given that they have no information that he authored it rather than their employee. It sounds absurd, but it has happened. I know for a fact the sg3 utils author added copyright notices to his code examples because he was getting contacted by companies, whose engineers incorporated his code into their projects without attribution, that thought he had stolen their code:
https://github.com/doug-gilbert/sg3_utils
I know that because he told me by email in 2013.
Does it matter what license you use if they actively ignore the terms in the license you did chose? MIT requires attribution, but they didn't. Why would any other terms be different? You surely could have put "You must license your project the same as the one you forked from" and they still would have ignored it, not sure what the difference would have been.
What remains after full compliance with the MIT license choince will be the bulk of the complaints in the article.
If they're breaking the license, go talk to a lawyer. You might start by approaching the SFLC [1] (although I haven't heard much from them recently).
I'm confused how you and others reach this conclusion. No, it doesn't.
The MIT license is one of the shortest free license that exists:
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
https://en.m.wikipedia.org/wiki/MIT_License
No where does that require attribution. It has basically one condition: perpetuate the license.
Maybe the author didn't actually use an MIT license, despite claiming to? But as far as the MIT license is concerned, as long as the other party provides the same license for the fork, that's all that's needed.
No, they would have found something else that wasn't a pain to steal.
GPL/AGPL would prevented this somehow, requiring proper attribution via mandatory source code release, and allowing to track project origins. This would make it harder to label it as a "a Microsoft Product from Ground Up", and prevent Sherlocking the original application to a greater degree.
As a result, this would probably forced Microsoft to develop a new one from scratch, because they're allergic to GPL, because if they have breached GPL, they would be forced to comply, since GPL is court tested already.
So, write Free Software. Not Open Source. Esp. for your personal projects.
Which GPL is that? The GPL 2 and 3 are incompatible with each other, making cross contribution between different FOSS projects practically impossible. The "v2 or later" licensing model does nothing to remedy the problem. See Rob Landley's talk on this topic.
The problem this addresses is not that Microsoft forked this project. The problem is that when a corporation like Microsoft does this, they harm our community[0]. Open source thrives because a bunch of individuals and groups collaborate.
Microsoft, is built around the concept of profit for stock owners at any cost. They may collaborate as long as their interest in profit is served, but otherwise, it is back to "Embrace, Extend, Extinguish" [1].
This lack of community ethic is endemic in corporations. It is also an existential threat to our community. Profit at any cost is not collaboration. It is predatory.
And yes, I know, corpies and other greedist will vote this down, blah, blah, blah.
[0] https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor...
[1] https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...
[edit clarity]
You are going exactly against the OSS philosophy. OSS shouldn't restrict the use of software just because you don't like it. It was created to fight exactly this. This is also why source available BS (like BSL) is against OSS. OSS is literally about being about hacking and changing software to suit your needs. It was never about the money part. You should create your software as proprietary if you are SO bothered with OSS. And you can always donate and contribute back to the OSS software you use. I don't think butchering OSS philosophy is the way.
The problem here is license illiteracy. Even I who for a while used to think I understood a lot about OSS license just had a doubt now:
When you fork, do you retain the copyright part? Copyright (c) 2024 The Spegel Authors
That is what we need to fix.
So screw this corporate "OSS philosophy", and stop telling people what they "should" do. Those licenses exist and people can use them and this is what happens. We can and should also make different licenses which protect our interests as developers and we don't need corporate shills invoking some philosophical argument to discourage us.
That seems to be the point being debated now. When a megacorp forks an OSS project and cuts out the author, how does that encourage developers? How does that encourage OSS?
And for that matter, perhaps less ideological but practical, how does that encourage small startups who want to be as open as possible while wanting to be able to scratch out a living working on something they care about?
You suggest staying closed source, rather than tweaking an open-source license to limit corporate forks, for the purpose of protecting OSS philosophy. It strikes me as odd.
> You are going exactly against the OSS philosophy.
GPL is almost that: community, because if you want to use it in a commercial product you have to make sources available, not to the community but to those who ask for it.
I'm of the opinion that open source is a business tool, and one should use a license that helps one achieve business goals. Those goals can be very personal and about career advancement, or they can be those of a trillion dollar corporation. TFA might benefit from using GPL if they are upset at what MSFT did, or they might work with MSFT to have their work integrated into the original to end the fork, or...
I think community source should be accessible and usable outside the community. A community license should have a provision for paid use by corporations. If Microsoft wants to use it that is fine - if they pay.
But if Microsoft wants to fork things, to me that is predatory. If I can't fork windows, why should they be able to fork community software? If they argue that people should pay for their products, it just seems fair to me that they should not get community products for free.
I guess the concept is playing by the same rules?
What is this "our community"? My releasing something under the MIT license doesn't mean I'm part of whatever community you're invoking. It means I'm releasing something with an MIT license. That's it.
I certainly don't want to give companies like MS a "pause" before they decide to fork my project. I'm explicitly telling them they can do that. I absolutely do not want them to be hampered by notions of "What will this action look like?"
Don't impose your values on other people's use of my software.
See "6. No Discrimination Against Fields of Endeavor" in The Open Source Definition https://opensource.org/osd
It exists: https://creativecommons.org/licenses/by-nc-sa/4.0/
> It exists: https://creativecommons.org/licenses/by-nc-sa/4.0/
CC-NC-SA violates the open source definition.
I am unclear of where the boundaries could and should be, but in essence we want money to flow into community source projects. Corporations and commercial entities can and should pay a fair amount. If they don't want to pay, they should not be able to profit from the work of the community.
I think this is what a lot of people would use if it were more known about. I feel like a lot of people do not actually read what a license provides and just default to MIT because it is widely used.
If you want a corporation to avoid it like the plague, just make it GPLv3. If you really want to screw them, go with AGPLv3. This way you keep a true open source license, but don't have to worry about corporate control.
Free Software (like GPL) has the philosophy that you can USE the software for any reason. The rights are for the USER. The responsibility kicks in when you redistribute the software. It ensures that you preserve the same freedoms you received when you pass it on.
But if you restrict USING the software, it's not free software anymore.
Microsoft is currently violating the license, and the author's recourse is this HN post.
Highlight the part of the essay where he is claiming MS didn't have a right to do what they did.
The point of the article was that MS showed interest in his work, asked him about his designs. Said nothing about internal plans to fork it or use it. Then he shows up to a talk and sees them discussing his work.
Reading between the lines, it is 100% clear they didn't feel like telling him they planned to fork his software, and they danced around it. They didn't reach out to him afterward and say "thanks, we are building a fork and your free time was really useful".
The essay isn't claiming a legal issue. It's pointing out a substantial, practical issue with OSS that didn't exist nearly as prominently in the pre-cloud era: megacorps forking software and cutting out the OG developers.
It just so happens that the Microsoft engineer who originally changed the license in GitHub went from Senior to Principal engineer at Microsoft in the past two months (according to LinkedIn). So you probably aren't far off.
There is definitely a type of person who cheats, lies, throws people/teams under the bus, breaks the rules, and cuts corners to get ahead. The ones who are able to not get caught are rewarded.
This is not only a software phenomenon, but almost all aspects of life.
https://github.com/Azure/peerd/commit/473a26c808907f2d9f7b7f...
Unless they forked a very early version that did not even have the LICENSE file, such that they never removed the original notice, this looks like copyright infringement to me. That said, I am not a lawyer.
What does "chore" mean in this context? Is the license just leftover from some MS open source template? If so there is perhaps some leeway, and the author maybe just didn't realize he needed to use the original MIT license file including the notices and not just a template one grabbed from the internet.
Any other explanation for such a "relicensing" would be extremely worrisome.
https://vadosware.io/post/the-future-of-free-and-open-source...
What would be the goal of a license between AGPL and SSPL on the spectrum? Seems like such a license would at the very least be non-free? (which is perfectly ok)
I think in this situation it might have convinced Microsoft to contribute rather than fork... But then again, it's Microsoft. Also, they're well under their right to fork and keep the changes as long as the license stays the same, etc.
I think another important point might be that "free software" aims to protect the users of free software, not necessarily the profit-maximizing (I mean to use that phrase neutrally) ability of software developers.
I also don't understand the cloud hosting argument, when we had a great whole era of Apache/PHP/MySQL stack based on exactly this idea of commercial hosting.
Seems it isn't the first time Microsoft leads open source maintainers on, trying to extract information about their projects so they can re-implement it themselves while also breaking the licenses that the authors use. Not sure how people fell so hard for "Microsoft <3 Open Source" but it's never been true, and seems it still isn't, just like "Security is the #1 priority" also never been true for them.
Here is the previous time I can remember that they did something similar:
- https://news.ycombinator.com/item?id=23331287 - The Day AppGet Died (keivan.io) 1930 points | May 27, 2020 | 550 comments
The best advice for open source maintainers who are being approached by large tech companies is to be very wary, and let them contribute/engage like everyone else if they're interested, instead of setting up private meetings and eventually get "forked-but-not-really" without attribution.
On my end if was a mix of naivete and flattery which made me want to take the meeting. I suspect it is the same case for others. I will not make the same mistake the next time it happens.
I’m assuming the complaint is more about Microsoft duplicity in asking for information as opposed to the forking of the code. The latter is fine - the license explicitly allows it.
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
Microsoft didn't follow these terms. They copied "substantial portions of the Software" and didn't include the notice.
Drop them a consultation fee in the thousands per hour, get something out of it at least. If they're going to reimplement your project, there's absolutely 0 you can do, they will just hire an intern and tell them the requirements for what you have built without having to meet you, ask them for expenses out of your day covered.
It's as if we've learned nothing about exploitative corporation behavior for the last 20-30 years even though it's in the news EVERY other day.
And here we are …
> Gates: ( fiendish laughter )
Can’t they just read the source themselves? Why do they need the maintainer?
Both myself and my other half have separately been directly on the receiving end of the "brain rape" by major companies that everyone here will have heard of, both of which went nowhere except for the supposedly interested acquirer to become ever more angry that the crown jewels were simply not offered up on a plate.
This situation is surprising in that he did get an acknowledgement at all. These companies are not good actors, and have a casual disregard for the IP of everyone else that should be immediately obvious.
Open source license is there for reasons, he can sue them if they did it wrong.
I think it's important to highlight that the "Microsoft <3 Linux" narrative deserves some scrutiny too: (https://old.reddit.com/r/linux/comments/lbp1m8/for_anyone_th...)
Edit: apparently Google did not use the author's codebase, instead using an Apache 2.0 licensed codebase [1] explained here [2].
[1]: https://github.com/kubernetes-sigs/gcp-filestore-csi-driver
Because all these actions will get associated with .NET teams even if the latter go to great lengths to collaborate with community and ensure that new feature work does not step onto the toes of existing popular community libraries (for example Swashbuckle or eventing/messaging framework that was postponed/cancelled not to interrupt the work of other libraries including MassTransit, which is a bit ironic as MassTransit went full commercial later).
https://www.youtube.com/watch?v=_STfy0QQjJY
Also, many large orgs are known to do this.
Billion dollar companies are not hanging out with you to be your friend, even if you're at the table for a reason (you belong there because you know something they don't).
When speaking with big companies, you are not there to impress them.
Speak for impact + meaning, they are so big and brilliant and rich and should already know how.
There are examples where a large corporation simply sponsored the developer and development of an open source project. This should be the way.
Give them a (somewhat) open source IDE and they start believing you are friend of open source in general.
Contributing to someone else's open source project is for schmucks and juniors. Authoring a "new" open source project in the company's name, getting recognition and solving problems is seen as "leading the industry" and whatever other wankery sophistry they come up with to try to motivate employees with.
Both projects also share in license, so I have less of an issue with it personally. They're both MIT licensed.
I agree with you 100% but I'm guessing getting approached by Microsoft can be pretty ego boosting, which is what these companies exploit.
https://zedshaw.com/blog/2022-02-05-the-beggar-barons/
> No, this begging is particularly different because it capitalizes on the good will of open source developers.
> Microsoft, Apple, and Google are standing on the internet in their trillion dollar business suits with a sign that reads "Starving and homeless. Any free labor will help."
> They aren't holding people up at gun point. Rather they hold out their Rolex encrusted hand and beg, plead, and shame open source developers until they get free labor.
> Once they get this free labor they rarely give credit.
> They're ungrateful beggars that take their donated work hours, jump in their Teslas, and ride off to make more trillions proclaiming, "Haha! That open source idiot just gave me 10 hours of free labor. What a loser."
It's like negotiating with the mafia, you might get something out of it but if you cross the line you'll end up face down in a ditch and authorities will look the other way. Megacorps have stolen, copied, reverse engineered, replicated, etc. things since forever and it always worked out for them.
In this case MS didn't need any help. They could very well take everything and face no real repercussions (this is the reality when the majority is uneducated, and their elected representatives are greedy and spineless). So playing along gives some chance to get something positive out of it.
Normal people aren't constantly engaging in a fight for survival in every aspect of their lives, and I don't think it's a good thing to ask them to. We should expect the people we deal with to be acting in good faith. I think it would be bad actually if I had to consider if you're going to make money off of my idea when talking to you.
Asking everybody to be constantly vigilant of possible exploitation by megacorps puts an undue burden on individuals. We should have strong and durable protections against those megacorps in other ways.
What I'm saying is that this sort of copying should be criminal (not just illegal, but criminal) and Microsoft, the legal entity, should be held accountable and fined. I acknowledge that this isn't currently possible with our legal framework, but we should work to make it possible.
And this is done by the owners of Github. Throw away open source licenses, create your own, make anyone who forks your code perpetually pay for your work, or ask money for your work.
"Luckily, I persisted. Spegel still continues strong with over 1.7k stars and 14.4 million pulls"
Yeah, your time is your most precious resource and what you get in return? Recognition? virtual stars, pulls, essentially numbers, essentially nothing. And then you get robbed.
WAKE THE FUCK UP PEOPLE.
https://www.latimes.com/archives/la-xpm-1994-02-24-fi-26671-...
They've engaged many naive people/companies, milked them of their knowledge after signing NDAs, and then stabbed them in the back, stealing eveything.
They're big enough, and have unlimited legal resources to vigorously defend any legal challenge, and also to launch legal attacks at will.
After the DOJ anti-trust case, they preemptively put every major law firm on retainer, so nobody else could retain them in an effort vs. Microsoft, without creating a conflict of interest.
They are still evil, but less so after Gates and Ballmer.
If Matt Groening thinks you’re a gaggle of assholes you’re probably even worse.
i disagree with that. factual? sure, but unbiased? why? it's your project, and you have every right to be biased towards it. on the contrary, i expect you to, and i actually believe that not being biased towards your own project is very difficult so that i don't expect many people to be able to not be biased.
How can you not be biased? You built something. You want people to use it (assumption).
> fix: amend copyright attributions #110 > > This commit amends copyright attributions that were omitted due to an oversight on part of the Peerd authors. Copyright header attributions in a few files have been updated to include "2023 Xenit AB and 2024 The Spegel Authors". The attribution in the LICENSE file has also been updated to reflect the same.
It's not a new practice, and it's not exclusive to Microsoft either, it's something every developer should be acutely aware of, in case they're interested in avoiding it.
I’m still salty about teaching someone something they didn’t know about caching in an interview and not making it to another round of interviews after that. If it was a huge company I’d be furious.
I analyzed the 2 repositories for copy/pasted lines using PMD's CPD (copy/paste detector) - using the first commit of peerd and one from spegel that was from around the same time.
There are some clear duplications, e.g. 178 lines here: https://github.com/Azure/peerd/blob/64b8928943ddd73691d0b5d8... correspond to this: https://github.com/spegel-org/spegel/blob/ed21d4da925b9a179c...
Also 44 lines here: https://github.com/spegel-org/spegel/blob/ed21d4da925b9a179c... and https://github.com/Azure/peerd/blob/64b8928943ddd73691d0b5d8... but the full files are almost identical, only a few edits that break the complete equality.
Also https://github.com/spegel-org/spegel/blob/ed21d4da925b9a179c... matches https://github.com/Azure/peerd/blob/64b8928943ddd73691d0b5d8...
I haven't looked deep enough to see how much of the differences are obfuscation and how much are meaningful changes. File names are all changed, many structs and variable names as well.
See this gist for full list of duplications: https://gist.github.com/corneliusroemer/c58cf0faf957d9001b58...
Here it is:
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
What's good about being "permissive"?
I keep hearing this argument, but I still don't understand, what's the incentive for authors of one-man projects to choose anything "permissive".
Do you enjoy your project getting forked, walled off and exploited for profit by someone who has never done you any good?
AGPLv3 still allows forking, still allows making profit (if your business model is sane). But it is at least backed by some prominent figures and organizations, and there are precedents where companies were forced to comply.
What I’ll never understand is people who release their project with a permissive license and then get upset when a big company distributes their own version of the project in accordance with the license. If you don’t want that sort of appropriation then you need to pick a license that doesn’t allow it.
Copyright (c) 2024 The Spegel Authors
> The above copyright notice [...] shall be included in all copies or substantial portions of the Software.
Hell no. If they want to profit off my work, pay me. This is something I'm doing for fun, on my own terms. It’s Free for anyone to use as they want, so long as they keep it Free, too.
Big companies have resources to mimic it anyway, right? If they really want some tech, they can reproduce it.
Having a good idea flourish, whether it is in Microsoft's hands, manifested within Clojure, or in any other fruitful form, is good enough.
There is no license for a raw idea anyway. For the essence of it. Seeing it used means success, it means "you were right".
The secret counsel of idea honor keepers will eventually figure it out and make some kind of repairs.
Since the terms of the license were violated, there's not much to learn about which license was chosen. The only lesson to learn is that big tech will steal everything that isn't nailed to the ground, and then some.
The incentive is generally that people enjoy having their projects used, be that by commercial companies or otherwise.
That's the point!
GPL family of licenses would've made a difference in this aspect for libraries (because afair if you link to GPL code, you must be GPL). But for an app? You can use it, fork it, modify it... Just make sure you make your changes available under the same license. Seems very fair to me.
My JS canvas library is licensed using MIT. From my personal perspective, I wouldn't have any problem with some $MegaCorp coming along and forking it, and even claiming it as their own creation. But ... why? Because one of the main drivers for my development of the library over the past few years is to proof-of-concept the idea that 2D Canvas API based infographics and interactives can be made - with the help of a JS library - performant, responsive and (most importantly!) as accessible to every end user as reasonably possible. My ideal outcome would be to embarrass other JS canvas library maintainers into taking canvas responsiveness and accessibility seriously. If that needs a $MegaCorp to come along and fork the library to bring my dream closer to reality then I ain't gonna stand in their way!
Of course I'd still continue to develop my version of the library - it's become my passion and obsession and there's always improvements to be made, new ideas to be explored.
Very likely, you'll end up with a $MegaCorp-backed competitor driven by goals very different from yours.
> Does it matter what license you use if they actively ignore the terms in the license you did chose? MIT requires attribution, but they didn't. Why would any other terms be different? You surely could have put "You must license your project the same as the one you forked from" and they still would have ignored it, not sure what the difference would have been.
By far the biggest risk for most projects is "nobody notices it and nobody uses it".
And if someone "takes" your project and uses it - you've usually still got it. Software is funny like that.
At least I can't recall any such cases.
Do you have any examples?
it is good if you do not plan to go for violators anyway
I made some photos and published them on Wikimedia Commons (say, of random bicycle infrastructure).
I am fine with people using them without attribution, I expect that their use overall furthers my goals rather than damages it and if I would release it on CC-BY-SA 4.0 or similar I would not go to court over missing attribution.
Therefore I selected CC0, no reason to make things more complicated only to people following license.
I selected AGPL/GPL for some software where I would be happy to burn pile of money in case of license violation, up to and including litigating it in court for 10 years.
I mean, consider an alternate timeline. It's clear MS had their own, strong vision for the project, that overlapped with but wasn't identical to his. Is it actually that much more considerate to show up with two dozen new developers suddenly flooding a single-maintainer project with pull requests, some of which completely restructure the code and re-orient it towards a new vision that the original maintainer might not want?
Either the maintainer is now doing loads of unpaid labor for MS, and is the bottleneck; or he ends up having to step back and let the new MS developers bulldoze the project and take it over anyway.
What would have been a better approach?
i.e. they could have emailed the author to ask:
1. "Would you rather us fork your project (new name), or would you rather donate your project to us under its original name, as well as give us the ability to rename it (which we will)"
2. "Would you like a $300 microsoft store gift card as thanks for writing some code we're planning to use?"
3. "Would you be open to providing a paid ($600 microsoft gift card) 1-hour consulting meeting to ramp our engineers up on your codebase? We won't actually listen since our engineers can in fact read, but we'll pay you"
4. "Also, just in case you don't know who microsoft is, we do have a careers page over here, and our team doesn't have headcount but other teams do <link>"
It sounds like microsoft didn't do any of that, which as you say is well within their right, but emailing to ask is polite.
They want widespread usage of their project, but always decry not like that when Amazon or Microsoft is responsible for the usage.
Maintainers often pick permissive licenses specifically because they want companies to use the code. They want their project to grow and be adopted, and they reason that GPL would stifle adoption.
I don't really like the tactic of making your code as convenient as possible for anyone to grab off the shelf when they want to use it, and then later turning around and saying they should pay you. Why not do the payment part up front (by GPL-licensing the code and then selling dual licenses to interested companies)? Because then you wouldn't have any takers. Better to wait until people have integrated it into their systems before informing them that they ought to pay you.
That said, I fully support larger projects being GPL, which I think is a more reasonable license for projects that involve dozens or hundreds of contributors and are depended on by millions around the world. But the role of the MIT and Apache style licenses has always felt a little more confusing.
Obviously, a more permissive license is going to let people do whatever they want with "your" code, as it doesn't really belong to you anymore. If you want tight control then it's a bad choice, but a more permissive license is almost always going to mean your project is more widely used, for better or worse.
The more limitations added on a license, the less open it is.
It's unintuitive, but permissive licenses are not the best way to acheive this. GPL's "limitations" are designed to maintain the right and abilty to remix code for the end user. So if say Microsoft forks your library and its fork becomes more popular, they can't make it proprietary after capturing the market and effectively stop people from remixing what you made.
I'm fine with people using my code, not fine with companies profiteering off my work. If you want to use it commercially, pay for it.
For me personally, because I believe in freedom and permissive licenses grant more freedom than others do. I don't really care for licenses which attach unnecessary strings to what recipients can and cannot do with the software.
During ZIRP-boom-times, having a successful popular open source project could be a ticket to kudos and a high paying job and a certain level of responsibility and satisfaction. BigCos spread the money around, and your job as a SWE ended up being gluing together a bunch of these open source pieces to solve corporate problems. And on the whole people felt like their corporate jobs were giving a fair deal, and a decent dividend for the open source work they were doing.
In that context why would you pick a license that your generous employer couldn't use?
The GPL and the free software movement is borne out of an earlier era, GenX and younger boomers who lived through seeing their hard work exploited and stolen from them. Or corporate entities that cut budgets, laid people off en masse, exploded in stock market crisis, etc and suddenly the good will was lost.
I think we'll see a bit of a resurgence in the GPL, as some people try to protect the work they've done.
(I do thnk the personality of Stallman himself has become a bit of a problem to be associated with)
On one hand we have a guy, who just pointed out that the age of consent is a culture-dependent concept. On the other we have a guy who literally visited Epstein's island to fuck minors (as defined by his country of residence).
One is now considered "a bit of a problem". The other is a beloved public figure.
There may be something to that, but speaking as a GenX'er myself, I release most of my OSS code using the Apache License. I really don't care if anybody - from a single student in a 3rd world country, to a Fortune 50 megacorp - uses the code, so long as they abide by the license.
I'm not going to say there's NO circumstance where that might ever change. But to date, that's been my approach and I don't particularly see it ever changing.
If you can't use a library because it's GPLv3, then the company would need to invest some time and money into reimplementing the features they want. Guess who gets more paid work?
Maybe I should reconsider, but I never thought anyone would remove an MIT license. That sounds like plagiarism (though they did put a thank you in their repo)
I would love a license that says if your company has a physical presence in 10+ countries, one of its executive owns a yacht, or even is publicly listed, you need to purchase a license from the owners. (As a bonus, if the company is primarily selling subscriptions, the license should be in subscription form in return). Free (GPL/MIT/whatever) for everyone else.
Even such a crude stupid license would be an improvement over today for many. Most importantly I think a large amount of code is already closed today, because of the risks. This results in worse technical solutions, eg SaaS instead of libs & docker images that are easy to fix yourself. I don’t understand the fear mongering about licenses that Amazon and Microsoft don’t like. At the absolute minimum, contribute the changes back.
This strain of rent-seeking behavior by some that open source their code but then believe they are entitled to compensation or forced contributions if the wrong people use it per license is distasteful and a bad look. It highlights the extent to which for many people the motivations behind their “open source” are not actually, you know, open source. For many, open source is about the utility of the source code and nothing more.
Licenses like AGPLv3 aren’t just about the utility of open source, they try to litigate concepts like fairness and justice at the same time, and open source isn’t a great venue for that.
What if your code is used to actively make the world worse? Is that part of your goal? There's no shortage of corporations making mountains of money doing exactly that, after all.
Some of us don't believe that the code we write is "ours" in any meaningful way, and don't think strangers using it have any obligation to us just because we typed it once long ago.
Personally, I am happy if my code is of use. If people are using it for evil I'll fight the evil, not try to withhold good things from the world to avoid that possible case. It is an approach that is rooted in sufficiency mindset, rather than capitalistic notions of false scarcity.
My project being forked doesn't cost me anything at all, but caring about it being forked or enforcing a license would cost me time and energy I have no desire to spend. Permissive licenses accurately communicate the levels of fucks I give, while keeping assholes from trying to sue me over having used my contributions to the collective wealth of the profession.
If I make the world better for everyone, of course a bunch of people who never did anything for me are going to be a part of "everyone", basically by definition. What is wild here is that Microsoft didn't follow the extremely minimal requirements of the permissive license.
Yes, that's the whole point of open source? Most contributions to the most popular libraries and frameworks (not necessarily end products) are from employees on their paid corporate time to begin with.
"No."
<Fork happens>
:shrug: - of course, the failure to preserve the license is an egregious error which amounts to infringement. But it's easily remedied.
And if the downstream project has a popular feature that can't / shouldn't land upstream, then that's okay - that's what everyone prefers.
"$BIGCO shouldn't be using my software, certainly not outside of how I intended it to be used!" - this attitude is totally contrary to both Free Software and Open Source IMO.
If you don't like it then you should probably consider a more restrictive license.
That said, Microsoft isn't a person and has no agency by itself. It is specific persons/developers/managers violating the licenses and stringing along open source developers in bad faith.
Who are these people? Why is the blame not falling on them, specifically?
Who exactly did what it's a Microsoft internal thing, unless Microsoft demonstrates that this has been done in bad faith and Microsoft did everything what is "reasonable" to avoid this happening ...
Up until the dotcom boom (and in the earlier days of it), one of the questions I'd heard of software startups was something like, "What will you do when Microsoft decides to own your space?"
Fortunately, the broad tech industry overall got a decade or two reprieve from that, though it might be starting to return.
A long related question, when partnering with Microsoft, which sounds like it still applies, is "What's your plan for when Microsoft stabs you in the back?"
Microsoft never had a self image of "Don't Be Evil", and is more a close releative of Cantrill's Lawnmower.
My suspicion is that ruthlessness and the long-con have deep roots in Microsoft's culture.
Microsoft only appears to play nice when it has to, and is shameless otherwise.
I know it isn't mainstream, but companies try to avoid those licenses as much as possible.
Tinfoil hat: sometimes I wonder if companies astroturfed support for permissive licenses. Getting the entire Rust ecosystem to avoid copyleft was a huge win, for example.
And now that copyleft Gnu tools are being replaced with permissive uutils in Ubuntu, it seems they won, whether or not they were the ones to push it.
The vast majority of the rust (and Go) ecosystems is non-copyleft because you cannot satisfy the GPL in any meaningful way and satisfy your corporate legal department’s IP lawyers.
In fact, I wish an even stronger license existed which allowed the original author to dictate who can build on top of the project to avoid exactly these kinds of situations where a powerful actor completely disempowers the authors while technically following the license (I assume MS will "fix" their error by fixing the licensing information but will continue to compete with Spegel with the intent to make it irrelevant).
Such licenses exist. They're just not Free or Open Source. They can't be, by definition.
What people who want such things really are after is the leverage to dictate a form of morality - if you dont have money, you are allowed to use the project for free, and give back advertising/clout. But if you have money, or could get a lot of money for said project, then they want their pay day.
> 2. Additional Commercial Terms. If, on the Llama 2 version release date, the monthly active users of the products or services made available by or for Licensee, or Licensee's affiliates, is greater than 700 million monthly active users in the preceding calendar month, you must request a license from Meta...
ref: https://github.com/meta-llama/llama/blob/main/LICENSE
But again, not open source...
(IE, don't let your ego run away.)
Why?
In my case, I was working for an industry-leading product that required a bit of reverse-engineering into MacOS. We got stuck on a new release of MacOS, so we did a bit of digging and found an open-source project that successfully reverse-engineered what we were trying to do.
(Basically, integrating in the right-click menu in Finder required reverse engineering prior to 2014; and every version of MacOS required redoing the reverse engineering.)
It was a legal grey area to copy how the open-source project reverse engineered MacOS, so I reached out to the open-source project and tried to collaborate. We exchanged a few emails and then I found a problem...
Basically, their solution had rather large memory consumption in Finder if the user had very large folders. Our customers had very large folders. (Edit, 200,000+ files were common.) We still wanted to collaborate, so I proposed a fix that fixed the problem.
But, then "radio silence" from the original authors. We forked and complied with the license. I always hoped they never begrudged us.
(Ultimately, Apple released an API so we didn't have to reverse engineer MacOS.)
This sentence is true but a bit confusing, because there are no licenses that require anyone to contribute changes back upstream.
The MIT license is the "easiest" license because there are no responsibility for the maintainer..
This isn't true either. You can privately fork AGPLv3 software without violating the license. You only have to provide the source (on demand!) to people who you provide the software to in executable form (where "executable form" includes network based access to the services executing the software in the case of the AGPL).
GPLv3.
Microsoft has been a bully for years: https://www.fsf.org/news/microsoft_response
They can't change, regardless of how much marketing money they put into "We love opensource".
“I choose a lazy person to do a hard job. Because a lazy person will find an easy way to do it.”
https://www.congress.gov/bill/116th-congress/house-bill/8356...
The original researchers still have their ideas and work, it was "just" copied. Still, we call it stealing and theft.
In this case, code was taken and the credit was stolen.
2 (transitive, of ideas, words, music, a look, credit, etc.) To appropriate without giving credit or acknowledgement.
When you download a movie from torrents, you don't submit it for an Oscar nomination claiming you've made it. You just copy a file to your computer intending to kill a few hours of your time while playing it back.
Microsoft®™, however, not only copied the code, but claimed it's theirs.
So I put a PCB of my product in his hand (it had some through-hole components), and squeezed it really hard, and asked him "If it doesn't exist, why is it making you bleed?"
All this at a meeting/presentation where my bot was literally running circles around theirs because mine worked and theirs stalled.
I think I have video of this somewhere, but there's no audio.
The guy left Google a year later, tried to sell bots independently, and folded. I on the other hand am still here.
It was a bit of a weird interaction overall. Why would someone say "this doesn't exist" while staring at it? I figured that haptic feedback would help with their solipsism at the time.
But giving a (presumably) free consultation to Microsoft is a self-own. History has shown that you should never give the benefit of the doubt to Microsoft, and you should certainly never trust them (unless you have a contract and a good lawyer). Not knowing this can only be the result of willful ignorance. I can't offer sympathy for that.
Hopefully, this person learned the right lessons from this experience.
“It’s your fault for inviting them in” is victim blaming and horizontal aggression. The people at the top of the pyramid love it when the peasants fight each other. Saves them getting callouses.
If that's what the license says, why is the author complaining? Microsoft is complying with the license.
That's what you get for not picking the one of the license from the GPL family.
> However, I am not the first and unfortunately not the last person to come across this David versus Goliath-esque experience.
Again, this situation was completely avoidable. Stallman had foreseen this kind of situations literally forty years ago. That's why the Free Software movement exists.
Tangentially related: has anyone notice how the whole Grafana ecosystem is going strong and unaffected by forks and corporate take-overs? I'm pretty sure that the AGPL license is playing a big role into that.
"The license does not allow removing the original license and purport that the code was created by someone else. It looks as if large parts of the project were copied directly from Spegel without any mention of the original source"Even if megacorp does nothing else for you, that NOTICE file can at least contain information about who you are as the original author, links to your website, etc.
Using it then complaining about its effects because you don't like the company is silly.
Use a different license if this is important to you.
Well, yes, that seems to be the conclusion OP has come to.
Copyright (c) 2024 The Spegel Authors
Which should be retained when you are forking it right? Or am I wrong?
I bet the Spyglass people had the same thought.
Sez who?
Far too many times big company's take what they choose and give you nothing. Use licenses for your advantage, heck dual license if needed. Not sure what the desire is of a Eutopia open source world view, where not everyone has the vision or plays by the rules anyway.
spegel did not follow best practices to put the copyright in the file itself: https://github.com/spegel-org/spegel/blob/main/internal/web/...
Ideally starting with something like this
// SPDX-License-Identifier: MIT
Nevertheless, I'm going to keep writing (latest piece [1]) about my post-open source journey in the hopes of clicking with a handful of people in the next generation.
[1]: https://lgug2z.com/articles/on-evils-in-software-licensing/ - feel free to hit me up off-platform if you want to discuss
Last week I relicensed most of my previously released Minecraft mods (except those with trivial code and those with missing source code) to AGPL plus a bunch of exceptions.
Their improvements are available under MIT license. They would have been fully within their rights to not release and put in a proprietary product but did not do this.
Instead everyone can benefit from their improvements. Author can steal whatever he wants for his upstream.
(I can’t find any details of “Microsoft MIT” and the above is premised on it being functionally MIT.)
Meet for a week. Bring in one of their grey beards. Learn all our deets in anticipation of acquisition. Then silence...according to my understanding, not being privy to executive level discussions.
A bit later, release their own take on the problem area ... tragic.
It was very bad for us.
Even as a premise. Your domain is enough of a concern for Bigcorp to spend executive time on. Bigcorp wants to acquire your employer because and they think they can get more value out of it than the asking price.
Your own executives will ignore the threat that due diligence means to your business in the case a deal fails to be completed, because this is their promotion cycle. But you are a potentially redundant cog that is unlikely to be a more efficient part at Bigcorp. After all, you don’t already work for them.
Who are they?
Did you manage to reach out to any of the people at MSFT you originally spoke to to ask wtf?
The reality is that licenses do not mean anything unless you are actually able to enforce it. So I really do not think the license would have mattered in this case.
Sorry it happened to you but it seems like you just picked the wrong license.
Seems both you and Microsoft needs to actually read through the MIT license, it isn't that long or complicated :)
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
That part is even in it's own paragraph and everything, really hard to miss for anyone who even glances at the license.
What percentage of copying is “substantial”?
That’s the problem with concisely written licenses, the legal world thrives on definitions and terms of art, and when you leave something open to interpretation you invite the probability that a nefarious (or even sufficiently amoral actor like a large corporation) actor will point to the language you use and interpret it differently.
To win any argument in a court of law you must now spend time and money to win the argument. Something an open source maintainer likely doesn’t have, and since the license doesn’t specify damages, there’s no way to even write in a penalty for failure to adhere such that a court of law would consider it under contract law, and then you have to prove damages.
At least in Virginia, each party pays their own lawyers fees, even if they win. You can only collect lawyers fees when statutes allow you to, or there has been sufficient bad faith from the other side that the court uses its own power to sanction.
Oh, and let’s say you win and somehow you are able to prove damages. Now you have to spend money to collect on the judgment. That’s money you’re not getting back.
The point here is that we’ve written software licenses as contracts that assume good faith and do not punish bad actors, when we would need to treat corporations as if they are bad actors and write licenses accordingly.
Use AGPLv3.
That being said, it's not cool to remove the attribution even internally. Then again, I use MIT without the attribution clause for this very reason.
The author of Spegel released it as MIT, which means that anyone can fork it as long as they keep the attribution. So if every file of the original project has a header containing the copyright, Microsoft has to keep it. Looking at Spegel, I haven't found a single source file containing an MIT header and copyright.
Microsoft added their header with their copyright in Peerd (because now that they changed the files, they own a copyright over parts of those files). Nothing says that they must add a line for the original author, and I could imagine that it's legally a risk for them to do it.
Moreover, a copyleft license wouldn't have changed anything here (except maybe discouraging Microsoft from reusing any of that code).
If you don't want anyone to reuse your code, don't open source it. The whole point of open source it is that you allow others to reuse it.
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
The license is saying you have to retain the license itself; it doesn't say anything about any other attribution notices that exists in the source files or anywhere else. It doesn't specify where you have to put the license; it could be in a comment in the code, or it could be in a file next to the code, and that doesn't change anything about the terms of the license.
If the original author put the license in comments, you can keep it in comments, but you could also move it to a standalone file. If the original author put it in a standalone file, you can keep it there or you can move it to a comment, but you can't remove it. If you distribute a compiled binary, you need to be sure you're including the license alongside the binary as well.
If Microsoft distributes a "substantial portion" of the software, and they do not include a copy of the original license (including the copyright statement at the top attributing the original author), they're in violation.
He already gave them permission. I think he is overemphasizing the meeting they had and under-emphasizing already giving away his work.
Commercial entities will always exploit your work - you need to force them to give back, they will never do the positive sum game by default
> A negative impact from the creation of Peerd is that it has created confusion among new users. I am frequently asked about the differences between Spegel and Peerd.
I can't imagine any quantifiable damages here. No business or revenue was impacted. Just chatter in an open source project.
Sometimes I wonder if all the shitting on free software in general is in fact cynical and in bad faith by actors who want your labour for free.
The leopard doesn't change its spots. The scorpion stings the frog. Microsoft screws over people. Lessons learned in childhood that still hold true today.
1. Open source worked as expected. Some MIT-licensed code was forked under the same licence, giving users more options and contributing further to the open-source codebase.
2. I don’t understand the claim about users being confused between Spegel and Peerd. These are two products with different names and maintainers. Maybe some users are also confused between Ubuntu and Red Hat Linux - so what? I’m glad users have more choices.
3. The point about the original author not being given enough credit is the only valid one. The legal side, discussed in other comments, seems to suggest they’re within their rights, but they could have done better.
Licenses like the GNU Affero General Public License (AGPL) might prevent some corporations from using an open-source project because they do not want to release the source code of their own modifications to it. Sadly, corporate compliance often prohibits the usage of copyleft projects altogether, even if nobody plans to modify anything. Especially the legal departments of large “enterprizy” organizations often prefer software with licenses like MIT as they want it simple and “risk”-free.
But who cares? If these corporate users do not contribute back, there is simply not benefit in having them as users.
Except you do not care about open source community but about hypergrowth. This seems not to be true for this case, but the impression comes to mind that many start-ups use open source not because of freedom but as an argument for adoption in the enterprise ecosystem. They avoid choosing (A)GPLv3 licenses to facilitate easier corporate adoption without generating enough revenue, while being funded by venture capital and without getting contributions back by organization who could easily afford giving back something. Then, after being adopted, they complain.
There’s a reason why Linux (GPL licensed) is still around, growing, and making money for so many while companies behind widespread open source projects often fail financially and burning insane amounts of money. It might work out for individuals and owners when getting bought, but it hurts users and ecosystems who relied on something.
Eventually the MS fork will be so far behind yours that they will come back to talk to you. And this time, you will be prepared.
The OSI considers any open source license that tries to restrict or disincentivize this "not open source." Look into OSI and note that it is effectively captured and controlled by these corporations.
People using that gift is the point. Forks aren’t just permitted, they are encouraged. That’s why we release free software.
You aren’t in competition with Microsoft and their fork. There is no such thing as marketshare when there is no market.
Especially amongst Linux users… :-)
They took you by your word and did exactly that.
What did you think a license is for? For artistic expression? It's a contract. If you want to get paid, put that in your license.
I recommend AGPL 3. Then nobody will rip you off. And if they do, you can drag them to court over it.
But seriously, it sounds like a weird version of "not invented here syndrome" where you are somehow OK with copy-pasting most of it.
Use AGPL, Fair Source or BSL. That's the only way forward. I for one will be using AGPL in everything. If a trillion dollar company cannot pay for services it is a fucking shame. Absolutely disgusting. Microsoft should be ashamed.
Boo Microsoft. Winget still sucks.
I read recently that Microsoft is adopting rust more and more. I think that’s a step in the right direction for an OS with such a huge marketshare. That said, I’m just waiting for Rust.Net or Managed Rust to get excreted in a thinly veiled attempt to split the community, steal mindshare, and take over the project.
Are American lawyers that can read three-paragraph licenses so prohibitively expensive?
Use a GPL of some form, whichever one is up to you.
Can someone please explain why?
Then sometimes you get into a date with her, but discovers she isn't what you expected. It was the snobbiness that made you more eager to know her.
Then, disappointed, you break up with her and she starts telling everyone you have bad breath, your friends are idiots, and that you are dumb and ugly (but she secretly still likes you).
When you're adult you start to realize that none of it is really that important. She is probably nicer than you remember. And you were just a kid.
All this HN discussion reminds me of those teenage years somehow. Like a twisted psychology distortion of it. It is kind of funny actually.
For the rest - if you chose MIT license for your work you should expect it can be used by someone to create software based on it, including commercially licenses
I would treat anything you're releasing as MIT as the gift to the world. This is how Open Source suppose to work - people building on each other work, often without properly thanking authors and maintainers.
If you want to reserve some rights - chose who can use your software and for what purpose, ie ensure "Microsofts" of this world can't use your code in a way you do not approve, you should not release it as Open Source.
It's ridiculous that companies with literal trillion dollar market caps coast on the back open source.
A lot of OSS developers get "got" by the ideological arguments of OSS and shy away from doing "source available" (which if we set down the Kool-Aid, is in effect open source because...the source is open).
If you're an independent or small team and want to protect your IP as best you can while keeping source available for learning/auditing, check it out.
The fact that you have "fill in the blanks here" in a "legal" document makes this actively harmful.
I respect the sentiment, but it's entirely the wrong direction. Better looking at the Creative Commons license picker/builder as a better example of a starting point.
That said, Microsoft provides extremely generous Startup Assistance (to the tune of > 150K of Azure credits). Disclaimer: I'm not affiliated with MS but I did their program, also did the Gcloud and AWS programs back in the day. No negative comparisons, but off the top of my head the Azure program is awesome. I really enjoyed working with Azure, and it does what it says on the tin.
You can apply here: https://www.microsoft.com/en-us/startups/