1. 14

It’s a case of a company technically following the rules but not the spirit of free software.


  2. 12

    The spirit of free software is what, exactly? Developers have to produce whatever users want?

    Perhaps we need a new spirit: if you get something for free and you don’t like it, stop using it.

    1. 4

      The ‘spirit of free software’ here is more like ‘don’t hijack an existing project in order to trade on its good name, by inserting nefarious code’. A basic social obligation that makes things like package managers work - it means that I don’t have to vet every update of every package I use, because we have social norms. I know that (though there are caveats) eg if something has made it into ‘Main’ or ‘Universe’ on Ubuntu and then this happens, everyone involved will be permabanned. If it is in a PPA and this happens, whoever maintains the PPA will take a massive reputational hit, and depending on how they handle it they may be ostracised.

      1. 3

        One might rephrase that as “don’t be a dick” and I think it applies just as much to decent proprietary software. Open source is a development model, not a mystic cult, and we should remember that.

        I actually think there’s a lesson here about blind trust and the million eyeballs. Don’t assume that you are eyeball number 1000001.

        And an apparent failure of package management in atom. As you say, with PPA somebody should vet changes. Who vetted this update for atom?

        1. 2

          ‘The person with the PPA’ is in this analogy the maintainer of the package; what I am saying is that Kite in general and @abe33 (Cédric Néhémie) in particular should be considered bad actors; permabanned and ostracised from the entire open source community - any packages they take over should be forked, any pull requests they make should be rejected. I for one know that if I ever find out they touched something it is going to go on my ‘untrusted’ list, and if they are part of any projects I am part of I will use whatever influence I have to remove them, and I would hope that everyone else follows suit.

          “Don’t be a dick” isn’t a useful rephrase at all. The point is that there are (admittedly fuzzy at times) social contracts that allow open source to work as such at all; one of the really base level ones is to not insert underhanded stuff in ‘known good’ packages. If minimap had been openly adware from day one, it would not have been a violation of this rule. The point of the rule being that you shouldn’t have to maintain constant vigilance over every package you use - you should be able to validate it essentially once based off of a combination of what it is marketed as plus its reputation plus things like whether it is in any of the core package repositories of major distributions, and if its maintainers abuse this then they should suffer (at least) permanent reputational damage.

          Proprietary software is several different kettles of fish - but none of them are reputation economies in the same way as open source is, and with most of them the concept of a user who curates their own distribution is gibberish. Scale, bundling, and volition mostly work quite differently between open source and proprietary as well. So, it is not really helpful to say that this point applies to proprietary software.

          1. 1

            I really don’t see how this is any different than something like sublimetext auto updating and doing something unsavory.

            1. 1

              It is different because proprietary software (and the related ecosystem) is a different thing to open source software (and the related ecosystem).

              A few of the relevant differences:

              • If a piece of proprietary software did that, the remedy is usually that they get sued, or there is a settlement. For open source software the remedy is usually community censure and forking.
              • Auditing proprietary software is largely not a thing, with some very minor exceptions. Auditing open source software is the reverse.
              • Proprietary software is all about having somewhere between no agency and very minor agency - in enterprise systems, and in practice for a lot of home users you don’t really have a choice about most of the software you have installed; the most agency you get is a choice whether you install or not, and even then you often have to take the choice monolithically. With open source software, you should typically have a lot more agency.

              These kinds of differences are why talking about the social contract that allows open source to work (as such) makes sense, and why that social contract is quite different from the one that allows proprietary software to work (as such).

      2. 1

        if you get something for free and you don’t like it, stop using it.

        or better yet, branch it and fix it. I’d be stunned if this hadn’t happened within hours of the first adverts appearing. if the branch falls behind on features, then users get to choose their poison. this is the spirit of open source, at least.

        1. 1

          The spirit of free software is what, exactly? Developers have to produce whatever users want?

          The spirit of free software is that it respects the users. Free software means users can edit and redistribute code. They contribute back to free software projects as a way to pay back what they have received. If you take over a free software project and make changes in order to promote your own company, that is against the spirit of the venture. You aren’t adding a feature that helps other people, you aren’t fixing a bug, you aren’t adding value to something that other people put time and effort into, and giving out the same quality and respect that you gained from the other developer’s time and efforts. You are just basically spamming people who had the decency to not do that to you.

          It’s not technically against the license to do that, but it’s disrespectful to all the people who have contributed and disrespectful to the users of the software. Just imagine if everyone who contributed to FOSS started adding in links back to their companies.

        2. 4

          Only tangential, but this sentence is gold:

          Although Kite has no business model yet, it’s widely thought in Silicon Valley that having users is the first step toward profitability.

          Who would have guessed?

          1. 4

            It is one of the most troubling scandals to hit the open-source community — a robust network of programmers who work on shared tools for free — in recent memory.

            No it is not, by a large margin.

            And this kind of conflict of interest happens all the time, wherever companies are involved in FOSS projects. It is entirely possible to strike a healthy balance between the needs of the community and companies, provided all involved understand and follow some basic best practices.

            There are even books one can read to learn how to do this.

            Edit: Oh, and the notion that open source programmers generally work for free is wrong.

            1. 2

              I think part of the reason it’s so troubling is that, as far as anybody can tell, kite acquired these plugins for the sole purpose of advertising through them.

            2. 1

              The VC model for tech companies is to bait them with a free thing, then switch them to a paid/ad-supported thing when they’ve taken the bait. Tech companies use open source.

              However, when open source follows the bait-and-switch model, tech company people find this model distasteful.

              I am honestly not sure any more whether this is hypocritical or I am overly cynical.