Seeing the WTFPL used in practice really annoys me, and is almost insulting to people who need to care about this stuff.
Some people do this stuff as a statement against licenses, which is… laudable? a political statement. But a lot of people choose this kind of license because it’s “clever”, and all you’ve done is made it harder for the software to be used in an environment where people are more serious.
the “Do No Evil” clause for jslint was a combination of ineffective political speech (what does this even mean) and bad licensing (basically unknowable). If you’re serious about making a political statement, here’s a list of banned activities you can add to your license if you’re fine throwing away the OSI seal of approval:
This software cannot be used in support of the following activities:
weapons research and manufacturing
advertising
facial recognition (note: authoritarian regimes + advertising are basically the main use of this one)
This is a trite example, but an actual position that goes beyond just saying “don’t be X”
WTFPL is bad and really nobody should use it. I would think it’s very very hard to enforce what someone uses your software for, there might literally be 0 evidence. Also what if its used by a small militia group against a evil authoritarian government, should they be restricted against weapons research and manufacturing? I would be very careful about implementing that first rule as it might only apply to those with a conscience.
The first part was about how wtfpl was bad and nobody should use it, the second was a response to the list of banned activities you could add to your license which I thought was also bad. WTFPL is bad because it is purposely broad which in our legal system you might be better with no license at all but I’m not a lawyer and this should not be construed as legal advice.
Thanks for the feedback. This was more meant as an example of a concrete political stance that one could take.
I think it’s hard to underestimate the power of legal threats, at least in the US. If the GPL had a weapons manufacturing bank included, you bet that Lockheed Martin and company would not be using any of that stuff. Imagine simply not having access to some great (well, mostly great) software because of an ethical issue
Personally I might be more on the pacifist side of things, but it’s hard to deny certain safety benefits of a technologically advanced military. But I bet many of us would not want any part of something like biological weapons development.
Lockheed-Martin ciuld just use a high-performance, separation kernel to isolate GPL. Many companies advertise this with defense sector usually in their solutions list. Here’s a writeup with details from one.
And user tracking. It might be easier to just say not for use by fortune 500 companies, any company based in Ireland, Delaware, Singapore, Hong Kong, the Bahamas, and any government of a country with “People’s” or “Democratic” in the title.
It is kind of funny how companies refuse to use software with any freedom restrictions, it is almost as if they know it is a bad thing to have done to you.
FWIW Google does not refuse to use GPL, it’s right there in the docs. Using GPL and other restrictive licenses at Google does have some legal overhead involved, and most teams understandably don’t want to have to jump those hoops. The non-restrictive licenses like MIT/BSD/Apache (Apache 2 being the license the vast number of our projects use because of the patent grant) just make staying compliant easier.
The Open Source team deeply cares about being compliant, not just because of the legal issues, but because it’s the right thing to do. It’s important to us as engineers who joined the team because we <3 open source in the first place that we do right by authors. I think it’s easy to think about these things as being created by faceless entities, and not realize that the people that staff these teams all had previous lives, and with our team, all of them released open source projects one way or another.
Or default on the opposites of how they acquire 3rd party software for their own software that they build or license for their users with careful exceptions for open source:
“Google gives you a personal, worldwide, royalty-free, non-assignable and non-exclusive license to use the software provided to you by Google as part of the Services. This license is for the sole purpose of enabling you to use and enjoy the benefit of the Services as provided by Google, in the manner permitted by these terms. You may not copy, modify, distribute, sell, or lease any part of our Services or included software, nor may you reverse engineer or attempt to extract the source code of that software, unless laws prohibit those restrictions or you have our written permission.
Open source software is important to us. Some software used in our Services may be offered under an open source license that we will make available to you. There may be provisions in the open source license that expressly override some of these terms.”
Right there Google tells you what kind of software is most valuable to them and funds all the FOSS they support. Maybe that should be more developers’ default, too, if they can find a business model to pull it off. ;)
What gets more contributions in code or dollars by companies using it right now? BSD/Apache or GPL software? And on top of that, which gets used the most by companies intending to turn the use into money to pay for laws and court decisions to limit software compatibility or freedom?
Those are a start at answering which to do if wanting mutually-beneficial uptake. I think the second question isn’t addressed nearly enough by GPL opponents. Saying that as a long-time advocate of BSD-style licenses that really reconsidered after watching the patent and API copyright action over time.
I’ve been through the experience of releasing software that was under a license (non-copyleft) banned by Google. The effect was clear: fewer people used it. I used said license as an ideological statement that reflected my views on copyright, but I simultaneously wanted as many people as possible to use the code I wrote. My goals were at odds with each other. I ended up switching the license.
Using a license on Google’s banned list has network effects that people might not account for. This banned license list doesn’t just apply to Google’s internal proprietary code, but also to their open source projects. If your library can’t be used in those, then people will find an alternative, or, failing that, create one themselves. The network effects of this should be obvious: “what library should I use for Foo?” “well, Google’s Huge Important Open Source Project Used By Very Serious People uses Quux for Foo, so that’s probably a safe bet.” There are other manifestations for this. For example, even if most people didn’t care about my non-standard license, the fact that Google does means that they are going to find and use an alternative for it. Google has a very large presence in open source, which means there is going to be a point at which you download some project and it might have both the library Google’s using for Foo and perhaps my own library for Foo, and now you get people being (quite reasonably) annoyed that they have two different dependencies in their chain for solving the same problem. Guess which one is going to win when an enterprising individual endeavors to consolidate their dependency graph?
Invariably, the ideological goal I set out with is tied to the goal of people using the code. If people don’t use it in the first place, then the whole point of using a different license to raise awareness about my cause will be for nothing.
Despite the fact that some people are “insulted” by non-standard licenses, I do still find occasion to express my views through my licensing choice, but I’ve found better ways to balance my goals.
I could use the above to be “mad” at Google, I guess, for being an Evil Corp that bullies the Small Guy via a complex struggle in power. And yeah, it was definitely a frustrating process to go through, and I was really stubborn about it for a long time. But that didn’t get me anywhere. I’m not a very good ideologue, and I can definitely understand why lawyers are reasonably unreasonable about these things, so there you have it.
(FWIW, I left my initial comment in this thread mostly out of annoyance that @pizzaiolo decided to thumb their nose at the submission guidelines.)
I appreciate the detailed response. It seems your concern is that Google’s network effects will boost both contributions to and adoption of a lot of code. If Google won’t use it, you loose that. So, you want to maximize adoption by building things that Google specifically might use. Maybe also any other company with similar acquisition policies. That does make sense if Google’s (or their) pull is literally that great or you’re willing to put all your eggs in one basket (theirs). On other hand, it might not for a project that can get contributors without Google’s support. There seems to be plenty of those. The default for FOSS in general on use/contribute ratio or sustainability is pretty bad, though.
I keep coming back to solving this problem by actually selling FOSS to companies in form of licensing, consulting, and/or support. What the proprietary companies do but without the restrictions or lock-in. The main, revenue stream will indirectly finance dependencies that are packaged in their own libraries under FOSS licenses. People might contribute to them. If they don’t, they can still be maintained from revenue. The bigger benefit is that enough FOSS companies pulling in lots of money can afford to fight big companies threatening the FOSS model by using media and lobbying campaigns. Google is actually one of the few, tech companies that’s been doing that on Washington fighting incumbents in areas that threaten them like net neutrality or copyright.
So, you want to maximize adoption by building things that Google specifically might use.
Well… no. I didn’t say that. I don’t wake up in the morning and think, “Oh I can’t wait to get home from work and spend time on my side project with the hope that Google will use it!” What I’m saying is that if you use a license that is banned by large companies (Google being one of them) that have influence in open source, then you’re handicapping the likelihood that others will use your code right out of the gate. Not everyone cares about that because not everyone has the same goals.
On other hand, it might not for a project that can get contributors without Google’s support. There seems to be plenty of those.
Again, that’s not what I said. It isn’t necessarily just about contributors, but also about use. Please remember that I’m describing my own experience with this. I observed the network effects first hand. What you do with that information is totally up to you, and outside the scope of what I want to discuss. :-)
Well, if you’re just talking about big companies, then your position still makes sense where people aiming to get more use or contributions from them have to use compatible licenses. What large companies allow varies both for the general case and sometimes by what a specific piece of software will do. For instance, they use a lot of proprietary software with restrictive licenses even though they don’t like the licenses.
Maybe I should try to assess what happens with network effects of FOSS components that are being sold to same big companies. As in, they got them not because they’re FOSS but because they’re useful with great price and flexible licensing. If it’s a copyleft, it would have to be isolated as one application or service doing a specific thing so they didn’t worry about effect on other software. From there, it gets a lot of use with potential network effects kicking in because of large uptake. It might get contributions from companies using it just because they depend on it. There’s quite a few ecosystems out there of people doing open enhancements on proprietary stuff just because it’s what they use at work. Especially Microsoft and IBM.
There’s some overlap between what you were doing and this other model. Main difference is yours will get more pull where this one will need to be pushed. I don’t know if a push is inherently a bad thing if it delivers long-term benefits the solutions getting pulls don’t. It could be bad for specific authors, though, if they’re aiming for pulls like you were.
So you’re fine with the requirement that I can’t license a program under ISC or anything non-GPLv3 for what it’s worth, when I intend on linking a GPLv3 library to it?
The goals of copyleft are laudable, but we regularly get upstream patches, also from Google employees, even though we use MIT/ISC only. And this carries on to many other projects.
If you really care about freedom by definition, you won’t use copyleft licenses, as copyleft limits your freedoms. On the other hand, copyleft is an effective tool to “force” people not to close down changes to code, obviously.
In reality though, I have found those companies not contributing back to suck at coding anyway. Those who do have a healthy idea of open source. Maybe that’s why most GNU-software sucks so much.
The discussion about copyleft or not is very similar to those about affirmative action or female quotas. By definition, e.g. female quotas discriminate against males as even males with higher qualifications get sorted out against females with lower qualifications. Anyone believing in equal rights rather than equal status will oppose that. Those who defend female quotas bring up terms like the “patriarchy” justifying it.
The motivation for the GPL is that companies are “by definition evil”. Sure, their drive is to make money and have power over you. Free software is a loophole in this regard. However, especially in the last few years, most companies have realized that it makes sense to just build upon open source and contribute back, especially for security relevant stuff, effectively negating the GPL-narrative. Apart from that, GPL-violations are rarely uncovered, so I’m pretty sure GPL-software is still used for nuclear warheads and there’s nothing you can do about it.
It was different in the 90’s and 00’s, but I only care about today and new code.
Stop taking yourself so important, as in the end, it’s about people in general benefitting from free software. And there are numerous examples where companies would’ve never considered open source solutions if they hadn’t been licensed permissively. For the advocates of the GPL, especially v3, it’s more about an agenda to turn all open code into GPL-code, and I’m sick of their propaganda and FUD.
However, especially in the last few years, most companies have realized that it makes sense to just build upon open source and contribute back,
It was different in the 90’s and 00’s, but I only care about today and new code.
I suggest looking at firmware based on Linux on Android devices, and many embedded devices. The GPL is the only reason any of them ever even comes close to publishing source, and most still won’t.
You’re seeing a very small subset of companies if you look at those contributing to BSD/MIT/Apache2 licensed software.
And even Google has stopped contributing to most open source projects it once started, Android for example is almost entirely proprietary now, not even the call app is fully open source anymore.
They wrote 8 paragraphs and this is all you get from them?
Yes, the GPL is encroaching on your rights to licence your software properly. If you’d like to add a non-commercial clause to your licence, for example, tough luck. It wouldn’t be GPL-compatible. If you’d like to take the advice above and add a clause that specifies your software can’t be used in relation to weapons research or advertising, tough luck! It’s not GPL-compatible. You’ll have to reimplement everything. That would otherwise be covered by open source libraries.
From what I’ve seen, the GPL is mostly used by companies to keep their software in some weird middle between proprietary and open source. In other words to restrict the rights to compete. If someone wants to take the software and improve it to compete directly with the company that started it, they have another company with relatively endless resources and rights to all of the improvements they’ve done breathing down their neck. So if they do anything meaningful, companies can take back the improvements and take back their head and leave the contributors/competitors in the gutter. The GPL is good for protecting code, not for sharing it, is what I’m getting at.
Frankly I don’t blame them, the author pretty soon makes an ad hominem (GNU-software sucks), then diverts into a highly controversial topic(Affirmitive action), then a straw man (The motivation for the GPL is that companies are “by definition evil”.) if that were the case wouldn’t the GPL permit non-commercial restrictions.
If you’re a free software advocate not reading past the first three paragraphs is probably the most generous thing you could do in this discussion because everything after that just weakens the argument they made.
One could argue with FRIGN’s logic that if a business is afraid to use GPL/AGPL, that it’s the same as companies that are not contributing back. They are afraid that if they MUST share code in the future that it will harm them in some way. They probably suck at coding anyway.
Frankly I don’t blame them, the author pretty soon…
It’s why I ignored the comment in favor of xi’s which just made specific points about software licensing that we can discuss. Much more productive approach. :)
“One could argue with FRIGN’s logic that if a business is afraid to use GPL/AGPL, that it’s the same as companies that are not contributing back. “
Most software doesn’t directly contribute a competitive advantage to the business using or developing it. Most software is closed by default. Most use of open source software, permissive or not, involves no financial, code, or documentation contributions back from companies by default. I think these things tell us some foundational things about both the nature of how businesses will approach software and what we might get them to do. How to specifically react to these is, of course, very open for discussion and experiment. I’d like to see more experiments with business models built on free software, though. To me, it seems no harder than building the product in the first place esp if GPL components are properly isolated from hard-to-copy stuff that companies are paying for. Finally, if there’s low-cost copycats, one can always differentiate on great, face-to-face service and reputation.
Yes, the GPL is encroaching on your rights to licence your software properly.
The GPL is a license for other people’s software that says you can benefit from their work for free so long as you follow specific conditions, especially sharing your work back with them. It’s not your rights given it wasn’t your work to begin with assuming we’re thinking of software as something to be owned like in copyright law. When your work becomes the issue, you’re surveying others’ work that you might want to benefit from that come with various licenses. You get to choose which one you want based on your beliefs of how your own contributions should be licensed. GPL proponents might build on GPL. GPL opponents might build on another. Maybe something is there to use. Maybe you have to build it yourself due to no code compatible with your beliefs. Nobody has forced you to use GPL software: you simply are choosing whether to build on someone else’ work following their usage requirement or doing something different.
Your weapons example fits in my model nicely where it’s simply not compatible with GPL. Therefore, you’d look for code licensed differently. You might another person doing work for you for free had a license compatible with your expectations. Whereas, the GPL code would continue benefiting others without that extra requirement.
“In other words to restrict the rights to compete.”
This is a myth, too, given there’s a billion dollar business built on FOSS plus many smaller players that charge for it. Most don’t charge for it. So, they’re just not competing. Whereas, non-competitive practices in proprietary software were the norm. Most customers of the biggest software companies say the switching cost being prohibitive is a big reason they stay on the platform. The switching cost came from lock-in via proprietary languages, data formats, protocols, etc. People building on those that are open switch suppliers all the time even on major systems like databases.
As I said in a previous comment, the biggest threat to competition are companies that are bribing politicians to keep copyright and patent laws in a state that makes it illegal to compete. This is why IBM took out the company building on Hercules that let mainframe customers run their apps at a fraction of the cost on Intel hardware. It’s how Apple tries to keep software from even looking like theirs with Samsung forced to make their interface look like crap in Germany. It’s how Microsoft has collected over a billion in royalties off Android despite not contributing anything to it and trying to kill it in the market with Windows Mobile. It’s how it took a multi-billion dollar corporation’s deep pockets to stop Oracle from eliminating, taking most profit on, or seizing that same product. Two of these companies benefited a lot from BSD code that helped them get their revenues up enough to do more of these attacks. Another used GPL code mainly to reduce their own operating costs on infrastructure while shifting the lock-in to their 3rd-party apps built on top of it. That… at least helped on half the problem. The net effect of anything benefiting them is negative given they directly try to change laws in multiple countries to deny you basic rights like the ability to iterate on and improve a software implementation of an idea.
On other side, certain projects licensed under various free licenses had positive effects. This isn’t limited to GPL with success of Apache web server being first counterpoint coming to mind. Comparing them, though, I note that there were numerous times companies built on top of permissively-licensed code giving nothing back. There’s many cases, if not the default, of companies using GPL improving the product just because the license requires it and doing so didn’t hurt the business. The companies that did non-copyleft, shared source would occasionally close things back up after a lot of user contributions made their product better. QNX was an infuriating example. The GPL blocks that for at least components that got licensed under it. One company ceasing improvements doesn’t change anything if it’s really useful to another company who picks up the ball others dropped.
So, I see more positives out of GPL-like licenses than BSD’s if we’re talking contributions over the long term, esp by greedy companies. They also contribute less to the big companies’ evils when they adopt them as we see with IBM and Google. The companies even accidentally do good since the license forces their improvements back into the code that can be used by others doing good. Also, as I told burntsushi, it’s also important to remember that you can still license GPL software for a profit. There’s a number of companies, big and small, doing this. If it’s your own software, you can even do whatever you want with it under other licenses. The GPL version just gets to remain free with all contributions that get distributed shared back with people.
especially sharing your work back with them. It’s not your rights given it wasn’t your work to begin with
If you want to use GPL (as in picking a license or using a GPL licensed piece of code) thats your prerogative, but claiming that there is no restriction on what downstream developers do with the code they have written is being disingenuous or obtuse.
I didn’t say that. The commenter I replied to said GPL restricts “your rights to license your software properly.” It actually is an optional license that enforces your will on your work and its derivatives. That’s an entirely different thing. It means you can do whatever you want with your work. If you want what the GPL is designed to do, then you can license it with GPL to attempt to accomplish that. That’s for a single developer on their own work.
When building on existing code, it’s other’s work that they licensed how they saw fit with conditions/restrictions for those building on it. If you want to use their work in your own and are fine with the conditions, then you will build on it with the restriction of going with the conditions. At this point, it’s a collaborative work, not just your work, with conditions you already agreed to before building on it. That’s similar in concept to people entering a contract for how to accomplish a shared goal. If you oppose it, don’t enter into a contract with those people using their code and practices. That simple. Nobody has forced you to do anything with your work since it hasn’t even been created at that point. If it was, it wasn’t your work so much as theirs with licensed expectations + yours. By redefining it to just your work and rights as a single developer, which I can’t emphasize enough, it makes it look like someone is restricting your own individual activities out of nowhere with nothing in return. That would be a bad thing.
Good news is that’s not what’s happening: it’s either an optional tool for you to use to enforce your will on your own work if you agree with it; or conditions that come with a group work you or others started on derivatives that leverage that work. Again, conditions they can either agree to or reject in favor of different things to build on. In either case, the person using the GPL wants to use the GPL. If they didn’t, they’d use a different license for their work or build on something licensed differently. Entering into the restrictions is voluntary action by developers.
The goals of copyleft are laudable, but we regularly get upstream patches, also from Google employees, even though we use MIT/ISC only.
Are you talking about suckless software? I really don’t mean to be rude, but isn’t this a very selective subset? Since you’re very adamant about unix and unix style writing, the culture of sharing and interoperating was “naturally” adopted, or so it seem to me. It jut makes sense, but does this still hold for bigger projects like Emacs or Linux? I’m doubtful…
If you really care about freedom by definition, you won’t use copyleft licenses, as copyleft limits your freedoms.
This really doesn’t mean much, since both sides just use the (holy) word “Freedom” to talk about two different things. Take for example the conception of freedom that arises from unfreedom, rules and laws. Your (negative) conception is just one idea among others.
Maybe that’s why most GNU-software sucks so much.
You can say what you want, but I appreciate being able to write rm directory -rf ;^)
I wish there were a downvote for not enough information. I’ve been seeing a lot of posts that may or may not be correct but don’t actually have any reasoning or evidence behind their claims.
I agree with other commenters that I can’t learn anything from your comment without your reasoning. I will say I opposed GenodeOS switching to AGPL because it would hurt adoption. Separation kernels, aka sacrificing most features for highest security, is already something that’s nearly unmarketable but highly useful for public good. Unless selling to military or safety-critical embedded, the best move is to use whatever license will get most uptake while selling value-adds on top that are marketable. On top of support, consulting, etc.
So, I opposed it in that case since it was already something fighting huge, uphill battle. Now, something with value like these companies use for networked applications or infrastructure might be AGPL licensed to get force them to contribute more if they want to use it. There will be many that don’t adopt it. A compelling product might still get a lot of adoption or even sales if sold to companies that don’t do cloud stuff they’d have to relicense. There were even a few people on HN that told me they make all the software they build for businesses FOSS by default with the businesses never caring because that software is necessary plumbing rather than a competitive advantage. So, it’s paid for plus can benefit others by default. There’s a possibility of AGPL-based projects doing that.
Personally, I default against AGPL if optimizing for uptake but for it if optimizing for ideological blocking of freeloading or financially supporting companies that try to limit our software freedoms. I don’t mean in a Richard Stallman speculative way: I mean they actively bribe politicians to reduce our rights in how we use our devices or software. And they make that money off of a mix of proprietary and permissively-licensed code. I’m fairly pragmatic where I know things are complicated enough I’ll have to make some tough decisions balancing many goals. However, some people out there might want to take steps to block their work from supporting companies that would (a) sue them for their work if given the chance or (b) give large financial backing to proprietary solutions but freeload of most FOSS.
Note: Google is a mixed bag here where they do a lot for FOSS versus most companies. Going with their flow makes sense for people maximizing adoption at expense of other variables.
The majority of companies I see using AGPL aren’t doing it for any Stallman-esque goals - they’re “open core” companies that use AGPL to effectively neuter any attempts to combat the intrinsic bullshit of “open core” projects.
That would tell me that there’s companies using it for bad reasons, not that it’s inherently bad. You could similarly claim that projects like Linux are inherently about specific companies dominating markets because they’re the main contributors. Yet, the licensing allowed the kernel to be used for so much more. Unlike other bases, those using it were also forced to send back some contributions since they couldn’t just keep them private like companies using BSD code often did. That meant we gradually got an OS that could do everything from desktops to embedded to SGI’s NUMA’s to mobile.
There could be some beneficial effects to building businesses or major projects on AGPL that snowball like that. Also, there might not be where the license kills the potential. I don’t know until I see enough good attempts at using it for something with growth potential.
You’ve missed a key point when comparing to Linux.
RedHat Inc. (as an example) don’t “own” the Linux project, and then dual-license it under (A)GPL and a commercial License. They contribute to an external project.
MongoDB better fits the point I was making. They have a commercial (“Enterprise”) version and an AGPL (“community”) version. If a company then wanted to fork the community version, and either add new features or do clean implementations of “enterprise” functionality not offered in the upstream AGPL project, there is basically zero chance of making this a reality, because any effort they expend, automatically benefits the upstream company.
I don’t know until I see enough good attempts at using it
You’d think 11 years would be enough time for something to use it as-intended?
I think we’re probably just not going to agree here. My default opinion of anyone particularly pro-GPL is to wonder what their goals are. I’m interested in solving interesting technical problems. I’m not interested in dictating to people what they can do with code I choose to release.
“ My default opinion of anyone particularly pro-GPL is to wonder what their goals are. I’m interested in solving interesting technical problems. “
Know all that software running the world on mainframes, Windows, and so on that people can’t get off of because it’s proprietary and the company turned out to be leeches? And then doing stuff like suing competitors on copyright or patent grounds? My goal is avoiding that by default wherever something is a dependency. Certain licenses help maximize what we can do with software over time. Others don’t. So, I push for what benefits customers and developers over time the most. I don’t force anyone to do anything. To the contrary, the opposite types of software (and hardware) currently dominate in uptake in consumer, business, and government markets.
“RedHat Inc. (as an example) don’t “own” the Linux project, and then dual-license it under (A)GPL and a commercial License. They contribute to an external project.”
They contribute to an external project that they depend on which is licensed in a way to force contributions back to anything they improve. They’ve been doing this a long time, too. That was the point that they have in common with AGPL. The AGPL license just applies to extra software that’s had a lot of freeloaders who were already not contributing back because existing licenses let them dodge that in their business models. Had the best components been AGPL, a percentage of them might have chosen it with contributions coming back. Maybe. I’ve already said I’m not sure what long-term effects will be but I do want to see better attempts at it. Personally, I think the more permissive GPL is just outcompetiting it right now since it’s what copyleft people prefer. A social phenomenon.
“If a company then wanted to fork the community version, and either add new features or do clean implementations of “enterprise” functionality not offered in the upstream AGPL project”
What you’re implying, but not outright saying, is company A created something to be used for their profit if commercial or others benefit if AGPL. Company B wants to leverage Company A’s work in a way that exclusively profits Company B at Company A’s expense. Company A’s licensing prevents this by ensuring Company B’s commercial activities building on Company’s A’s work can benefit Company A, too. AGPL seems like a smart move if blocking competitors whose business model builds on other businesses’ work without sharing back.
Now, Company B has some options available. They can make their value add a service that communicates with Company A’s software. There’s a huge market for this with it becoming a default, architectural style of a lot of businesses despite negatives like performance or complexity. Company B might also target different use cases for Company A’s software that Company A might not adopt because it doesn’t fit their current market. Works better if it requires internal changes that negatively impact Company A’s current use case. Company B might also make their own software components, proprietary or open, that they license to Company A’s customers that can benefit them but clearly state they’re not to be licensed as AGPL. Whether that’s legally sound or not, we’ve seen lots of companies tie proprietary software into GPL stuff that way, esp as binary blobs, without the GPL stuff putting them out of business. It helps that GPL enforcement isn’t really aggressive like proprietary enforcement.
So, even for greedy Company B in your scenario, there’s still quite a few ways to make piles of cash as demonstrated by companies mixing proprietary and GPL code. They just can’t use the code Company A already wrote in a way that blocks company A from benefiting from the derivative work. They both will be able to sell whatever results. Just blocks greed. Doesn’t sound so bad to me. If anything, sounds like a bunch of companies competing that way would create piles of new features or differentiators at a much faster rate. Note that this is the default in Shenzhen even for hardware. Probably more product-level innovation at lower cost there than anywhere. It wouldn’t be as extreme here in U.S. since whatever doesn’t use or modify AGPL parts can stay proprietary or different type of OSS under strong copyright/patent laws.
nickpsecurity, I think I know the kind of company stephenr is talking about, though I’m unaware of any of them using AGPL.
I call these companies and their products “open source in name only”. And certainly not Free Software…
Examples include lots of products released as both an “OS/Community Edition” and also an “Enterprise Edition”.
One example is Trisano, by CS Initiative. The company appears to have disappeared and all the source code went with them. I had a copy of a repo at one point, but 1. it disappeared from my github because it was a fork of a private repo and I never had control of it (this was before I realized that I should maintain a local copy) and 2. it never had everything you needed to use the product in it anyway.
I sent emails back and forth with the head of that company explaining that I worked in the Public Health sector and we’d be happy to use the project and contribute back in the form of patches, if he could just send us the darned code, and he never did. Not even for the supposed “community edition”.
I think they just put the term “open source” into their marketing so their product would come up in my searches and maybe they could get my boss’s ear through me.
Anyway, if somebody can find a concrete example of a company using the AGPL toward malfeasance, I’d love to hear about it. stephenr mentioned MongoDB, but I’m not sure if that’s where his negative experience came from… If he doesn’t want to name names, I get it: $work and all…
Those are really interesting questions. I wonder how much non-GPL software has significant improvements that aren’t public. I have preferred BSD-style licenses for any code I publish, as I’d rather people just use it without any fuss. But if I had a substantial ongoing project I cared about I can now see myself picking a copyleft license. I had assumed the utility of submitting changes and fixes to the upstream project, as opposed to maintaining an internal fork, would be sufficient to encourage contribution. But I had never actually thought particularly hard about it until now.
Apple and Microsoft both built their proprietary OS’s along with a portion of their wealth on top of BSD code (esp networking). BSD’s didn’t get much benefit from that. Google acquired a mobile OS built on top of Linux. Even after they got more evil, many of their improvements still go into the ASOP that other companies can build on. I’m not claiming this extrapolates to all uses of highly-permissive vs copyleft code. I am saying it’s an example of what GPL intended to do when companies act in their self-interests. The BSD’s with no protections allows the other two companies to redirect all the benefits in their direction instead of reinvest them into projects they used.
I thought about that as I was writing this morning. Reason I left it off is I think it’s like Red Hat: an example proving what can happen but an outlier not representing what usually happens. The for’s and against’s were about what licenses normally do except the hypotheticals I did like AGPL.
I agree it’s a great, success story for a FOSS project. Im very greatful to the CompSci folks, Apple, and volunteers for it given all the people building on it.
Google contributes suprisingly little back to in terms of open source compared to the size of the company and the number of developers they have. (They do reciprocate a bit, but not nearly as much as they could.)
For example this is really visible in the area where they do some research and/or set a standard like with compression algorithms (zopfli, brotli), network protocols (HTTP/2, QUIC), the code and glue they release is minimal.
It’s my feeling that Google “consumes”/relies on a lot more open source code than they then contribute back to.
I’m restricting my horizon for projects that aren’t run by Google because it better showcases the difference between running and contributing to a project. Discussing how Google runs open source projects is another interesting topic though.
Edit: running a large open source project for a major company is in large part about control. Contributing to a project where the contributor is not the main player running the project is more about cooperation and being a nice player. It just seems to me that Google is much better at the former than the latter.
It would be interesting to attempt to measure how much Google employees contribute back to open source projects. I would bet that it is more than you think. When you get PRs from people, they don’t start off with, “Hey so I’m an engineer at Google, here’s this change that we think you might like.” You’d need to go and check out their Github profile and rely on them listing their employer there. In other words, contributions from Google may not look like Contributions From Google, but might just look like contributions from some random person on the Internet.
I don’t have the hat, but for the next two weeks (I’m moving teams) I am in Google’s Open Source office that released these docs.
We do keep a list of all Googlers who are on GitHub, and we used to have an email notification for patches that Googlers sent out before our new policy of “If it’s a license we approve, you don’t need to tell us.” We also gave blanket approval after the first three patches approved to a certain repo. It was ballpark 5 commits a day to non-Google code when we were monitoring, which would exclude those which had been given the 3+ approval. Obviously I can share these numbers because they’re all public anyway ;)
For reasons I can’t remember, we haven’t used the BigQuery datasets to track commits back to Googlers and get a good idea of where we are with upstream patches now. I know I tried myself, and it might be different now, but there was some blocker that prevented me doing it.
I do know that our policies about contributing upstream are less restrictive than other companies, and Googlers seem to be happy with what they have (particularly since the approved licenses change). So I disagree with the idea that Google the company doesn’t do enough to upstream. It’s on Googlers to upstream if they want to, and that’s no different to any other person/group/company.
So I disagree with the idea that Google the company doesn’t do enough to upstream.
Yeah, I do too. I’ve worked with plenty of wonderful people out of Google on open source projects.
More accurately, I don’t even agree with the framing of the discussion in the first place. I’m not a big fan of making assumptions about moral imperatives and trying to “judge” whether something is actually pulling its weight. (Mostly because I believe its unknowable.)
But anyway, thanks for sharing those cool tidbits of info. Very interesting! :)
Yeah, sorry I think I made it sound like I wasn’t agreeing with you! I was agreeing with you and trying to challenge the OP a bit :)
Let me know if there’s any other tidbits you are interested in. As you can tell from the docs, we try to be as open as we can, so if there’s anything else that you can think of, just ping me on this thread or cflewis@google.com and I’ll try to help :D
FWIW I appreciate the effort to shed some light on Google’s open source contributions.Do you think that contributions could be more systemic/coordinated within Google though, as opposed to left to individual devs?
Do you think that contributions could be more systemic/coordinated within Google though, as opposed to left to individual devs?
It really depends on whether a patch needs to be upstreamed or not, I suppose. My gut feeling (and I have no data for this) and entirely personal and not representative of my employer opinion, is that teams as a whole aren’t going to worry about it if they can avoid it… often the effort to convince the upstream maintainers to accept the patch can suck up a lot of time, and if the patch isn’t accepted then that time was wasted. It’s also wasted time if the project is going in a direction that’s different to yours, and no-one really ever wants to make a competitive fork. It’s far simpler and a 100% guarantee of things going your way if you just keep a copy of the upstream project and link that in as a library with whatever patches you want to do.
The bureaucracy of upstreaming, of course, is working as intended. There does have to be guidance and care to accepting patches. Open source != cowboy programming. That’s no problem if you are, say, a hobbyist who is doing it in the evenings here and there, where timeframes and so forth are less pressing. But when you are a team with directives to get your product out as soon as you can, it generally isn’t something a team will do.
I don’t think this is a solved problem by any company that really does want to commit back to open source like Google does. And I don’t think the issue changes whether you’re a giant enterprise or a small mature startup.
This issue is also why you see so much more open source projects released by companies rather than working with existing software: you know your patches will be accepted (eventually) and you know it’ll go in your direction, It’s a big deal to move a project to community governance as you now lose that guarantee.
Because a convoluted and long build process, concretely reduce the freedom that an open source license gives you.
Is the implication that Google intentionally makes the build for Chromium slow? Chromium is a massive project and uses the best tools for the job and has made massive strides in recent years to improve the speed, simplicity, and documentation around their builds. Their mailing lists are also some of the most helpful I’ve ever encountered in open source. I really don’t think this argument holds any water.
Google does care a lot about security and I know of plenty of positive contributions that they’ve made. We probably could spend days listing them all, but in addition to what you’ve mentioned project zero, pushing the PKI towards sanity, google summer of code (of which I was one recipient about a decade ago), etc all had a genuinely good impact.
OTOH Alphabet is the world’s second largest company by market capitalization, so there should be some expectation of activity based on that :)
Stepping out of the developer bubble, it is an interesting thought experiment to consider if it would be worth trading every open source contribution Google ever made for changing the YouTube recommendation algoritm to stop promoting extremism. (Currently I’m leaning towards yes.)
To contribute my opinion to this controversal thread: If you’re writing small, simple, trivial (in the sense that it could be easily recreated) software publish it in the public domain, if it it actually meaningful, use GPL. Libraries are then again a whole different problem.
Seeing the WTFPL used in practice really annoys me, and is almost insulting to people who need to care about this stuff.
Some people do this stuff as a statement against licenses, which is… laudable? a political statement. But a lot of people choose this kind of license because it’s “clever”, and all you’ve done is made it harder for the software to be used in an environment where people are more serious.
the “Do No Evil” clause for jslint was a combination of ineffective political speech (what does this even mean) and bad licensing (basically unknowable). If you’re serious about making a political statement, here’s a list of banned activities you can add to your license if you’re fine throwing away the OSI seal of approval:
This software cannot be used in support of the following activities:
This is a trite example, but an actual position that goes beyond just saying “don’t be X”
The WTFPL can also expose the developer to liability. See Dan Berlin’s comment about the WTFPL on HN. He is a lawyer.
WTFPL is bad and really nobody should use it. I would think it’s very very hard to enforce what someone uses your software for, there might literally be 0 evidence. Also what if its used by a small militia group against a evil authoritarian government, should they be restricted against weapons research and manufacturing? I would be very careful about implementing that first rule as it might only apply to those with a conscience.
Huh? WTFPL is all about not enforcing anything. Like, it’s literally:
The
that rtpg mentioned is not part of WTFPL.
The first part was about how wtfpl was bad and nobody should use it, the second was a response to the list of banned activities you could add to your license which I thought was also bad. WTFPL is bad because it is purposely broad which in our legal system you might be better with no license at all but I’m not a lawyer and this should not be construed as legal advice.
Thanks for the feedback. This was more meant as an example of a concrete political stance that one could take.
I think it’s hard to underestimate the power of legal threats, at least in the US. If the GPL had a weapons manufacturing bank included, you bet that Lockheed Martin and company would not be using any of that stuff. Imagine simply not having access to some great (well, mostly great) software because of an ethical issue
Personally I might be more on the pacifist side of things, but it’s hard to deny certain safety benefits of a technologically advanced military. But I bet many of us would not want any part of something like biological weapons development.
Lockheed-Martin ciuld just use a high-performance, separation kernel to isolate GPL. Many companies advertise this with defense sector usually in their solutions list. Here’s a writeup with details from one.
And user tracking. It might be easier to just say not for use by fortune 500 companies, any company based in Ireland, Delaware, Singapore, Hong Kong, the Bahamas, and any government of a country with “People’s” or “Democratic” in the title.
It is kind of funny how companies refuse to use software with any freedom restrictions, it is almost as if they know it is a bad thing to have done to you.
FWIW Google does not refuse to use GPL, it’s right there in the docs. Using GPL and other restrictive licenses at Google does have some legal overhead involved, and most teams understandably don’t want to have to jump those hoops. The non-restrictive licenses like MIT/BSD/Apache (Apache 2 being the license the vast number of our projects use because of the patent grant) just make staying compliant easier.
The Open Source team deeply cares about being compliant, not just because of the legal issues, but because it’s the right thing to do. It’s important to us as engineers who joined the team because we <3 open source in the first place that we do right by authors. I think it’s easy to think about these things as being created by faceless entities, and not realize that the people that staff these teams all had previous lives, and with our team, all of them released open source projects one way or another.
The GPL is not restrictive, given that it starts with copyright and gives freedoms from that.
The only time I ever wanted to use GPL was to restrict competition to software I was working on.
Or default on the opposites of how they acquire 3rd party software for their own software that they build or license for their users with careful exceptions for open source:
“Google gives you a personal, worldwide, royalty-free, non-assignable and non-exclusive license to use the software provided to you by Google as part of the Services. This license is for the sole purpose of enabling you to use and enjoy the benefit of the Services as provided by Google, in the manner permitted by these terms. You may not copy, modify, distribute, sell, or lease any part of our Services or included software, nor may you reverse engineer or attempt to extract the source code of that software, unless laws prohibit those restrictions or you have our written permission.
Open source software is important to us. Some software used in our Services may be offered under an open source license that we will make available to you. There may be provisions in the open source license that expressly override some of these terms.”
Right there Google tells you what kind of software is most valuable to them and funds all the FOSS they support. Maybe that should be more developers’ default, too, if they can find a business model to pull it off. ;)
Yet more reasons to not copyleft software.
What gets more contributions in code or dollars by companies using it right now? BSD/Apache or GPL software? And on top of that, which gets used the most by companies intending to turn the use into money to pay for laws and court decisions to limit software compatibility or freedom?
Those are a start at answering which to do if wanting mutually-beneficial uptake. I think the second question isn’t addressed nearly enough by GPL opponents. Saying that as a long-time advocate of BSD-style licenses that really reconsidered after watching the patent and API copyright action over time.
I’ve been through the experience of releasing software that was under a license (non-copyleft) banned by Google. The effect was clear: fewer people used it. I used said license as an ideological statement that reflected my views on copyright, but I simultaneously wanted as many people as possible to use the code I wrote. My goals were at odds with each other. I ended up switching the license.
Using a license on Google’s banned list has network effects that people might not account for. This banned license list doesn’t just apply to Google’s internal proprietary code, but also to their open source projects. If your library can’t be used in those, then people will find an alternative, or, failing that, create one themselves. The network effects of this should be obvious: “what library should I use for Foo?” “well, Google’s Huge Important Open Source Project Used By Very Serious People uses Quux for Foo, so that’s probably a safe bet.” There are other manifestations for this. For example, even if most people didn’t care about my non-standard license, the fact that Google does means that they are going to find and use an alternative for it. Google has a very large presence in open source, which means there is going to be a point at which you download some project and it might have both the library Google’s using for Foo and perhaps my own library for Foo, and now you get people being (quite reasonably) annoyed that they have two different dependencies in their chain for solving the same problem. Guess which one is going to win when an enterprising individual endeavors to consolidate their dependency graph?
Invariably, the ideological goal I set out with is tied to the goal of people using the code. If people don’t use it in the first place, then the whole point of using a different license to raise awareness about my cause will be for nothing.
Despite the fact that some people are “insulted” by non-standard licenses, I do still find occasion to express my views through my licensing choice, but I’ve found better ways to balance my goals.
I could use the above to be “mad” at Google, I guess, for being an Evil Corp that bullies the Small Guy via a complex struggle in power. And yeah, it was definitely a frustrating process to go through, and I was really stubborn about it for a long time. But that didn’t get me anywhere. I’m not a very good ideologue, and I can definitely understand why lawyers are reasonably unreasonable about these things, so there you have it.
(FWIW, I left my initial comment in this thread mostly out of annoyance that @pizzaiolo decided to thumb their nose at the submission guidelines.)
I appreciate the detailed response. It seems your concern is that Google’s network effects will boost both contributions to and adoption of a lot of code. If Google won’t use it, you loose that. So, you want to maximize adoption by building things that Google specifically might use. Maybe also any other company with similar acquisition policies. That does make sense if Google’s (or their) pull is literally that great or you’re willing to put all your eggs in one basket (theirs). On other hand, it might not for a project that can get contributors without Google’s support. There seems to be plenty of those. The default for FOSS in general on use/contribute ratio or sustainability is pretty bad, though.
I keep coming back to solving this problem by actually selling FOSS to companies in form of licensing, consulting, and/or support. What the proprietary companies do but without the restrictions or lock-in. The main, revenue stream will indirectly finance dependencies that are packaged in their own libraries under FOSS licenses. People might contribute to them. If they don’t, they can still be maintained from revenue. The bigger benefit is that enough FOSS companies pulling in lots of money can afford to fight big companies threatening the FOSS model by using media and lobbying campaigns. Google is actually one of the few, tech companies that’s been doing that on Washington fighting incumbents in areas that threaten them like net neutrality or copyright.
Well… no. I didn’t say that. I don’t wake up in the morning and think, “Oh I can’t wait to get home from work and spend time on my side project with the hope that Google will use it!” What I’m saying is that if you use a license that is banned by large companies (Google being one of them) that have influence in open source, then you’re handicapping the likelihood that others will use your code right out of the gate. Not everyone cares about that because not everyone has the same goals.
Again, that’s not what I said. It isn’t necessarily just about contributors, but also about use. Please remember that I’m describing my own experience with this. I observed the network effects first hand. What you do with that information is totally up to you, and outside the scope of what I want to discuss. :-)
Well, if you’re just talking about big companies, then your position still makes sense where people aiming to get more use or contributions from them have to use compatible licenses. What large companies allow varies both for the general case and sometimes by what a specific piece of software will do. For instance, they use a lot of proprietary software with restrictive licenses even though they don’t like the licenses.
Maybe I should try to assess what happens with network effects of FOSS components that are being sold to same big companies. As in, they got them not because they’re FOSS but because they’re useful with great price and flexible licensing. If it’s a copyleft, it would have to be isolated as one application or service doing a specific thing so they didn’t worry about effect on other software. From there, it gets a lot of use with potential network effects kicking in because of large uptake. It might get contributions from companies using it just because they depend on it. There’s quite a few ecosystems out there of people doing open enhancements on proprietary stuff just because it’s what they use at work. Especially Microsoft and IBM.
There’s some overlap between what you were doing and this other model. Main difference is yours will get more pull where this one will need to be pushed. I don’t know if a push is inherently a bad thing if it delivers long-term benefits the solutions getting pulls don’t. It could be bad for specific authors, though, if they’re aiming for pulls like you were.
So you’re fine with the requirement that I can’t license a program under ISC or anything non-GPLv3 for what it’s worth, when I intend on linking a GPLv3 library to it?
The goals of copyleft are laudable, but we regularly get upstream patches, also from Google employees, even though we use MIT/ISC only. And this carries on to many other projects.
If you really care about freedom by definition, you won’t use copyleft licenses, as copyleft limits your freedoms. On the other hand, copyleft is an effective tool to “force” people not to close down changes to code, obviously.
In reality though, I have found those companies not contributing back to suck at coding anyway. Those who do have a healthy idea of open source. Maybe that’s why most GNU-software sucks so much.
The discussion about copyleft or not is very similar to those about affirmative action or female quotas. By definition, e.g. female quotas discriminate against males as even males with higher qualifications get sorted out against females with lower qualifications. Anyone believing in equal rights rather than equal status will oppose that. Those who defend female quotas bring up terms like the “patriarchy” justifying it.
The motivation for the GPL is that companies are “by definition evil”. Sure, their drive is to make money and have power over you. Free software is a loophole in this regard. However, especially in the last few years, most companies have realized that it makes sense to just build upon open source and contribute back, especially for security relevant stuff, effectively negating the GPL-narrative. Apart from that, GPL-violations are rarely uncovered, so I’m pretty sure GPL-software is still used for nuclear warheads and there’s nothing you can do about it.
It was different in the 90’s and 00’s, but I only care about today and new code.
Stop taking yourself so important, as in the end, it’s about people in general benefitting from free software. And there are numerous examples where companies would’ve never considered open source solutions if they hadn’t been licensed permissively. For the advocates of the GPL, especially v3, it’s more about an agenda to turn all open code into GPL-code, and I’m sick of their propaganda and FUD.
I suggest looking at firmware based on Linux on Android devices, and many embedded devices. The GPL is the only reason any of them ever even comes close to publishing source, and most still won’t.
You’re seeing a very small subset of companies if you look at those contributing to BSD/MIT/Apache2 licensed software.
And even Google has stopped contributing to most open source projects it once started, Android for example is almost entirely proprietary now, not even the call app is fully open source anymore.
“Using GPL / is encroaching on our rights / to encroach on yours”
They wrote 8 paragraphs and this is all you get from them?
Yes, the GPL is encroaching on your rights to licence your software properly. If you’d like to add a non-commercial clause to your licence, for example, tough luck. It wouldn’t be GPL-compatible. If you’d like to take the advice above and add a clause that specifies your software can’t be used in relation to weapons research or advertising, tough luck! It’s not GPL-compatible. You’ll have to reimplement everything. That would otherwise be covered by open source libraries.
From what I’ve seen, the GPL is mostly used by companies to keep their software in some weird middle between proprietary and open source. In other words to restrict the rights to compete. If someone wants to take the software and improve it to compete directly with the company that started it, they have another company with relatively endless resources and rights to all of the improvements they’ve done breathing down their neck. So if they do anything meaningful, companies can take back the improvements and take back their head and leave the contributors/competitors in the gutter. The GPL is good for protecting code, not for sharing it, is what I’m getting at.
Frankly I don’t blame them, the author pretty soon makes an ad hominem (GNU-software sucks), then diverts into a highly controversial topic(Affirmitive action), then a straw man (The motivation for the GPL is that companies are “by definition evil”.) if that were the case wouldn’t the GPL permit non-commercial restrictions.
If you’re a free software advocate not reading past the first three paragraphs is probably the most generous thing you could do in this discussion because everything after that just weakens the argument they made.
One could argue with FRIGN’s logic that if a business is afraid to use GPL/AGPL, that it’s the same as companies that are not contributing back. They are afraid that if they MUST share code in the future that it will harm them in some way. They probably suck at coding anyway.
It’s why I ignored the comment in favor of xi’s which just made specific points about software licensing that we can discuss. Much more productive approach. :)
“One could argue with FRIGN’s logic that if a business is afraid to use GPL/AGPL, that it’s the same as companies that are not contributing back. “
Most software doesn’t directly contribute a competitive advantage to the business using or developing it. Most software is closed by default. Most use of open source software, permissive or not, involves no financial, code, or documentation contributions back from companies by default. I think these things tell us some foundational things about both the nature of how businesses will approach software and what we might get them to do. How to specifically react to these is, of course, very open for discussion and experiment. I’d like to see more experiments with business models built on free software, though. To me, it seems no harder than building the product in the first place esp if GPL components are properly isolated from hard-to-copy stuff that companies are paying for. Finally, if there’s low-cost copycats, one can always differentiate on great, face-to-face service and reputation.
The GPL is a license for other people’s software that says you can benefit from their work for free so long as you follow specific conditions, especially sharing your work back with them. It’s not your rights given it wasn’t your work to begin with assuming we’re thinking of software as something to be owned like in copyright law. When your work becomes the issue, you’re surveying others’ work that you might want to benefit from that come with various licenses. You get to choose which one you want based on your beliefs of how your own contributions should be licensed. GPL proponents might build on GPL. GPL opponents might build on another. Maybe something is there to use. Maybe you have to build it yourself due to no code compatible with your beliefs. Nobody has forced you to use GPL software: you simply are choosing whether to build on someone else’ work following their usage requirement or doing something different.
Your weapons example fits in my model nicely where it’s simply not compatible with GPL. Therefore, you’d look for code licensed differently. You might another person doing work for you for free had a license compatible with your expectations. Whereas, the GPL code would continue benefiting others without that extra requirement.
“In other words to restrict the rights to compete.”
This is a myth, too, given there’s a billion dollar business built on FOSS plus many smaller players that charge for it. Most don’t charge for it. So, they’re just not competing. Whereas, non-competitive practices in proprietary software were the norm. Most customers of the biggest software companies say the switching cost being prohibitive is a big reason they stay on the platform. The switching cost came from lock-in via proprietary languages, data formats, protocols, etc. People building on those that are open switch suppliers all the time even on major systems like databases.
As I said in a previous comment, the biggest threat to competition are companies that are bribing politicians to keep copyright and patent laws in a state that makes it illegal to compete. This is why IBM took out the company building on Hercules that let mainframe customers run their apps at a fraction of the cost on Intel hardware. It’s how Apple tries to keep software from even looking like theirs with Samsung forced to make their interface look like crap in Germany. It’s how Microsoft has collected over a billion in royalties off Android despite not contributing anything to it and trying to kill it in the market with Windows Mobile. It’s how it took a multi-billion dollar corporation’s deep pockets to stop Oracle from eliminating, taking most profit on, or seizing that same product. Two of these companies benefited a lot from BSD code that helped them get their revenues up enough to do more of these attacks. Another used GPL code mainly to reduce their own operating costs on infrastructure while shifting the lock-in to their 3rd-party apps built on top of it. That… at least helped on half the problem. The net effect of anything benefiting them is negative given they directly try to change laws in multiple countries to deny you basic rights like the ability to iterate on and improve a software implementation of an idea.
On other side, certain projects licensed under various free licenses had positive effects. This isn’t limited to GPL with success of Apache web server being first counterpoint coming to mind. Comparing them, though, I note that there were numerous times companies built on top of permissively-licensed code giving nothing back. There’s many cases, if not the default, of companies using GPL improving the product just because the license requires it and doing so didn’t hurt the business. The companies that did non-copyleft, shared source would occasionally close things back up after a lot of user contributions made their product better. QNX was an infuriating example. The GPL blocks that for at least components that got licensed under it. One company ceasing improvements doesn’t change anything if it’s really useful to another company who picks up the ball others dropped.
So, I see more positives out of GPL-like licenses than BSD’s if we’re talking contributions over the long term, esp by greedy companies. They also contribute less to the big companies’ evils when they adopt them as we see with IBM and Google. The companies even accidentally do good since the license forces their improvements back into the code that can be used by others doing good. Also, as I told burntsushi, it’s also important to remember that you can still license GPL software for a profit. There’s a number of companies, big and small, doing this. If it’s your own software, you can even do whatever you want with it under other licenses. The GPL version just gets to remain free with all contributions that get distributed shared back with people.
Emphasis is mine..
If you want to use GPL (as in picking a license or using a GPL licensed piece of code) thats your prerogative, but claiming that there is no restriction on what downstream developers do with the code they have written is being disingenuous or obtuse.
I didn’t say that. The commenter I replied to said GPL restricts “your rights to license your software properly.” It actually is an optional license that enforces your will on your work and its derivatives. That’s an entirely different thing. It means you can do whatever you want with your work. If you want what the GPL is designed to do, then you can license it with GPL to attempt to accomplish that. That’s for a single developer on their own work.
When building on existing code, it’s other’s work that they licensed how they saw fit with conditions/restrictions for those building on it. If you want to use their work in your own and are fine with the conditions, then you will build on it with the restriction of going with the conditions. At this point, it’s a collaborative work, not just your work, with conditions you already agreed to before building on it. That’s similar in concept to people entering a contract for how to accomplish a shared goal. If you oppose it, don’t enter into a contract with those people using their code and practices. That simple. Nobody has forced you to do anything with your work since it hasn’t even been created at that point. If it was, it wasn’t your work so much as theirs with licensed expectations + yours. By redefining it to just your work and rights as a single developer, which I can’t emphasize enough, it makes it look like someone is restricting your own individual activities out of nowhere with nothing in return. That would be a bad thing.
Good news is that’s not what’s happening: it’s either an optional tool for you to use to enforce your will on your own work if you agree with it; or conditions that come with a group work you or others started on derivatives that leverage that work. Again, conditions they can either agree to or reject in favor of different things to build on. In either case, the person using the GPL wants to use the GPL. If they didn’t, they’d use a different license for their work or build on something licensed differently. Entering into the restrictions is voluntary action by developers.
Are you talking about suckless software? I really don’t mean to be rude, but isn’t this a very selective subset? Since you’re very adamant about unix and unix style writing, the culture of sharing and interoperating was “naturally” adopted, or so it seem to me. It jut makes sense, but does this still hold for bigger projects like Emacs or Linux? I’m doubtful…
This really doesn’t mean much, since both sides just use the (holy) word “Freedom” to talk about two different things. Take for example the conception of freedom that arises from unfreedom, rules and laws. Your (negative) conception is just one idea among others.
You can say what you want, but I appreciate being able to write
rm directory -rf;^)If you want to complain about ‘bad actor’ companies, those using AGPL should be directly in your sights.
How so?
I wish there were a downvote for not enough information. I’ve been seeing a lot of posts that may or may not be correct but don’t actually have any reasoning or evidence behind their claims.
As mentioned elsewhere (https://lobste.rs/s/mbufwv/some_software_cannot_be_used_at_google#c_olmjmh) - shitbag companies use (A)GPL as a moat against competition for their open-core/proprietary software.
I agree with other commenters that I can’t learn anything from your comment without your reasoning. I will say I opposed GenodeOS switching to AGPL because it would hurt adoption. Separation kernels, aka sacrificing most features for highest security, is already something that’s nearly unmarketable but highly useful for public good. Unless selling to military or safety-critical embedded, the best move is to use whatever license will get most uptake while selling value-adds on top that are marketable. On top of support, consulting, etc.
So, I opposed it in that case since it was already something fighting huge, uphill battle. Now, something with value like these companies use for networked applications or infrastructure might be AGPL licensed to get force them to contribute more if they want to use it. There will be many that don’t adopt it. A compelling product might still get a lot of adoption or even sales if sold to companies that don’t do cloud stuff they’d have to relicense. There were even a few people on HN that told me they make all the software they build for businesses FOSS by default with the businesses never caring because that software is necessary plumbing rather than a competitive advantage. So, it’s paid for plus can benefit others by default. There’s a possibility of AGPL-based projects doing that.
Personally, I default against AGPL if optimizing for uptake but for it if optimizing for ideological blocking of freeloading or financially supporting companies that try to limit our software freedoms. I don’t mean in a Richard Stallman speculative way: I mean they actively bribe politicians to reduce our rights in how we use our devices or software. And they make that money off of a mix of proprietary and permissively-licensed code. I’m fairly pragmatic where I know things are complicated enough I’ll have to make some tough decisions balancing many goals. However, some people out there might want to take steps to block their work from supporting companies that would (a) sue them for their work if given the chance or (b) give large financial backing to proprietary solutions but freeload of most FOSS.
Note: Google is a mixed bag here where they do a lot for FOSS versus most companies. Going with their flow makes sense for people maximizing adoption at expense of other variables.
The majority of companies I see using AGPL aren’t doing it for any Stallman-esque goals - they’re “open core” companies that use AGPL to effectively neuter any attempts to combat the intrinsic bullshit of “open core” projects.
This other comment sums up my views better than I have, clearly: https://lobste.rs/s/mbufwv/some_software_cannot_be_used_at_google#c_olmjmh
That would tell me that there’s companies using it for bad reasons, not that it’s inherently bad. You could similarly claim that projects like Linux are inherently about specific companies dominating markets because they’re the main contributors. Yet, the licensing allowed the kernel to be used for so much more. Unlike other bases, those using it were also forced to send back some contributions since they couldn’t just keep them private like companies using BSD code often did. That meant we gradually got an OS that could do everything from desktops to embedded to SGI’s NUMA’s to mobile.
There could be some beneficial effects to building businesses or major projects on AGPL that snowball like that. Also, there might not be where the license kills the potential. I don’t know until I see enough good attempts at using it for something with growth potential.
You’ve missed a key point when comparing to Linux.
RedHat Inc. (as an example) don’t “own” the Linux project, and then dual-license it under (A)GPL and a commercial License. They contribute to an external project.
MongoDB better fits the point I was making. They have a commercial (“Enterprise”) version and an AGPL (“community”) version. If a company then wanted to fork the community version, and either add new features or do clean implementations of “enterprise” functionality not offered in the upstream AGPL project, there is basically zero chance of making this a reality, because any effort they expend, automatically benefits the upstream company.
You’d think 11 years would be enough time for something to use it as-intended?
I think we’re probably just not going to agree here. My default opinion of anyone particularly pro-GPL is to wonder what their goals are. I’m interested in solving interesting technical problems. I’m not interested in dictating to people what they can do with code I choose to release.
“ My default opinion of anyone particularly pro-GPL is to wonder what their goals are. I’m interested in solving interesting technical problems. “
Know all that software running the world on mainframes, Windows, and so on that people can’t get off of because it’s proprietary and the company turned out to be leeches? And then doing stuff like suing competitors on copyright or patent grounds? My goal is avoiding that by default wherever something is a dependency. Certain licenses help maximize what we can do with software over time. Others don’t. So, I push for what benefits customers and developers over time the most. I don’t force anyone to do anything. To the contrary, the opposite types of software (and hardware) currently dominate in uptake in consumer, business, and government markets.
“RedHat Inc. (as an example) don’t “own” the Linux project, and then dual-license it under (A)GPL and a commercial License. They contribute to an external project.”
They contribute to an external project that they depend on which is licensed in a way to force contributions back to anything they improve. They’ve been doing this a long time, too. That was the point that they have in common with AGPL. The AGPL license just applies to extra software that’s had a lot of freeloaders who were already not contributing back because existing licenses let them dodge that in their business models. Had the best components been AGPL, a percentage of them might have chosen it with contributions coming back. Maybe. I’ve already said I’m not sure what long-term effects will be but I do want to see better attempts at it. Personally, I think the more permissive GPL is just outcompetiting it right now since it’s what copyleft people prefer. A social phenomenon.
“If a company then wanted to fork the community version, and either add new features or do clean implementations of “enterprise” functionality not offered in the upstream AGPL project”
What you’re implying, but not outright saying, is company A created something to be used for their profit if commercial or others benefit if AGPL. Company B wants to leverage Company A’s work in a way that exclusively profits Company B at Company A’s expense. Company A’s licensing prevents this by ensuring Company B’s commercial activities building on Company’s A’s work can benefit Company A, too. AGPL seems like a smart move if blocking competitors whose business model builds on other businesses’ work without sharing back.
Now, Company B has some options available. They can make their value add a service that communicates with Company A’s software. There’s a huge market for this with it becoming a default, architectural style of a lot of businesses despite negatives like performance or complexity. Company B might also target different use cases for Company A’s software that Company A might not adopt because it doesn’t fit their current market. Works better if it requires internal changes that negatively impact Company A’s current use case. Company B might also make their own software components, proprietary or open, that they license to Company A’s customers that can benefit them but clearly state they’re not to be licensed as AGPL. Whether that’s legally sound or not, we’ve seen lots of companies tie proprietary software into GPL stuff that way, esp as binary blobs, without the GPL stuff putting them out of business. It helps that GPL enforcement isn’t really aggressive like proprietary enforcement.
So, even for greedy Company B in your scenario, there’s still quite a few ways to make piles of cash as demonstrated by companies mixing proprietary and GPL code. They just can’t use the code Company A already wrote in a way that blocks company A from benefiting from the derivative work. They both will be able to sell whatever results. Just blocks greed. Doesn’t sound so bad to me. If anything, sounds like a bunch of companies competing that way would create piles of new features or differentiators at a much faster rate. Note that this is the default in Shenzhen even for hardware. Probably more product-level innovation at lower cost there than anywhere. It wouldn’t be as extreme here in U.S. since whatever doesn’t use or modify AGPL parts can stay proprietary or different type of OSS under strong copyright/patent laws.
You’re trying really fucking hard to miss the points I’m making, and I honestly don’t have time to read all of your war and peace style comments.
Well, I found time to read all of them.
nickpsecurity, I think I know the kind of company stephenr is talking about, though I’m unaware of any of them using AGPL.
I call these companies and their products “open source in name only”. And certainly not Free Software…
Examples include lots of products released as both an “OS/Community Edition” and also an “Enterprise Edition”.
One example is Trisano, by CS Initiative. The company appears to have disappeared and all the source code went with them. I had a copy of a repo at one point, but 1. it disappeared from my github because it was a fork of a private repo and I never had control of it (this was before I realized that I should maintain a local copy) and 2. it never had everything you needed to use the product in it anyway.
I sent emails back and forth with the head of that company explaining that I worked in the Public Health sector and we’d be happy to use the project and contribute back in the form of patches, if he could just send us the darned code, and he never did. Not even for the supposed “community edition”.
I think they just put the term “open source” into their marketing so their product would come up in my searches and maybe they could get my boss’s ear through me.
Anyway, if somebody can find a concrete example of a company using the AGPL toward malfeasance, I’d love to hear about it. stephenr mentioned MongoDB, but I’m not sure if that’s where his negative experience came from… If he doesn’t want to name names, I get it: $work and all…
Those are really interesting questions. I wonder how much non-GPL software has significant improvements that aren’t public. I have preferred BSD-style licenses for any code I publish, as I’d rather people just use it without any fuss. But if I had a substantial ongoing project I cared about I can now see myself picking a copyleft license. I had assumed the utility of submitting changes and fixes to the upstream project, as opposed to maintaining an internal fork, would be sufficient to encourage contribution. But I had never actually thought particularly hard about it until now.
Apple and Microsoft both built their proprietary OS’s along with a portion of their wealth on top of BSD code (esp networking). BSD’s didn’t get much benefit from that. Google acquired a mobile OS built on top of Linux. Even after they got more evil, many of their improvements still go into the ASOP that other companies can build on. I’m not claiming this extrapolates to all uses of highly-permissive vs copyleft code. I am saying it’s an example of what GPL intended to do when companies act in their self-interests. The BSD’s with no protections allows the other two companies to redirect all the benefits in their direction instead of reinvest them into projects they used.
It could be argued that the BSD’s got clang/llvm, so maybe it isn’t all bad.
I thought about that as I was writing this morning. Reason I left it off is I think it’s like Red Hat: an example proving what can happen but an outlier not representing what usually happens. The for’s and against’s were about what licenses normally do except the hypotheticals I did like AGPL.
I agree it’s a great, success story for a FOSS project. Im very greatful to the CompSci folks, Apple, and volunteers for it given all the people building on it.
Google contributes suprisingly little back to in terms of open source compared to the size of the company and the number of developers they have. (They do reciprocate a bit, but not nearly as much as they could.)
For example this is really visible in the area where they do some research and/or set a standard like with compression algorithms (zopfli, brotli), network protocols (HTTP/2, QUIC), the code and glue they release is minimal.
It’s my feeling that Google “consumes”/relies on a lot more open source code than they then contribute back to.
Go? Kubernetes? Android? Chromium? Those four right there are gargantuan open source projects.
Or are you specifically restricting your horizon to projects that aren’t predominantly run by Google? If so, why?
I’m restricting my horizon for projects that aren’t run by Google because it better showcases the difference between running and contributing to a project. Discussing how Google runs open source projects is another interesting topic though.
Edit: running a large open source project for a major company is in large part about control. Contributing to a project where the contributor is not the main player running the project is more about cooperation and being a nice player. It just seems to me that Google is much better at the former than the latter.
It would be interesting to attempt to measure how much Google employees contribute back to open source projects. I would bet that it is more than you think. When you get PRs from people, they don’t start off with, “Hey so I’m an engineer at Google, here’s this change that we think you might like.” You’d need to go and check out their Github profile and rely on them listing their employer there. In other words, contributions from Google may not look like Contributions From Google, but might just look like contributions from some random person on the Internet.
I don’t have the hat, but for the next two weeks (I’m moving teams) I am in Google’s Open Source office that released these docs.
We do keep a list of all Googlers who are on GitHub, and we used to have an email notification for patches that Googlers sent out before our new policy of “If it’s a license we approve, you don’t need to tell us.” We also gave blanket approval after the first three patches approved to a certain repo. It was ballpark 5 commits a day to non-Google code when we were monitoring, which would exclude those which had been given the 3+ approval. Obviously I can share these numbers because they’re all public anyway ;)
For reasons I can’t remember, we haven’t used the BigQuery datasets to track commits back to Googlers and get a good idea of where we are with upstream patches now. I know I tried myself, and it might be different now, but there was some blocker that prevented me doing it.
I do know that our policies about contributing upstream are less restrictive than other companies, and Googlers seem to be happy with what they have (particularly since the approved licenses change). So I disagree with the idea that Google the company doesn’t do enough to upstream. It’s on Googlers to upstream if they want to, and that’s no different to any other person/group/company.
Yeah, I do too. I’ve worked with plenty of wonderful people out of Google on open source projects.
More accurately, I don’t even agree with the framing of the discussion in the first place. I’m not a big fan of making assumptions about moral imperatives and trying to “judge” whether something is actually pulling its weight. (Mostly because I believe its unknowable.)
But anyway, thanks for sharing those cool tidbits of info. Very interesting! :)
Yeah, sorry I think I made it sound like I wasn’t agreeing with you! I was agreeing with you and trying to challenge the OP a bit :)
Let me know if there’s any other tidbits you are interested in. As you can tell from the docs, we try to be as open as we can, so if there’s anything else that you can think of, just ping me on this thread or cflewis@google.com and I’ll try to help :D
FWIW I appreciate the effort to shed some light on Google’s open source contributions.Do you think that contributions could be more systemic/coordinated within Google though, as opposed to left to individual devs?
It really depends on whether a patch needs to be upstreamed or not, I suppose. My gut feeling (and I have no data for this) and entirely personal and not representative of my employer opinion, is that teams as a whole aren’t going to worry about it if they can avoid it… often the effort to convince the upstream maintainers to accept the patch can suck up a lot of time, and if the patch isn’t accepted then that time was wasted. It’s also wasted time if the project is going in a direction that’s different to yours, and no-one really ever wants to make a competitive fork. It’s far simpler and a 100% guarantee of things going your way if you just keep a copy of the upstream project and link that in as a library with whatever patches you want to do.
The bureaucracy of upstreaming, of course, is working as intended. There does have to be guidance and care to accepting patches. Open source != cowboy programming. That’s no problem if you are, say, a hobbyist who is doing it in the evenings here and there, where timeframes and so forth are less pressing. But when you are a team with directives to get your product out as soon as you can, it generally isn’t something a team will do.
I don’t think this is a solved problem by any company that really does want to commit back to open source like Google does. And I don’t think the issue changes whether you’re a giant enterprise or a small mature startup.
This issue is also why you see so much more open source projects released by companies rather than working with existing software: you know your patches will be accepted (eventually) and you know it’ll go in your direction, It’s a big deal to move a project to community governance as you now lose that guarantee.
Did you ever tried to compile it?
Yeah, and?
How much time it took? On which hardware?
90 minutes, on a mid-grade desktop from 2016.
Cool! You should really explain to Google your build process!
And to everybody else, actually.
Because a convoluted and long build process, concretely reduce the freedom that an open source license gives you.
Google explained it to me actually. https://chromium.googlesource.com/chromium/src/+/lkcr/docs/linux_build_instructions.md#faster-builds
Is the implication that Google intentionally makes the build for Chromium slow? Chromium is a massive project and uses the best tools for the job and has made massive strides in recent years to improve the speed, simplicity, and documentation around their builds. Their mailing lists are also some of the most helpful I’ve ever encountered in open source. I really don’t think this argument holds any water.
The amount Google invests in securing open source software basically dwarfs everyone else’s investment, it’s vaguely frightening. For example:
I don’t think anyone else is close, either by number (and severity) of vulnerabilities reported or in proactive work to prevent and mitigate them.
Google does care a lot about security and I know of plenty of positive contributions that they’ve made. We probably could spend days listing them all, but in addition to what you’ve mentioned project zero, pushing the PKI towards sanity, google summer of code (of which I was one recipient about a decade ago), etc all had a genuinely good impact.
OTOH Alphabet is the world’s second largest company by market capitalization, so there should be some expectation of activity based on that :)
Stepping out of the developer bubble, it is an interesting thought experiment to consider if it would be worth trading every open source contribution Google ever made for changing the YouTube recommendation algoritm to stop promoting extremism. (Currently I’m leaning towards yes.)
Actually: Yet another OK to the Unlicense! :P
To contribute my opinion to this controversal thread: If you’re writing small, simple, trivial (in the sense that it could be easily recreated) software publish it in the public domain, if it it actually meaningful, use GPL. Libraries are then again a whole different problem.
Hate me.