1. 68
  1.  

  2. 59

    When people tell me to not use the AGPL because Google doesn’t like it, I think “working as intended”.

    1. 5

      I think the EUPL is probably the nicest license that Google doesn’t like and compatible with a lot of other licenses.

      1. 2

        Seems like EUPL allows conversion of code into MPL and LGPL, which makes the anti-google point moot.

        1. 2

          https://opensource.google.com/docs/thirdparty/licenses/#european-union-public-licence-eupl-not-allowed

          Google has banned the EUPL on their premises so it doesn’t make it moot at all…

          1. 2

            It seems that the EUPL (v1.1) ban exists for longer amount of time ( https://web.archive.org/web/20170329041441/https://opensource.google.com/docs/thirdparty/licenses/ ), at least before the last may, when EUPL v1.2 was released. And v1.2 seems to allow conversion to permissive licences that google doesn’t mind.

            1. 2

              The EUPL still only allows conversion when being part of a larger project, not simply copy-pasting into another license, IIRC, so I’m not sure how google thinks about that. But atm EUPL is banned at Google.

      2. -1

        If you’re a copyfree fan, I hear corporations are allergic to public domain code too.

        1. 6

          https://opensource.google.com/docs/thirdparty/licenses/ (I think that’s been posted here some time ago?)

          Google is allergic to WTFPL and Beerware, extremely cautious about “just public domain”, and accepts Unlicense and CC0.

          1. 5

            Thanks for the link. I generally never cared about “fun” licenses, and chose to either use public domain, or ISC, but the fact that Google is allergic to WTFPL makes a pretty strong case for it, in my book. I might chose to use it in the future.

            I knew Google didn’t like AGPL, but I don’t like AGPL either, so that was not an option for me.

            1. 2

              The WTFPL can expose the developer to liability. See Dan Berlin’s comment about the WTFPL on HN. He is a lawyer.

      3. 22

        “ These days, Microsoft seems to have turned the other leaf, contributing to a huge amount of open source and supporting open standards, and is becoming a good citizen of the technology community.”

        Good write-up. I’m nitpicking this point due to patent trolling. Microsoft’s patent suits and claims netted them a billion dollars in revenue off Android suppliers while contributing nothing to Android. A number of companies like Microsoft claiming patents on something is quite a threat to a smaller company without a big legal team. Microsoft is doing better on open-source front but are still coercive parasites on patent front.

        1. 7

          There is no contradiction.

          Both Microsoft and Google use open source software as per design.

          Indeed both have their patents, just like many other companies.

          Open source is not Free Software, it’s just a (valuable) marketing tool.
          Whatever the license, it can be useful and well designed, but it spreads no ethics, just brands.

          1. 4

            I’m pretty sure the vast majority of people on this site (especially nickpsecurity) can make the distinction between open source and free software. It’s still nice that M$ is embracing open source, it’s better than nothing.

            1. 6

              I am going to add one thing in that open source doesn’t really work the way it intends to when two, different, legal systems apply to software. The copyright might say it’s pretty open. Then, the patents can be used to remove benefits of open source. The reinterpretation of copyright law like in Oracle API claims can as well. Who knows what reinterpretations of patent law might, too, for those licenses attempting to address it.

              So, I’ve been thinking open source licenses aren’t really enforcing open source. Many are too weak to do that. Microsoft and Google know that. They benefit from it. Others wanting intended outcomes of open source that might contribute for little to no money to those companies’ dependencies often don’t know that. They might not be willing to put in effort that ensures truly open source despite many angles of attack. I don’t think many of us thought on this angle enough. As a result, a lot of code intended to support such positive outcomes may support that or be used to fund predatory agendas that might actually reduce outcomes that open source intended. And free software did better but I’m not convinced the basic licenses handle this level of attack either.

              1. 3

                Exactly.

                @N64N64 I did not intended to correct nickpsecurity: I was trying to expand his argument.

                The point is that corporate open source software should just be considered as good quality shareware.

                It’s usually well designed and all, and you can read (some of) the sources, it works well, but it is designed and distributed with corporate goals in mind.

                Corporate goals that are legitimate in the under-regulated global capitalism that we face, so I don’t want to blame such marketing strategies here.

                But developers should be aware of that before contributing to their projects (or even to projects lead by their employees, if cultural fit is a thing).

        2. 19

          My one beef with these kinds of articles is that they phrase things so that it sounds like Google has a grand plan to destroy open standards, but it may actually be that there are many local decisions that ended up doing it. The CEO of Google probably didn’t reach down one day and say, “Let’s get rid of XMPP”. I think it’s more likely that the hangouts group decided to stop maintaining it so they could compete with other chat products that weren’t restricted by XMPP. This isn’t to say that a trend of this kind of behavior from Google isn’t something to talk about, but probably it’s either something fundamental about how to make money from open standards, or else something about Google’s incentive structure. If you asked Sundar Pichai to stop doing this, he would probably say, “I don’t know what you’re talking about, but we have never made “destroying open standards” part of our long-term strategy.”

          1. 37

            Their intentions are irrelevant; only their actions and the consequences of them matter.

            1. 17

              If the sole intention of the article is to encourage other folks to avoid this pitfall, sure! If we want to also convince Google to stop doing it, then the practical mechanics of how these things actually happen are of vital importance. It’s probably the rank and file that want to do something innovative in order to hit quarterly goals, and are sacrificing open standards at the altar–getting those kinds of people to understand the role that they are personally playing is important in that context.

              1. 6

                You’re right that it’s important that the labor understand what the consequences of their efforts actually are; I think that’s what I’m saying, too.

                It’s also important that other people who are impacted by these actions by powerful actors like Google or Apple or Microsoft, but who don’t work there, understand who is responsible for these social negatives.

                It’s further important, for everyone to understand, that the directly responsible parties for that social cost are the corporations themselves, whose individual human members’ culpability for those costs is proportional to those members’ remuneration. Pressure should be applied as closely and directly to the top of that hierarchy as possible in order to convince them to stop it, in whatever way you can do best. The OP article is addressing the top of that hierarchy in Google’s (Alphabet’s?) particular instance, since they’re a very powerful actor in the space of the Internet and software in general.

                1. 6

                  Additionally, though it may be helpful for third parties to critique actors like Google by having concrete suggestions or perfect empathy for the foot-soldiers caught up in the inhumane machine that Google in some ways is, it’s not the obligation of the victims to make things easy for the powerful. It’s the moral obligation of the powerful to be mindful and careful with how they act, so that they don’t inadvertently cause human suffering.

                  Before any ancap libertarian douchetards weigh in with “corporations aren’t moral entities”, they absolutely act within the human sphere, which makes them moral agents. Choosing to be blind to their moral obligations makes them monsters, not blameless. Defending their privilege to privatize profit and socialize cost is unethical and traitorous to the human race.

              2. 7

                I think it’s more likely that the hangouts group decided to stop maintaining it so they could compete with other chat products that weren’t restricted by XMPP.

                That’s reasonable –by all accounts, xmpp is terrible – but the replacement could have been open sourced. This detail makes it clear that closing off the chat application was intentional. When GChat’s userbase was small, it made sense to piggy back off of the larger XMPP community. When GChat became the dominant chat client, it no longer needed the network effect that a federated protocol provided, and it moved to a proprietary protocol.

                1. 1

                  By whose accounts?

                  The vast majority of “commercial” chat networks are xmpp under the hood, with federation disabled.

                  Being technically poor isn’t why they turned off federation, it’s because federated chat gives zero vendor lock-in.

                  1. 2

                    I believe you and @orib are in agreement when s/he says:

                    This detail makes it clear that closing off the chat application was intentional

                2. 9

                  On the other hand, the CEO of Google could decree that using open standards is important.

                  I agree that this is closer to a natural disaster than a serial killer but an apathetic company doesn’t mean the outcome is better than an actively antagonistic company.

                  1. 9

                    I thought this article was fairly agnostic about how conscious Google’s embrace, extend, extinguish pattern is. This seems like the right approach, as we don’t have any way of knowing.

                    We know from court proceedings that Microsoft executives used the term “embrace, extend, extinguish” (and no doubt they justified this to themselves as necessary and for the greater good). We don’t have the same window into Google executives’ communications, but it seems foolhardy to think that some of them wouldn’t recognize the similarities between Microsoft’s “embrace, extend, extinguish,” and Google’s current approach. Sunar Pichai could be lying to himself, or he could just be lying to us. Either way the particular psychology of Google executives doesn’t seem important when the effects are predictable.

                  2. 11

                    Not only is Chromium itself hard to contribute to, Google has an effective stranglehold on the Web standards process.

                    1. 5

                      Google writes papers about AI, presumably to incentivize their academics with recognition for their work. This is great until you notice that the crucial piece, the trained models, is always absent.

                      while it is true that the trained model is often/always absent, the model is not the crucial piece. the alphago papers only contain some high level outline, but this was enough to cause a dramatic improvement in any other go bot. leelazero is now top professional level, which was completely unthinkable less than 3 years ago

                      1. 1

                        Yes, you can always train your own model… on Google cloud.

                      2. 9
                        Google embraces, extends, and extinguishes

                        Published 2018-05-03 on Drew DeVault’s blog

                        One day later…

                        2018-05-04 18:12 UTC: I retract my criticism of Google’s open source portfolio as a whole, and acknowledge their positive impact on many projects. However, of the projects explicitly mentioned I maintain that my criticism is valid.

                        Now… this is scary.

                        1. 6

                          Author here, emphasis yours. Why is this scary? I was privately shown many counterexamples of Google being a good actor in open source after publishing this post. This does not excuse the rest of their behavior.

                          1. 4

                            I’m not the author of the above comment, but I think they share my view that in light of the rapid retraction, the tone of the post comes across as rather overconfident. I’m not sure why they chose the word “scary”, but something does seem off about making such a wide blanket statement evidently without having done the requisite research.

                            1. 7

                              No I just felt smell of lawyers…

                              1. 1

                                I wrote of Google’s open source from my own experiences, not from research. I admit I should have researched it more, which is why I wrote the retraction. Anyway, I got some confusion from other sources as well so I published another update:

                                Apparently the previous retraction caused some confusion. I am only retracting the insinuation that Google isn’t a good actor in open source, namely the first sentence of paragraph 6. The rest of the article has not been retracted.

                              2. 2

                                I still think it’s a valid criticism. Google’s open source seems to fall into three categories: Projects that exist to drive demand for their core business, and erect a barrier for competitors (Chrome, Android, …), Projects that exist to support the former category, and things that are harmless to the business, but keep engineers happy.

                                Google is big enough that it’s easy for them to embrace one strategy for some projects, and another for others.

                                Full disclosure: I’m an ex-googler, with a decent amount of discomfort about the direction that the web (and, more generally, tech) seems to be taking.

                                1. 2

                                  I definitely agree as far as Google’s own projects are concerned. What was pointed out to me is their substantial and quiet contributions to other projects.

                                2. 1

                                  Sorry… having saw what these companies can do, I felt smell of lawyers.
                                  As Facebook have shown everybody in early CA days, they care about free speech just when what is said conforms to their interests.

                                  I completely agree with your article, btw.

                                  Google (or Microsoft or Apple or Facebook or…) playing as a good actor sometimes does not means they do not embraces, extends and extinguishes.

                                  It’s just a matter of what is in their current interests and long term goals.
                                  It’s a marketing tool, after all: to keep it effective, they must play as the good guys most of times.

                                  However I’d like to read about the counter examples: I already had noticed the trend you describe in the article and got the same conclusions.
                                  Maybe I could stand corrected as you were.

                                  1. 1

                                    I wrote another update which may clarify:

                                    Apparently the previous retraction caused some confusion. I am only retracting the insinuation that Google isn’t a good actor in open source, namely the first sentence of paragraph 6. The rest of the article has not been retracted.

                              3. 4

                                Sending a link instead of a message is no security at all. But it does insure that in order to read the message, the reader needs to step onto the surveillance minefield known as the modern web. Sorry, but no. Let’s not do this.

                                1. 3

                                  none of which, I should add, support any open syndication standards.

                                  Youtube is exposing its channels content through RSS

                                  I agree with the idea of the article, but looks like an over-simplification to me. On the other hand, who really cares as long as the idea is clearly transmitted.

                                  1. 1

                                    If YouTube decides to remove RSS you can always use their API too.

                                  2. 2

                                    The difference I see here, which may be a bit small, is that I don’t think Microsoft was addressing a legitimate problem with any of the standard they did the EEE thing on. The ones cited for Google mostly are.

                                    Spam is a legitimate problem with email, and it’s hard to solve in a way that both makes it easy for people to run mail servers as a hobby and effectively blocks spam for the majority of users.

                                    There’s also some legitimate problems with email that various vendors have tried to solve by emailing links to webpages with the actual content. I’ve seen this pattern a few times for security. Want to send someone a message that isn’t exposed to every email server on the net without making them generate and manage RSA keypairs securely? It’s gotta be on a webpage.

                                    Ditto with AMP - Google’s use of it seems a bit controlling at times, but it is a problem that many sites are way too heavy, particularly for mobile devices on cellular networks. When all the incentives for publishers are to put in one more ad network and one more tracking script, it’s tough to slim things down without a big hammer to swing.

                                    It does seem to be a disturbing larger tend in tech in the last 5-10 years that the behavior of bad actors and dark patterns are pushing things towards greater centralization. Google, being one of the top dogs in tech now, stands to benefit a lot from this. It makes me wonder if there are any architectural changes to the whole system that could make it more resistant to various forms of badness without all of the centralization.

                                    1. 4

                                      Not really, Microsoft always had good excuses for their anticompetitive practices, just like Google. Technology just changes quick enough that many of their “solutions” are themselves considered obsolete now.

                                      1. 3

                                        It makes me wonder if there are any architectural changes to the whole system that could make it more resistant to various forms of badness without all of the centralization.

                                        At least for social networks, requiring federation would be a to mitigate the network effects. It would be great if I could see friends and families Facebook content without me being on Facebook.

                                        Want to send someone a message that isn’t exposed to every email server on the net without making them generate and manage RSA keypairs securely? It’s gotta be on a webpage.

                                        Isn’t it still visible to email servers if you’re using email to send it? It may be an extra level of indirection, but including a hyperlink in an email is not really that clever of a solution.

                                        1. 1

                                          At least for social networks, requiring federation would be a to mitigate the network effects. It would be great if I could see friends and families Facebook content without me being on Facebook

                                          Could be, too bad none of the federated social networks seem to have gotten much traction.

                                          Isn’t it still visible to email servers if you’re using email to send it? It may be an extra level of indirection, but including a hyperlink in an email is not really that clever of a solution.

                                          Suppose so, though fewer. It isn’t a perfect solution, but personal management of keypairs seems to have fallen flat. What cleverness there is is that the website can manage accounts and only show the contents to the registered and authenticated user over a TLS-protected connection.

                                        2. 2

                                          The difference I see here, which may be a bit small, is that I don’t think Microsoft was addressing a legitimate problem with any of the standard they did the EEE thing on.

                                          EEE doesn’t work if you don’t have desired features to encourage uptake of your extended version.

                                          1. 1

                                            Sorry but AMP didn’t solve anything that other tools at google couldn’t solve either. They do have tools available right now that score your webpage for loading speed, performance and mobile friendliness. There is no reason this couldn’t have been used instead of AMP.

                                            While I do agree on that others have “solved” problems on email in the same manner, I’m not aware of any particular solution that caught on. Plus gmail has a significant marketshare.