A Microsoft director who ran a portfolio of product teams reached out to ask about a "collaboration". I said I'd be happy to send them my consulting agreement. There was a little grumbling about the rate but I just reiterated that it was my rate. After a lot of legal back and forth, they signed, I answered a bunch of questions for them in a 2-day workshop, and they paid.
If they want you badly enough, they'll pay. Don't work for free.
Do not work for free. Large companies have a shit ton of money. All you need to do is provide an economical argument in the form of your rate (which should take into account their expenses for having an employee / team work on it instead, hint: 2 x total compensation). Getting paid is just a matter of the guy who reached out to you to talk to his skip manager to get a verbal 'ok', and then the accounting department takes care of it. They're not going to pass on you just because you asked to be paid for your time - a business is used to paying for services. If they do pass on you without even negotiating your rate, then they were definitely not serious and nothing good would have come out of it for you.
Source: dev working at FAANG with 3rd party companies.
If the answer to the first question is "No" then you'll be very cheap compared to the second answer no matter how much you cost.
It was a sales call with a 2-person tech company building some tools in the cloud native space. They were super eager, walking through the product. My manager put the phone on mute and asked "So what are we trying to do here" to the other directors. They replied "We just want to kick the tires to figure out how they built it, we're not going to buy". They let these guys pitch for 20 minutes, periodically asking questions and then muting to mock them. My manager nudged me to ask something, since I ran a similar initiative internally. I asked how they would handle a gnarly case we had and they didn't have a solution yet, but could come up with one (super eager, wanted the deal).
At the end of the call, Gus un-muted the phone and said "This looks great but I'm having a hard time following the demo. Can you fly out and show us in person?". The sellers paused and then started asking when the other was free etc, one was going on vacation but could "make it work" to come out the next week. Gus replied "Great, see you next week".
I left that meeting realizing they were all psychopaths. Notably, Gus had the charism of Gus Fring from Breaking Bad.
Note - maybe they don't pay you the developer sometimes, however.
I may encounter this situation some day. Could you share how you structured your fees (and give the hourly rate you charged them :P) ?
Would you be willing to share what your rate was? I think it'd be useful for other FOSS maintainers to get a better understanding of their worth.
We appreciate your leadership and collaboration on Spegel and see your project solving a real challenge for the cloud native community. I wanted to thank you for your blog post https://philiplaine.com/posts/getting-forked-by-microsoft/, let you know what we’re doing, and address a few points.
We’ve just raised a pull request https://github.com/Azure/peerd/pull/110 amending the license headers in the source files. We absolutely should have done better here: our company policy is to maintain copyright headers in files – we have added headers to the files to attribute your work.
I also wanted to share why we felt making a new project was the appropriate path: the primary reason peerd was created was to add artifact streaming support. When you spoke with our engineers about implementing artifact streaming you said it was probably out of scope for Spegel at that time, which made sense. We made sure to acknowledge the work in Spegel and that it was used as a source of inspiration for peerd which you noted in your blog but we failed to give you the attribution you, that was a mistake and I’m sorry. We hear you loud and clear and are going to make sure we improve our processes to help us be better stewards in the open-source community.
Thanks again for bringing this to our attention. We will improve the way we work and collaborate in open source and are always open to feedback.
I wonder how many other projects are not attributed correctly. Are you checking up on them also or just waiting for the next HN post?
That said, the author of Spegel should have used another license if he wanted more “recognition” or the like.
In other words: there exists some responsible person at Microsoft who violated the copyright (yes, removing the attribution is also a copyright violation!) for Microsoft.
In consideration how Microsoft has been treating copyyright violators for decades, if Microsoft does not give this responsible person the same crual treatment, it should be considered an honest, clear, implicit official statement from Microsoft's side that they are perfectly fine if hackers violate all of Microsoft's copyright. In other words: it means that all of Microsoft's software now (spiritually!) will become public domain.
Also, if Microsot does not make make this responsible person pay the caused damage from their own pocket to the original author of Spegel with the same monatery magnitude as if Microsoft would sue other entities for a violation of copyyright of Microsoft's software, the same statement applies.
Microsoft is a large, wealthy corporation has a big target painted on its back, and, consequently, CELA (corporate, external, and legal affairs) are, for good reason, a very strong force inside Microsoft. You can't just grab some code from someplace at Microsoft. Your PM has to run it past your division's CELA rep, look at the terms, assess exposure, etc. Did that happen?
If not, that's a big hole and you should probably beg forgiveness from them as you ask for an audit of every other piece of code you've picked up.
If it didn't happen, well, I suspect someone in your group just became the new Nelson, the hapless developer, in Microsoft's Standards of Business Conduct videos. You really don't want to be Nelson.
It seems like it would have been a much better strategy to add artifact streaming, submit a pull request and then if the maintainer isn't interested in adding it, proceeding with a fork.
"Probably out of scope" sounds like "I dont have time to implement a feature of that scope"
I would love to know what processes MS is considering to prevent this in the future as well as what kind of auditing might be done to look at other projects that started as forks.
You are Microsoft. You can do better.
oh, corporate wording. so you do not really care :D
It seems an option to not take free labour to build a commercial cloud largely as a wrapper of open-source, and maybe find other ways to support the creators.
If one person's labour is that valuable to a company, maybe it will help someone realize that supporting such individuals monetarily might help create the next thing with time that they can't get to today.
We could even crowdfund the lawsuit, I am sure he will win.
More likely, this is a way for someone to get ahead in their career at Microsoft by passing off a successful open source project as their own accomplishment. They can steal users from the original project and justify using Microsoft's resources to maintain it, which puts more resources under their control, and gives them something to talk about during performance reviews.
The open source community should have a way to enforce professional consequences on individuals in situations like this. They are motivated by professional gains after all. That's the only way this will stop happening. Professional consequences does not mean doxxing or other personal attacks, it means losing career opportunities, losing contributor privileges, and becoming known as untrustworthy. These consequences have to be greater than the expected gain from passing a project off as your own at work.
I wonder if a new kind of license could be created which includes projects in some kind of portfolio and violating the license means losing access to the entire portfolio. Similar to how the tech companies added patents to a shared portfolio and patent treachery meant losing access to the portfolio.
It is ultimately the responsibility of the company and its people to create a system where things like this are discouraged or prohibited. Not doing so is tacit approval, especially in this case where they have a significant history of doing the same thing.
It's a space to keep watching.
No, it was a whole team at MSFT: https://news.ycombinator.com/item?id=43755745
Whilst there are always bad apples in a big company, a good company stamps out bad behaviour as soon as it becomes aware of it.
This is the nature of OSS. Out right theft in hopes you will never know until it’s too late.
Very rarely do large corporations contribute their fair share back to any project.
Does this make me money and/or solve a problem quickly? Fork it and it’s mine.
Until we stop giving money to large corporations that profit off the free work of others, then it will never stop.
And it won’t because we like low cost solutions that work.
Failing to abide by the MIT license is copyright infringement. My advice is to contact these guys: https://softwarefreedom.org/ They likely can file a cease and desist on your behalf.
However, I took a closer look at the files in question. The MIT license requires that they retain and provide copyright notices, but you never put copyright notices in your files. The only place where you appear to have placed a copyright notice is in the LICENSE file:
https://github.com/spegel-org/spegel/commit/23ed0d60f66dd292...
Things become interesting when I look at their LICENSE file. They appear to have tried to relicense this to Apache 2.0 before backpedaling and reinstating the MIT license:
https://github.com/Azure/peerd/commit/473a26c808907f2d9f7b7f...
Unless they forked from a very early version of the project that did not even have the LICENSE file, they removed the sole copyright notice you had in the repository. That brings us back to my original thoughts, which is that they have committed copyright infringement, and you should contact OSS friendly lawyers about it.
I am not a lawyer, but I do contribute to various OSS projects and all of the ones to which I have ever contributed have copyright notice headers at the top of every file to ensure proper attribution is maintained no matter where that code is used. Beyond having that sole missing copyright notice reinstated, I am not sure what else you could expect since none of your files have proper copyright headers in them. The SFLC guys would be in a better position to advise you, as they are actual lawyers.
I thought having a LICENSE file in the project's root directory was sufficient. Is it not the case?
I’ve contributed to plenty of project that don’t have the per-file copyrights. It’s a choice not a mistake.
Does it matter what license you use if they actively ignore the terms in the license you did chose? MIT requires attribution, but they didn't. Why would any other terms be different? You surely could have put "You must license your project the same as the one you forked from" and they still would have ignored it, not sure what the difference would have been.
Which GPL is that? The GPL 2 and 3 are incompatible with each other, making cross contribution between different FOSS projects practically impossible. The "v2 or later" licensing model does nothing to remedy the problem. See Rob Landley's talk on this topic.
The problem this addresses is not that Microsoft forked this project. The problem is that when a corporation like Microsoft does this, they harm our community[0]. Open source thrives because a bunch of individuals and groups collaborate.
Microsoft, is built around the concept of profit for stock owners at any cost. They may collaborate as long as their interest in profit is served, but otherwise, it is back to "Embrace, Extend, Extinguish" [1].
This lack of community ethic is endemic in corporations. It is also an existential threat to our community. Profit at any cost is not collaboration. It is predatory.
And yes, I know, corpies and other greedist will vote this down, blah, blah, blah.
[0] https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor...
[1] https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...
[edit clarity]
You are going exactly against the OSS philosophy. OSS shouldn't restrict the use of software just because you don't like it. It was created to fight exactly this. This is also why source available BS (like BSL) is against OSS. OSS is literally about being about hacking and changing software to suit your needs. It was never about the money part. You should create your software as proprietary if you are SO bothered with OSS. And you can always donate and contribute back to the OSS software you use. I don't think butchering OSS philosophy is the way.
The problem here is license illiteracy. Even I who for a while used to think I understood a lot about OSS license just had a doubt now:
When you fork, do you retain the copyright part? Copyright (c) 2024 The Spegel Authors
That is what we need to fix.
What is this "our community"? My releasing something under the MIT license doesn't mean I'm part of whatever community you're invoking. It means I'm releasing something with an MIT license. That's it.
I certainly don't want to give companies like MS a "pause" before they decide to fork my project. I'm explicitly telling them they can do that. I absolutely do not want them to be hampered by notions of "What will this action look like?"
Don't impose your values on other people's use of my software.
See "6. No Discrimination Against Fields of Endeavor" in The Open Source Definition https://opensource.org/osd
It exists: https://creativecommons.org/licenses/by-nc-sa/4.0/
If you want a corporation to avoid it like the plague, just make it GPLv3. If you really want to screw them, go with AGPLv3. This way you keep a true open source license, but don't have to worry about corporate control.
Free Software (like GPL) has the philosophy that you can USE the software for any reason. The rights are for the USER. The responsibility kicks in when you redistribute the software. It ensures that you preserve the same freedoms you received when you pass it on.
But if you restrict USING the software, it's not free software anymore.
Microsoft is currently violating the license, and the author's recourse is this HN post.
Highlight the part of the essay where he is claiming MS didn't have a right to do what they did.
The point of the article was that MS showed interest in his work, asked him about his designs. Said nothing about internal plans to fork it or use it. Then he shows up to a talk and sees them discussing his work.
Reading between the lines, it is 100% clear they didn't feel like telling him they planned to fork his software, and they danced around it. They didn't reach out to him afterward and say "thanks, we are building a fork and your free time was really useful".
The essay isn't claiming a legal issue. It's pointing out a substantial, practical issue with OSS that didn't exist nearly as prominently in the pre-cloud era: megacorps forking software and cutting out the OG developers.
It just so happens that the Microsoft engineer who originally changed the license in GitHub went from Senior to Principal engineer at Microsoft in the past two months (according to LinkedIn). So you probably aren't far off.
https://github.com/Azure/peerd/commit/473a26c808907f2d9f7b7f...
Unless they forked a very early version that did not even have the LICENSE file, such that they never removed the original notice, this looks like copyright infringement to me. That said, I am not a lawyer.
https://vadosware.io/post/the-future-of-free-and-open-source...
Seems it isn't the first time Microsoft leads open source maintainers on, trying to extract information about their projects so they can re-implement it themselves while also breaking the licenses that the authors use. Not sure how people fell so hard for "Microsoft <3 Open Source" but it's never been true, and seems it still isn't, just like "Security is the #1 priority" also never been true for them.
Here is the previous time I can remember that they did something similar:
- https://news.ycombinator.com/item?id=23331287 - The Day AppGet Died (keivan.io) 1930 points | May 27, 2020 | 550 comments
The best advice for open source maintainers who are being approached by large tech companies is to be very wary, and let them contribute/engage like everyone else if they're interested, instead of setting up private meetings and eventually get "forked-but-not-really" without attribution.
On my end if was a mix of naivete and flattery which made me want to take the meeting. I suspect it is the same case for others. I will not make the same mistake the next time it happens.
I’m assuming the complaint is more about Microsoft duplicity in asking for information as opposed to the forking of the code. The latter is fine - the license explicitly allows it.
Drop them a consultation fee in the thousands per hour, get something out of it at least. If they're going to reimplement your project, there's absolutely 0 you can do, they will just hire an intern and tell them the requirements for what you have built without having to meet you, ask them for expenses out of your day covered.
It's as if we've learned nothing about exploitative corporation behavior for the last 20-30 years even though it's in the news EVERY other day.
> Gates: ( fiendish laughter )
Can’t they just read the source themselves? Why do they need the maintainer?
Both myself and my other half have separately been directly on the receiving end of the "brain rape" by major companies that everyone here will have heard of, both of which went nowhere except for the supposedly interested acquirer to become ever more angry that the crown jewels were simply not offered up on a plate.
This situation is surprising in that he did get an acknowledgement at all. These companies are not good actors, and have a casual disregard for the IP of everyone else that should be immediately obvious.
Open source license is there for reasons, he can sue them if they did it wrong.
I think it's important to highlight that the "Microsoft <3 Linux" narrative deserves some scrutiny too: (https://old.reddit.com/r/linux/comments/lbp1m8/for_anyone_th...)
Edit: apparently Google did not use the author's codebase, instead using an Apache 2.0 licensed codebase [1] explained here [2].
[1]: https://github.com/kubernetes-sigs/gcp-filestore-csi-driver
Because all these actions will get associated with .NET teams even if the latter go to great lengths to collaborate with community and ensure that new feature work does not step onto the toes of existing popular community libraries (for example Swashbuckle or eventing/messaging framework that was postponed/cancelled not to interrupt the work of other libraries including MassTransit, which is a bit ironic as MassTransit went full commercial later).
https://www.youtube.com/watch?v=_STfy0QQjJY
Also, many large orgs are known to do this.
Billion dollar companies are not hanging out with you to be your friend, even if you're at the table for a reason (you belong there because you know something they don't).
When speaking with big companies, you are not there to impress them.
Speak for impact + meaning, they are so big and brilliant and rich and should already know how.
There are examples where a large corporation simply sponsored the developer and development of an open source project. This should be the way.
Give them a (somewhat) open source IDE and they start believing you are friend of open source in general.
Contributing to someone else's open source project is for schmucks and juniors. Authoring a "new" open source project in the company's name, getting recognition and solving problems is seen as "leading the industry" and whatever other wankery sophistry they come up with to try to motivate employees with.
And this is done by the owners of Github. Throw away open source licenses, create your own, make anyone who forks your code perpetually pay for your work, or ask money for your work.
"Luckily, I persisted. Spegel still continues strong with over 1.7k stars and 14.4 million pulls"
Yeah, your time is your most precious resource and what you get in return? Recognition? virtual stars, pulls, essentially numbers, essentially nothing. And then you get robbed.
WAKE THE FUCK UP PEOPLE.
"without attribution"?
Did we read the same article?
https://www.latimes.com/archives/la-xpm-1994-02-24-fi-26671-...
They've engaged many naive people/companies, milked them of their knowledge after signing NDAs, and then stabbed them in the back, stealing eveything.
They're big enough, and have unlimited legal resources to vigorously defend any legal challenge, and also to launch legal attacks at will.
After the DOJ anti-trust case, they preemptively put every major law firm on retainer, so nobody else could retain them in an effort vs. Microsoft, without creating a conflict of interest.
They are still evil, but less so after Gates and Ballmer.
If Matt Groening thinks you’re a gaggle of assholes you’re probably even worse.
i disagree with that. factual? sure, but unbiased? why? it's your project, and you have every right to be biased towards it. on the contrary, i expect you to, and i actually believe that not being biased towards your own project is very difficult so that i don't expect many people to be able to not be biased.
How can you not be biased? You built something. You want people to use it (assumption).
> fix: amend copyright attributions #110 > > This commit amends copyright attributions that were omitted due to an oversight on part of the Peerd authors. Copyright header attributions in a few files have been updated to include "2023 Xenit AB and 2024 The Spegel Authors". The attribution in the LICENSE file has also been updated to reflect the same.
It's not a new practice, and it's not exclusive to Microsoft either, it's something every developer should be acutely aware of, in case they're interested in avoiding it.
I’m still salty about teaching someone something they didn’t know about caching in an interview and not making it to another round of interviews after that. If it was a huge company I’d be furious.
I analyzed the 2 repositories for copy/pasted lines using PMD's CPD (copy/paste detector) - using the first commit of peerd and one from spegel that was from around the same time.
There are some clear duplications, e.g. 178 lines here: https://github.com/Azure/peerd/blob/64b8928943ddd73691d0b5d8... correspond to this: https://github.com/spegel-org/spegel/blob/ed21d4da925b9a179c...
Also 44 lines here: https://github.com/spegel-org/spegel/blob/ed21d4da925b9a179c... and https://github.com/Azure/peerd/blob/64b8928943ddd73691d0b5d8... but the full files are almost identical, only a few edits that break the complete equality.
Also https://github.com/spegel-org/spegel/blob/ed21d4da925b9a179c... matches https://github.com/Azure/peerd/blob/64b8928943ddd73691d0b5d8...
I haven't looked deep enough to see how much of the differences are obfuscation and how much are meaningful changes. File names are all changed, many structs and variable names as well.
See this gist for full list of duplications: https://gist.github.com/corneliusroemer/c58cf0faf957d9001b58...
Here it is:
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
What's good about being "permissive"?
I keep hearing this argument, but I still don't understand, what's the incentive for authors of one-man projects to choose anything "permissive".
Do you enjoy your project getting forked, walled off and exploited for profit by someone who has never done you any good?
AGPLv3 still allows forking, still allows making profit (if your business model is sane). But it is at least backed by some prominent figures and organizations, and there are precedents where companies were forced to comply.
What I’ll never understand is people who release their project with a permissive license and then get upset when a big company distributes their own version of the project in accordance with the license. If you don’t want that sort of appropriation then you need to pick a license that doesn’t allow it.
Hell no. If they want to profit off my work, pay me. This is something I'm doing for fun, on my own terms. It’s Free for anyone to use as they want, so long as they keep it Free, too.
The incentive is generally that people enjoy having their projects used, be that by commercial companies or otherwise.
My JS canvas library is licensed using MIT. From my personal perspective, I wouldn't have any problem with some $MegaCorp coming along and forking it, and even claiming it as their own creation. But ... why? Because one of the main drivers for my development of the library over the past few years is to proof-of-concept the idea that 2D Canvas API based infographics and interactives can be made - with the help of a JS library - performant, responsive and (most importantly!) as accessible to every end user as reasonably possible. My ideal outcome would be to embarrass other JS canvas library maintainers into taking canvas responsiveness and accessibility seriously. If that needs a $MegaCorp to come along and fork the library to bring my dream closer to reality then I ain't gonna stand in their way!
Of course I'd still continue to develop my version of the library - it's become my passion and obsession and there's always improvements to be made, new ideas to be explored.
> Does it matter what license you use if they actively ignore the terms in the license you did chose? MIT requires attribution, but they didn't. Why would any other terms be different? You surely could have put "You must license your project the same as the one you forked from" and they still would have ignored it, not sure what the difference would have been.
By far the biggest risk for most projects is "nobody notices it and nobody uses it".
And if someone "takes" your project and uses it - you've usually still got it. Software is funny like that.
it is good if you do not plan to go for violators anyway
I made some photos and published them on Wikimedia Commons (say, of random bicycle infrastructure).
I am fine with people using them without attribution, I expect that their use overall furthers my goals rather than damages it and if I would release it on CC-BY-SA 4.0 or similar I would not go to court over missing attribution.
Therefore I selected CC0, no reason to make things more complicated only to people following license.
I selected AGPL/GPL for some software where I would be happy to burn pile of money in case of license violation, up to and including litigating it in court for 10 years.
I mean, consider an alternate timeline. It's clear MS had their own, strong vision for the project, that overlapped with but wasn't identical to his. Is it actually that much more considerate to show up with two dozen new developers suddenly flooding a single-maintainer project with pull requests, some of which completely restructure the code and re-orient it towards a new vision that the original maintainer might not want?
Either the maintainer is now doing loads of unpaid labor for MS, and is the bottleneck; or he ends up having to step back and let the new MS developers bulldoze the project and take it over anyway.
What would have been a better approach?
They want widespread usage of their project, but always decry not like that when Amazon or Microsoft is responsible for the usage.
Maintainers often pick permissive licenses specifically because they want companies to use the code. They want their project to grow and be adopted, and they reason that GPL would stifle adoption.
I don't really like the tactic of making your code as convenient as possible for anyone to grab off the shelf when they want to use it, and then later turning around and saying they should pay you. Why not do the payment part up front (by GPL-licensing the code and then selling dual licenses to interested companies)? Because then you wouldn't have any takers. Better to wait until people have integrated it into their systems before informing them that they ought to pay you.
That said, I fully support larger projects being GPL, which I think is a more reasonable license for projects that involve dozens or hundreds of contributors and are depended on by millions around the world. But the role of the MIT and Apache style licenses has always felt a little more confusing.
Obviously, a more permissive license is going to let people do whatever they want with "your" code, as it doesn't really belong to you anymore. If you want tight control then it's a bad choice, but a more permissive license is almost always going to mean your project is more widely used, for better or worse.
The more limitations added on a license, the less open it is.
For me personally, because I believe in freedom and permissive licenses grant more freedom than others do. I don't really care for licenses which attach unnecessary strings to what recipients can and cannot do with the software.
During ZIRP-boom-times, having a successful popular open source project could be a ticket to kudos and a high paying job and a certain level of responsibility and satisfaction. BigCos spread the money around, and your job as a SWE ended up being gluing together a bunch of these open source pieces to solve corporate problems. And on the whole people felt like their corporate jobs were giving a fair deal, and a decent dividend for the open source work they were doing.
In that context why would you pick a license that your generous employer couldn't use?
The GPL and the free software movement is borne out of an earlier era, GenX and younger boomers who lived through seeing their hard work exploited and stolen from them. Or corporate entities that cut budgets, laid people off en masse, exploded in stock market crisis, etc and suddenly the good will was lost.
I think we'll see a bit of a resurgence in the GPL, as some people try to protect the work they've done.
(I do thnk the personality of Stallman himself has become a bit of a problem to be associated with)
Maybe I should reconsider, but I never thought anyone would remove an MIT license. That sounds like plagiarism (though they did put a thank you in their repo)
I would love a license that says if your company has a physical presence in 10+ countries, one of its executive owns a yacht, or even is publicly listed, you need to purchase a license from the owners. (As a bonus, if the company is primarily selling subscriptions, the license should be in subscription form in return). Free (GPL/MIT/whatever) for everyone else.
Even such a crude stupid license would be an improvement over today for many. Most importantly I think a large amount of code is already closed today, because of the risks. This results in worse technical solutions, eg SaaS instead of libs & docker images that are easy to fix yourself. I don’t understand the fear mongering about licenses that Amazon and Microsoft don’t like. At the absolute minimum, contribute the changes back.
This strain of rent-seeking behavior by some that open source their code but then believe they are entitled to compensation or forced contributions if the wrong people use it per license is distasteful and a bad look. It highlights the extent to which for many people the motivations behind their “open source” are not actually, you know, open source. For many, open source is about the utility of the source code and nothing more.
Licenses like AGPLv3 aren’t just about the utility of open source, they try to litigate concepts like fairness and justice at the same time, and open source isn’t a great venue for that.
Some of us don't believe that the code we write is "ours" in any meaningful way, and don't think strangers using it have any obligation to us just because we typed it once long ago.
Personally, I am happy if my code is of use. If people are using it for evil I'll fight the evil, not try to withhold good things from the world to avoid that possible case. It is an approach that is rooted in sufficiency mindset, rather than capitalistic notions of false scarcity.
My project being forked doesn't cost me anything at all, but caring about it being forked or enforcing a license would cost me time and energy I have no desire to spend. Permissive licenses accurately communicate the levels of fucks I give, while keeping assholes from trying to sue me over having used my contributions to the collective wealth of the profession.
If I make the world better for everyone, of course a bunch of people who never did anything for me are going to be a part of "everyone", basically by definition. What is wild here is that Microsoft didn't follow the extremely minimal requirements of the permissive license.
Yes, that's the whole point of open source? Most contributions to the most popular libraries and frameworks (not necessarily end products) are from employees on their paid corporate time to begin with.
"No."
<Fork happens>
:shrug: - of course, the failure to preserve the license is an egregious error which amounts to infringement. But it's easily remedied.
And if the downstream project has a popular feature that can't / shouldn't land upstream, then that's okay - that's what everyone prefers.
"$BIGCO shouldn't be using my software, certainly not outside of how I intended it to be used!" - this attitude is totally contrary to both Free Software and Open Source IMO.
If you don't like it then you should probably consider a more restrictive license.
That said, Microsoft isn't a person and has no agency by itself. It is specific persons/developers/managers violating the licenses and stringing along open source developers in bad faith.
Who are these people? Why is the blame not falling on them, specifically?
Who exactly did what it's a Microsoft internal thing, unless Microsoft demonstrates that this has been done in bad faith and Microsoft did everything what is "reasonable" to avoid this happening ...
Up until the dotcom boom (and in the earlier days of it), one of the questions I'd heard of software startups was something like, "What will you do when Microsoft decides to own your space?"
Fortunately, the broad tech industry overall got a decade or two reprieve from that, though it might be starting to return.
A long related question, when partnering with Microsoft, which sounds like it still applies, is "What's your plan for when Microsoft stabs you in the back?"
Microsoft never had a self image of "Don't Be Evil", and is more a close releative of Cantrill's Lawnmower.
My suspicion is that ruthlessness and the long-con have deep roots in Microsoft's culture.
Microsoft only appears to play nice when it has to, and is shameless otherwise.
I know it isn't mainstream, but companies try to avoid those licenses as much as possible.
Tinfoil hat: sometimes I wonder if companies astroturfed support for permissive licenses. Getting the entire Rust ecosystem to avoid copyleft was a huge win, for example.
And now that copyleft Gnu tools are being replaced with permissive uutils in Ubuntu, it seems they won, whether or not they were the ones to push it.
The vast majority of the rust (and Go) ecosystems is non-copyleft because you cannot satisfy the GPL in any meaningful way and satisfy your corporate legal department’s IP lawyers.
In fact, I wish an even stronger license existed which allowed the original author to dictate who can build on top of the project to avoid exactly these kinds of situations where a powerful actor completely disempowers the authors while technically following the license (I assume MS will "fix" their error by fixing the licensing information but will continue to compete with Spegel with the intent to make it irrelevant).
Such licenses exist. They're just not Free or Open Source. They can't be, by definition.
> 2. Additional Commercial Terms. If, on the Llama 2 version release date, the monthly active users of the products or services made available by or for Licensee, or Licensee's affiliates, is greater than 700 million monthly active users in the preceding calendar month, you must request a license from Meta...
ref: https://github.com/meta-llama/llama/blob/main/LICENSE
But again, not open source...
(IE, don't let your ego run away.)
Why?
In my case, I was working for an industry-leading product that required a bit of reverse-engineering into MacOS. We got stuck on a new release of MacOS, so we did a bit of digging and found an open-source project that successfully reverse-engineered what we were trying to do.
(Basically, integrating in the right-click menu in Finder required reverse engineering prior to 2014; and every version of MacOS required redoing the reverse engineering.)
It was a legal grey area to copy how the open-source project reverse engineered MacOS, so I reached out to the open-source project and tried to collaborate. We exchanged a few emails and then I found a problem...
Basically, their solution had rather large memory consumption in Finder if the user had very large folders. Our customers had very large folders. (Edit, 200,000+ files were common.) We still wanted to collaborate, so I proposed a fix that fixed the problem.
But, then "radio silence" from the original authors. We forked and complied with the license. I always hoped they never begrudged us.
(Ultimately, Apple released an API so we didn't have to reverse engineer MacOS.)
This sentence is true but a bit confusing, because there are no licenses that require anyone to contribute changes back upstream.
The MIT license is the "easiest" license because there are no responsibility for the maintainer..
GPLv3.
Microsoft has been a bully for years: https://www.fsf.org/news/microsoft_response
They can't change, regardless of how much marketing money they put into "We love opensource".
“I choose a lazy person to do a hard job. Because a lazy person will find an easy way to do it.”
So I put a PCB of my product in his hand (it had some through-hole components), and squeezed it really hard, and asked him "If it doesn't exist, why is it making you bleed?"
All this at a meeting/presentation where my bot was literally running circles around theirs because mine worked and theirs stalled.
I think I have video of this somewhere, but there's no audio.
The guy left Google a year later, tried to sell bots independently, and folded. I on the other hand am still here.
It was a bit of a weird interaction overall. Why would someone say "this doesn't exist" while staring at it? I figured that haptic feedback would help with their solipsism at the time.
But giving a (presumably) free consultation to Microsoft is a self-own. History has shown that you should never give the benefit of the doubt to Microsoft, and you should certainly never trust them (unless you have a contract and a good lawyer). Not knowing this can only be the result of willful ignorance. I can't offer sympathy for that.
Hopefully, this person learned the right lessons from this experience.
“It’s your fault for inviting them in” is victim blaming and horizontal aggression. The people at the top of the pyramid love it when the peasants fight each other. Saves them getting callouses.
If that's what the license says, why is the author complaining? Microsoft is complying with the license.
That's what you get for not picking the one of the license from the GPL family.
> However, I am not the first and unfortunately not the last person to come across this David versus Goliath-esque experience.
Again, this situation was completely avoidable. Stallman had foreseen this kind of situations literally forty years ago. That's why the Free Software movement exists.
Tangentially related: has anyone notice how the whole Grafana ecosystem is going strong and unaffected by forks and corporate take-overs? I'm pretty sure that the AGPL license is playing a big role into that.
"The license does not allow removing the original license and purport that the code was created by someone else. It looks as if large parts of the project were copied directly from Spegel without any mention of the original source"Even if megacorp does nothing else for you, that NOTICE file can at least contain information about who you are as the original author, links to your website, etc.
Using it then complaining about its effects because you don't like the company is silly.
Use a different license if this is important to you.
Well, yes, that seems to be the conclusion OP has come to.
Copyright (c) 2024 The Spegel Authors
Which should be retained when you are forking it right? Or am I wrong?
I bet the Spyglass people had the same thought.
Sez who?
Far too many times big company's take what they choose and give you nothing. Use licenses for your advantage, heck dual license if needed. Not sure what the desire is of a Eutopia open source world view, where not everyone has the vision or plays by the rules anyway.
spegel did not follow best practices to put the copyright in the file itself: https://github.com/spegel-org/spegel/blob/main/internal/web/...
Ideally starting with something like this
// SPDX-License-Identifier: MIT
Nevertheless, I'm going to keep writing (latest piece [1]) about my post-open source journey in the hopes of clicking with a handful of people in the next generation.
[1]: https://lgug2z.com/articles/on-evils-in-software-licensing/ - feel free to hit me up off-platform if you want to discuss
Last week I relicensed most of my previously released Minecraft mods (except those with trivial code and those with missing source code) to AGPL plus a bunch of exceptions.
Their improvements are available under MIT license. They would have been fully within their rights to not release and put in a proprietary product but did not do this.
Instead everyone can benefit from their improvements. Author can steal whatever he wants for his upstream.
(I can’t find any details of “Microsoft MIT” and the above is premised on it being functionally MIT.)
Meet for a week. Bring in one of their grey beards. Learn all our deets in anticipation of acquisition. Then silence...according to my understanding, not being privy to executive level discussions.
A bit later, release their own take on the problem area ... tragic.
It was very bad for us.
Who are they?
Did you manage to reach out to any of the people at MSFT you originally spoke to to ask wtf?
Use AGPLv3.
That being said, it's not cool to remove the attribution even internally. Then again, I use MIT without the attribution clause for this very reason.
The author of Spegel released it as MIT, which means that anyone can fork it as long as they keep the attribution. So if every file of the original project has a header containing the copyright, Microsoft has to keep it. Looking at Spegel, I haven't found a single source file containing an MIT header and copyright.
Microsoft added their header with their copyright in Peerd (because now that they changed the files, they own a copyright over parts of those files). Nothing says that they must add a line for the original author, and I could imagine that it's legally a risk for them to do it.
Moreover, a copyleft license wouldn't have changed anything here (except maybe discouraging Microsoft from reusing any of that code).
If you don't want anyone to reuse your code, don't open source it. The whole point of open source it is that you allow others to reuse it.
He already gave them permission. I think he is overemphasizing the meeting they had and under-emphasizing already giving away his work.
Commercial entities will always exploit your work - you need to force them to give back, they will never do the positive sum game by default
Sometimes I wonder if all the shitting on free software in general is in fact cynical and in bad faith by actors who want your labour for free.
The leopard doesn't change its spots. The scorpion stings the frog. Microsoft screws over people. Lessons learned in childhood that still hold true today.
1. Open source worked as expected. Some MIT-licensed code was forked under the same licence, giving users more options and contributing further to the open-source codebase.
2. I don’t understand the claim about users being confused between Spegel and Peerd. These are two products with different names and maintainers. Maybe some users are also confused between Ubuntu and Red Hat Linux - so what? I’m glad users have more choices.
3. The point about the original author not being given enough credit is the only valid one. The legal side, discussed in other comments, seems to suggest they’re within their rights, but they could have done better.
Licenses like the GNU Affero General Public License (AGPL) might prevent some corporations from using an open-source project because they do not want to release the source code of their own modifications to it. Sadly, corporate compliance often prohibits the usage of copyleft projects altogether, even if nobody plans to modify anything. Especially the legal departments of large “enterprizy” organizations often prefer software with licenses like MIT as they want it simple and “risk”-free.
But who cares? If these corporate users do not contribute back, there is simply not benefit in having them as users.
Except you do not care about open source community but about hypergrowth. This seems not to be true for this case, but the impression comes to mind that many start-ups use open source not because of freedom but as an argument for adoption in the enterprise ecosystem. They avoid choosing (A)GPLv3 licenses to facilitate easier corporate adoption without generating enough revenue, while being funded by venture capital and without getting contributions back by organization who could easily afford giving back something. Then, after being adopted, they complain.
There’s a reason why Linux (GPL licensed) is still around, growing, and making money for so many while companies behind widespread open source projects often fail financially and burning insane amounts of money. It might work out for individuals and owners when getting bought, but it hurts users and ecosystems who relied on something.
Eventually the MS fork will be so far behind yours that they will come back to talk to you. And this time, you will be prepared.
The OSI considers any open source license that tries to restrict or disincentivize this "not open source." Look into OSI and note that it is effectively captured and controlled by these corporations.
People using that gift is the point. Forks aren’t just permitted, they are encouraged. That’s why we release free software.
You aren’t in competition with Microsoft and their fork. There is no such thing as marketshare when there is no market.
Especially amongst Linux users… :-)
They took you by your word and did exactly that.
What did you think a license is for? For artistic expression? It's a contract. If you want to get paid, put that in your license.
I recommend AGPL 3. Then nobody will rip you off. And if they do, you can drag them to court over it.
But seriously, it sounds like a weird version of "not invented here syndrome" where you are somehow OK with copy-pasting most of it.
Use AGPL, Fair Source or BSL. That's the only way forward. I for one will be using AGPL in everything. If a trillion dollar company cannot pay for services it is a fucking shame. Absolutely disgusting. Microsoft should be ashamed.
Boo Microsoft. Winget still sucks.
I read recently that Microsoft is adopting rust more and more. I think that’s a step in the right direction for an OS with such a huge marketshare. That said, I’m just waiting for Rust.Net or Managed Rust to get excreted in a thinly veiled attempt to split the community, steal mindshare, and take over the project.
Are American lawyers that can read three-paragraph licenses so prohibitively expensive?
Use a GPL of some form, whichever one is up to you.
Can someone please explain why?
For the rest - if you chose MIT license for your work you should expect it can be used by someone to create software based on it, including commercially licenses
I would treat anything you're releasing as MIT as the gift to the world. This is how Open Source suppose to work - people building on each other work, often without properly thanking authors and maintainers.
If you want to reserve some rights - chose who can use your software and for what purpose, ie ensure "Microsofts" of this world can't use your code in a way you do not approve, you should not release it as Open Source.
It's ridiculous that companies with literal trillion dollar market caps coast on the back open source.
A lot of OSS developers get "got" by the ideological arguments of OSS and shy away from doing "source available" (which if we set down the Kool-Aid, is in effect open source because...the source is open).
If you're an independent or small team and want to protect your IP as best you can while keeping source available for learning/auditing, check it out.
That said, Microsoft provides extremely generous Startup Assistance (to the tune of > 150K of Azure credits). Disclaimer: I'm not affiliated with MS but I did their program, also did the Gcloud and AWS programs back in the day. No negative comparisons, but off the top of my head the Azure program is awesome. I really enjoyed working with Azure, and it does what it says on the tin.
You can apply here: https://www.microsoft.com/en-us/startups/