I run the open source strategy and marketing team at AWS. As I told Tim privately and publicly (https://twitter.com/mjasay/status/1317084448119169024), I hadn't been aware of this but am talking with the relevant product team to see how we can improve in his regard.
AWS uses a lot of open source, and we contribute a lot, both in terms of code (first-party projects like Firecracker and Bottlerocket, but also third-party projects like Redis, GraphQL, Open Telemetry, etc.), testing, credits, foundation support, and more. But open source is ultimately about people and communities, and I personally feel we could have done more to acknowledge the great work Tim and his co-maintainers have done, and try to support their Headless Recorder work. We're talking with Tim now about this.
(While I think we do far better than sometimes acknowledged, we're also always looking to improve, and appreciate all the feedback that helps us toward that goal.)
Good job taking responsibility, Matt. Handling this the right way.
I do think there's a larger discussion about trillion dollar companies just forking a project and announcing it as a new feature for their platform without even talking to the original creator.
If there's anything to improve, "reach out first" will be a start.
It's open source. You don't have to reach out. There's nothing legally or morally wrong with what you did. But you can do better. A trillion dollar company can do better to act grateful to be in the position that it's in. To be seen as a leader in a space instead of as a consumer of free work.
I honestly think there's room for more than gratitude with, as you said, a trillion dollar company. I know its hard to find a balance when we want free and open tools, developed in a spirit of sharing and enabling innovation. But something feels slimy about an enormous company deriving a huge amount of revenue from a FOSS project, when they could easily compensate developer(s) with barely an impact to their bottom line.
I know its not required by licensing - but "legal" doesn't always mean "right".
Amazon stealing OSS products and repackaging them for profit is a behavior they are replicating over and over. Big and small projects alike are neither protected nor immune (see Mongo, Elastic, Redis,...)
To see so much of the developer community respond by placing blame on the developers is heartbreaking and at the root of the tragedy of open source. It's either: your fault for using a permissive license OR shame on you for not using a permissive license. Where is the outrage at the predatory companies cannibalizing open source?
We need to remember who the real enemy of open source is. The only company that benefits from open source shaming is Amazon.
> Amazon stealing OSS products and repackaging them (...)
Since when does providing managed services started to pass off as "stealing"?
Am I stealing FLOSS projects as well if I install them on a production environment?
It makes zero sense to try to pull this sort of bait-and-switch scam with FLOSS. If you release a project into the world while explicitly stating that everyone in the whole world is free to use it as they see fit then don't complain that someone was free to use it as they saw fit.
I think you have a point. But there does seem to be a difference between say using FLOSS project X as a dependency in my app vs AWS tweaking it, introducing it as a direct competitor to X, and leveraging their huge marketshare to sell it. Seems like not illegal, not even sure if it's ethically shaky, but there does seem to be a difference right?
Or, a situation about which you might want to ruminate:
A customer is doing a full migration to the cloud. They're already using FLOSS project X on-prem and asks 'Hey, <cloud vendor>, project X is a super important part of our environment? We can't move forward unless you support it. Also, can you manage this for me? I'd really prefer not to roll my own servers.'
What would YOU, as the cloud vendor, do? Give up the on the business (both upfront migration costs and down line usage and maintenance costs), or legally exercise the license that project X's creator CHOSE?
Also, consider that, at your scale (you being the cloud vendor), if 1 customer is having this issue, it's impacting tens if not hundreds of others.
As someone who works for AWS and fields feature requests from customers constantly, the above situation very common.
As a trillion dollar company, it can acquire open source project that is vital for it's customer base rather than leeching of that project. You shouldn't make unethical practices of companies as necessary evil.
> But there does seem to be a difference between say using FLOSS project X as a dependency in my app vs AWS tweaking it, introducing it as a direct competitor to X, and leveraging their huge marketshare to sell it.
Is there really a difference at all? You're complaining that a managed service is somehow "a direct competitor". Compete in what? I mean, am I really competing with the project if I get a few instances up and running?
By your line of reasoning, they are actually helping the project grow and establish itself as relevant piece of infrastructure. Somehow I don't see this being used as a justification to demand a share of the revenue the other way around.
In the end, all I see is people complaining that someone who uses a project that was always freely distributed happens to have deep wallets, and somehow hey feel entitled to some cash just because a third party is rich. Where does this make any sense?
A managed service is "a direct competitor" in usage of the original software. And usage is the one that mostly drives development back into the service.
There isn't a legal difference in AWS repackaging an OSS project, and a company using it internally, but there is a difference in terms of the end result of how the project develops.
That's why I've seen that most comments is support of AWS are either ideologues or their livelyhood depends on a large company that's doing this.
TBH, in that scenario, AWS are usually growing the market for X such that the share of the market for X taken by the X developers probably increases after AWS joins the market for X.
Of course the blame is on the developers. If you don't want commercial enterprises to repackage your project and exclude you, choose a license that says that! How is this even controversial?
Because then everybody will jump at you and shout "OMG you don't allow for repackaging, don't ever dare to imply that your code is Open Source with all the permissions and liberties that your free labor should grant, so we don't have interest in your shitty proprietary stuff and will never check it out".
As seen on HN multiple times.
Which is what the parent refers to with the more politely put "either your fault for using a permissive license OR shame on you for not using a permissive license"
We know that building a business is hard. There is no silver bullet that provides both the adoption rates of OSS and the monetizability of proprietary software. So you pick one, and live with the consequences.
You can both want a project to be usable commercially and still feel bad about being iced out by people who are vastly better off financially than you are. I had a big project for my Ph.D. thesis that was good enough to get spun out into a startup. They didn't even offer me a job.
They were under no obligation to, but it set my career back five years and I'm still angry about missing out on the obvious route from graduating to being really awesome at what I wanted to be really awesome at.
It's not controversial that they did this, I was a junior employee and they didn't have a ton of money. It still significantly damaged my career to be forced to start all over on a totally new thing despite literally inventing what they were doing without me.
Blame? There doesn't have to be blame for that to suck for the little guy.
Why is it stealing? And how does "blame" enter the picture at all? Developers went into it with their eyes open. That's not shaming or blaming them, there simply is no "blame" to be had. They made something and decided to give it away with few/no strings attached. There's decades of precedent for such projects being used to great financial profit by millions of people, so I don't find it plausible that most developers aren't fully aware of what they're doing. In fact I'd argue many want exactly this to happen. To develop something that proves incredibly useful and gets adopted by many users.
If someone did inadvertently choose a more permissive license than intended, I'm not sure what to say. "Blaming" them has too negative a connotation, but there is some responsibility on their part for the mistake, though I can sympathize with them given that licensing choice can be complex.
There's a catch 22 with choosing a restrictive license though. On the one hand it may help you monetize a product if it becomes popular, but on the other hand it becomes a lot harder to gain users and achieve that level of popularity.
However I acknowledge that the open source ecosystem and incentives have deep seated problems on this. The rise of networked society is in many ways built on such work, so there is a public good achieved that might never have been possible otherwise. On the other hand, maintaining a project can be thankless and exhausting. There's been plenty of discussions on how to help this situation, with no clear answer that I'm aware of. I certainly don't have one.
I think the legal aspect of the licensing determines what is "right", otherwise the definition of "right" can be interpreted different ways. Don't be fooled, both parties entered into a contract. One when they published the software, and one when they used the software. Any expectations outside of that are left undocumented.
Even agreed-upon contracts can be predatory. Maybe there should be a license that says "free and clear for everyone but trillion-dollar companies, because they should really compensate developers for value".
I personally think it would be a great look for Amazon if they made it a policy to compensate developers from whom they derive significant economic value. Because they can, and because the developers deserve it.
If developers expected to get compensated for the work they explicitly and voluntarily released for anyone and everyone in the world for absolutely free, wouldn't they have released it under different terms? I mean, it sounds awfully dishonest to do a 180 on the expectations once a user with a deep enough wallet happens to be singled out.
No, they really don't. You don't see companies giving away their products under a permissive license to, afterwards, stating that we should not pay attention to the license because they now want a chunk of our paycheck. That would be as dishonest as it gets, and the dishonesty in that doesn't change if we replace a company with a single-person company.
When you put a certain license on your freely redistributed code, the assumption is that you're doing it it with your eyes open, and agree with all the ramifications.
Free software which requires a copyright notice to be retained in the source, but has no restrictions on run-time can be used in exactly that way: someone builds it, modifies it to taste and puts it into operation in such a way that your name does not appear anywhere.
You don't necessarily want that. Do you want some AWS customers contacting you about issues with it because they found your name?
What is legal coincides with what is right, because the developers had every opportunity to choose a license which exactly reflects what they think is right. It's a reasonable assumption is that they did exactly that.
It doesn't sound exactly like taking responsibility to me. It's more an acknowledgment of the fact and damage control. Taking responsibility would suggest admitting fault and taking action to make things right. His statement doesn't have any of these. 'I am looking into it' is too vague and doesn't mean much.
Probably Amazon's legal department doesn't let him say much more, but then his statement sounds unconvincing and doesn't serve the purpose of taking responsibility and assuring the comunity of their good intentions.
By admitting fault I mean if you have done something wrong to speak up. Legally there is no fault as far as I can judge, but there is a moral fault. Not giving credit, not trying to involve the developer in their effort and not offering any kind of reward for his effort is definitely a fault in my dictionary.
These kinds of actions damage the community much more than some people realize. Open source developers lose trust in the idea of sharing their work when seeing how huge companies with limitless resources take advantage of their effort. This happens little by little but in the end we become cynical and when we see good intended initiatives from these companies we don't trust them and simply refuse to participate.
I tought Microsoft has abandoned its evil demeanor and has become a good open source citizen until this happened:
I think what they did is much worse than this, because they intentionally misled the developer by giving an impression that they were going to hire him and when he came for an interview they tricked him to share his ideas about the future of his product. What's similar is the reaction of both companies - half-heartedly acknowledging something that has already become public knowledge and giving some vague promise for fixing things.
> I do think there's a larger discussion about trillion dollar companies just forking a project and announcing it as a new feature for their platform without even talking to the original creator.
I always find these messages weird, because in the end it's one engineer like you and I who looked at some open sourced stuff and decided to use it, and perhaps it didn't really do what they wanted so they forked it, and it ended up being used in whatever product they were working on, and in the grand scheme of things it was not about a big trillion dollar company being evil, it was about how engineers do their work nowadays.
Morality is a code of values a person may hold, whereas ethics is a philosophic (scientific) approach to discovering and defining such codes, and an attempt to answer two specific questions - whether a human being needs a code of values, and if so, what code of values they should choose to flourish as a human being (and not as any other "being").
So, a person may be clear morally, based on a code of values that puts an emphasis on a legal aspect of interactions between people, but from the perspective of ethics we can observe that such a code may not be sufficient to fully realise their potential of flourishing as a human being.
Well, disagreeing about which words to use doesn't necessarily mean there's any disagreement about the object-level situation, but FWIW, the definition I've generally heard is that "ethics" refers to the whole general "ought" side of the is-ought distinction, which is further divided into: axiology, which outcomes are actually desireable in the first place; morality, what actions and strategies people ought to follow to achieve those outcomes; and law (not, unfortunately, to be confused with actual law), how groups of people ought to act in order to deal with coordination problems and evil people.
> So clearly Amazon has no moral scruples about doing what they did
Dude, they picked a software project that was released to the world under a license that explicitly allows anyone and everyone to use it as they see fit, and they proceeded to use the software.
Please do explain exactly wheredo you see any breech in morality.
> it's not about the letter of the licensing, it's about the spirit
If it's not in black and white then it's not part of the license. Spirit isn't defined.
To paraphrase Theo de Raadt, if you're not happy for your code to be used in a puppy mulching machine then don't license it under a permissive license.
Open source culture is so much more than the licenses. A license dictates what is legally permissible but it doesn't mean that there aren't other cultural expectations that go with that.
Eric Raymond famously wrote about the customs of open source in Homesteading the Noosphere: "I have observed these customs in action for 20 years, going back to the pre-FSF ancient history of open-source software. They have several very interesting features. One of the most interesting is that most hackers have followed them without being fully aware of doing so."[0]
It is possible for us to have norms of mutual respect beyond what is legally required. I think those norms are actually at the heart of open source and have been since the beginning. I hope we never abandon them just because they are "not in black and white".
It's off-the-charts irony to point ESR's observations to try to validate the author's response here, and to frame it in the terms of some monolithic "open source culture". The brogrammer devops culture in 2020 is starkly different from its forebears—the two hacker cultures in focus in CatB. In fact, the entire premise of the book (it's in the name!) is a commentary on the distinction of cultures and the risk of misleading yourself if you're not thinking clearly and make the mistake of conflating them.
But Amazon is a member of the OSS community, and AWS relies heavily on developers, many of whom care a great deal about the spirit of OSS and being a good and responsible member of the community.
Not quite the same behavior, but BigCo's free-riding on FOSS is nothing new.
"At Serge’s trial Kevin Marino, his lawyer, flashed two pages of computer code: the original, with its open-source license on top, and a replica, with the open-source license stripped off and replaced by the Goldman Sachs license." [1]
Honestly, even putting aside the social and community aspects. When I’m evaluating a technical offering I’m often very willing to pay for “hosted xyz”. I feel like I’m reading through the tea leaves to understand which AWS product offering is more or less a hosted offering of an open source product and what additions AWS has made that might change performance characteristics. Even without upstreaming changes, if the offering were pitched as “hosted X with these additions unique to aws” I would likely choose the hosted option over operating it myself.
It goes without saying though that supporting the open source core (and the core developers) would also go a long way.
It doesn't matter, anyone who uses AWS services beyond those that are easily replaced by alternatives (say DigitalOcean, OpenStack, Azure, etc.) is setting themselves up for failure. At the very least they'll need a translation dictionary of Amazon's stupid naming scheme when they want to move.
The long tail of AWS services is a massive waste of time.
Given the massive amount of revenue they're making off Linux, they should be at list platinum tier Linux Foundation members, but their logo is nowhere to be seen here...
Their strategy for Linux appears to be to contribute code upstream rather than contributing money, according to linux.git's MAINTAINERS and `git log --author=amazon.com`. Also its not like the Linux foundation funds Linux development in general, apart from Linus and possibly similar folks.
Regarding "giving back" by a company like Amazon, we often talk about the problem of open source maintenance being thankless and difficult due to time commitment and lack of compensation, etc. Personally I don't think direct $$ compensation is the answer, but how about a policy that, for example, dedicated X number of developer hours to the main branch? As in, Amazon tasks a few developers to each give 10 hours of time in direct collaboration with the maintainer(s) to perform tasks the maintainers may have in their queue. That way "giving back" for a project you use is specific and alleviats some of the burden of running a project for exactly those projects from which Amazon benefits.
I am a Principal Engineer in the Open Source Programs Office at Amazon.
This is something we are very aware of, and discussions about this cross my desk weekly.
One big problem of the many problems I face regarding such proposals is the people who are the best at writing open source who need the money the most are not the people who are good at writing grant proposals and are good at sucking the money out of such funding systems.
Where is that crowd that denounced n8n.io for using a license that explicitly prevents this kind of exploitation. I dont understand why people harp constantly for software to be open completely and free, and put a suprised pickachu face when it gets exploited.
Imo there needs to be an official policy from aws on thes kinds of issues. Taking a free product and monetizing it on this scale morally requires some compensation for the original creator(s).
Please release my rewrite / serialization library for Apache Avro. I wrote it in 3 different languages for Amazon when I worked there, and went through all sorts of discussions to have them release it, and they refused for no meaningful reason that I could see.
The only reason I was ever given was "we use it and think it is great therefore we won't release it." The implication was "If what you wrote was junk we'd let you release it."
Needless to say I never tried to get Amazon to release any of my software during my time there after that, because the response was so poor.
Edit: If Amazon releases my code, I'll be happy to add a tiny credit to Amazon in Notices.Txt and in no other way be thankful to Amazon.
I'm the Principal Engineer for the Open Source Program Office at Amazon. We've gotten much better about being responsive and inclined to open source projects like that.
Email me at atwoodm@amazon.com, and tell me what the internal code names for your projects were, and were you were in the org. I'll see what I can do.
There are some replies in this thread that misunderstood the content of Tim Nolet's twitter post. (Probably because the short headline has pitchfork raising overtones.)
- He's not complaining that Amazon forked his code with Apache license. He admits he also uses other open source with permissive licenses
- He just thought it would be nice/courteous/polite/etc if Amazon acknowledge/recognized/credited/mentioned/thanked his original project that they forked from.
The twitter reply of "user facing open source should have been AGPL" and replies in this thread of "you used the wrong license" don't really cover it.
In other words, I'm not aware of a permissive license that's the same as BSD/Apache with the only difference in that also says "use it as you wish but you must mention my name when you're a commercial enterprise making a splashy product announcement".
If you read further down the Twitter thread you’ll see others point out that AWS actually DID acknowledge him in the release and thus his original rant isn’t accurate. He acknowledges that later in the thread. Of course the, now inaccurate, headline Tweet remains the thing getting attention.
>If you read further down the Twitter thread you’ll see others point out that AWS actually did acknowledge him in the release and thus his original rant isn’t accurate. He acknowledges that later in the thread.
Thanks for informing us with the clarification. The original tweet was 11:16 UTC. This HN thread was submitted 11:23 UTC.
That twitter reply showing the acknowledgement in "NOTICES.txt" was later at 11:54 UTC.
I'm not sure the timeline is important, other than to say HN posters shouldn't submit incendiary tweets as HN topics without some sort of corroboration. Especially when the person who tweets and posts on HN are the same.
Here's the timeline I saw:
11:16 - A person blames AWS of something without additional context and understanding
11:23 - Presumably the same person posts on HN (to signal boost? farm karma from the anti-Amazon crowd sure to pop up? both?)
Never:Never - OP apologizes for rousing the HN pitchfork mob
They did the legal bare minimum in terms of attribution, but you're very unlikely to find it unless you're looking for it.
I don't usually read through files like ~/.config/chromium/Default/Extensions/bhdnlmmgiplmbcdmkkdfplenecpegfno/0.0.1_0/NOTICE.txt (though perhaps I should).
Funny, these kind of threads sound similarly to how some companies I have worked for sound when talking about working on Saturdays:
Me: Do we have to come to work on Saturdays?
Boss: You dont HAVE to... but you know, people come and do work to go the extra mile.
Me: Ok, but If I don't come, there's no problem right?
Boss: Well, no, there's no problem. But you know, there's lots of work and it is great when people push together.
Me: Ok good, yeah I like my work and I like helping others but, I also appreciate my personal life. So... no problem if I decide not coming on Saturday right?
Boss: MMhhgh yeah, no problem, but you know, we like to think you are COMMITED to our startup mission.
And, then they get angry when I don't go on Saturdays. If you want me to go on Saturdays just put it in the darn contract and tell that as part of the terms when we are negotiating, then I'll walk out and we will all be happy.
Same here, if the developer wanted something to happen, then he should have put it in the license. Otherwise, there's no reason to be whining that something that was NOT expected to happen (as per the license) did not happen.
I worked for a financial organisation in Dublin for a while back in the 90's. Best attitude to this stuff I have experienced:
You have 8 hours to do your work in. If you need more than that then you're either slacking off or incompetent. If you've been given more than 8 hours work to do then that's a scheduling problem you need to take up with your manager.
Everyone worked their arses off all day, and at 5pm the entire office went to the pub to socialise. Some only stayed for a short time then went home. Others stayed on for hours. But staying in the office after 5pm was not acceptable.
As a developer, it was great. Interruptions were always pertinent, because all the socialising happened in the pub. I could code in peace for ~8 hours, which tbh is about my limit anyway, after that my quality goes downhill fast. And then we all hung out together. Being a developer who can't do the social thing in work hours with losing massive time to context switching wasn't a social handicap, for once.
So you're saying the only courtesies we should render to others in life are ones that we're duty-bound by license agreements or other contracts to give?
Out with social norms and niceties, and in with black letter law?
I don't want to legally demand a specific acknowledgement; I know that this can have unintended consequences and greatly complicates adoption.
Also: If my stuff is used at the periphery of something you're doing, I don't really care. On the other hand, if you get to market by largely just repackaging what I've made, it seems that by social norms I'm due a hat tip, whether or not it's legally demanded.
> So you're saying the only courtesies we should render to others in life are ones that we're duty-bound by license agreements or other contracts to give?
Nothing you do for your employer as part of work should be considered "courtesy" or a "social nicety".
The "something you do for your employer as part of work" was a strawman and doesn't relate to what we're talking about. We're talking about whether it meets social norms to take open source work, launch it as the core piece of a product, and do the absolute minimum legally required acknowledgment.
> So you're saying the only courtesies we should render to others in life are ones that we're duty-bound by license agreements or other contracts to give?
Isn't that the whole point behind the rule of law and the civil society?
Anything that isn't well understood or known in advance of someone engaging in an activity, and then later faces unfair retribution because apparently they didn't do what wasn't told to them that needed be done, or did something that wasn't told to them shouldn't be done.
All these "social norm" sounds like guilt trip and power grabs to me. You did something you said was free and that you were giving it to me no string attached, then you come back and guilt trip me saying that there were in fact strings attached and that you expected things in return.
Now, yes I understand that maybe when you said hey this is open source with Apache license, you had in mind an audience of students, or one man startups, or hobbyist, or amateurs, and hadn't really thought if it applied to big corps. And I actually wonder how the courts normally handle this, when someone who put the conditions forward first was in a position where they couldn't have anticipated the event and thus couldn't have pre-conditioned it. I'm not too sure how to handle it myself, but here I'm guessing is a lesson to learn for others, choose your license carefully, think about the various possibility.
> Anything that isn't well understood or known in advance of someone engaging in an activity, and then later faces unfair retribution because apparently they didn't do what wasn't told to them that needed be done, or did something that wasn't told to them shouldn't be done.
Your argument self-contradicts. You assert, broadly, if it's legal it's OK. The "unfair retribution" of people getting annoyed about it and complaining is also legal, so that should be OK, too. :P
> Now, yes I understand that maybe when you said hey this is open source with Apache license, you had in mind an audience of students, or one man startups, or hobbyist, or amateurs, and hadn't really thought if it applied to big corps.
Nah, when I said "Apache License", I meant that legal license. But that doesn't mean doing some things that effectively cost nothing, that exceed the license requirements, aren't socially customary.
There's no law that says you have to say "thank you" when someone renders you a service or has made something that makes your life easier or lets you make a bunch of money, but if you stand on legal grounds to avoid saying "thanks" you might be a dick, and people might call you out for being a dick.
Well, there are rules around defamation, libel and slander. But you're right, there's no laws saying one cannot guilt trip someone else or shame them for their behavior even if they are acting legally.
I think this is me criticizing those same "social norms". In my opinion, it is unfair to guilt trip someone or have hidden expectations when someone does a good deed for you. Especially when you decided to do the deed on your own and you went and promoted it for others to benefit and use.
Obviously it's nice when you do something and others thank you and acknowledge you for it. But it isn't nice when someone complains they're not getting a thank you for something they choose to do willingly and weren't asked to do.
Now I reckon here it's a bit different, because we're talking about two actors of very uneven footing, and I would like to see Amazon being more thankful and recognising the hard work of open source contributors. I agree with that sentiment. I just wanted to say that in general, yes those social norms are often against what I'd consider a free society, since they are just another axis of power to force you into behaviors you might not have agreed to participate in.
> But it isn't nice when someone complains they're not getting a thank you for something they choose to do willingly and weren't asked to do.
If you benefit from something someone else does, you owe them a debt of gratitude. It's not a legal debt, and it's not denominated in dollars and cents... but you shouldn't be surprised that there are norms of repaying this debt in various ways and that people/entities that excessively "take" from the commons incur reputational damage.
> I just wanted to say that in general, yes those social norms are often against what I'd consider a free society, since they are just another axis of power to force you into behaviors you might not have agreed to participate in.
This just feels like hyperbole to me. Expecting acknowledgment from someone when they've benefitted from something you've done is not an unreasonable ask. Getting shamed when you don't do this isn't a significant curtailment of liberty.
> If you benefit from something someone else does, you owe them a debt of gratitude. It's not a legal debt, and it's not denominated in dollars and cents... but you shouldn't be surprised that there are norms of repaying this debt in various ways
Yes and this is what I'm criticizing. If I am in dept, then say so and make it explicit to me before I take the dept unknowingly, otherwise I'm sorry, but I will in turn shame you for being a cry baby and I won't abide by these norms, because I disagree with them.
To me, social norm is just another form of force to impose ones will on others. And thus an attack on liberty. And the idea of a social contract is that I consent to give away some liberties for being able to participate in a functioning society. But when the social contract isn't explicit, and expectations arn't stated, I find that unfair, no matter if the force is physical or psychological. The act of coming back after the deed, and saying that accepting the deed bound me to X,Y,Z where none of those was stipulated, ya I find that crooked. At this point anything can be stipulated. For example, what is Amazon supposed to do here? Should they offer a job? Pay up some amount of money? Cancel their project? Put a banner on amazon.com thanking the contributor? How long should the banner stay up? Etc. They're just at the mercy of the wims of others, and they might start to regret having taken this "dept" which they didn't know came with all these strings attached. And by the way, it's not just that they didn't know, on fact, the author had written down in details as part of the attached license what all the expectations were, but now claims that more was implicitly expected based on some loosely defined social norms. Had the work been unlicensed, Amazon would not have used it.
P.S.: But again, just to be clear, I'm talking about the principles at play here, in this particular scenario, I acknowledge this isn't like a massive issue and a crazy demand or attack on Amazon's liberty. And I'd be really amazed and impressed and would think highly of Amazon if they went above and beyond the license here.
> To me, social norm is just another form of force to impose ones will on others. And thus an attack on liberty. And the idea of a social contract is that I consent to give away some liberties for being able to participate in a functioning society. But when the social contract isn't explicit, and expectations arn't stated, I find that unfair, no matter if the force is physical or psychological.
Welp, good luck with that. There's tens of thousands of social rules that are understood by 99% of people, and you're not going to find an explicit list somewhere of how far to stand away from someone when talking to them, to what kinds of initial conversations are appropriate, to saying "thank you" after someone gives you something, to attributing an idea to someone else, etc. And failing to follow them will rapidly earn you scorn.
> For example, what is Amazon supposed to do here? Should they offer a job? Pay up some amount of money? Cancel their project? Put a banner on amazon.com thanking the contributor?
If the product is 98% built upon some open source stuff, you put in the 2nd or 3rd paragraph description that it's "built upon" or "powered by" or "makes use of." Even a footnote might be OK. This is pretty obviously the right thing to do, and it's also helpful to your users in understanding what your product is.
I think they’re bemoaning the fact that many employers will couch it in terms of courtesy yet also claim the right to be angry if you don’t go above what is required. It should be encouraged to do more than required, yes. But it shouldn’t be punishable if you don’t.
The employer thing is a strawman here; the subject of the article is AWS forking and launching a product with minimal (but legal) attribution. I didn't argue -anything- about the employer case, staying on topic to AWS's behavior.
Sure, but this is a situation about social norms rather than passive aggressive employer behavior.
Typically when a product or service is released, if it's built significantly upon something else, you at least throw out a quick acknowledgement. Sure, it's not the law, it's just polite/kind/whatever nice word you prefer to use.
All sorts of communities have various 'norms' of this nature which you are totally entitled to ignore but that doesn't mean they're not there.
> Sure, but this is a situation about social norms rather than passive aggressive employer behavior.
Every time I come across a thread - on any forum - where people are educating others that something is a social norm, it is because it is not. They merely want it to be.
If you have a good number of people disagreeing on it, take it as a humble suggestion that norms differ across geos, industries, culture, etc. Don't insist on it, because it will come across as an imposition.
Unrelated to the content in my comment above, I look at this from the same lens I look at products in my engineering world. We don't find a need to credit Claude Shannon, John Von Neumann, Tony Hoare, etc in all our products. I find this to be OK.
> Every time I come across a thread - on any forum - where people are educating others that something is a social norm, it is because it is not. They merely want it to be.
Saying "thank you" and giving credit to someone who did you a solid is pretty universally a norm.
> If you have a good number of people disagreeing on it, take it as a humble suggestion that norms differ across geos, industries, culture, etc.
Or, there's just the fraction of people who disregard and push back on norms.
> We don't find a need to credit Claude Shannon, John Von Neumann, Tony Hoare, etc in all our products. I find this to be OK.
It's a bit different here, in that the people you cite are titans who developed ideas that might be a portion of a work... which is a bit different from using the work wholesale. I don't think anyone would expect Amazon to thank/cite/acknowledge something they used that comprised 1% of a product... but when it reaches a very high proportion it's time to mention it.
Further, these were academics. We do have a norm of citing them when we're deeply using and building upon their work academically.
> Saying "thank you" and giving credit to someone who did you a solid is pretty universally a norm.
How much time have you spent looking for counterexamples in the society where you live? Where people do something for the common good and most consumers do not say "Thank you". Have you done this exercise?
> Or, there's just the fraction of people who disregard and push back on norms
This is a convenient, self-fulfilling narrative. It is also pitting you into an adversarial position with someone. It's highly risky to insist on a norm and accuse others of not honoring it - and then be viewed as someone who is inflexible. It's your choice, though.
> How much time have you spent looking for counterexamples in the society where you live?
I've spent a whole lot of time thinking about norms and observing their observance, enforcement, and what kinds of circumstances they tend to be disregarded. I've read a lot of the lit, too, thank you.
> This is a convenient, self-fulfilling narrative.
So is refusing to acknowledge the existence of norms because some people refuse to acknowledge them. Ultimately, our social reality is something we pretend into existence together.
> It is also pitting you into an adversarial position with someone. It's highly risky to insist on a norm and accuse others of not honoring it - and then be viewed as someone who is inflexible. It's your choice, though.
Whinging that someone broke norm A [e.g. seemed ungrateful] and thinking less of people/entities that you've heard have done the same is pretty cheap and isn't likely to earn you value judgments yourself.
> I've spent a whole lot of time thinking about norms and observing their observance, enforcement, and what kinds of circumstances they tend to be disregarded. I've read a lot of the lit, too, thank you.
Then I hope you've noticed that there are instances in society where "Saying thank you and giving credit to someone who did you a solid" is not the norm.
> So is refusing to acknowledge the existence of norms because some people refuse to acknowledge them.
We are in agreement here.
> Whinging that someone broke norm A [e.g. seemed ungrateful] and thinking less of people/entities that you've heard have done the same is pretty cheap and isn't likely to earn you value judgments yourself.
I have no idea what you're trying to say here. This sounds precisely what people are doing: Whining that Amazon seemed ungrateful and thinking less of people who do likewise. Which is orthogonal to what I'm saying.
> > > It's highly risky to insist on a norm and accuse others of not honoring it
> This sounds precisely what people are doing: Whining that Amazon seemed ungrateful and thinking less of people who do likewise.
Yup, and while there's variation in the hivemind, all in all I don't think a very large fraction of it is snapping back and thinking of the author as inflexible. So p'raps it's not so highly risky.
> Crediting the work of a project you directly forked to create your own is a social norm in the open source world.
This is merely repeating the same statement over and over ("Yes it is" "No it isn't" "Yes it is" "No it isn't" ad nauseum). It's not furthering the conversation.
That Amazon decided to do it has no bearing on whether it is a norm or not.
I’m not sure what the complaint is actually. It seems like the author just wants recognition. I’m not sure why he would want to expect anything other than what he specified in his project.
I pointed out that the minimum is to be expected because I’ve seen it mentioned a few times that’s all they did. Like the expectation is that they should have done more.
It’s a company forking a project, I would expect nothing else. It would be notable if he got a T-shirt or something.
In a somewhat similar scenario, we had some discussions about what "Friday midnight" means. So just to be super clear, we finally put "Thursday, 11pm".
Interesting cultural differences. In other places if you submit earlier than the deadline they assume you didn't care about it enough to use all available time to make it as good as possible.
As a range or interval specifier, many (most?) non-programmers will assume the interpretation of “midnight” that favours them in any subsequent dispute.
In practice this often means that “from midnight on Monday to midnight on Tuesday” is a 48-hour interval so far as consumers are concerned. I recommend advertising things like cut-off times as “11:59pm” and friends, when possible.
Also, my time formatter turns “12:00” into “12 noon” following weary experience of people who confuse 12:00 with midnight.
I would hardly call that a rant. And I would hardly call a deeply buried source reference the kind of collegial social acknowledgement he was hoping for. So perhaps, as somebody very concerned about inaccuracy, you could correct your errors here?
Business offering a software service and open-source developer are not colleagues. One is selling a service, the other is writing code, there is simply no comparison.
Ah, yes, he is acknowledged in a text file that almost no one will read.
Obviously there is no legal requirement, but would it be that hard for Amazon to include a "forked from..." or "built off of...", etc. to the announcement and product pages, if it really is heavily based off of another work?
There's probably oodles. Off the top of my head, there's Apple's web page for X11. Except for a spinal tap joke, the whole first section of the page was devoted to the acknowledgement that they were building on top of OSS from XFree86.
Blink? Not an exact parallel, but afaik, google clearly gave credit to webkit. And I think Apple gave credit to KHTML for Webkit (and in fact worked with the khtml team for a while).
But even if FAANG don't typically give credit to projects they fork, that doesn't mean it is ok. That's like saying all the big political parties gerrymander, so gerrymandering is ok.
Hell, can you show an example from the author's own company? That company's about page has a blurb on contributing back to open source that seems to be on par with what Amazon does to contribute to open source, and the author is sponsoring 4 people on GitHub, but where are the loud proclamations that people are clamoring for in this thread? Whose shoulders are being stood on there? Is checklyhq.com really running a SaaS offering without benefiting from many, many more people than the outward stance suggests?
This whole thing is very reminiscent of the Occupy Wall Street movement. People are very sensitive to the injustices they perceive themselves as having to endure especially in relation to those wealthier than them. But where's the willingness to jump out of local scope and apply the same principle globally (and reflexively)? It seems to be absent.
Are people really expecting the devs at AWS to give a "thank you" to every third party developer out there who's code they use? This is just ridiculous. When does this become an obligation? Is there an unwritten rule of how large/successful a team has to be before they need to give thank's like this?
I don't think you need to give a "thank you" in the announcement to every library you use, but if you have a product that's just a fork of an open source project, then, yes, I definitely think you should thank them in the announcement.
No, but they do it typically: "Announcing AWS X, our implementation of {open source project}" (they do this with MongoDB, ActiveMQ, etc). The product mentioned here is more than just a managed version of the open source project; it is a major component however. (good example is Redshift, though when they announced it they barely mentioned the role Postgresql plays in that to be honest)
The code may not be based on their code, but I don't see how you can have an emulation of X that isn't based on X. Imitation may be the sincerest form of flattery, but there's nothing stopping them from including some of the other forms. Plus a little gratitude, maybe.
Every talk AWS does about Redshift they mention that it’s based on Postgres. They tell you to download a Postgres driver to connect to it with any language besides Java for which a JDBC driver is provided.
Well ... they tell you that not because they're bending over backwards to give postgres credit. They're doing it to tell you that the barrier of entry to this database is nearly 0 if you are already using Postgres.
But if you try to use the same schema design from a standard Postgres database and use the same query patterns, you will be sorely disappointed. Redshift uses a columnar store and is an OLAP database as opposed to Postgres which is a traditional database.
No I totally get that. It is designed for data warehousing workloads rather than transactional. I'm saying that I have seen it more as a feature of "you use your existing tools and drivers" since it speaks the postgres wire protocol.
I agree, but I was trying to be apples to apples and compare launch announcements, and when Redshift was announced, the discussion of Postgres was quite muted (admittedly several years ago, so their messaging may have shifted over time)
I think thatguyagain is making a good point about infinite regress. Should we all add a thank you to our github pages, thanking every dependency, library, framework, to Stroustrup, to Stallman, to Linus, and to John von Neumann?
I’m with you on that one, but if you are literally just forking a package, rather than depending on a package, and rebranding it into your ecosystem, then a big “thank you for making this and making it open source” is appropriate.
>Should we all add a thank you to our github pages, thanking every dependency, library, framework, to Stroustrup, to Stallman, to Linus, and to John von Neumann?
Did you copy their inventions 1:1 and rebranded them as your own? No you didn't. You just used them which is different.
I do tend to mention the major projects I build on in my credits, as well as actually respecting attribution licenses when I make my little forks. The effort is minimal, it's all good karma. If everyone did this, we'd probably have fewer "openssl" or "pgp" situations, as the people doing the work would get actual visibility through the chain.
If your understanding of somebody leads you to obvious absurdity, one possibility is they're being absurd. The other is that you misunderstood them. I think it's worth exploring both paths before posting to suggest somebody's a fool.
If someone gave you tens of thousands of dollars of valuables would you say thank you? If people gave that to you regularly would you become too bothered to say thank you? especially when your acknowledgement could help the person giving you their wealth?
In communication circles, people differentiate between requests and demands. The key differentiator: Turning down a request does not lead to anything negative. In particular, the requestor is not displeased or upset. If he/she is, then it was likely a demand disguised as a request.
On the other hand, fulfilling a request can, and often will, lead to a positive. It's still a request.
If you're going to be upset about it, don't phrase it as a request. A big chunk of the population will be annoyed by it.
Soapbox aside, getting to your comment: If someone is giving me that money unsolicited, I may or may not give a thank you. Context is extremely relevant. I did not give a "Thank you" to the recent stimulus check, for example. And I've definitely had fights with people voluntarily giving me stuff over and over and complaining about my not saying "thank you" (or even worse, not reciprocating). I've had to forbid them from giving me gifts in the future. I'm not saying my attitude is the norm, but it is "one of the norms".
The book Influence covers this topic in a lot of detail, and this is commonly discussed in Negotiations books. The bottom line: Be wary of gifts, and either reject if you suspect reciprocation is desired (which could mean "Thank you"), or make the understanding explicit and keep the reciprocity in mind. Of course, this goes at odds with several cultures.
As much as we like to talk about "open source" culture, it doesn't exist. It gets argued to death every time it comes up, which is a good sign it doesn't exist. A big chunk of the SW world, if not the majority, do not feel a need to reciprocate - even with a thank you. (Most of that chunk are OK giving a "Thank you", and this is not a contradiction).
not sure why you've been down-voted but I thought that was well explained. I do rather strongly disagree with your example as being relevant, but I think you've made a lot of good, relevant points. Your example of stimulus being a gift is incorrect. We explicitly pay into social programs as a society with full expectation that those funds will be used to help us. Stimulus isn't a gift.
Well since they save a tremendous amount of time and effort by incorporating code that other developers spend their time on it the least they could do. Heck, it's even possible to mostly automate this as a lot of companies already (automatically) check for licences that require attribution or have other conflicts before you release your product.
As does this - that's what the NOTICES file is for. When I've looked at it on TVs it looks the same: Copyright notice and license terms that they're required to bundle with any redistribution.
Actually yes, we do. And I don't think this is excessively onerous. While not a legal requirement, it is a legitimate expectation, like having your "Good Morning" returned by someone, and we feel sad when this does not happen.
...yes? This is an automatable process these days, AWS / Amazon certainly have the resources to do it, and under many OSS licences it's a legal obligation to give attribution.
- I don't want to use restrictive (GPL) license like those business-hating FSF folks–I want people to use my software _freely_
- Hey! A big business used my software in a way that rubs me the wrong way (in this case, without giving prominent enough attribution)! Not nice!
What's not nice about it? You use a permissive license but you're going to get upset if people follow the letter of your license? This doesn't make sense. This might make sense if there were not alternative licenses but there are, and the author chose not to use them. This seems like playing a mind-game. "It's permissive! Use it how you like! (but I'm going to be upset if you don't follow the unwritten attribution guideline I have in my head)." How is it fair to expect other parties to meet your secret expectations?
What did AWS do wrong here? Were they supposed to know this guy's unwritten expectations?
There is, and will always be, a gap between what is strictly allowed/legal, and what is considered ethical/courteous.
There's a number of things that are strictly speaking legal, but still considered rude. Often, the reputation of a person or business is based at least in part on whether they do the legal bare minimum, or if they hold themselves to some level of higher standard.
I also think there's a difference between attribution because a license requires it (commonly buried several links/pages deep in some obscure "Here's a laundry list of ALL the open source packages we used to build this"), and acknowledging that a _specific_ library powers the core of a new product. I don't know of any license that marks that line.
Fair enough. I just don't know if it makes sense to expect tech companies operate with any values besides making money. That's why I say "don't ask or beg them to be courteous, force them to either be courteous or 'don't use my code', which a license can do."
Frog & scorpion don'cha know.
The other thing that annoys is the fact that the permissiveness of the license is precisely why AWS used it, probably part of why it's popular, why he can tweet about it & build his brand etc. The author has and continues to benefit from the permissiveness of the license. To enjoy the upside of permissive but complain that the downside isn't fair comes off as a bit self-serving.
AWS did wrong by being so wealthy. They could have done better easily.
It is like fair use: They guy that uses google drive to backup youtube in its entirety is not doing anything illegal. He just demonstrates that he cannot deal with freedom.
I mean this point exactly (though I come at from the other side). If one wishes a big business to respect their commons then bite the bullet and use the "restrictive" (they are in fact freedom guaranteeing) commons protecting licenses (like AGPL) be radical. If one takes issue with the business practices of big business don't gently shove back with social expectations and a sound bite here and there, draw the hard line in the sand.
> How is it fair to expect other parties to meet your secret expectations?
> What did AWS do wrong here? Were they supposed to know this guy's unwritten expectations?
I suspect you're either autistic or a lawyer being obstinate. Human society is full of unwritten expectations, we learn these quickly as a child or face social consequences. No where in the law is it written that you must say 'please' and 'thank you' but it's also expected and people are less likely to do things for you again if you don't.
So consider this situation now:
_A person (the dev) did something nice for someone else (a trillion dollar company) and they didn't bother to say thank you._
The answer you're looking for this guy wrote up 10+ years ago: If you don't like the way people are using your work, release your next work under a different license that more closely matches what you want. Learn from the mistake & don't make it again.
Maybe I'm autistic (the diagnostic criteria are very fuzzy around the edges) but I'm not sure what that has to do with my argument.
Because it’s a great idea but for instance the Linux kernel would have to come with documentation that mentions the tens of thousands of authors. A massive undertaking that doesn’t help anyone, really.
> Linux is GPL and I doubt it would have tens of thousands of authors if it were not.
Why? There's plenty of permissive F/OSS projects with large numbers of contributors.
> It would have a dozen proprietary forks.
Probably, but proprietary forks don't stop F/OSS contributions. They can even be the source of them, as upstreaming everything that isn't secret sauce reduced the cost of maintaining the proprietary fork. A number of the big sources of F/OSS contributions to Postgres are maintainers of proprietary downstream distributions (I don't know that all are strictly forks, since I think the proprietary bits of at least some are using the extension mechanism.)
> Why? There's plenty of permissive F/OSS projects with large numbers of contributors.
Companies invest in developing Linux to create a commodity they can leverage to sell their products and services. The GPL ensures the investment remains a commodity and cannot be used in proprietary products that can't be also leveraged by the initial contributor.
There was a lot of BSD in the core of every proprietary Unix, each tied to a given manufacturer.
> There was a lot of BSD in the core of every proprietary Unix, each tied to a given manufacturer
Except MacOS X, the major proprietary Unixes all predated permissively-licensed releases of BSD, and the early permissively licensed releases were under a copyright cloud for years that prevented anyone from relying on them for commercial downstream distributions.
Documentation is not the problem. The problem is that, the advertising clause requires ALL promotional materials to include these acknowledgements, for ALL software that has been used in the software. It was not a problem for BSD back then, since UCB was the only developer. But for projects with multiple copyright owners, such as the Linux kernel, a Linux distro poster would contain a thousand lines of acknowledgements, and this is not even counting the packages in the userspace.
A modern revisiting would probably require crediting the project as a whole rather than each individual author, and maybe have separate consideration for products that derive from a large number of such projects.
The primary problem is that 4-clause BSD is incompatible with the GPL since it adds restrictions to distributing the software (notably the advertising clause)
This license is also sometimes called the “4-clause BSD license”.
This is a lax, permissive non-copyleft free software license with a serious flaw: the “obnoxious BSD advertising clause”. The flaw is not fatal; that is, it does not render the software nonfree. But it does cause practical problems, including incompatibility with the GNU GPL.
The Flowplayer Free version is released under the GNU GENERAL PUBLIC LICENSE Version 3 (GPL).
The GPL requires that you not remove the Flowplayer logo and copyright notices from the user interface. See section 5.d below.
You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions:
* If the work has interactive user interfaces, each must display Appropriate Legal Notices;
Yes I remember there was a similar scenario with Microsoft as well.
> In other words, I'm not aware of a permissive license that's the same as BSD/Apache with the only difference in that also says "use it as you wish but you must mention my name when you're a commercial enterprise making a splashy product announcement".
Yes. What we need is ABSD, AMIT or AAPL where the first A stands for appreciation / Attribution
Congratulations, you've just reinvented the original BSD-4 license! It included what was called the "obnoxious advertising clause".
> 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the <organization>.
There's a good reason why we no longer use BSD-4 anymore.
> The result is a plethora of licenses, requiring a plethora of different sentences. When people put many such programs together in an operating system, the result is a serious problem. Imagine if a software system required 75 different sentences, each one naming a different author or group of authors. To advertise that, you would need a full-page ad. This might seem like extrapolation ad absurdum, but it is actual fact. In a 1997 version of NetBSD, I counted 75 of these sentences. (Fortunately NetBSD has decided to stop adding them, and to remove those it could.)
The advertising clause is inherently problematic to integrators, distributions, and packagers, which are an important part of the community. For a distribution, having to acknowledge 1,000+ authors in all promotional materials is unrealistic. Worse, it won't be a problem initially, but only after most people had noticed this trend: they would want their acknowledgements too, and everyone would start adding advertising clauses, in the end - everyone spams all posters with credit and nobody gains any notability, it's kind of a tragedy of the commons. The only way to stop this problem is explicitly discouraging everyone from using it.
A idea is to reword and relax this license: Similar to LGPL, you can skip the acknowledgement if it's used in an unmodified form. But it doesn't really solve the problem - if the original project has been forked by the community, the exception becomes useless again. The next problem is that, it doesn't really cover all cases - in a previous incident involved Microsoft, Microsoft didn't even use a single line of the original code at all, it was just an inspiration from its framework, and the author was upset for not receiving any acknowledgement... Another idea is using AGPL's approach and targets cloud providers only, but still, it doesn't cover all the cases here.
I'm not sure whether using copyright to require acknowledgement is a good idea after all. In the academia, copyright and credit/attribution are two entirely independent process. The credit is not a legal matter, but simply a form of code of conduct and informal politeness. Perhaps promoting a code of conduct for acknowledgement in the industry regarding the use of FOSS could work better.
Oh the good old companies paying in exposure... If you make a profit from using someone else software you should pay them (plus appropriate tax) regardless of the software license.
Am I crazy for wanting a license that prohibits the free use of a project by mega-corps? "If you're a company valued > $XXX usage of this code is prohibited".
I guess I can see OSS as a "free food" stall. Almost everyone can have a bite but I'm not fine with billionaires coming in to steal the recipes. They already have the means to increase their wealth efficiently, society would have much benefit if these mechanisms of wealth increase involved giving some of it back.
It's the same issue as taxes. They make buckets of money, use public infrastructure to do it, give pennies back. Apologists say why expect them to act different if the law let's them get away with it? How unreasonable of us.
Unity's license is what we're aiming for yeah? Use it freely but at a certain dollar threshold, contribute back monetarily?
It's not a loophole. A loophole is when you have some case or situation not covered by the rules allowing someone to get away with something that the rules were not meant to allow.
E.g., a company arranging for its shareholders to be able to report dividends as capital gains rather than ordinary income by doing a fractional stock split followed by a mandatory buyback instead of declaring a dividend, with the split/buyback designed so that each shareholder ends up with exactly the same percentage ownership they had before and with cash equal to the exact amount that would have been otherwise distributed as a dividend [1], that's a loophole.
An author picking an open source license that specifically and intentionally allows anyone to use their software and make money from it without having to give the author anything is not a loophole.
[1] Yes, this actually happened around 100 years ago. The rules on buybacks were changed to fix it. But them some legitimate cases of buybacks that should have been capital gains became ordinary income, so more fixes were needed. The result is that what once needed at most a line in the tax code, if it even needed mention at all, became several paragraphs. This is why we do not have a small, simple tax code--there is a massive incentive for people to find even the tiniest loophole and exploit it, and so you end up with multiple paragraphs for things you at first would think could be done in a sentence. (And don't say a flat tax would help...almost all of the complexity in the tax code is in determining what gets taxes, not how much the tax is once you have figured out the what).
All of my enduring open source contributions have been made while employed by a big(ish) company. I went through the effort to get them upstreamed so other people wouldn't have to make the same effort to debug and fix the same issues. Does that enable other companies to avoid hiring engineers to do the same work? Maybe, but it also enables everyone to benefit from things working just a bit better.
I don't need a royalty from my fixes, I was compensated for my time. I don't even care about a credit, but I understand some do.
> In other words, I'm not aware of a permissive license that's the same as BSD/Apache with the only difference in that also says "use it as you wish but you must mention my name when you're a commercial enterprise making a splashy product announcement".
There is: the four-clause (original) BSD license (https://choosealicense.com/licenses/bsd-4-clause/).
Pretty much no one uses it anymore because things quickly get unwieldy if you have to mention ten or twenty projects you used code from in all advertising.
I believe CC-BY[0] covers this. Worth noting that CC is more of a generalist license than software, though, so you may not have as fine-grained control as with BSD/GPL/MIT etc.
Good catch. I think you could get somewhat around this by running a CC-BY-SA, which requires that Amazon disclose the source of their forked product, which in turn would include a credit.
I find this entire thread absurd though...if the person wanted to get fair credit, they should have used a different license. It's like saying "Hey, totally ok to have a beer from my fridge. But I'd reallyreally plead you to drop in a buck... but only if you wish though. But I highly recommend it. It would be shame if you don't. Most people don't want to be shamed do they?"
Just be straight forward and put that in the license. Otherwise, it is truly optional and should be treated as such.
As much as I dislike having trillion dollar corporation not give a credit, that's why we have licenses.
> In other words, I'm not aware of a permissive license that's the same as BSD/Apache with the only difference in that also says "use it as you wish but you must mention my name when you're a commercial enterprise making a splashy product announcement".
That's called the old BSD 4 clause license. Now you know.
I disagree, he posted a rant on twitter complaining about amazons behaviour. Even if he admits that its not technically required, he is still generatig negative press for someone legitamently exercising their rights under the open source license he used.
In my opinion he is violating the spirit of the open source license since he is using extra-legal means to interefere with amazon exercising their rights under the apache license. This is unethical in my opinion
Rolling your own license isn't trivial. You could end up with something that nobody wants to touch because the legal implications are unclear, or something that's unenforceable, or both.
Ah, cool. It sounds like they have a specific way they want you to avoid modifying the text at the end of the paragraph about modifying it (for version 3):
> Rather than modifying the GPL, please use the exception mechanism offered by GPL version 3.
That is super interesting, I was actually thinking about it as I was writing that response. Isn't that non-enforceable? As in, if you write a legal document, and then make that document law, and then copyright it, it would mean that you wouldn't be able to modify the law without breaching copyright law. Is this really true and enforceable?
It seems they did, just in a not obvious place. The thing with legal documents is that, if it's not in the document, you can't expect it to be adhered to. This gets hairy when opposing parties have different ideas of what "norms" are, aka "unspoken/unwritten expectations", as we see here.
Isn't there a requirement to acknowledge the original author for all copyrighted work, no matter how permissive the license is? That is, the only way to not make it a requirement is to put the work in the public domain, and in some countries, it is not even an option.
That is, how can you know who the copyright holder is if you don't do that?
Considering that not all projects are littered with (c) Stack Overflow User, I may have the wrong idea, but it is definitely something I have seen somewhere. I am not a lawyer, obviously.
Ok, we should fork at convenience without taking care how was made something. Because "the company" only takes care on your LICENSE file and fu.. the maintainers or collaborators on it.
If we always come with excuses like "Oh, wait but it's not specified somewhere I can copy, appropriate it and sell it as mine". Fu..! Because looks like we need to protect* our self of companies instead of trust them. So OSS doesn't make sense.
So now turns out that there are no people managing decisions like this. Come on, credits are not a fu..ing problem and are free of cost!
> There are some replies in this thread that misunderstood the content of Tim Nolet's twitter post.
> [...] (reasons)
Well, then why go on something as big and public like Twitter and HN to post about it in the first place? Send a mail to the team of AWS and get in touch. I don't get the point of this tweet, either.
Motivate them to be mindful of the shoulders they stand on. The bad PR is that this at-a-glance anti-Amazon post is at the top of a popular tech forum.
The OP seems to be disappointed with how they handled it, and an Amazon agent even replied to agree and apologize. Plus, this is not the first time that people have reported similar feelings about Amazon's lack of appreciation for the permissive open source code they use.
> what do you think they are apparently obligated to do?
I don't know exactly, but I think it starts with making efforts to maintain good relationships with the open source community members who work for free to enable Amazon's (and others) products to exist. Regardless of whether they explicitly demand it up front.
I really wish, that when COs like Amazon decided to productize a thing they either offered the core developer(s) enough $ to work on it full time (if they wanted) or a job to do that with a guarantee that as long as it was a product, and they wanted to work on it, they'd be allowed to continue. Problem with offering job is the likelyhood of getting redirected to some other unrelated work.
instead of forking they could work with core devs to see if they wanted to support the desired features (potentially with an NDA until release).
this big co strategy of "mine. I profit now. everyone who built up this useful thing can suck eggs" really sucks and sucks for the humans and sucks for Open Source.
> this big co strategy of "mine. I profit now. everyone who built up this useful thing can suck eggs" really sucks and sucks for the humans and sucks for Open Source.
I think the software community is having an "I never thought the leopards would eat my face" moment.
The community pushed for a long time for licenses that donated labor to corporations because the licenses sounded more "free", and that flattered their politics.
When the corporations actually pick up the value everyone left on the table, the community gets outraged.
Open source software is something that has no meaningfully similar parallel in any other industry, and that has created untold billions (trillions?) of value across the world while also allowing literally anyone to carve out a piece of that value.
That is special. That is wonderful. It is a place for idealism. And honestly, it's worth getting angry about when people (and companies) don't respect it and improve upon it.
There's a difference between what is legally required and the greater good. Obviously, no one involved in this post is guilty of any literal crime. As you're suggesting, the license is the license.
But OSS is a fragile and wonderful thing, and an entity with the resources and clout of AWS would (at least in my opinion) do well to tend that garden rather than strip it bare.
I have accepted your terms and I am using your software in a manner that is compliant with your terms. Yet you are trying to burden me with some extra ethereal terms that you're coming up with after the fact and justifying through weird collectivist statements like "the greater good."
Use an open source license that contains ALL of the terms you want involved. You don't get to back out of the open source deal or heap guilt on others because you have regrets about other people literally complying with your terms.
This isn’t “stripping it bare”. Nothing is being taken away from the author nor is anything preventing the author or original contributors from continuing to work.
That’s the whole point of the license. You’re putting code out there for others to use however they want.
This isn’t even about legal requirement vs intent. If you put up a super permissive license, you are making the intent very clear that people can do whatever they want with it.
The lack of obligation, both legal and societal, of using open source software is what makes it so useful and lets the whole ecosystem flourish.
If your in open source for glory and getting monetary or promotional credit for your work, you’re doing it for the wrong reason.
Think of it this way - often when people become extremely wealthy, they turn to philanthropy. Because they want to give back. If someone becomes ridiculously wealthy and gives nothing back, we as a society tend to think poorly of them. Why? Because they are extremely fortunate and highly successful - and they could so easily help others without any negative impact to themselves. That ease makes us unhappy with them _not_ giving back. Because in their particular circumstance, we generally consider it _right_ to use their resources help others. Not required, but right.
Same thing with a company like Amazon. They are enormously wealthy. So we look poorly on them when they don't give back to those bringing them even more wealth. Because they easily could. Because it wouldn't hurt them at all. Because it is right.
Part of the evolving legal landscape is narrowing the gap between what is legally required and the greater good. It's not about eliminating the gap but we definitely want to rethink things when it's a gaping fault.
Exactly. Don't use an open ended license and then complain about it. If you want to restrict use, then license it appropriately. Very simple and obvious.
Exactly. Don't complain about someone being a jerk to you if you didn't get a restraining order against them. If you want to restrict them interacting with you, get a restraining order. Very simple and obvious.
You’re saying that people should lean entirely on the law. It’s pretty reasonable to have some set of behaviors that you’re willing to legally allow but also will complain about. It’s not like you can carve these things out perfectly. You’re going to either be over-permissive and have some stuff you don’t want happen, or be under-permissive and restrict behaviors you’re fine with.
To say “if you want to restrict use, then license appropriately” is to push heavily towards everyone using more restrictive licenses.
You are either the one who was in the open source movement, in which case I will hold my silence. Else I will say you do not know that open source was started when on-premise was a thing. How do you know how open source would have started now in the era of cloud?
I have worked on lots of open source software with the full intent of just putting the code out there to allow others to use as they see fit. Even if one person uses it to save them or their business time, it’s achieved its goal.
If other people contribute back, great. If I get credit, great. But those are not the motivations when you put up something like a BSD license. Licenses mean things so you need to choose a restrictive license if you get your feelings hurt when people use your software in a way you don’t like.
But GE isn't paying engineers to put out new lightbulb filament designs to the public (and other companies).
Facebook, Amazon, Microsoft, and many, many other companies are literally building tools for their competitors.
That's so outside the realm of possibility in any other industry that a copyright lawyer (or executive) in any heavily-patented field would laugh you out of their office for suggesting something like that.
This happens all the time across all sorts of industries. Where do you think things like ASTM standards come from? Companies pay people to participate in developing open standards that benefit themselves as well as their competitors.
The original tweet (as I understood it) wasn't complaining about this in a legal sense. They know the license allows this. They were complaining from a place of asking for a little respect and acknowledgement.
AWS has appeared to be doing a better job recently (from what I can see) in that regard. It's all around good PR. They lose nothing by thanking the maintainer/community for the work, even though the license doesn't require this. On the other-hand they build good-will.
Given the AWS response linked above, it would appear AWS recognizes this, and so maybe they will better accredit the work.
"They know only the rules of a generation of self-seekers. They have no vision, and when there is no vision the people perish.
The money changers have fled from their high seats in the temple of our civilization. We may now restore that temple to the ancient truths. The measure of the restoration lies in the extent to which we apply social values more noble than mere monetary profit.
Happiness lies not in the mere possession of money; it lies in the joy of achievement, in the thrill of creative effort. The joy and moral stimulation of work no longer must be forgotten in the mad chase of evanescent profits." [1]
It's painful to contrast FDR's thoughts on finance with what we heard last night:
> "Okay, first of all, let me answer. What they did is illegal, number one. Also, the numbers are all wrong, with the numbers they released. And just so you understand, when you have a lot of real estate, I have real estate, you know a lot of it. Okay? Right down the road, Doral, big stuff, great stuff. When I decided to run, I’m very underlevered, fortunately, but I’m very underlevered. I have a very, very small percentage of debt compared. In fact, some of it, I did as favors to institutions that wanted to loan me money. $400 million compared to the assets that I have, all of these great properties all over the world, and frankly, The Bank of America building in San Francisco. I don’t love what’s happening to San Francisco. 1290 Avenue of the Americas, one of the biggest office buildings."
I think that is an unfair comparison. Being articulate does not does not imply any other quality than just being articulate.
Back in the day I thought Obama was amazing. He was articulate and considered in his manner of speech. Then we hearing about the drone strikes with heavy collateral damage. And then Snowden came out and told us how Obama administration had put in place all the necessary infrastructure for a surveillance state. And then he put in place Title XI and kangaroo courts at Universities to completely undermine the core tenet of our legal system "Innocent until proven guilty".
Articulate does not equal morality or justice or fairness. It certainly did not with Obama.
> Obama administration had put in place all the necessary infrastructure for a surveillance state
I do not think that is accurate. The Obama administration sustained the growth from the previous administration. I do wish they had curtailed this growth, but c'est la vie.
That's not the whole picture- the giant surveillance program was never going to be killed.
Just give it different names each time congress finds out- Total Information Awareness, Carnivore (slightly different system, head of same hydra), etc.
We have not seen such an egregious abuse of open source software with any other company. Most companies that make use of a large amount of opensource actually contribute a fair amount back.
Like hiring on the core developers or making a large amount of code fixes and feature development contributions.
Amazon does neither of these things.
Take a look at any highly successful society or community. There is a large amount of gifting and selfless behavior
No they are not contributing. I was working at a big german car maker for the last 5 years and fighting with them so they would allow the devs to upstream all the patches they made just so we would not need to maintain those patches, so it would be cheaper for them. But after 5 years there was still no process for any dev to do that.
> We have not seen such an egregious abuse of open source software with any other company. Most companies that make use of a large amount of opensource actually contribute a fair amount back.
I don't think your claim about Amazon is true. But even if it is, it's not relevant. None of the OSI licenses require improvements to be contributed back to the original project. The most restrictive of them simply requires improvements to be open to the user.
The intention of open source licenses was never to force those who redistribute the software to improve on it. It was to provide end users with the freedom to be able to do that themselves, by distributing the improvements as well.
It's unfortunate that licenses from a generation ago don't adequately cover all the nuance of cloud computing. But the reality is that open source licenses were never about preventing companies from profiting at the expense of original developers. They were about user freedom. If you're unhappy with the way a company is using the software you open sourced, that is a sign you weren't prepared to commit to what open source means, philosophically.
Something like the AGPL would be preferable, if also more controversial. Then you'd also have a peanut gallery of people telling you your software is "source available" instead of open source.
> The intention of open source licenses was never to force those who redistribute the software to improve on it. It was to provide end users with the freedom to be able to do that themselves, by distributing the improvements as well.
Perhaps that was the intentions of the license creators, but famously Linus for example chose the GPL license precisely as a quid pro quo - I give you code for free, you give me back code for free.
And companies still get chastized constantly on HN for not being free enough. Open core? Not free enough. Common clause? Not free enough. I've been seeing it here for years.
You misunderstand what happened. Some open source software still had more restrictive licensing, but most corporations opted not to use it, often because they simply couldn't and still operate legally, and thus, the software was less supported and less used software died out.
When companies couldn't find free software to use, they just wrote it themselves, typically, unless it was something big and way outside their domain.
Rather than being beholden to a licensing agreement, it would be nice if OSS had a license for an "enterprise-level donation" that was mandatory for for-profit use. It would be a one-time cost, so it would be easier to push through the accountants at lots of big companies, and companies could feel free to use the software at their leisure. Authors/contributors could choose to charge another fee for upgrading to a new major version, opt to end support of an old version or not and so on and so forth.
>this big co strategy of "mine. I profit now. everyone who built up this useful thing can suck eggs" really sucks and sucks for the humans and sucks for Open Source.
Then use a different license. Hoping that a company like Amazon finds it in their hearts to always do what _you_ consider "the right thing" is just a loser of a strategy. You seem to want all of the good of open source, with none of the downsides. Good luck with that.
"Don't like how shitty people can be? I don't care" - that is how this kind of comment reads. But let's move on.
Interesting idea for a license.
Everyone can use and modify it, but if a large company with a market cap above $100m or a company wholly funded or owned by such company decides to utilize this project as a for-profit service, then said large company must hire me at for no less than $175,000 in 2020 value.
>"Don't like how shitty people can be? I don't care" - that is how this kind of comment reads. But let's move on.
No, I think I'll respond to that. It's not that I don't _care_, but it's naive at best to expect anything else. Besides, if your license allows it, they're not really taking advantage are they? Change your license.
>Everyone can use and modify it, but if a large company with a market cap above $100m or a company wholly funded or owned by such company decides to utilize this project as a for-profit service, then said large company must hire me at for no less than $175,000 in 2020 value.
Seems incredibly difficult to implement logistically, and most companies will probably just say "screw it" as they all hope to be valued at > 100M some day. Just enforce a per-basis license negotiation for commercial use or disallow it entirely. What happens if a company goes from a cap of 99M -> 101M -> 98M (etc etc). Just seems wrought with obvious problems.
Why do you think it’s shitty for Amazon to use an open source project this way? Do the licenses really mean nothing and the unwritten expectation is that the author of open source software should get rich if a someone else successfully productizes it?
Like CC-BY-NC (Creative Combine, Attribution, Non-commercial). If you want to use the work commercially (ie for business purposes, commercial doesn't require selling) then you must negotiate licensing terms (or infringe copyright [Fair Use / Fair Dealing aside].
Please don't encourage or suggest the use of CC anything for code. It just wasn't designed for code and creates huge ambiguities on the rights you intended.
As stated on the Creative Commons website (licensed under CC-BY):
Can I apply a Creative Commons license to software?
We recommend against using Creative Commons licenses for software. Instead, we strongly encourage you to use one of the very good software licenses which are already available. We recommend considering licenses listed as free by the Free Software Foundation and listed as “open source” by the Open Source Initiative.
Unlike software-specific licenses, CC licenses do not contain specific terms about the distribution of source code, which is often important to ensuring the free reuse and modifiability of software. Many software licenses also address patent rights, which are important to software but may not be applicable to other copyrightable works. Additionally, our licenses are currently not compatible with the major software licenses, so it would be difficult to integrate CC-licensed work with other free software. Existing software licenses were designed specifically for use with software and offer a similar set of rights to the Creative Commons licenses.
Version 4.0 of CC’s Attribution-ShareAlike (BY-SA) license is one-way compatible with the GNU General Public License version 3.0 (GPLv3). This compatibility mechanism is designed for situations in which content is integrated into software code in a way that makes it difficult or impossible to distinguish the two. There are special considerations required before using this compatibility mechanism. Read more about it here.
>Instead, we strongly encourage you to use one of the very good software licenses which are already available
But as far as I am aware, there are no comparable software licenses that prohibit commercial use. So, the CC NC licenses seem to be the only option here, even if supposedly imperfect.
Do you have an example of an ambiguity with regard to non-commercial use?
isn't this what redis did when they created their new license?
In effect, if you sell redis as a service (which, and IANAL, as I understand doesn't mean you sell a service supported by using redis) you must pay them in some way.
This is what people don't get when arguing against GPL: "oh, it's such a restrictive license! so viral, blah blah blah". In this case, it would've probable not changed the outcome, but could give the author some leverage for either compensation or mention. IANAL, but my understanding is that GPL would require you to keep the same terms and mention explicitly the original source.
To my understanding, the GPL does not require acknowledging the original author's contributions any more publicly than the Apache license (used by the project). The Apache license already requires preserving the copyright notice, which AWS did. I think the issue is the author wanted a more public acknowledgement of his work, which is a very fair ask. As far as I know, no license requires this (and, I believe such a license would be GPL-incompatible).
In my view, no license can enforce being a good citizen of the open source community. In the embedded space, I've seen vendors bound by the GPL follow it in letter but not in spirit (ie, delivering unusable code with a ridiculous toolchain), or just straight up ignore it (what are we going to do, sue?). On the flipside, good citizen vendors frequently contribute upstream even when they don't have to.
My understanding is that GPL doesn't force the user to do _anything_ except license any derived work under GPL. It specifically doesn't put _any_ limits on what someone can do with that code precisely because doing so would limit your freedom (with the exception of the licensing issue which is required so as to not deprive _other_ people of the freedom to do what they want with the code.)
It specifically does not require you to pay homage to the original author. The point is to ensure that the code remains free, the original author has no say over what happens to it.
That's true, but wanting acknowledgement in some specific way is pretty frivolous compared to wanting changes made to be available under the same license so the fork doesn't maintain an incompatibility/add-on advantage that can't be fixed.
Whether the GPL is good enough for that depends on whether end users are recipients of binaries and therefore would be entitled to the source under GPL.
> On the flipside, good citizen vendors frequently contribute upstream even when they don't have to.
I once discussed that with my employer and they agreed: it's almost never a good idea to fork a product in order to fix bugs, since you will have to continouiusly maintain the fork. If you get the fix upstream, you'll get the maintenance for free. So this often is not out of generosity, but rather in their own interests.
BSD and MIT licenses can be used with the advertising clause, and you can add anything you want. Similarly, you can add clauses to the GPL if you want.
Licenses are contracts. You can add to the contract that people who fork must do star-jumps every morning, if you feel like; but you have to state it upfront.
AFAIK, the related question of whether an OSS license for a scientific software can require that people using the software cite the paper(s) describing the software, has been answered in the negative. You can ask nicely, but you cannot demand it under any of the existing OSS licenses.
I had several discussions with fellow students in Uni about GPL vs. BSD licensing and BSD licensed code is, IMO, more free and more accessible - it really depends on what you want out of your code. Is your goal to provide a useful tool as a one-off that anyone can pick up and use? Then BSD is for you - otherwise, if you have expectations around self-maintenance of the code by consumers then you want to lean more toward GPL. The thing you get out of GPL that you lack with BSD is the ability to pull back changes and bug fixes from users - usually by explicitly excluding those parties which for legal/whatever reasons aren't comfortable re-sharing bug fixes.
GPL is about freedom for the user, BSD/MIT is about freedom for the devs. Not all users are devs, but all devs are users. GPL is the better license for net freedom.
It baffles me how many people fail to understand this.
> GPL is about freedom for the user, BSD/MIT is about freedom for the devs.
Both are about freedom that is only directly meaningful for developers or people that can employ developers on their behalf; permissive license are about simply providing that freedom rather directly, with limitations that tend to be focussed mainly on avoiding unexpected costs to the original provider of the software (liability, reputational, or otherwise). Copyleft licenses compromise direct provision of freedom to acheive broader but less direct social goals which relate to that freedom.
If you both agree with the goal and agree with the pragmatic judgement involved in the design of the detailed mechanics in a particular license about how to acheived that goal, its quite possible that a copyleft license is better for your interest.
Personally, whether the goal is (and these are two very different goals I've seen cited by GPL proponents) promoting development of free software or inhibiting development of nonfree software, I'm not sure the GPL family (or any other copyleft license) does that better, in practice, than permissive licenses.
The GPL is better at inhibiting nonfree direct descendants of a particular code base, but I don't generally see that as a valuable goal.
"GPL is about freedom for the user" - define what do you mean by freedom, it's different for different people.
GPL is the better license for net freedom. - it's not, because of it's virality, it pollutes other code and then demands everything fall into it's license, which is ethically wrong.
> GPL is the better license for net freedom. - it's not, because of it's virality, it pollutes other code and then demands everything fall into it's license, which is ethically wrong.
Nobody has a gun held to their head and are forced to use GPL code in their code.
Don't they already use MySQL for example? I don't think it would stop them in any way, unless some lawyers had some really antiquated views, coming straight from the 90's
Amazon has a legion of lawyers and probably quite a few technically apt ones that are actually comfortable diving into questions around whether a chef/ansible/whatever script to provision a linux box will go against GPL - and additionally whether pre-baked containers qualify or if a service to dynamically build pre-baked containers would qualify...
These are, honestly, expensive questions to answer as the tech gets more complicated - at what point is linux part of the binary you're distributing vs. an external dependency and, if you get the answers wrong, you'll potentially create an outage that will wreck havoc on the economy by grinding the cloud to a halt and cost Amazon tens of billions in revenue.
suyash is basically correct; usage of GPL (any version) licensed software is very heavily scrutinized at Amazon. Explicit exceptions need to be filed for, and are rarely granted. Unless you can make a very strong business case for the software, you're not going to get it approved.
>Hoping that a company like Amazon finds it in their hearts to always do what _you_ consider "the right thing" is just a loser of a strategy.
Sure the author can't require payment after the fact, but there are no open source licenses that prevent the author from soliciting payment from a downstream user. This is all fair game.
>You seem to want all of the good of open source, with none of the downsides.
If you do it right there aren't downsides. As far as business is concerned, the point with choosing any license is to create a win-win situation for all parties involved.
I think it should be possible to modify the GPL3 to disallow any usage in a for-profit setting - then you could individually re-license the code for different users to privately consume (and, optionally, free them from the burdens of the GPL3's copy-left infection). There'd be some issues, any commits you pulled in from the community wouldn't be eligible for re-licensing unless your PR acceptance flow included securing re-licencing rights from them - standard GPL3 copy-left code can't be converted to a private license without the agreement of the original authors.
To clarify - that's why I specifically mentioned a modification, the CC-Attribution-Non-commerical license accomplished this in a non-software setting so I assume a sufficiently practiced lawyer could make the modifications to the GPL3 to specifically disallow usage in commercial settings - this would, after the modification, not be GPL3 anymore of course.
This does go against some philosophical decisions underlying the GPL license but IMO GPL itself is less free than BSD/MIT licensing and to each their own.
More along the lines of "I live in the real world". I can be empathetic to the situation and think the author essentially set themselves up for something like this all at the same time.
Not only that, but there is no mention of the original author on their press release. All they say is "Amazon launches CloudWatch Synthetics Recorder".
I wonder if FOSS licenses can be modified such that if you are claiming in press that you are "launching" something and it is substantially based on something open source you must state the original authors prominently in body of the press release.
The author (Tim) appears to be in Germany; under German copyright law he in principle has the moral right to be identified as the author of any computer program he writes, just as it if were a book or piece of music.
Unlike other types of work, this isn't necessarily true elsewhere (eg in the US & UK), but I understand moral rights originate from France and German and are especially strong there.
(I see that page now mentions "Credits: CloudWatch Synthetics Recorder is based on the Headless recorder. " - is that new? )
Surely the answer is "of course you can", just tack on "all media mentions must have an approved attribution without which all license terms are null and void" to any license and viola!?
It would be nice if that were incorporated into a well-known, publicized, and lawyer-vetted license.
The problem is if I tack it on myself, nobody will ever touch or use my code even in the ways I want them to, because people fear obscure licenses if they don't have lawyers.
If I release code as GPL, BSD, MIT, Apache, people will use it without second thoughts. IF I release code as "BSD with modifications" people will look at it with suspect eyes.
The effect I want to have is NOT to prevent large companies from using my code. In fact I want to encourage them to use it, but to also publicly mention me along with its use, which would be very valuable to career-building and job seeking. That way, when writers of open source code aren't offered jobs by the companies that use that code, at least they gain high visibility for other companies to want to hire them.
If core developers are bought up by a single company, I'd be wary of the future control, direction and progress of the project. The open source version would likely stagnate as the commercial version gains features. It'd be hard not to align with company goals and plans when your paycheck depends on it.
Better would be to use mechanisms that already exist to sponsor the core developers for a length of time (Patreon, liberapay, etc). Alternatively, companies like Amazon could create an internal fund that assists key open source projects they've commercialized to set up as non-profits and then makes donations to them over X number of years.
I agree, there is a certain potential danger associated with it, however, it seems like there are quite a few cases where it worked out great.
A specific example that comes to mind, one of the main core developers of Webpack (Sean) got hired by Microsoft to essentially just work on Webpack on MSFT paycheck (I think now he branched out a tiny bit into other adjacent areas as well, but he is still one of the main Webpack contributors). I think it worked out great partially because he was not the sole creator, but just one of the few, and he was the only one who went to MSFT, so the other core devs still had some level of control they could exercise on their own without anyone being able to tell them otherwise.
There are definitely cases where it seems to have worked out. My sense, like yours, is that it largely depends on how "community driven" the project is at that point. If it has many independent core developers/main contributors, or many diverse companies relying on it, it seems to work ok (for now).
That said, it feels like there is a missed opportunity in the space. Most large companies already donate money toward interests in their local communities, etc. Why isn't there an easy mechanism for tech companies to donate to sustainable funding of open-source that they all depend on? My guess is that because open-source projects are rarely set up as organizations, they can't achieve 501(c)(3). It would not only be tax advantageous for companies, but would also support business continuity and recruiting pipelines. It would also be great for open-source developers and the community.
Maybe there are efforts out there to create something like this?
It seems like you're arguing that people should get both the good will of having an open source license and the profits of a closed source license. Which comes across as disingenuous.
No, it's just good sense. If you're adopting an open source project then you clearly think the project has merit. So the people who created this project should be considered for maintaining the company fork, since they clearly know what they're doing.
That doesn’t follow. There have been many projects that I’ve seen forked internally because the original author didn’t know how to write tests, maintain performance, etc.
Open source projects are often very poorly maintained so being the steward of one that’s interesting does not actually qualify you to productize it for a company.
>> I really wish, that when COs like Amazon decided to productize a thing they either offered the core developer(s) enough $ to work on it full time (if they wanted) or a job to do that with a guarantee that as long as it was a product, and they wanted to work on it, they'd be allowed to continue.
> It seems like you're arguing that people should get both the good will of having an open source license and the profits of a closed source license. Which comes across as disingenuous.
It isn't. Linus Torvalds and all kinds of other people are paid to work on the Linux kernel, sort of like how the op suggests, and if that hadn't happened Linux would probably be a shadow of what it is now.
The alternative is to have some guy slave away for another's profit, and eventually burn out (which happens to tons of open source developers).
I think OS creators should reap some of the rewards of their software. Popular OS projects have provided incredible value to the industry. It's only fair that some of that value trickles down. Sometimes it does (sponsorships, job offers, etc.), but oftentimes it doesn't. Obviously there's no rule enforcing that creators get their fair share, and nature of open source means there could never be such a rule. A blessing and a curse, I suppose.
Not really. There are a lot of open source licenses. If you care about that sort of thing then choose a license that doesn't allow it for commerical use.
It may also be worth noting that Creative Commons put a lot of effort into trying to define noncommercial over time and wasn't able to come up with a satisfactory answer. Obviously there are cases that are clearly commercial but many others are far less clear. This was being debated over a decade ago and nothing has really changed: https://www.cnet.com/news/does-the-noncommercial-creative-co...
It's not my field, but non-commercial has been - to my knowledge - addressed multiple times in USA copyright caselaw. I can't see why that definition wouldn't apply.
FWIW all the supposed complex questions they ask are clear cut. Advertising on a website makes it commercial, using works in a presentation at work makes it commercial, etc., they're all clearly commercial.
A harder question might be "what if I'm not charging and am giving files away" that becomes commercial if it substantially inhibits commercial activities, for example (according to copyright caselaw I've read).
But that doesn't matter that much, was the guy making $10 a month from adsense using your work commercially (legally, yes): it doesn't matter, why bother to sue them (actual damages is going to be tiny). NC is for the company advertising with your work, or ripping off your work, etc..
NC doesn't seem that hard to define but in any situation where it would be worth you suing for tortuous infringement then it's going to be very clear -- unless someone made a lot of money, or you lost a lot of money, then ...
not just the profits of a closed-source licence, but far beyond the profits of a closed-source licence. an amazon developer salary is well into the six figures annually, for presumably multiple years, which is easily more in one year than it would cost to outright acquire this product.
On the other hand, I don’t write FOSS in the hopes that some corporate overlord will eventually recognise my work and essentially buy the project from me with a job offer. I write FOSS because fuck you I have a computer and an internet connection and I’m going to do whatever I want. If you want to fork it, go ahead, but I’ll be damned if I’m going to spend my time (paid or unpaid) writing features that only make sense to Amazon.
I'm extremely disappointed to see how many comments on here focus on the very narrow legal questions and amount to: "Your license didn't say they couldn't."
Open source software is more than a license and code. It is a community and the digital public square.
And the Tragedy of the Commons is just as applicable to our public square as it is to William Forster Lloyd's common land.
Either we as a community hold ourselves and others within our community to a higher standard than the text of a license, or licenses will inevitably become increasingly restrictive in the future, to the detriment of all.
Honestly, this point is kind of nonsense to me. If people acted as if they were held to the higher standard, we would not need licenses. People (especially when they're not acting alone, e.g. corporations) act in their monetary interest, most of the time. Hence, stick to the license that's least restrictive that still ticks all the boxes you feel are important. If you feel attribution is important, choose a license that makes it legally binding.
Every contract, every law states what we see as the bare minimum required not to be actively harmful. They're society's skeleton. But bodies are more than bone, and societies are more than people doing the bare legal minimum.
Look at what the law requires of parents, for example. Food, shelter, clothing, school attendance, a lack of physical abuse. But parents who do the legal minimum and no more are awful parents, and awful people. But more laws wouldn't help. What kind of law could guarantee love? What kind of police could enforce it?
Community spirit is not something that can be expressed in a contract. Acting like people should have foreseen a particular asshole and tried to defend against them contractually is victim-blaming. The actual solution is for assholes to hear from the community that the behavior isn't welcome.
It's not perfect, but it works very well. None of my contributions to open source projects happened because they were required by license. On my own projects I've had people give generously of their time and expertise out of community spirit. Are some people jerks anyhow? Sure. But a different license wouldn't have changed that.
If I suggest an idea from a coworker in a meeting as if it was mine, that move would be seen, at the very least, as somewhat rude. If I got that idea from examining the competition, that would be seen as a smart move.
Sure, if attribution is a requirement then the natural thing to do is to turn it into a legal requirement. But I don't think that is the discussion here.
It comes down to how we want to treat open source. In order to encourage open source, I believe giving credit, even if not required, is courteous. Corporations are not monolithic entities that are perfectly defined. People work on these corporations.
> If I suggest an idea from a coworker in a meeting as if it was mine, that move would be seen, at the very least, as somewhat rude.
It will be lot more rude if your coworker now hit social media berating you for stealing other people's ideas. If just office ideas were this important may be they need to be submitted with process of academic journals with proper attribution.
It can't be both ways: "Announcing that take my idea / software and run with it" And if someone does, telling them "you are first rate moocher, aren't ya?"
> stealing other people’s ideas without acknowledgement’
Huh, I never heard of 'stealing with acknowledgement'. That'd be plain usage.
> I’d be inclined to agree with the coworker.
I'd think that co-worker would be subject of constant derision where people would run every trivial thing by them asking if they had thought it originally.
Edit: To be clear I support directly confronting folks taking ideas often without attribution or taking to higher ups if that is so important. But social shaming means the person better be prepared to live up to much higher public standards than it would be for some interpersonal issue.
Corporations the size of Amazon are imune to shame. If it's not a hard requirement, they'll only comply if it's not against their self interest to do so.
I agree this is about the culture of software and open source in particular.
Reducing the issue to the bare minimal legal requirement is stooping low, that we cannot expect corporations to behave ethically, with common decency and respect, unless forced to do so by law. Sure, that's the real world, but we should demand better of the people who run and work in these corporations.
> that move would be seen, at the very least, as somewhat rude.
In a few places I worked at, this was just par for the course. It's all in the (corporate) game.
As much as decent, polite, and courteous people do exist (and I try to be one of them), it's a fact of life that assholes exist, and they often prosper on the back of such decent people.
That seems like a very hard line to me. Copyright gives fairly comprehensive control over use, however trying to draw a line somewhere down full-control, attribution or no control seems very hard.
As it is today you can use your full control to allow full use with attribution. Of course the "unfairness" probably comes from the fact that you can't force others to do the same.
In my opinion the best option is to keep copyright at "full control" with a time limit. Probably 10-20 years. However that doesn't solve your desire for only attribution.
> Open source software is more than a license and code. It is a community and the digital public square.
Unfortunately, there's absolutely nothing about the OSS community that actually instills this mantra in people. I like to think that I also see OSS as a community and digital public square, but there's no universality to that philosophy.
> Either we as a community hold ourselves and others within our community to a higher standard than the text of a license, or licenses will inevitably become increasingly restrictive in the future, to the detriment of all.
There's just no way that the community will ever do this because there are inherently conflicting incentives to participating in OSS. If you tried to explicitly motivate people to do this, you'd immediately get pushback from the individualistic elements of the community that don't want to participate in something that they feel is politically motivated or that Amazon did nothing wrong.
OSS is a great thing that has tremendously benefited the industry, but the idealism of a community acting together without any consequences or incentives to do so is truly folly. As much as I wish OSS had more of a true community feel to it (and I think there are little pockets where this is tangibly felt), OSS largely exists to provide tools for commercial software development. Those people are out to build businesses and accrue wealth, not fortify the OSS community. I'm sure there are people that actually work to accomplish both, but the vast majority of founders and companies I've worked for in my career don't see OSS as a community. They see it as a giant puzzle box where each piece is an OSS project and their goal is connect pieces together in order to sell a product to somebody. Get acquired/IPO and you've solved the puzzle.
> OSS is a great thing that has tremendously benefited the industry
I'm beginning to question this. The proliferation and commoditization of F/OSS is what made SaaS business thrive, and made it so that integration and polish is the only avenue left to make a buck, leading to our paltry attention economy, oligopoly, and platform lock-in by network effects. This after decades of personal computing striving to liberate users from mainframes. F/OSS is also drying out - when was the last time you used a piece of software that truly achieved something useful on its own rather than solving a perceived problem that only exists because of the idiosyncratic nature of the web and cloud stacks? Meanwhile, maintainers of popular F/OSS get nothing in return.
> The proliferation and commoditization of F/OSS is what made SaaS business thrive[...] after decades of personal computing striving to liberate users from mainframes.
That's because of developers' (read: devops folk) own narrow focus of open source. When someone talks about open source having won, they're referring to how their company has three dozen services published on GitHub that can somehow be strung together to approximate 60% of what their company is actually putting in people's hands at the end of the day. That's open source for you.
Stallman and his acolytes had it right all along about focusing on free software as a philosophy meant to empower users and not career programmers (who already generally make more than the average household...). It doesn't matter if a smattering of SaaSsy services are open source if (a) it's mired in the sort of headaches that are par for the course in devops today with respect to actually being able to run the thing, and (b) the app that real, actually people are jabbing with their fingers and literally touching is still proprietary.
So it's not a problem of too much open source; it's a problem of not enough, and a problem of eschewing with the user-focused underpinnings of free software along the way, to instead follow the career devopser's AWS/GitHub/whatever-powered path while advertising it as win. To borrow liberally from Alan Kay, the computing revolution hasn't been won—because it has not yet even happened.
> The proliferation and commoditization of F/OSS is what made SaaS business thrive, and made it so that integration and polish is the only avenue left to make a buck, leading to our paltry attention economy, oligopoly, and platform lock-in by network effects.
Do I think F/OSS played a role in these issues? Absolutely. Do I think it's the primary role in causing these issues? Definitely not. I'd argue that weak antitrust law, ill-intentioned VC money, and lack of oversight of software titans play the biggest role in what you've described here. Yes, F/OSS gave the companies tools to iterate over app development quickly, but they were pushed for hockey stick growth and total market domination by the checkbooks, and the government has completely failed to police their behavior. F/OSS gave people with questionable incentives the ability to do questionable things, but it didn't create the motivation to do those questionable things.
> when was the last time you used a piece of software that truly achieved something useful on its own rather than solving a perceived problem that only exists because of the idiosyncratic nature of the web and cloud stacks?
I actually use a fair amount of F/OSS that is independently useful to me, projects like Hammerspoon, MIDIMonitor, VLC, MuseScore, and others. Yes, the majority of F/OSS that I use is for commercial purposes, but that's certainly not exclusive.
> Meanwhile, maintainers of popular F/OSS get nothing in return.
I completely agree with this, and I think it's one of the most critical problems to the F/OSS movement.
"when was the last time you used a piece of software that truly achieved something useful on its own rather than solving a perceived problem that only exists because of the idiosyncratic nature of the web and cloud stacks?"
Go and Rust. Probably unpopular opinions, but I'm very glad those two languages are open source.
I'd bet that this outlook is the sort of narrow-sighted, can't-even-understand-the-question sort of thinking that the person you're responding to had in mind when asking the question—as what not to focus on when talking about the successes of FOSS. That even with the point made in a very straightforward way it gets responses like this is a huge signal of what sort of problem we're dealing with.
Go and Rust amount to infrastructure, not software that "truly achieve[s] something useful on its own".
> when was the last time you used a piece of software that truly achieved something useful on its own rather than solving a perceived problem that only exists because of the idiosyncratic nature of the web and cloud stacks?
All the time. One I use every day? Emacs. (Which long predates anything web or cloud related.) For a more recently developed example? Guix.
Setting aside the fact that a very large portion of the software I use outside work is free software.
I see what you mean, but in this particular case, there are licenses that explicitly require the sort of attribution that the tweeter was asking for - e.g. the BSD license with the "advertising clause", or maybe the AGPL. For some reason, open source developers are choosing not to use these licenses, and complaining about it later.
If it were the case that AWS broke some unspoken social convention that is hard to legally enforce, I'd be more sympathetic. But it feels more like the author made a choice to license their software using Apache 2 over other licenses.
A lot of how people and even companies conduct themselves has as much to do with cultural norms as it does with strict legal requirements.
It looks like Matt Asay, the lead for the open source and marketing team at AWS, has already reached out and said he's looking into it (and thanked Tim for the contribution).
I think there's generally a cultural norm to recognize an individual's contributions in general, especially when freely given.
If the comments on here largely echoed that sentiment and demonstrated that it was a cultural norm, expect AWS (and others) to be more likely to adhere to it in the future — it costs almost nothing, but there's definitely a value in having a positive reputation.
We do have the capacity as a community to define and uphold such cultural norms. Laws and licenses are not as binary as code.
I think recognition by AWS would have been nice (win-win for both parties) but lack of it does not warrant public shaming.
If someone doesn't thank you for your "free" services, then keep your head down, plow ahead and take comfort in knowing you're doing a good enough job for a company like Amazon to use your stuff. And if that's not enough, send them a private message and let them know how you feel.
Given that everyone thinks like me, I wonder if some of the "Your license didn't say they couldn't." comments might be a defensive reaction to what they see as an unjustified public shaming. Like an unjustified honk on the road. This is twitter at its best right? Someone says something that pushes the right buttons (intentionally or not), people kick it up a notch by reacting defensively and we're off to the races!
You are talking about a trillion dollar company. I am sure their feeling wasn't hurt from "public shaming" Please save your empathy for the independent open source developer who spent his valuable hours on the project.
If you choose a license which explicitly lets them, and they do, then appealing to community is simply silly. If community and reciprocity is important to you, you simply must choose a GPL-like license that requires it.
If you don't want it, simply say so! But if you say you don't care... don't complain when people do.
This, incidentally, is why I tend to prefer the AGPL for stuff I write myself, as it aligns most closely with this "digital public square" idea. I'd simply rather not have an Amazon use my work in this sort of taking-without-giving way at all.
Meanwhile, the open source code I write for my employer is Apache 2.0 licensed because the permissive licenses seem to be the most friendly towards large corporations and hence is what they prefer.
This is incredibly naive. FOSS ultimately is business (if the code has any real value) and that's why there are licenses, to keep industry in 'check'. If RMS shared your optimism there would be no FOSS. Business are not people, they are entities driven by profit and the limits of law. Call it greed if you want but that's how you get endless $1 loafs of bread and the ability to fly anywhere in the US for a couple hundred bucks or less. If you really want something to be so, get it in writing. There is no 'community' like you illude to. Maybe in certain corners of the web or for some more notable projects, but there is plenty of FOSS that is really the backbone of a lot of sw and non sw infrastructure that is contributed to almost exclusively by corporations that are in competition with each other. FOSS is not just web devs hanging out on twitter making some app with a cute logo that will be forgotten in 3 years. There is big business going on and without a good license you have nothing.
Open source software is more than a license and code.
Nope. You are thinking "Free Software". "Open Source" is "just" that: a legal license which may or may not have ethical considerations and fuzzy feelings.
It's very disappointing, not the laws called "facts" but this disjunction of the community arguing or even joking around simple people stuff credits. Which costs nothing to do it.
For me this never ending OSS disagreement is just an excuse to take just benefits of the community but with zero retribution (there is no progress on that).
Someday, people will understand that Software is crafted by humans but not by a bunch of companies or self-thought computers.
You'd have to get the warm and fuzzy emotional parts (community, public square, commons) codified into the license in order to enforce that "higher standard".
In what world does any company use open source software to save money??
What is the alternative? Develop everything yourself in-house? That's not just expensive, it's dumb, because you'll get worse/less reliable software in general.
Corporations have nothing to do with community or people or ethical standards or environmental stuff or privacy. For a company an open source license is nothing else than the code and a license. For them, this is a very narrow legal question.
Corporations does not care about much but shareholders' interests. If you want to change that, you need to come up with a different system than capitalism, which encourages the standards you want to see.
Capitalism doesn't _require_ the heartless pursuit of shareholder value. You're confusing the system with one particular ideology.
Changing incentives, standards and cultural norms absolutely is possible within a capitalist system. In fact, it's required. Otherwise, capitalist economies quickly descend into oligarchies with skewed markets that favor those with all the capital.
If profit were the only motive without any other rules in play, that wouldn't be capitalism at all. We need interventions in order to preserve a healthy system. To suggest otherwise is to defend an ideology that isn't capitalism itself.
Here's another example of AWS interactions with OSS: instead of contributing a perfectly good and non-AWS dependant feature to an upstream project (PGBouncer, for a strictly PostgreSQL-level useful feature) they decided to rather stretch it and publish their changes as a _patch_ to the upstream project instead, with a different, restrictive license that only allows its usage on AWS services, together with examples on how to use it on RDS/Redshift:
It's worth mentioning that this isn't just a case of people not being able to use the patch outside of AWS; the patch is actually impeding pgbouncer from implementing a similar feature:
> We'd like to rewrite such features for pgbouncer from the ground up but it is impossible to prove to the lawyer that the re-writing is not kind of "derivative works". I believe it is not what you expected, as an opensource project that derived benefit from the whole pgbouncer community.
“3.3 Use Limitation. The Work and any derivative works thereof only may be used or intended for use with the web services, computing platforms or applications provided by Amazon.com, Inc. or its affiliates, including Amazon Web Services, Inc.” from https://github.com/awslabs/pgbouncer-rr-patch/blob/master/LI...
Is this a one off activity, or does Amazon do this regularly as part of their moat?
> Oh @awscloud I really do :Two hearts: you! But next time you fork my OS project https://github.com/checkly/headless-recorder and present it as your new service, give the maintainers a short "nice job, kids" or something. Not necessary as per the APLv2 license, but still, ya know?
He is only nicely and asking for recognition/attribution while acknowledging that it's not required per licence.
I don't know why people have to take sides or be angry about it. Just as amazon was free to take his project and make it their own, he is Free to mention the fact that someone is indeed selling his work without even giving an open mention.
Incorrect. Amazon included the legally-required NOTICES, which isn't what he was asking for. And similarly the author did not admit any such mistake as no such mistake was made.
I guess they are. It would just be nice if they paused and check they made that judgement based on what they actually read, instead of the initial emotion they felt while reading.
Could everyone take a moment here and reflect on their hostile attitude towards an open source author who just wants to be treated fairly (in a moral sense)?
My guess is that none of the people who are lecturing and gloating have ever written anything substantial. Shame on you.
Just pointing out the hypocrisy of embracing "openness" and "free software" that anyone could use freely, then getting mad when someone does use it.
Also it's funny to see the FOSS crowd rediscover the need for intellectual property, having denounced it when it was applied in the opposite direction.
The issue here is HN loves Amazon. That's why you are seeing the hostility. If it was Google doing that, I can guarantee you the HN response would be radically different.
He used a permissive license so that everyone, including Amazon, can use his code without any strings attached. Presumably because he wants his software to spread far and wide. This is the typically stated reason why people use permissive licenses, isn't it?
Therefore, shouldn't he be thanking Amazon for spreading his software?
Much of the discussion in this thread has highlighted the difference between those who regard open source as a community and public good, and those who regard it as a resource to be exploited. The latter sees anything beyond legalistic compliance as an unreasonable expectation.
Personally I'm disappointed with the exploitation view, but I also think it's an interesting example of how different assumptions lead groups to talk past each other. "AWS was in complete compliance, what's the problem?" versus "AWS violated the spirit of the community". Each camp agrees with the other camp's assertion but sees it as irrelevant.
The exploitation view is mostly due to the anonymous nature of those personal, natural person individuals performing the decision to exploit. The personal cost to them of the decision is muted if it is felt at all: the endless layers of the corporate body shields them.
However, if their names attached to such decisions were plastered all over LinkedIn, GitHub, or the even the project "look who is using our project" page, the responsibility that went with that decision authority just went up a noticeable amount. With REST API access to graph-networked tracking of such decisions, someone's track record of these kinds of decisions will follow them. Forever. Such tracking will also start revealing companies with a certain track record. The consequences of that are up to those in the future making decisions whether to interact with those individuals. It could be neutral, beneficial, or adverse, depending upon who they deal with.
Also, nothing prevents open source projects from tapping such aggregated data in an automated fashion, and auto-updating an exception to their open source license. "Anyone may license under <foo-open-source> license, except for the following list of individuals: ..., And except for the following list of companies: ..., <followed-by-legal-stuff-preventing-assignations-for-example>. For you, <consequence-decided-by-project>." Licenses are similarly amended to generate the attribution data in the first place.
That consequence can be whatever strikes the fancy of the project. Whether it be must license commercially, must post a LinkedIn video of them singing "Good Ship Lollipop" before they can license under the open source license, must post an escrow bond they forfeit if they violate the terms, etc.
Shine a light upon the natural person authority, and see who steps into the spotlight proud to show off their accountability.
I accept that criticism, I'll be more careful with labels. I've been using "exploitation" for so long in the ML sense of "exploitation vs exploration" that I forgot it can have negative overtones. Or maybe I ignored those overtones because of personal bias.
Definition 2 of exploitation: "the action of making use of and benefiting from resources."
Definition 1: "the action or fact of treating someone unfairly in order to benefit from their work.".
I don't like being accused of bad faith though, I do put a lot of effort into strong-manning positions I disagree with.
If Amazon employees started tipping 0% at restaurants in Seattle, they would be legally correct. But that would certainly impact the way restaurants needed to operate.
Sometimes communities get built up on a shared system that involves a certain amount of shame, embarrassment and feelings of communal good and following norms in order to continue.
Open source software seems to be that type of community. Sure, you can be a freerider and tip 0%, but at a certain point others in the community may glare at you with a "really?" face and of course restaurants will eventually just raise their prices.
Interesting analogy, because a growing trend in Seattle restaurants is eschewing tipping entirely for a fixed % gratuity included in the bill. I agree with the other commenters in the thread - if you're peeved because you didn't get something your permissive license didn't require, choose a new license.
I hear you, but tipping is a widely accepted practice. As a software developer I use tons of open source software and I'm aware of how much open source software is used in commercial products I use as well. And still I can't recall seeing credits with the original developers' names ever outside of a license file. I'm not saying that is good or bad, but it doesn't seem to be standard practice.
Fantastic analogy: tipping is a vestige of a culture of patronage and servitude and a practice that doesn't exist (in the same form) in most of Europe for example, where servers rely on an explicit obligation of payment rather than "whatever the customer feels like giving."
Just as tipping is a shitty system and the explicit & transparent European model is better, so is using a license that clearly spells out (requires) the type of attribution you want better than relying on vague implicit expectations.
Situations like this make me wonder why no one has created an open source license with a clause excluding multi billion dollar companies. If your company makes more than, say, $50 billion in revenue per year or something crazy like that, then you need to pay for a license. Everyone else can use the free license.
Amazon in particular is well known to be aggressively anti-competitive, as we saw with the Diapers.com fiasco. So logically, if you allow them to use your open source project for free, you run the risk of supporting the company that is going to run you out of business if they ever decide to compete with you. Might as well grab a piece of the pie on your way out!
You'll have less users with such a license, in reality only a tiny percentage of even huge companies use your code in a way that is annoying or make you feel like you should get something back for it and it's hard to target such companies specifically rather than crater the popularity of your project entirely.
I've seen these Polyform licenses touted on HN a couple of times recently.
I really do think we need a couple of new licenses along these lines to become popular enough to be generally accepted. Having said that, I struggle to really grok the language in these licenses; it could be that I'm just more familiar with MIT, BSD and the like, but with the Polyform licenses I'm always left with questions about what I can and can't do.
I think its likely familiarity. Licensing is legal terminology so anything new requires time to reason about. In this case I am a strong advocate for these licenses as they're written in part by Heather Meeker who has authored some of the custom licenses for Redis Labs, MongoDB, etc to protect against this cloud provider hosting issue.
Then I'd love for them to get some more attention, discussion and scrutiny in the community, because I think that's the only chance new licenses have at gaining wider adoption.
You cannot circumvent that. If you want to do a service for a company that has a multi billion company in the chain then you would have to get full commercial license and when that happens you simply raise an invoice to the client that covers this cost. It is pretty simple and you cannot get around it.
The middle man increases costs and inefficiency for the billion dollar companies, giving a competitive advantage to everyone else. It's foolproof I tell ya!
That creates problems for anyone who ever wants to sell their business to or sell services to any larger company. Which covers a lot of smaller companies. The license would trigger all sorts of legal red flags during due diligence for either case. And not just with the companies it's supposed to cover but any large company (ie: what if they one day trigger the clause, how well defined is the clause, what if they are partially owned/invested in by a larger company, etc, etc, etc).
> That creates problems for anyone who ever wants to sell their business to or sell services to any larger company
We ran into that, sort of, although the only one it ultimately affected was the author of the free software that we wanted to use. We were a small company doing development for a major Japanese software distributor. He wanted a virtual CD product that would make images of your CD-ROMs and let you use those images. We were using zLib to compress the images, but he said it was too slow. zLib has settings to sacrifice some compression to gain speed, but they would not gain enough speed while maintaining the minimum amount of compression he wanted.
I found a zLib compatible library that some grad student at a nearby major university had written in assembly for speed. It was very good, handily beating zLib, and he even used the same assembler we used (Watcom). The library was GPL, which was not acceptable to the distributor we were writing for, so I contacted him about a different license.
We agreed on some reasonable price to use his library in that product, and some reasonable larger price for a license to use it in all our future products. But then he started worrying--our products were for Windows. What if we caught Microsoft's attention and they bought us, and his code ended up available for all of Microsoft to use.
He wanted to negotiate a license that would cover all of the kind of thing to make sure his code could not end up at Microsoft or some other big company. Negotiating that would require our CEO's involvement, and probably bringing in outside lawyers. The CEO did not have the time for that nor any interest in it, and told me to figure something else out.
I did. I went back to zLib, and I added a slider to our UI which went from 0 to 100, labeled something like "Faster ripping" on the 0 end and "Smaller Images" on the 100 end. If the slider was set to N when ripping an image, I used zLib at maximum compression setting on N out of every 100 sectors ripped and stored 100-N out of every 100 sectors ripped uncompressed. The distributor was delighted with this. (I have never been able to decide if I should be proud of this solution or deeply shamed by it).
25 years later, and nothing from then ended up at Microsoft or anywhere else, and that grad student lost out on several thousand easy dollars that I'm sure would have been very nice and useful for him to have.
True, but have you ever been involved in purchasing at a big company? Trying to procure and ship a pony would take longer than just writing the software yourself (I'm not even joking).
> "Situations like this make me wonder why no one has created an open source license with a clause excluding multi billion dollar companies."
People start looking at things differently when they're asked to pay for them and they start comparison shopping. Would people pay for LibreOffice over MS Office? Would people pay for GIMP over Photoshop? Some would, most wouldn't. It would kill corporate adoption of FOSS and, since most FOSS development is done by people employed by corporations, that would shrink the userbase and reduce the sustainability of FOSS.
There was a discussion a few weeks back about TimescaleDB doing a "Cloud Protection License", which seems to mean that they reserve the right to offer the product in a cloud offering. Seemed to me like a good compromise.
There's surely a space between "perfectly acceptable" and "illegal"? I don't like this idea that you have no right to complain about something if you haven't specifically banned it in a legally enforceable license.
In this case, the author can set out what they think is acceptable in their license terms. Attribution costs nothing to the user - so if you want it, stick it in your license.
People should be able to comfortably use software within the bounds of the license without worrying about the author coming along and then shaming them for not complying with an additional set of implicit constraints.
Yes, it would have been nice for Amazon to acknowledge the original author. But given that they are not obligated to, it's unfair to act as if they are at fault for not doing so.
I think it comes back to politeness, somewhere in amazon there is product manager that saw or was shown Tim's repo and saw an opportunity(nothing wrong with that). It would have been a nice thing to do to give him a shoutout just like it was a nice thing to do of Tim's to release his code under a permissive license. There must be a mountain of code forked by large companies that if given some sort of recognition would be of benefit to the original author even if its only internet points.
There has to be daylight between legal "fault" or obligation and courtesy. The author isn't going on a tirade, he made a quip.
We have faculties, as humans, that aren't strictly legible in the way a license or legal code is. Laws are not a substitute for custom or courtesy. We do need both. No one said they stole. They said they were discourteous.
But the author had the opportunity to specify the behaviour that he felt was courteous enough. Some people do not care about shout-outs, and those people do not include attribution clauses in their code licenses.
I also did not mean "fault" in the legal sense, but rather in the sense of courtesy. It is not a faux pas to comply neatly with the terms of a public contract. What you're suggesting is that Amazon erred in not mentioning the author, but the fact that is visible to everyone in the license is that the author does not care about attribution.
I don't like the insinuation that a license can be non-exhaustive in its conditions for the "correct" use of open-source software. You shouldn't run the risk of offending an author by violating some tacit, contradictory rule.
Do you also dislike interacting with people, seeing how there's no such thing as an exhaustive list of things to do and not to do?
This is not even an analogy, it's what is being discussed. AWS didn't do anything illegal with regards to their usage of open-source, but we live in a society, and we do have innumerable tacit rules. One of them is that you should give credit to where credit is due.
Software licensing already breaks many tacit rules that people normally take for granted. It's rude to copy someone else's creation without asking first - but if they license their code in a way that allows for copies to be created, it is no longer rude to copy that code without permission.
It is also rude to sell someone else's work without permission. But if they choose a software license without a non-commercial clause, it is no longer rude: and this implies that the absence of a feature in a license is a kind of approval of its opposite.
If you choose a license without an attribution clause in it, you are admitting, publicly, that you do not care about attribution - not that you require, nor that you forbid it, just that you are ambivalent. If somebody goes on to use your code without attribution, you are wrong to then point out that they have been "rude" to you, because you have already declared your indifference.
I'm not suggesting that unwritten rules are bad. I'm suggesting that trying to introduce unwritten rules to a system where written rules (i.e. licenses) already exist is a bad thing. Software licensing already sits at the intersection of legal and social obligations, because attribution is a feature with essentially no legal impact; treating a software license as a social contract is not a mistake.
IDK... lets remember that this is a low stakes game. At worst, someone is now cross with aws product people.
Also, it's not like we're talking about arcane pleasantries that no one could have anticipated. Say JKRR opens Harry Potter, copyleft or something. You record an audio version and sell it with great success. Is it not obviously courteous to mention her in some way?
It's even moreso, if you are aws, and JKR is just a regular author.
It's not like anyone who uses a library is expected to perform a ritual dance. It's common sense basics and if you get it wrong nothing happens. Doesn't seem like a lot to ask.
> But the author had the opportunity to specify the behaviour that he felt was courteous enough.
So I'm free to treat you like an absolutely piece of shit, be a raging asshole at you, and you're going to defend my horrendous treatment of you just because legally I'm allowed to and you failed to make a contract with me saying I have to be nice in excruciating detail that's legally enforceable?
A credit-to-author clause has been tried before by the tech community, and IMO it's up to the community and not an individual author to develop a license which fits. The reason is because any modification to a well-known agreement makes your license very expensive to understand, even if it's a trivial modification.
Open source licenses only work because the community adopts them as a standard.
I'd agree with this — with things like Creative Commons it's very clear if someone is asking for attribution or not, if it allows non commercial etc.
In an enterprise company, it's _much_ easier to use something with an established licence. Having "MIT with attribution" might be waved through by a standing policy. Having "my custom MIT fork" needs Legal involved & may not be a hill to die on so just get ditched instead.
> There's surely a space between "perfectly acceptable" and "illegal"?
If there is, it's a space that you can minimize using licensing terms, and as a user I will assume that the licensing terms are chosen by the authors in a fashion that best represents their interests. Especially since so many template licenses exist that address this exact problem.
> I don't like this idea that you have no right to complain about something if you haven't specifically banned it in a legally enforceable license.
I think it's unfair to imply that the post you respond to represents that idea, if that's what you're doing. Although worded frankly, it's a constructive suggestion for what proprietors can do to prevent this. It's not a new problem.
I don't think that's entirely true. Large companies respond to public pressure over things all the time. Some of the better run ones also take the initiative to do things ethically off the bat. If a large company is treating "legal" as "morally acceptable" then we should be calling them out on this, not accepting as part of being a large company.
We should certainly also update legislation to force them to do things ethically, but it's not always possible to cover every possible case and thus our society depends on at least some level of corporate ethics.
> I don't think that's entirely true. Large companies respond to public pressure over things all the time.
That type of response to pressure isn't necessarily of a moral nature. If your customers are boycotting you for not including skub in your product, your choice to include skub in the future could simply be an effort to maintain your customer base, regardless of what moral values skub (non-)inclusion represents.
But then it depends on what kind of people with what kind of mindset make such decisions, doesn't it? (Hint: It's not the altruistic "share with everyone" mindset they have.)
If that were true then big companies wouldn't have PR departments. But they do, because public image does actually matter to them. Brand recognition & emotional response to those brands is a huge part of being a big company.
If I look through the menus of my oldish (not smart) Panasonic flatscreen tv, there is a menu option that displays all the licenses of the open source software used.
I would prefer to see these things enforced by culture and norms rather than laws and licenses. I don't want to have to parse legalese as part of my role as an engineer. I don't want companies to have to hire more lawyers to verify they can use software I wrote. I want them to be able to just use it, then contribute back after they've experienced using it. I don't want a restrictive license may prevent them from ever even trying my software in the first place. I want culture and norms that encourage the company to contribute to the project, not laws.
If Jeff Bezos has a $50 meal at a restaurant and tips $0, would you blame the restaurant for not having a mandatory tipping policy? Or would you blame Jeff Bezos for cheaping out and not following the community norm?
For person-to-person interactions or small communities. Unwritten rules don't work for corporations. They're driven by what's profitable and (not even always) what's legal.
Would a restrictive open-source license even have stopped them? Would any American court fine an American mega-company over something like this?
How does that even work, anyway? If the developer were outside of America, would it still have to be taken to the country where the company resides? There's no international court I know of that would handle these kind of things.
That is totally fair according to the license used, even I don't find anything bad with it. Rather its a good portfolio item for oss developer.
Next thing which developer can do is, check if amazon is up-streaming new updates and bugfixes to their product, are they contributing to the existing open issues for bug-fixing,if yes that's win-win for both.
if you are planning to leverage the project for commercial product, I would suggest future dual-licensing clause which is like "Any contribution to the project will be licensed under AGPL, and XYZ LLP will get its copy as a full ownership with WTFPL license exclusively". Add an enterprise plan for your product where big corps can purchase its code license directly from you for fair price to get it under GPL/Apache license.
just my 2 cents.
I'm going to get downvoted to hell but Open Source is broken.
The initial egalitarian view of OSS never came to fruition.
OSS is just companies like Google and Facebook throwing things on the other side of the fence to help their own business monopolies.
There aren't actually ANY OSS models where independent developers can make money to support their own code.
It's all support and services for some of the intermediate companies or you have to be FANG.
We need "free as in $19.95" for OSS where the code is open but licensing/payments are compelled.
A way to look at it is "less freedom is more freedom".
For example, if we had infinite freedom and no laws the world wouldn't work. So we compromise and accept the right amount of laws.
I think it's the same thing with OSS ... we could all public domain our code but most people don't because putting your code under a license has value. It's LESS free than public domain but more free because you're giving a license to the user but they can't sue you because they're no implied warranty.
If we had an a source code license that forced someone like Amazon to license the code we wouldn't be in this position.
License - what AWS did is "legal", most commercial software is built on top of OSS.
Decency - what AWS did was mean. They should at least acknowledge the author.
Worst possible outcome of this thread: the community will become scared of big corporations stealing their hard work - this will stifle OSS creativity.
It does seem like the license should have asked for a mention if that's what he wanted.
However. He has every right to point out that they are using his code. And I think it would be at least polite to mention that, and it is in my opinion impolite not to mention it.
And actually a little misleading when they don't mention using an open source system that is similar.
And it's not like the fact that he didn't say that in his license means he is not allowed to mention he made that software.
So I think better late than never, put the requirements you want in the license for credit. Or go AGPL or whatever. Although obviously that's not retroactive on the previous version.
This also proves that someone thinks it's a business. So I feel like there might be an opportunity to launch a competitor, with a main advantage that they have the actual talent that created the system.
Worth noting: he _has_ a competing business. It was started before Amazon launched theirs in fact. Checkly, his startup, does synthetic monitoring, which Amazon got into after he was already into it.
Taking permissively licensed open source code without so much of an attribution obviously sucks, but I can’t quite see the evidence that this is a fork? Same concept, sure. Code generated is similar but different enough, and there aren’t really many ways to express the similar bits... Interface isn’t exactly breakthrough either, anyone would have used a textarea + buttons. (Only looked at the screenshots.)
Can someone check the source code of the extension?
(It's certainly weird that 30+ comments in, everyone else is taking sides without even questioning the IMO not terribly well supported premise.)
It is the same code - Someone on Twitter noticed that if you download the Chrome extension and look in the notices.txt file of that bundle, the first line reads puppeteer-recorder v0.7.2
Not really. The conversation goes on as long as we like. Part of OSS is about trust and reputation. AWS could have really helped the maintainer with a single sentence and they didn't.
It's like not saying thanks to the barista when you get your coffee. Not the end of the world, but it's still a touch rude.
> AWS could have really helped the maintainer with a single sentence and they didn't.
It's not befitting a large enterprise like AWS to tell their prospective customers that they are just wrapping their infra around free software in their marketing copy. If that single sentence even slightly impresses upon .1% of their potential customers that they ought to spin it up on their own infrastructure, obviating their need to pay for the service, that's plenty of disincentive to add the message.
That’s not as clear cut as your post may make it seem. Some users (me, for example) are more inclined to use a hosted service of some open source software than of some proprietary piece. Because that gives me a migration option if the providers service no longer fits my needs. For example, I’m paying four digits a month for some hosted Postgres database.
Misses the point. The marketing copy there is to bamboozle the uninformed into opening their wallets. If you are better informed, you already know that AWS plagiars pretty much all it's services from open-source. A smaller player catering to a tech audience might add open source to its bullet points as some sort of virtue signalling, but that's no benefit to the established megalith that is AWS.
Amazon's entire cloud business revolves around providing managed infrastructure as an alternative to self hosted solutions, so I don't think that is really a secret regardless.
Also, consider that they rely on having a positive reputation to attract engineering talent and also to continue to get third party developers to release their infrastructural code under permissive licenses.
If trust and reputation were enough, we would not need licenses. The GPL is great and had the impact it did exactly because it forced people to do things.
When you are a huge company you have to be careful about saying thanks to Barista.
Maybe the developers would like to say thanks to barista but lawyers said to the developers to not talk to the barista no matter what since it's safer to say nothing than risk saying something wrong.
The model where company makes money off of someone else's work without paying them should be illegal. Currently you cannot hire someone as an apprentice and don't pay them - you need to give at least the minimum wage. OSS is sort of a loophole where companies can obtain work without payment. I think this practice should be illegal and regardless of the license company adopting OSS solution should pay its contributors market rates - that is the amount of money it would take AWS to pay to create such product.
I appreciate the underlying sentiment, but I disagree. When I contribute to OSS it's my choice to and I want the right to let anyone do whatever they want with code even if I never exercise that right.
Personally, I think OSS licences should be changed to prohibit unpaid use by any entity that has a single stakeholder worth more than a billion dollars. That way the startups and medium sized businesses around the world can benefit and the tech lottery winners pay something reasonable ($1m a year, say) to support OSS.
There is the same argument that people who want apprenticeship use. They want to work for a company and learn, but company won't hire them because they don't have money to pay for "idle" worker and the overhead to teach them.
But this is for the greater good. In the past you had companies who used their market share in particular city to drive wages down and people had a choice either work for them and starve or move to different city. Minimum wage stops this, at a cost of some people being unable to work for free. I can accept that.
There will be projects for sure that would love their software were used by AWS and other companies without paying them, but that will only create a race to the bottom. We should stop exploitation of engineers by these giant companies.
This is an edge case, but for sure they would have family members who would inherit the titles and in an event of absence of such people then the state should take ownership.
You're not legally required to say "Hi" when you run into people you know and making it legally enforceable would be a legal nightmare, but it's the decent thing to do.
Not really, it's about Amazon not being a great OSS citizen. They don't have to be but it's a combination of immature, rude, and unprofessional to not be like that if your core business is packaging up and integrating other people's OSS software.
They are of course well within their rights as per the license to behave like this but there's a notion of being courteous, grateful, and constructive in the OSS world that comes with being a responsible OSS citizen and that goes a long way to ensure people volunteer to help you out with bugs, support, change requests, etc. It doesn't cost anything to just reach out and give this person some kudos. It's the right thing to do.
Amazon is being a bit insensitive here and this sounds to me like somebody up high ought to do a bit of yelling internally about acting professionally and not needlessly burning bridges with the OSS people that they depend on for their core business. At least I'd be all over this if I were confronted with this kind of behavior by one of my colleagues. Not cool. A public apology would go a long way to fixing this; maybe a couple of lines in the readme. Doesn't cost a thing.
This is analogous to "hey, fella, I have a First Amendment protects right to be a manipulative, sociopathic liar" - it's true, and it doesn't invalidate people complaining about your behavior.
AWS did something rude, unprofessional, and indicative of bad OSS citizenship. The fact that the lawyers can sign off on it is irrelevant.
However, if a company that uses some OSS stuff is not under a moral obligation to do so? If not so, then why do we do OSS with licenses? Why not just Copyright everything?
Thanks. But is this standard to abbreviate to APLv2? I only knew the language APL and the apache license is normally abbreviated apache-v2, or so, isnt it?
Individual developers spend their free time developing a solution without making as much as a cent, while giant corporations are making billions on it.
The irony is these corporations don't even value the software because they don't pay for it. Giving your software to them is like telling them your time is worth nothing.
I preferred the days when there was a mass of small developers selling software to what we have now. It feels like we have gone backwards.
> "The irony is these corporations don't even value the software because they don't pay for it. Giving your software to them is like telling them your time is worth nothing."
I said that in the '90s, because it was obvious even back then, and it was drowned out by the "We're gonna destroy all the evil proprietary software giants and all code will be free forever, yeah!" chorus. It's nice to finally be vindicated.
What would you expect, that open source developers give their work away for free and corporations just pay them for it anyway?
It became a "thing" because the incentives of FOSS software are to maximize developer freedom, not to ensure compensation for the developer. That doesn't change when the "developer" is a trillion dollar corporation.
Like with many things related to license and copyright, this is an issue of culture.
Maybe programmers should realize it's in our common interest to have some kind of group voice. Other random groups with lower stakes seem to get concessions.
How about instead of role-playing as lawyers, we realize that maybe they should've thrown this guy a bone in the form of an attribution purely for the purposes of etiquette.
Because all the author wanted was credit, and there's no appropriate license for that. The 4 clause BSD license has dropped out of favor for several good reasons and nothing else has taken its place.
I haven’t been keeping up with what licenses are popular, but I’m curious about this because The BSD license was my favorite a few decades ago. Can you please elaborate why it dropped out of favor?
The BSD license is still popular, but in its 3 clause or 2 clause form, without the attribution clause.
The main reason it was dropped was because it created an incompatibility with the GPL. The other reason was because operating systems became an unwieldy mess of attributions.
You know that licenses are able to be written and rewritten right? If someone wanted attribution, someone could hire a lawyer and make a license (or make an edit/fork of an existing license) that does what someone needs.
Giving attribution (and monetary compensation) to the lawyers who make open source licensing function is also a thing.
He wrote some code and gave it away freely, and all he wanted was a thank you. You say he should have hired a lawyer to write his own license. This is absurd.
If that's what he wanted what stopped him from adding one more paragraph to the licence saying something similar to:
"The USER is required to publicly thank AUTHOR, and make the thanking reproducible in every copy of the derived work that uses this software."
You don't need a lawyer for that. And if someone wants to use his work without attribution, they are free to negotiate a copy with different licence terms directly with the author and provide a compensation.
The whole point of these highly permissive licenses is that we don't want to constrain independent hackers, or put people in a position where they are unsure if their fork might expose them to liability.
It is undoubtedly discourteous of AWS to release an OSS fork as a new feature without crediting the original author. It is not the end of the world. It is not a reason to go and change your licenses to make things more difficult for the other 95% of developers. But it is a reason to say "some people at AWS are just dang ol' jerks."
Companies want to take and exploit free/opensource licenses in exactly this way.
By putting in a clause for attribution for example, you winnow away the companies like Amazon who would totally want to fork and re-release without crediting you.
If a company doesn't want to credit you, and your license is dissuading them from forking your project, then the non-standard license has achieved its goal.
You can't have it both ways. It's like people complaining that the GPL is "viral". That's the whole point of it. Companies that don't want to re-contribute their source changes are dissuaded from using it at all.
If you put an attribution clause in the license, the companies that don't touch your code is the company you never wanted to use your code at all. You can't have it both ways. You can't say "I need the exposure so I use a totally permissive license" and then say "Oh but I actually want attribution in a way that if people knew about this requirement, wouldn't use it to begin with"
The author needs to decide what's more important then, getting a pat on the back, or contributing to OSS. It's pretty crappy using a permissive license so companies are willing to use the software, then trying to make them look bad for not following unwritten rules.
A note to the "I'm seeing a lot of comments here" crowd, i.e. people saying "shame on you!" to commenters who point out that the author's expectations of how consumers should use his code are at variance with the license terms he released the code under:
I'm seeing a lot of comments here that are attempting to brow beat or bully people for having a view you disagree with. "The author should have used a different license." This is an opinion, we can disagree about it. There's no need to tell people to be ashamed for disagreeing with you, or to make baseless ad hominem attacks such as 'I bet none of you have ever written anything substantial.'
This is a discussion forum. FS/OSS licensing is an extremely contentious subject as everyone in the OS community probably already knows. People are going to disagree. Let's keep this a clean fight where we discuss the merits of different arguments and attack arguments rather than attacking people, shall we?
Trying to "shame" people who disagree with you or talk about how "disappointed" you are in them or maligning their professional work is not argumentation, it's bullying.
EDIT: while writing this comment, someone called me "autistic" in another sub-thread here. Gave me a chuckle... anyway add that to the ad-hom pile.
I agree. I'm not even sure I understand defending AWS here from a purely capitalist perspective. When a large company gives thanks to a open source developer they are encouraging that developer to continue contributing. That could possibly benefit the company in the future - to act otherwise doesn't seem to serve their own interests very well.
Can there be a license - Permissive Open source for the rest of the world except the cloud providers? Or some kind of anti-monopolistic rule to protect open-source?
The cloud providers taking over open-source projects, launching their own forks (with restrictive licenses) etc isn't great for the open-source ecosystem. If you take away the incentives for the developers (respect, fame, etc) to write open-source software, then isn't it kind of doomed in the long run?
What about the new Amazon Intern who finds an awesome open source project.
She now gets fired because open source means open only for some.
The main value add is AWS is hosting it. Amazon isn't being an angel, they could of easily given the author a solid 20k donation as a thank you. Apart of releasing MIT or Apache licensed code is knowing someone else might take it and make millions.
If you want to restrict your software usage you can use GPL.
I hear you but GPL makes it hard for everyone else (most companies have policies against GPL). We run an open-source project and it's AGPL licensed for the exact same reason. But lot of orgs have blanket ban on AGPL.
Maybe there is a way to define "bad" practices in OS outside of license. Similar to how monopolistic practices are banned in business because they are unhealthy for the broader ecosystem. Just asking
It’s called “bias for action”. Actually AWS/Amazon operates like a United States of Startups and the decision is commonly made by team at the bottom of the org tree. So it’s likely a few engineers and managers decide to fork it just to launch something for their KPI. As long as their legal agrees, the leadership has no idea about how team do it
It seems to my untrained eyes that this was a poor choice of OSS license. See a recent discussion from earlier this week about how Plausible switched licenses for this reason: https://news.ycombinator.com/item?id=24763734
Elastic Search ran into this same problem and came up with the Elastic License. In particular, it stipulates that you may not:
> use Elastic Software Object Code for providing time-sharing services, any software-as-a-service, service bureau services or as part of an application services provider or other service offering (collectively, "SaaS Offering") where obtaining access to the Elastic Software or the features and functions of the Elastic Software is a primary reason or substantial motivation for users of the SaaS Offering to access and/or use the SaaS Offering ("Prohibited SaaS Offering");
Without knowing the details and veracity of the claims, I think there is a real danger with big companies like Amazon using their weight to take others' innovations and reap the rewards for themselves.
Now that it's a megacorp, Amazon's employees are no longer the presumably highly talented people that got it started. That is, their newer successes are not a result of disproportionate talent or hard work that would make those successes deserved. Instead it's just another big company that has big capital. And all a big company with big capital needs to do is keep an eye on early successes elsewhere to get into the game, throw lots of resources at the problem, leverage their big mature sales and marketing channels, and see the Dollars roll in. This is not what a healthy market is meant to reward.
I don't understand why people get upset about this. It's called open source for a reason. If you want recognition when someone uses your open source project, pick a license that has an advertising clause.
This is similar to other open source projects which GPL their project instead of AGPL, and then get angry when people and companies (like Amazon), literally abide by the terms of your license but you don't like the outcome. Then they act all offended like someone did something wrong. If you don't like it, switch your project to AGPL and stop trying to act like someone did anything but honor the license you released your code under.
People like this do damage to open source because they blindly pick their licenses rather than understanding what they mean.
I don't see why AWS shouldn't have to BUY a license from the developer. Why are developers giving away their work for free? If you require a thank you, you might just as well require them to pay you money. That's the only thank you from corporations that counts.
Amazon did the same thing to me — the AWS SDK for PHP. Except that they hired me, but then began telling me what I could and could not do with the project, how I was/wasn't allowed to talk about it, and forced me to drop support for services that they didn't want to support + I wasn't allowed to communicate to customers why.
A couple of years later, they brought on the creator of Boto (AWS SDK for Python), but I bitched at them so much to make absolutely sure that what happened to me wouldn't happen to Mitch. Boto is still an independent OSS project today.
Getting AWS to release code on GitHub? That was me. Allowing AWS developers to communicate with people on Stack Overflow? Me. The creation of the `awslabs` GitHub org? Me. The core concepts behind AWS Lambda? Me. SDK features like _waiters_? Me. Publicly sharing the internal service models so that people could built new tools for AWS? Me.
Me, fighting against the internal Amazon culture tooth-and-nail to try to get them to do things that were in the best interests of AWS customers. Some of the most brilliant and customer-centric people I've ever worked with got ran out of there by management (well, one particular engineering director) after 18-24 months.
All the fighting led to them trying to "manage me out" (making my life a living hell, hoping to make me quit), so I decided to stay for a full 4 years in order to vest every ounce of my stock grants, before walking away in 2014 (six months before AWS released "Lambda").
If things are better there now, that's really great for the people who work there. But it was a hell-scape for me to try to bring AWS into the modern age for open-source software in such a backwards-ass internal culture.
What I don't quite understand is the logic of choosing a license which explicitly allows this and then getting mad that someone does what the license allows to do, why did you choose that license then?
For anyone who is saying "your license allows it":
These licenses were created pre-cloud era when on-premise was a thing and "Intranet" was a word. I grew fond of open source from high-school days as a kid in India because I felt the power that everyone is sharing their best creations for me to learn from. The spirit of open source, at least to me dates back to 1998.
Things have changed, a few providers host everything for every business. Do you feel open source would have taken same approach if started now?
I sympathize with the author of course, and tasteless tactic from AWS, but this is also why it's important to choose the appropriate license for what you want out of your project.
No need to mention them by name. Just use the AGPL, for they are all irrationally allergic to it.
EDIT: notice that usage of the AGPL produces the desired effect, while still being free software (which it wouldn't be the case if you excluded specific users in your license terms).
AGPL may go too far sometimes, as to intimidate companies from using an opensource project internally, and not necessarily as a (user-facing) service as in the case with the OP and AWS.
That's due to fact that AGPL's _user interaction_ clauses can be too vague in legal terms, in a way that many internal use cases could be litigated as a user interaction over a network.
AGPL in no way prevents anyone to use the licensed software. It just demands, like GPL, that modifications be made available to users, but in addition to GPL, extends this duty to the case where the licensed software is used remotely/as a service (rather than "distributed" to users for use on their own computer).
It won't take long until OSI heads come in and tell you that sort of licensing isn't "Open Source" (a commonly used term they bogusly claim exclusive control over). Who's financing OSI again?
Honestly, I agree with this. Your ethical standards should be encoded in the license.
OTH, if you treat people like a jerk (for example by forking their code and not involving or crediting them) there are practical social repercussions from that, but probably AWS is not much impacted by that.
I finally clicked the link instead of reading the comments and was amazed to see it's the extension I discovered earlier on HN and have been using for a while.
I'll comment in a different direction. I'm personally not a huge fan of these #SeleniumNotSelenium projects. A few only support a single browser, like Chrome, while utilizing selenium webdriver directly gives you access to all browsers with relative ease.
They all seem to be trying to funnel you into a related SaaS product.
Selenium webdriver JS could really use some extra support from the community. 4.0 has been alpha for over three years.
Meh, if you're not ok with someone forking your project, don't release it under a license that allows forking.
Yes, a nod back is nice, but its not a requirement and we shouldn't use public opinion to try to put extra obligations on the reusers beyond what the license requires. Especially if its beyond what would probably be considered a valid osi approved license.
I'm increasingly sympathetic to the hardcore GPL hawks, maybe they were right all along.
At this point I think it's plausible that the only reason commercial forks haven't "embrace extend extinguish" Linux is the GPL. I'll certainly be considering the GPL if I start any open source projects, giant corporations have no morals.
This is the other side of the open-source coin in my opinion. The freedom to fork and do your own thing is great when you're fighting The Man (somehow) but it seems different when The Man does it to you or one of your projects.
I personally am of the opinion that AWS doesn't own the author anything, even acknowledgement.
Yeah buts not visible to the enduser or be rewarded in any way. You have to download the CRX (Chrome extension) file yourself, extract it and then you could see the content of the NOTICES.txt...
How is a "canary" script that simulates user interactions with a page different than something like selenium/splinter? Is it just the ux of accomplishing it via recorded actions, or something more?
I'm surprised the author was even able to figure out that it was their code being used. AFAIK there are multiple headless recorders out there, so I would have assumed that it would be any of them.
I heard people complaining about GPL that it is virus and is not business friendly. I'm just confused now. What's all these business friendly licenses about then?
Jeff Bezos is the richest man in the world because he underpays labor. Taking open source code without even a cursory attribution is completely within the ethos of Amazon.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form
if you wanted a nod, add a "give me a nod if you fork" clause, you're allowed to.
IANAL, but I believe that may make your license practically unenforceable, because all precedents can be argued to not apply because of that change, and even if untrue, just having that sort of argument in court quickly gets prohibitively expensive.
Congrats, your work was good enough to turn into a commercial project by a major top 3 cloud provider. That would make me feel like I would stand a little taller! You basically created a new AWS service, as v1, that's pretty cool to add to a CV ;) Just be patient, and make sure you figure out the colour of your Lambo now.
> Just be patient, and make sure you figure out the colour of your Lambo now.
This is sarcasm, right? Right?
Situations like this are precisely why the industry pushes so hard for APL and BSD/MIT, and against A/L/GPL: because you do the work and they make the money.
The Lambo bit is rubbing salt in the wound, because the author isn't actually benefiting financially from this at all. Amazon is taking all of the profits. How's he supposed to compete against them?
i mean, as long as they include the license, they don't have to give any credit whatsoever.
remember this, companies do things according to their legal department and i'm almost certain that their legal department said flat out that if they credit the author they could set themselves up for a lawsuit down the line. so they followed the license requirements to the book.
if the author is pissed about a big company using his project and them not giving him a props, he should have used a license that requires an attribution of the original author.
I have no problem with that, but don't pretend that someone is abusing your license when you didn't stipulate.
If fact someone should come up with a well written licence that adds conditions when the licensee revenue is over a certain (large) amount, like say royalties. Everyone should be happy with that.
Is it possible to have a license that have different requirements for human beings and non-human beings(organizations, corporations, bots, etc). It feel like the author is upset because AWS is not a human being.
Matt Asay
@mjasay
·
Tim, I run the open source strategy and marketing team at AWS. I hadn't been aware of this but am looking into it. (Regardless of anything we may have done, thank you for what you clearly have done with your project)
Standard Disclaimer: I’m a consultant at AWS. Opinions are my own.
Twitter clap threads clap make clap bad clap articles
In a month / year / etc when this thread gets deleted, there'll just be a HN comments section speculating about a missing twitter thread. The least we could do here is ask posters to capture the thread in a blog post along with a summary of points, so it doesn't have to be re-created in the comments here. This is potentially an important post that we want a historical record of, and Twitter is just not built for that.
Guy writes some open source code and puts a license on it saying others can use it as they please. Someone else uses it. Guy goes on Twitter to complain someone used it without credit. In response to rant on Twitter someone points out that there actually is acknowledgement in the code. So in the end, they used it and gave him credit. Guy is like, oops, well that’s cool.
By law you need to pay for accepted work at least the minimum wage. My question is whether AWS is breaking the law by appropriating someone else work without payment? Or do you think something like this should be regulated?
I see this as a loophole, where companies can gain useful projects without having to pay wages.
AWS uses a lot of open source, and we contribute a lot, both in terms of code (first-party projects like Firecracker and Bottlerocket, but also third-party projects like Redis, GraphQL, Open Telemetry, etc.), testing, credits, foundation support, and more. But open source is ultimately about people and communities, and I personally feel we could have done more to acknowledge the great work Tim and his co-maintainers have done, and try to support their Headless Recorder work. We're talking with Tim now about this.
(While I think we do far better than sometimes acknowledged, we're also always looking to improve, and appreciate all the feedback that helps us toward that goal.)