Releasing my tools under the MIT License was probably a mistake (2023)(donatstudios.com) |
Releasing my tools under the MIT License was probably a mistake (2023)(donatstudios.com) |
The author doesn’t own copyright for the code changes they accepted over the years.
But kudos to the author for acknowledging they picked up a dumb license. Sad not to see the GPL or AGPL considered though.
just keep going. ignore them. They will disappear sooner or later.. while you will keep showing up. That IS what matters.
IMO
A few days later another coworker emailed me with a screenshot of a Craigslist ad for a car like mine. In fact, it actually was for my car! The first coworker listed it for something like $5,250, and by the time Coworker #2 pinged him, he'd already sold it for that price. Coworker #1 didn't even take a new picture -- he just reposted the one I'd taken!
At first I felt exploited. Here I was, being nice to my coworkers and offering a discounted car. And I later confirmed that the guy who bought it actually did lie about intending it for his mom, which made the whole thing seem even more unsavory. But I calmed down after a few minutes. I remembered that my plan was to sell it to a coworker rather than deal with the scumbags on Craigslist, and I was willing to take a big discount for that. "Being nice to my coworkers" was just the story that I told myself to justify my priorities. I got exactly what I wanted out of the original deal: an easy way to get rid of a car I didn't need anymore. And unlike me, someone else was willing to put in the effort to flip the car and extract that last $1,000 or so of value. My instant emotional reaction was to feel vaguely cheated, or that the guy I sold it to was a sleaze. But he didn't actually hurt me. I got what I wanted, and so did he.
In the case of this software tool, I'd ask the article author whether, in retrospect, he wishes that he'd kept the tool rights and gone down the SEO rabbit hole to monetize it for himself. Let's say further than he was successful, obtaining $X/month in ad revenue. Would he feel better in that case? I'd guess not; for most values of $X, he'd conclude it wasn't worth his time. But what happens once he concedes that he's not going to put in the effort? Does he still not open-source it solely to prevent anyone from monetizing it? That's the key question. Would he feel better knowing that he prevented someone else from benefiting?
When we give gifts, we hope the recipient will use it in the way we would have. Use the tool to create awesome ovals. Drive your family around in the car. It's hard when the recipient instead uses it "the wrong way." SEO the tool. Flip the car. But that's always a risk when truly giving a gift with no strings attached.
Were you cheated? Probably not. But the guy was definitely on a sleaziness spectrum.
Maybe the car truly would have been great for his mom.
GPL would not (CC licenses is not appropriate to code)
Please ~ MIT or Close Source projects. Don't GPL, GPL is for assholes and the antithesis of free code.
They could try creating a strong brand and using copyright and trademarks.
But the author says the post was just a needed rant - https://news.ycombinator.com/item?id=39414296
"why don't you post it on craigslist?"
"don't want to deal with the scum there."
"mind if i buy it off you and then post it?"
"go ahead, and good luck."
"Oh, well what if I told you the $500-1000 I think I can get from taking that work off your hands and re-selling it would really help me out"
"That makes sense. Sold"
See how easy this is without the sleaziness of lying?
Please don't use CC licenses for code, it's not what they are designed for and the CC actively discourages it[0]. Consider using the AGPL[1] or similar instead.
[0] https://creativecommons.org/faq/#can-i-apply-a-creative-comm...
If you want to discriminate users by how they use it, then you don't want open source.
[1] https://www.oreilly.com/library/view/open-source-licensing/0...
[2] https://www.tp-link.com/us/support/gpl-code/
[3] https://www.zdnet.com/article/software-freedom-conservancy-w...
For example, drivers licenses are often reciprocal between states. I've worked for firms which has reciprocal licensing agreements with some of their manufacturers. Copyleft is neither.
With smaller companies we see a lot of *GPL with additional commercial licensing options ... which (assuming the main product is not a library with a non-LGPL license) often is actually still easy to comply with (especially if you only use somebody's prebuilt binaries) if you actually bother, no matter how much the hate train complains.
For individuals it varies a lot by ideology rather than deep thought, but permissive-license-regret is common.
For the record, any license that does not allow users to do that would NOT be a free software license.
The problem is that:
1. BSD-4-clause included an advertising clause and that was considered burdensome (similarly, GFDL-with-invariant-clauses is forbidden by e.g. Debian), so the attribution only has to remain somewhere.
2. Embedded-in-an-archive links probably don't count much for SEO. Some aspects of GPL and/or AGPL can help in some circumstances ("appropriate legal notices"), but automated AGPL requirement satisfaction in the presence of forks can actually be pretty tricky to implement even among good actors.
3. even though it's illegal, stripping of license headers remains very common
“Open source” means something too. The control people have is in using shared definitions.
Language is malleable, so if enough people use a word incorrectly it changes the definition. But those people get to be called wrong for years until enough people misuse it to make it right.
I don't think it really matters. These things will exist, anyone who matters will realise they're not legit. They won't make significant sales (without significant added value) it won't detract from your reputation; etc.
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
If you leave the MIT license anywhere in your server alongside the licensed code, with no public access, you are complying.
I.e. if you don't like it the solution is not AGPL or source available but no reuse allowrd or whatever, it's closed source.
I used to to have a little cottage industry that helped me pay the bills of people finding my rewrite generator, not knowing what they're doing, and reaching out for help with their htaccess files. It's been a couple years now since anyone has reached out. On realizing that, I started looking into it.
Part of that decline is clearly Apache becoming less relevant, but the other part (I think anyway) is that I've fallen way down the SEO ranks, frustratingly behind people hosting my own tools.
Like I said, it's a rant. Think of it as such.
Everything is still MIT and by all likelihood going to stay that way.
I'm in a similar position as the post. I make scripts and tools that I want to share online for anyone to use. I would like to allow everyone unrestricted access to it, but only if there is a mention and a link to the original page in a user-visible place.
You want to use the tool? Go on, but mention me as the author. You want to modify the tool privately for your own purposes and use it on your company? Go on, but mention me as the original author. You want to take the tool, include ads, and sell it? Go on, but mention me as the author.
This is due to past experiences with people taking my scripts and just reuploading saying they made it. I only want to be credited as the original author, that's it (and for the third example, the ad-filled copy, my idea is that if you get money from my work that's...ok, but only if you let people know where you got it to (so they can decide if they prefer the free original or yours).
MIT only requires to keep the license file, but from my understanding it's just a file that users may not even see. GPL (and AGPL) requires you to share your modifications, which is a restriction I don't really care.
CC-BY is the closest to it (in fact I think is exactly what I'm asking for) but for some reason it is not advised to be used on code...
Releasing my tools under the MIT License was probably a mistake - https://news.ycombinator.com/item?id=37111145 - Aug 2023 (7 comments)
In the long term, we need ways to make genuine sources more discoverable and verifiable.
Now you’re complaining that people are using your tools.
You can’t have your cake and eat it too.
In my case[1], although I have several hundred MIT repos, I have many others that I feel an emotional connection to and do not share publicly.
Correct me if im wrong but the license does not give them the right to name. Author should still be able to request them to change the name?
But I just realized that the MIT license is worded in such a way that one could draw that inference, and it might stand up in court.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
One could probably make a compelling argument that "you have the right to deal in this Software without restriction" and "you have the right to sell this software" as including the right to sell it under the same name.
If one is going to use the MIT license (or anything else that doesn't call out the copyright/trademark distinction) it would probably be good to include a supplemental notice that reads something like "The MIT license here does not confer any rights to use the name 'Project Foobar'. You must distribute any copies or derivative works under a different name or we will sue you into oblivion for trademark infringement" (or something roughly along those lines).
The license also requires you to include attribution and to declare the copyright of the licensor. So, while you have access to the software, ownership has clearly not transferred. You have a copyright license ( that has to be declared ). Nothing more.
But this is simply not true. MIT requires keeping the copyright notice intact, which would be a credit. People that aren’t going to follow this requirement weren’t going to follow the GPL or whatever alternative you pick either, so either sue them or don’t worry about which one you picked exactly.
If they redistribute the source then yes, but that’s not the concern in the post.
GPLv3, on the other hand, is much more explicit about saying that the copyright notice must appear in the actual user interface of the application.
Now I start leaning towards: if one doesn’t want others to use it, don’t release it.
Is it ok that other people take the code, modify it but don't open the modifications? If not, then GPL or AGPL. If you want that they can still build sth around it, but otherwise not modifying your library, then LGPL.
Or is this ok, but the main issue is no attribution to the original source? BSD licence maybe? Or Apache? Or what else?
They can modify the library under LGPL, they just have to redistribute the source for those modifications under LGPL also
> I am considering relicensing my tools under some sort of Attribution-ShareAlike license similar to the BY-SA the content on this site is licensed under.
Wouldn't the LGPL be well-suited to this?
I'm a big proponent of the GPL and the AGPL, but no they don't sound like good solutions to the author's problems. It might solve the attribution issue but it's going to go counter to the author's other goals.
I'm thinking the optimal course would be a GPL release + trademarking the software name so that there could be more control about attribution and what sites get to use the name?
I always work from first principals, and have written code which includes proprietary, public domain, and various forms of copyleft. They all have their place.
The licensing discussions become... religious in nature. It should really a pragmatic question of what kinds of ecosystem and behaviors you want.
The choice is and isn't about freedom. Most people are constrained by capitalist free markets (or other organizational mechanisms). If I'm competing and I keep your code open and a competitor makes theirs proprietary, they have an advantage. Ergo, in many domains, you see people forced to engage in obnoxious behavior as you're seeing to be competitive. Everyone can WANT to keep things open (or any other good behavior) but NOT be able to do it.
Something like the GPL can force everyone to do what they wanted to do, if their freedom wasn't taken away by the invisible hand of the market. Ditto for many regulations. Things which seem constraining can be liberating once you put a market system around it.
That’s a pretty quick and effective route, and one I have done once before to get some non-public personal data that got leaked in a service hack removed from a blog.
The license doesn't require anyone to provide a copy of the license and attribution along with the output, only when the software is distributed.
The author also thinks the people they're upset about are jerks, even though they fully acknowledge they have the right to be. They're fairly clear about that. And even if they continued to be jerks, the author would be happier if the license they had chosen required them to be slightly less jerkish.
(Or at least could, and the more it sounds like a small helper lib / WordPress plugin type thing the more likely. As much as some dislike it, this is a big selling point of GitHub and its stars etc. OP's things sound like something I'd find on Sourceforge, and not really be able to work out if it was original or not.)
It pains me to say this because I started in a proprietary software world early in my career and I hate it for 99% of the use cases but... proprietary licenses do have a place.
IMO, MIT & BSD give downstream developers more rights and are indifferent to end-users. GPL gives users more rights, and indifferent to downstream developers.
Is MIT not free because it requires attribution? Is no code free because it cannot be used in ways that break the law?
Just because there are some restrictions does not make it completely unfree, and its fair for people to want to use what is the most natural word to refer to thing that are free enough for them. "OSI-approved" works if you want to be precise but one org does not have the right to dictate the use of a word as common as "open".
I don’t think there’s a true, single definition, but I think maybe the closest to that would be https://en.wikipedia.org/wiki/The_Free_Software_Definition
No it doesn't. That's why you can use an MIT-licensed codebase that doesn't have an explicit patent grant and not worry about patent enforcement—it doesn't narrowly constrain itself to copyright.
> It's pretty easy to figure out someone's hosting service and put in a DMCA request. I've had to do it in the past for some stolen data that was posted online, and it's fast and effective. I'd of course try to contact them first as well, but when that failed I'd have quick recourse.
The same question was posed in the comments on his article.
I'm also not sure what your on about with regards to big companies vs small companies. Do you mean companies which produce open source software? Or companies consuming it?
Generally, most software companies open source exactly nothing. Many companies open source software which they have found useful but is not designed to be used for a profit center. In my experience, only companies trying to directly license software adopt GPL or AGPL. Almost all companies which produce software under GPL or AGPL dual license with a commercial paid option that comes with no strings attached. Personally I find this disingenuous.
The reason giant tech companies promote permissive licenses is because they don't care about those things -- they're already giant and have secured whatever edge they need -- and because they can be a useful recruiting tool. Plus sometimes you need to ship SDKs and integrations and permissive is the only real way to go generally.
Anyways I've licensed and contributed to permissive licenses software. I could not care less what happens to it. That's the point. I understood the consequences of my actions as I made them.
Software that I want to make money with? I don't open source that at all, at least not until I've abandoned it.
There was at least for a time a trend (or at least noted by some) of using AGPL with copyright assignment[1] as a trojan horse to force customers into commercial licensing once due diligence came in.
[1] I consider copyright attribution to be the big sin in this, not AGPL, even though I'm against AGPL on other grounds. I understand why FSF uses (used?) it, but it opens a way for exploitation of people's work in unequal ways.
It is effectively impossible to adopt a different license without either:
- getting consent from all authors/copyright holders.
- removing all the contributions of any outstanding authors/copyright holders who don't/can't provide consent.
Your options are pretty bad here.
Furthermore, not having a CLA even for very permissibly licensed projects can be a poison pill for any sort of M&A, even if the project would never need to make use of it. Not using a CLA muddies the IP portfolio of the company, and many investors will spook easily at the scent of IP issues regardless of whether or not they really matter.
Unless you feel like fucking around and finding out (I don't) you get copyright assignment.
Anyways, you can always fork.
(I think; IANAL)
"Many of them have made minor or major modifications to the tools, and next to none provide the source to those modifications"
"I wanted to promote community contributions, not to have them monetized by other people who don't even provide the source to their modifications"
If you did, I don't think you understood it any better than the AGPL (or freedom zero). AGPL text is not tangled. It's a very-well written text, if that's the license scope you want.
The case described is the exact purpose of these license.
Footnote: I've released two major tools 95% under the AGPL (with a few minor components under more libertarian licenses). It was the right tool for that job.
And it's trivial to be compliant with AGPL in this case without any effective change to the behaviour or problems caused. Yes, there would be source code link somewhere, but it can take 0.01% of the SEO spam and be still compliant.
Can you point me to any concrete examples of authors of AGPL-licensed code being burnt like this?
Circumventing the AGPL is trivial only on paper. It's hard in any human organization. In practice, parasites usually keep a long distance from the AGPL for reasons which will make sense to you if you sketch out what circumvention means in practice, what it means for org design, and the ROI there (not to mention the social signalling; not all parties are malicious).
Any form of copyright assignment that isn't "here, fuck me over if you want" will be similarly fraught with peril because majority of the world considers copyright assignment to be same category of contract as AGPL/GPL/etc.
Quickly checking through license text (AGPLv3 as published on FSF website), following steps would have been enough:
1. Ability to view legal notice (does not have to be full, just reasonably visible)
2. A link that opens source of the code
3. AGPLv3 header in source code with notice of who and when modified it
Note that there's no need to explicitly advertise/attribute the creators in any more visible way. AGPLv3 also does not impact code that isn't derivative like all the SEO spam one's blackened heart puts on the site, especially when combined with modern "tag manager".
And we're explicitly talking about pathological cases from the start. To paraphrase oliwarner in this thread[1], we're dealing with people who are deliberately acting dickish.
I'll bypass discussion of BSD-licensed authors being burnt like that, because the legal situation was way more complex (before the GPL came on the scene) regarding a lot of BSD code (shortlist: 1) being derivative of other code 2) in at least one case being explicitly paid-for work with explicit "to be reused freely" conditions on the grant)
But you messed up since you proposed a technical solution, where this is an organizational problem. Let me walk you through the more complex issue. The other website follows your steps and is in the clear. However:
* The interactive is more deeply integrated into their web page, whether originally, or through a developer five years later not noticing the AGPL special case.
* OP asks for source code to the full work. The full work is their entire web site in this case.
* The full work happens to include a JavaScript library and a font program which were licensed from a proprietary vendor.
The other website has two options: (1) Negotiate to release the their source code, and worse, their vendor's source code under the AGPL (2) Pay damages.
To avoid this, beyond the steps listed, the other website needs to implement processes and controls to prevent issues like this one. That is where the $$$$$ comes in. Processes are expensive to maintain, much more so than any software.
In general, AGPL code is very safe to use in commercial settings for well-compartmentalized major systems. If I have an AGPL office suite used by my organization, or ed-tech software, that's easy. Used it in a corner like this one, it requires a lot of controls and compliance, which make it prohibitively expensive. AGPL has a few more catches like this. This is why most major organizations tend to require legal review prior to any use of AGPL code.
AGPL tends to be good for several purposes:
1) Establishing open ecosystems. If I do work in civics or education, this can be very important there. If I am making a voting system, for example, I want to guarantee anyone can inspect the system at any level.
2) Dual-licensed systems. Open ecosystem is free. Proprietary pays.
3) Major pieces of well-isolated code, like the aforementioned office suite example, where I don't want freeloaders, and where there isn't an expectation that I will have my code used as a library or piecewise in another system.
4) Places where the goal is more transparency than reuse.
There are a few others too.
I'd rather use an AWS service with an open source core than a closed-source service. Migrating away from AWS in the former case is arguably easier than in the latter.
And this is because of the open principle.
> I'd rather use an AWS service with an open source core than a closed-source service.
I guess it’s just a problem with the people who work in software engineering. You won’t use anything closed source, but also don’t care if other engineer’s valuable open-source tools are hijacked by companies with billions in resources.
Basically, you want to have your cake and eat it too.
You think uses should be discriminated between acceptable and abusive.
It's OK to think that way, but it's not an open source way of thinking.
The people taking someone else's tool and rehosting it with better SEO and more ads steals revenue from the original author and makes them less likely to make more open source stuff. It's greedy and hurts the community. I get why people would want non-OSI licences that allow everything but that.
As for whether its Abuse, idk, I don't want to lay out a precise definition and have a semantics argument. But its definitely not a cool thing to do
That and the search engine mayhem are abusive behaviour, even if not abuse of the license.
It's being a dick, deliberately.