> As a sole maintainer of an open source project, I was enthused when Microsoft reached out to set up a meeting to talk about Spegel. The meeting went well, and I felt there was going to be a path forward ripe with cooperation and hopefully a place where I could onboard new maintainers.
Seems it isn't the first time Microsoft leads open source maintainers on, trying to extract information about their projects so they can re-implement it themselves while also breaking the licenses that the authors use. Not sure how people fell so hard for "Microsoft <3 Open Source" but it's never been true, and seems it still isn't, just like "Security is the #1 priority" also never been true for them.
Here is the previous time I can remember that they did something similar:
The best advice for open source maintainers who are being approached by large tech companies is to be very wary, and let them contribute/engage like everyone else if they're interested, instead of setting up private meetings and eventually get "forked-but-not-really" without attribution.
I agree, after this happened to me I learned of a few other situations where the same thing happened to other friends.
On my end if was a mix of naivete and flattery which made me want to take the meeting. I suspect it is the same case for others. I will not make the same mistake the next time it happens.
Well your license is only as good as you are able to enforce it. Even with the law there is no guarantees.
I grew up thinking that people would follow the spirit of open source rather than the specific letter of the law. This is obviously not true, and probably never has been.
No license stops someone from spinning off an OSS project into their closed-sourced enterprise offering. It's just sad that most corps see nothing wrong with this
The GPL (and AGPL) are easy to comply with for a corporation, or anyone else really. Just redistribute your modifications under the same license, and ensure users can run modified versions on devices you distribute and you are done.
Were folks under the impression there were other options for license violations? Your comment implies that a lawsuit being the only recourse to enforce a license renders that license moot.
Some people just hoped that picking a corporate-unfriendly license would be enough of a deterrent by itself, because most folks can't actually afford to sue. But infringers, big and small, are increasingly realising that these licenses are toothless by themselves, they need to be backed by money.
I don’t disagree with any of that, I think the challenge is certainly the costs of enforcement. For GPL licenses anyway (I realize the OP used the more permissive MIT license) I think their is (or there should be) a non-profit foundation established to collectivize the funding and legal actions necessary to support open source projects in these kinds of scenarios. Certainly, pursuing license violations in a manner that maximizes awareness and makes examples out of violators should prompt others to reconsider their actions.
> I think the challenge is certainly the costs of enforcement.
IMO, this is fundamentally a mismatch between how software is developed in practice and how copyright works.
If software was like a book, where it's finished and published once, then simply registering it with the copyright office would be all anyone needs to do: up to $10k/copy statutory damages is a stiff enough deterrent that few large companies would want to take the risk. And even if they did, it'd be easy to find a lawyer to take the case on contingency.
As a non-lawyer, that doesn't seem to match nearly as well with software as a constantly evolving work. But I'm not an expert - maybe periodically submitting versions is enough.
Software Freedom Conservancy are the most visible GPL enforcers these days. The FSF probably does some enforcement too, but doesn't seem to talk about it as much.
> For GPL licenses anyway...I think their[sic] is (or there should be) a non-profit foundation established to collectivize the funding and legal actions
Hence my thinking there is. I kept thinking EFF for some reason, but I knew that wasn't right. EFF are the ones who consistently predict which anti-privacy/anti-consumer laws will definitely get passed.
Don’t entertain meetings without compensation from megacrop. But the project is open source. The author provided the right for them to take it in any way possible and copy it. If I’m not mistaken the MIT license allows what they did.
I’m assuming the complaint is more about Microsoft duplicity in asking for information as opposed to the forking of the code. The latter is fine - the license explicitly allows it.
The "notice" is the literal license file. It is illegal to strip someone else's license from their work. It doesn't matter that they replaced MIT with MIT, because they stripped the author and attribution from it.
Peerd seems very different from Spegel, so Microsoft does hold quite a bit of copyright over Peerd.
Now I genuinely wonder if the main LICENSE should say "copyright Spegel and Microsoft", or if somewhere in the repo Microsoft should just have a copy of the Spegel LICENSE file?
a) Keep any code that you've pulled in from another project in its own directory structure with a license file indicating where it came from and its licensing terms.
b) If you intend to modify the code or integrate it more tightly with your own, copy the notice into each source file that was taken and perhaps put a pre-amble along the lines of "Portions of this file were copied from XXX under the MIT license as follows:". Ideally you would make a commit with the file in its initial state as copied, and then if you ever need to determine what came from where and how it was licensed, it shouldn't be too difficult.
Generally, what I take from this discussion is that what you want to do is get as much inspiration as you want from the code, but absolutely rewrite it from scratch such that it is yours and yours only.
What you're proposing, updating the license file to list the authors, is a pretty common way to do this. It does mean that the code is mixed a bit, so it would be hard to split who owns what, but this is only relevant if one of the copyright owners wants to change the license (as they can legally only do that to the code they own).
It looks like they relatively recently migrated the entire codebase from Apache to MIT. I wonder if that was in relation to pulling in code from Spegel. They updated ~every header.
> The best advice for open source maintainers who are being approached by large tech companies is to be very wary
Drop them a consultation fee in the thousands per hour, get something out of it at least. If they're going to reimplement your project, there's absolutely 0 you can do, they will just hire an intern and tell them the requirements for what you have built without having to meet you, ask them for expenses out of your day covered.
Yeah. I remember the big hoo haw on here a few years back that Satya turning up was the table turning event that would fix all evils. Literally rainbow unicorn shit levels of brigading. I got downvoted to oblivion for suggesting we hold off judgement.
Adding the copyright notice to be in compliance, does not change the fact that the author has chosen a licence that allows anyone, including Microsoft, to do whatever they feel like, without giving back.
So eventually, with this bad publicity, they will add the copyright notice, and move on with whatever else they are doing, in full compliance.
Not arguing for Microsoft, rather the fact that people put out MIT licenced stuff out there, or similar, arguing how bad GPL happens to be, and then get all up in arms when companies do exactly what the licence allows for.
Microsoft might not have fully complied with the licence, adding the copyright notice to fix that, won't change a millimeter from what they are doing.
I don't disagree with the general point but in this case we're looking at what (seems to be) a blatant copyright violation. It would not be any more or less of a violation if the infringed license had been a more or less permissive one, because the license has not been followed.
Sure, the MIT is very permissive so it's very easy for Microsoft to correct their repository so that it's in compliance for the future, but they cannot correct the past. (Unless the original authors allow for it.) The MIT license, being so short, does not have a provision about curing infringements.
So Microsoft seems to be ok with the risk of being sued for infringement etc. That's not something you can correct with your personal decisions as author.
The point is that the author would not really be much happier if Microsoft had added a few lines admitting substantial portions of code were taken from Spegel. They probably will do this, but I doubt he will be satisfied with the result either way.
The comment above, which I mostly agree with, is that the point of the MIT license to permit anyone, including large corporations, doing this kind of thing. Since this doesn't seem like an outcome the author is happy with, maybe a different license would be better.
That doesn't mean that they would have completely ignored all implications of any other license. The author of the code chose a license that explicitly allows exactly what happened, other than Microsoft did not include a text file that nobody is going to read.
Everybody claims they removed the author's copyright notice. I checked many source files in Spegel, and none of them contain an MIT header with copyright.
I don't think Microsoft removed the copyright notice. I think that the original author did not add one...
Why are you doing this? Posting in a way that suggests purposely confuses/obfuscates the difference between the general concept of a copyright notice and the practice of putting a copyright comment at the top of every file in a project, then immediately get corrected, then post basically the same intentional misunderstanding on someone else's comment elsewhere in the thread.
You:
> I don't think Microsoft removed the copyright notice. I think that the original author did not add one...
Direct quote that from the file containing and requiring the copyright notice in derivative works that was not included in Microsoft's fork. This was also included in a comment which you have replied to:
> The above _copyright notice_ and this permission notice...
You have the timing wrong, I did not do that in the order you suggest :-).
I thought people were saying that Microsoft removed the copyright headers and replaced them with them, which they did not.
Microsoft replaced the LICENSE for the whole repository with their own, and thanked Spegel in their README. While this is some kind of attribution, it's not enough for the MIT LICENSE. I don't know exactly what would be good enough, I think having a copy of the Spegel LICENSE file somewhere in their repo would be enough (though possibly less visible than the line in the README, to be fair).
My overall point is that it feels like people are complaining a lot about what seems to be an honest mistake. And not just that: the way Peerd did it is arguably giving more visibility to Spegel than if they had just copied the licence somewhere in their repo. Peerd could possible just copy the licence somewhere less visible and remove the link from their README.
The file titled LICENSE contains a copyright notice. That's what a license file _is_ in the context of software a LICENSE to use someone's COPYRIGHTed software. You must abide by the terms under which you are granted the license, otherwise you don't have access via the license, and are thus violating the copyright. They aren't two unrelated concepts.
Anything else is noise, they violated the license. They blatantly copied copyrighted works. They can't "oopsie" that away or claim it as a mistake, honest or not. You simply are not allowed to do that.
Suggesting that they "could possible just copy the licence somewhere less visible and remove the link from their README." is wrong. They MUST include the copyright notice and the rest of the license. They don't get to choose whether or not to respect the license. And they don't need to remove the link, That's got nothing to do with the copyright issues. No one at Microsoft thought that call out was somehow the legally required attribution clearly explained in the MIT license.
> Suggesting that they "could possible just copy the licence somewhere less visible and remove the link from their README." is wrong. They MUST include the copyright notice and the rest of the license.
You do realise that those two statements are not incompatible? If they include the licence somewhere less visible and remove the link from their README, they are still including the copyright notice and the rest of the licence.
The MIT licence does NOT say that you MUST have it at the root of your repository in a file called LICENSE. It does not say that you must clearly identify the parts of the code for which you don't own the copyright or anything like this.
The part I was indicating was incorrect was your usage of "could" It's not something they "could" do, it's something they MUST do.
Like saying I choose to not be the richest person in the world. Sure it could be technically true, but the statement is incorrectly implying that it's up to me, or within my power to make the alternative choice.
It's very strange that you keep using these intentionally awkwardly phrased, misleading-adjacent statements.
The rest of your comment is attempting to refute something no one made a case for in the first place, which coupled with the rest of it makes it seem like you are just trying to argument-bait, so I'll tap out here.
> It's not something they "could" do, it's something they MUST do.
Well, maybe I just can't English :-).
They must include the copyright notice and the permission notice. Now I can imagine different ways to achieve that. They could use one or the other, as long as what needs to be included is included.
Depending on how they do it (while staying in the realm of what they MUST do, i.e. include the copyright and permission notices), it gives more or less visibility do Spegel. My point was that linking to Spegel in the README arguably gives more visibility to Spegel than alternatives that they COULD choose. And to make it very very clear: what I consider alternatives that they COULD choose are those that honour the licence.
They removed the attribution to the original authors and replaced it with their own name. So the copyright notice is not preserved. They could comply with the licence by adding back that attribution.
I've been downvoted for it before, but I still say that permissive licenses are charity to megacorps. If you want your work to get turned into a proprietary program without any compensation to you, use a permissive license. If you want to at least have a chance they'll contribute back & maybe pay you for a proprietary license, pick a free-software license.
If you pick a corporate charity license, don't act surprise when corporations take the charity!
> Seems it isn't the first time Microsoft leads open source maintainers on, trying to extract information about their projects so they can re-implement it themselves while also breaking the licenses that the authors use.
Can’t they just read the source themselves? Why do they need the maintainer?
It's very similar to being on the receiving end of what purports to be seeking an acquisition.
Both myself and my other half have separately been directly on the receiving end of the "brain rape" by major companies that everyone here will have heard of, both of which went nowhere except for the supposedly interested acquirer to become ever more angry that the crown jewels were simply not offered up on a plate.
This situation is surprising in that he did get an acknowledgement at all. These companies are not good actors, and have a casual disregard for the IP of everyone else that should be immediately obvious.
Generally a court likes for a plaintiff to try to resolve a dispute before suing. The author should contact the Peerd team at Microsoft and point out that they seem to have overlooked their obligations under the license. Only if they refuse to do anything would it be worth considering a lawsuit.
Yeah, at this point I feel .NET could benefit from being made into a proper marketed as independent foundation (and not the failing .NET foundation that does very little).
Because all these actions will get associated with .NET teams even if the latter go to great lengths to collaborate with community and ensure that new feature work does not step onto the toes of existing popular community libraries (for example Swashbuckle or eventing/messaging framework that was postponed/cancelled not to interrupt the work of other libraries including MassTransit, which is a bit ironic as MassTransit went full commercial later).
I'm curious why are you still maintaining the first one where it clearly links to Miguel's comments who is less than fond of .NET nowadays and is advocating for Swift of all things? Moreover, it speaks more of the tools teams management and management outside of .NET than .NET itself and you should be very well aware of that. It's been a link people repost ad-nauseam here with no constructive dialogue whatsoever whenever .NET is suggested as an arguably better tool for solving problems it's good at solving.
I'm only pinging you because I think a couple of days (or weeks, even) ago you or someone else mentioned it is open source (?), so I was wondering what's going on.
.NET is open source and people working on it go into great lengths to ensure it is a good citizen to open-source projects and communities. It has been open source for almost 10 years damn it. All in all what other divisions or teams do is greatly unfortunate because it will get associated with the aforementioned. Personally, this annoys me because other languages like Go or Swift do not receive the same criticism for the bad practices their respective companies engage in. Go in particular.
The hot reload drama was real, and the decision was backtracked. The rest? I don't think it has any relevance as of today. Many other languages have worse situation when it comes to tooling. Right now, in .NET you can use Visual Studio, Visual Studio Code or any of its forks, Rider, which is now free for non-commercial use, and also Neovim/Emacs/anything which supports LSP and DAP.
Hot reload in general is difficult to make work in something that is mainly compiled, for example it does not work with F# right now, but there is someone in community working on making it a possibility. It's regular activities you'd see in other ecosystems.
E.g. I think NetCoreDbg, as an alternative to closed vsdbg that has usage restrictions, works well enough to fully enable the standard workflow when using VSCodium/Cursor/Neovim/etc. I know people use the latter with both C# and F# without sacrificing user experience in comparison to languages like Rust. It's just text editor, language server + debugger integration and CLI. You would hear about "refactorings" and "advanced features" from those who are used to more IDE-like experience provided by VS or Rider but, for example, many refactorings are also available in VSC/VSCodium because they are just a feature of the language server based on Roslyn analyzers and auto-fixers. It works with anything that integrates that and the language server itself ships with SDK to my knowledge.
All in all, the tooling situation is pretty good with multiple IDEs, commercial and community tools offered to be able to program in .NET languages, most languages HN loves to sign praises to do not have this. The same applies to GUI frameworks too - it's funny to read how .NET is "anti-linux" because out of AvaloniaUI, Uno, MAUI and a bunch of smaller libraries MAUI does not happen to target Linux. Some people just like to hate something, and if the reason for that goes away they come up with a new one.
Billion dollar companies are not hanging out with you to be your friend, even if you're at the table for a reason (you belong there because you know something they don't).
When speaking with big companies, you are not there to impress them.
Speak for impact + meaning, they are so big and brilliant and rich and should already know how.
There are examples where a large corporation simply sponsored the developer and development of an open source project. This should be the way.
The most depressing thing about such behavior from MegaCorp is that they are too lazy to even pretend to care. We meet lots of people in life who would appear sincere, talk sweetly etc, but it is all just a show, just acting. Now it is a different discussion on which is worse (acting like you care or just flat out being a dick) but acting takes some effort. These companies with near infinite money can't be bothered to even put in the slightest bit of effort - how much effort would it be to give a shout out to Keivan when they copied AppGet to make WinGet?
There's also WSL, .NET Core, they own GitHub and continue to host a lot of stuff for free, and more things I'm forgetting. I think the IDE was the least of it frankly. People do seem a bit too gullible because all of these things serve Microsoft's bottom line more than it does open source developers' (isn't it nice that we can now run Linux things right in Windows? How convenient that you don't need to dual boot and boot out of Windows rather than using WINE to run Windows things on Linux..!), but to say that it was all because of the electron IDE version named after a much better IDE is misrepresenting the situation
I think this behavior stems from how big companies do performance reviews and promotions for developers.
Contributing to someone else's open source project is for schmucks and juniors. Authoring a "new" open source project in the company's name, getting recognition and solving problems is seen as "leading the industry" and whatever other wankery sophistry they come up with to try to motivate employees with.
If a megacorp wants your help to explain ANYTHING to them, you better be paid handsomely per hour. Wtf are people doing charity for trillion dollar empires.
It's also very possible they had been working on it already and wanted to compare notes, I certainly would if I were working on something internal and found a similar project, but I agree, ask them for a consultation fee. I don't see why they wouldn't pay it.
Both projects also share in license, so I have less of an issue with it personally. They're both MIT licensed.
It seems like a pretty minor violation, to be fair. They do reference the project in the repo.
The real question is why did the author choose MIT if they didn’t want allow mega corps to benefit from their work without contributing back. That’s a feature of the license, not a bug.
It's not a "pretty minor violation", that's the only condition of the MIT license.
Yes, they mentioned Spegel, but only to thank the authors for "generously sharing their insights" -- that's not even close to the required statement that part of the project is owned and copyrighted by the authors of Spegel.
Ok, so MS will see this thread and re-add the missing header to a few files.
You really think the author is going to then feel 100% better about it?
They are just another data point in the long list of authors who chose a permissive license and are then shocked when a billion dollar company takes advantage of it.
I can't speak for the author, but I when I release code as open-source I think carefully about the license that I use (usually either MIT, GPL, or CC0). If I choose MIT, then it's because I'm fine with companies "taking advantage" of my code. I'd probably mainly feel glad that I created something useful to someone.
What I'm not OK with is a company doing that without attribution. If XYZ company's product is built on code I wrote, I want to be credited -- both so that I can show it to potential employers, and so that users of XYZ company's product are aware that some of the code in it is something they can use for free and modify for their own purposes. If the attribution wasn't important to me, I would have chosen CC0 instead of MIT.
So yeah, if I was the author, I'd probably feel a lot better about if MS re-added the correct attribution. I'd probably still feel miffed that they tried to pull one over on me in the first place -- but I wouldn't be offended by the fact that they're using my software.
There's a difference between what the license does/doesn't allow and what is/isn't a dick move.
MIT is commonly used for cases where you don't want to scare away potential corporate USERS by the "virality" of something like the GPL. This does not mean that the authors are completely fine with their work being repackaged and DISTRIBUTED as if the company wrote it themselves.
If I write something useful and convenient for people, something that makes peoples' lives better, it's probably not going to see a lot of use realistically speaking. I'm not out there making a name for myself, I'm just doing some stuff.
If Microsoft takes my code, turns it into a separate project with a separate name, distributes it as part of their own commercial offering, uses it in their marketing... great! It means that my ideas are making people's lives better. Yes, it's enriching a giant soulless megacorp who, at a high-level, does not actually care about how people feel and only cares about making money off my work, but I care about how people feel, and if it means that my work gets to make people's lives better then that's great - I wasn't going to make money off it anyway, so I lose nothing.
Unless they take implicit or explicit credit for what I made. I don't need my name on the marketing or an invitation to a launch party, but at least make a note in the docs somewhere that "this project was forked from ...." so that I can point to it and say hey, look at this cool thing I helped make happen.
I guess what would really irritate me, when it comes down to it, is not that the giant corporation did this, but that the individual developers did this - some dev out there found my project, decided to use my code, and made the conscious decision to strip out my attribution and claim it as their own. That's what would actually hurt.
I mean, the author understands the MIT license, and is upset that the terms of that license aren't being honored. If I were them, I would absolutely feel better getting credit where credit is due.
If they wanted a less permissive license, they could have used one.
That seems to be exactly the thing they are complaining about:
> Spegel was published with an MIT license. Software released under an MIT license allows for forking and modifications, without any requirement to contribute these changes back. I default to using the MIT license as it is simple and permissive. The license does not allow removing the original license and purport that the code was created by someone else. It looks as if large parts of the project were copied directly from Spegel without any mention of the original source.
Can you share what you think the author is really complaining about?
> Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that".
Hacker News. Temporarily embarrassed billionaires who want to vouchsafe evil behavior in case their own future offers them an opportunity to steal from the community on a similar scale.
If you lose open source you lose a major resource. You should be looking for ways to protect these authors instead of explaining how "technically it's all actually their fault for being generous in the first place."
Ah yes, “temporarily embarrassed billionaires” — spoken by someone defending billion-dollar companies blowing past the only condition of a permissive license, then getting mad when people point that out.
You don’t get to posture as anti-corporate while handwaving away an actual license violation just because the license was permissive. That’s not protecting the community - that’s making it easier to exploit. You’re not railing against theft, you’re normalizing it.
Either the community’s rights matter, or they don’t. Pick a side.
> It seems like a pretty minor violation, to be fair.
Quite the contrary. The licence does not have many constraints, but this one is important. Volunteer developers let their code being used in closed source commercial programs. Recognition is the only thing they expect and the whole point of the licence.
It is literally the only violation that the license is concerned with therefore it is major!!!
MIT and BSD type licenses say you can do almost anything you want, but just don't plagiarize, because that would be intellectual misconduct.
In addition to not just removing the copyright notice from sources, the MIT license requires the copyright notice to be present in all derived works. It makes no mention that if you compile a program, the binaries don't have to have copyright notices.
People here keep saying that they removed copyright headers. I can't find a single copyright header in the Spegel source files. Can someone help me find which headers Microsoft actually removed?
What I see is that Microsoft added headers to their Peerd files. Now they read "Copyright Microsoft", which is correct because Microsoft owns some copyright over those modified files. If those files had had a "Copyright Spegel project" before, Microsoft should have kept it and added their own. But those files did not contain such a header as far as I can see.
Right. So Microsoft should just have a copy of this LICENSE file somewhere? Can't we just open a PR to add it to the repo? Did the author do that and did Microsoft decline the PR?
Feels like Microsoft was not necessarily trying to steal work (they link the original project in their README).
It needs to be present in the headers of each file that they took from. Attribution matters and in mixed projects you need that clarification at the file level.
Does the MIT licence text say that? I don't understand it like this. I understand that a copy of the licence should be preserved, not that the licence should be copied into source files.
I think the fork needs to preserve the LICENSE file in the repo and in distributed code (e.g. packages), right? But not replicated as a file header in every blessed file in the repo.
The author talks about changing his licensing as the only stone he can throw.
As I understand it, changing the licensing will do nothing to affect the fork Microsoft already made. It might affect the next megacorp from doing the same thing in the future, but Microsoft can keep working on their fork without giving it a second thought.
This is for sure a cautionary tale for every open source contributor. Choose the original open source license very carefully.
Edit: Might I suggest that when picking the original license, you try to imagine how you might feel if the company that you hate the most (could be Microsoft, Google, Amazon, or other) does the most extreme thing allowed by the license.
They might not be able to copy new code, but you can't stop them from fixing bugs that you also fixed, or adding similar new features as you (using code they wrote after carefully examining what you did).
Microsoft got tremendous value for free by forking. Which makes the obligation to deal ethically and honestly very serious.
You don’t get to take something from anyone without meeting the terms they have set for you to take them. That is theft.
(For clarity, I am saying theft of a right. As it does negatively impact the original creator, in terms of competition and lost attribution to the code they wrote, and Microsoft is not paying the “fee” that taking that right depends on.)
And no third person can can ethically speak for the source of the value and state that it’s no big deal for another party to break some part of a contract/license.
How do you know how much this aspect of the license impacted the original creators decision to share their work, their choice of license, or how they feel and and practically impacted about it now!
In this case, we know they clearly feel the violation was harmful to them at some level. They were snubbed, their work left unacknowledged, while Microsoft leached off them, even though doing the right thing would cost Microsoft essentially nothing.
Please don’t socially absolve the powerful from bad behavior toward smaller parties. That’s bad faith, after the fact, and you are not even benefiting from your own disrespect for the license. Always support the (credibly) injured party.
As for offenses against you, you have every right to be generous and overlook those.
(I once took a year sabbatical to work collaboratively on a project, with the presumed (based on what was a clear discussion to me) attributions being a key factor in me deciding it was worth the time and effort, when other factors made that a difficult decision. Only to have my attribution expectations unfulfilled, and no attempt was made by other parties to work things out. The situation was fraught enough that I couldn’t but help feel bitter about it for some time. I am long over it, but I would certainly take the year back if I could.)
The other thing is that Microsoft does not own the copyright for any of the code they used. Facing their work on code they don’t own the copyright to is incredibly messy from an IP point of view.
It’s why con contributor licenses agreements exist in most open source popular projects.
You don't understand my point (probably my mistake).
If the file starts with:
// <MIT header>
// Copyright evantbyrne
Then a fork should read:
// <MIT header>
// Copyright evantbyrne
// Copyright Microsoft
But if you did not add "// Copyright evantbyrne", the MIT license doesn't say that Microsoft should add it. I don't even know if it's legal for Microsoft to do it. You have to add your own copyright to the files where you own a copyright.
Right. So they should just copy this licence somewhere in a subfolder, saying "parts of this project derive from Spegel, with licence: <copy of the licence>"?
They can still do it now, and probably they should (someone can even open a PR?).
They have to say what code where is copied from the other project. It can't just be "parts", because that obscures the authorship.
You can open that PR, if you care to identify which parts were copied and label them all. Really, the people who copied the code in the first place should have done so, and really should have known better, given they work for a massive corporation that claims to love open source and has had a massive interest in copyright over the past three decades. It's not just a "mistake", it's unacceptable for a professional programmer for a corporation to take code from a FOSS project without crediting it. That's a level of incompetence bordering on malpractice for a profession that deals so heavily with copyright on a day to day basis.
edit: According to the MIT license, the notice itself just needs to accompany the code, so I was wrong about the specificity needed. Still, it does mean that any further forks would be unable to remove the license without personally identifying if all the original code was removed. It's always better to identify what code belongs to who.
> It can't just be "parts", because that obscures the authorship.
Wait. When I contribute to an open source project without signing a CLA, I keep the copyright over the lines I contributed. Still, I don't add a comment above every single line saying that it belongs to me. Nobody would accept such a contribution. Even for fairly big patches.
Are you saying that every single open source project that does not make contributors sign a CLA is doing it wrong?
Nope, I made a mistake there. It's good practice, when copying code from software with a different license, to call out what code is copied from where, but such a thing is not mandatory.
I'd say one of the things you have suggested. Copying the license file from spegel into a SPEGEL_LICENSE file in the repository would be sufficient. So would be actually crediting the project properly in the README with something like "portions of this code were taken from the Spegel project, under the MIT license" with a following copy of the MIT license.
You could open the PR and it would also be faster than writing all these comments here about opening a PR.
That's not the point, it is not the author's duty to do that and him pointing out Microsoft's wrongdoing is meaningful at least to me because I will be more cautious if I'm ever being approached in a similar way.
> Microsoft's wrongdoing is meaningful at least to me because I will be more cautious if I'm ever being approached in a similar way.
That's the thing: Microsoft approaching the author has nothing to do with the wrong attribution. And I am not sure if the original author here is frustrated because of the wrong attribution or just because they would have hope money and fame from the fact that Microsoft reused their code.
Because it's not like Spegel lacks visibility (given the numbers they shared in the article), the link on Peerd's README is probably not bad for Spegel, and the attention here is publicity again. Probably infinitely more than if Microsoft had done the attribution correctly.
The MIT license does not seem to dictate the exact location of inclusion. Logically, I would think you would want to associate it with the specific parts of code that you are copying. In the past, I've listed licenses together in the root license file for forks, and other times when the included code was a minor part of the overall project placed forked licenses within impacted files.
It may not be perfect for all cases (e.g. if some sort of dependency is linked but not present in the source tree it is naturally not really accounted for by Debian copyright files) but then there is always the options of either adding copyright information to every source code file (I don't like that style for redundancy but it is for sure a very clear way to do it) or to hand-craft a human-readable variant similar to the Debian approach but less formally.
In any case it seems that nothing is new aobut this and developers working with FOSS software should very well be aware of these concepts.
The number one rule about creating clean source (and IP) is not to look at competing implementations / patents. Was drilled in to me by legal over the years to avoid such issues. Really easy to unconsciously incorporate ideas from other projects.
This is not that though. Seems to be exactly what the maintainer is asserting and that's not OK. :/
It's not the money, it's the red tape. Setting up a new vendor, finding the right account, getting the PO approved. Even in a company where that stuff is relatively easy, it's way more friction than a simple meeting where you don't have to ask anyone for permission for anything.
The person that wanted to setup the meeting likely has no budget control. Big corps like to keep the ability to pay for stuff out of the hands of individuals and isolated in bureaucratic nightmares.
You'd be more than reasonable to demand "$1000/hr with 1 hour minimum" for such a consulting and I'd see HR in MS doing an immediate "hell no" to that.
One of the prerequisites for a successful negotiation is the willingness to walk away. This applies to both sides. I did consulting for a few years, years ago, and you'd be surprised what people are willing to pay. You'd also never know that unless you named your rate and were willing to walk away. I'm pretty sure any manager at Microsoft could easily swing a couple K. The main complication would be that this wouldn't be just a "meeting" then, and you'd need to set up a contract etc. Not insurmountable, just onerous and time consuming. So I'd insist on a much larger minimum, and would be willing to trade that for a lower price.
> you'd be surprised what people are willing to pay.
At least in my company, it very much depends on who's initiating the meeting. If one of our VPs did, then easy, any amount could be approved. However, if it's a team lead, we'd be told to pound sand.
I assumed other companies would be pretty similar.
But realize, that from the standpoint of the OP someone who can't swing a couple of K also can't swing a couple hundred thousand K _per year_ to hire more contributors or provide other funding to the project. They are, therefore, completely pointless to talk to - the decision makers won't be in the room.
> Big corps like to keep the ability to pay for stuff out of the hands of individuals and isolated in bureaucratic nightmares
I'd say my experience is exactly the contrary. Middle managers in my experience in mega corps have a lot of expense latitude for these kinds of things, expedited approvals, corporate credit cards. At least in the finance and tech world.
Could very well just be my company that's jaded me a bit about spending along with the work I did at HP. Both have a pretty strong penny-pinching attitude for common employees and lower-level management.
This is not an HR decision. This is a Director or VP decision in the relevant business line... BUT those guys can absolutely be 'canny' enough to suggest trying to get the person to do it for free first.
Their trackrecord is such that if I got a similar call my first question when possible would be how I was being reimbursed. They are welcome to fork anything of mine if they observe the license attached. I will take a look at any PR. I will NOT spend time explaining anything to their engineers unless reimbursed at my regular rates.
Blatantly copying the code without proper attribution is a violation. Regardless, it's not your issue to be OK with it, if the author himself is uncomfortable with it
> Blatantly copying the code without proper attribution is a violation
Except that they did not do that. They forked it (as the MIT licence permits), added an attribution to their README, and added their own header to the files with their own copyright. It's not their fault if the original author did not add a header in the first place...
Or where do you see that they actually removed a copyright header from the author? None of the source files I checked in Spegel have one.
MIT license requires attribution, not "a copyright header". It's not concerned when headers, or with sources being pristine, but with people being credited. If I release my software MIT-licenced, but don't have copyright headers, you are not free to copy files without crediting me.
And no, their note in the readme is not an attribution. It's thanking them for "sharing their insights", which in no way is code attribution.
Microsoft violated copyright here, bar none. There is no other reasonable interpretation.
Maybe they will, maybe they won't. I refuse to believe that Microsoft doesn't understand how attribution, copyright, or open source licenses work, though. I believe this is a mistake, but it's a very egregious one that showcases a lack of respect for the communities that Microsoft is exploiting. This mistake should not be possible from an entity like Microsoft.
Maybe the engineers did not go through a 12 months process with their legal department and did it wrong.
And with the bad publicity coming back to Microsoft, maybe those engineers will now understand that they should just avoid re-using open source projects when possible. And the next HN post will be about "BigTech reinvents the wheel in order to have control".
We're all nitpicking here: they mentioned the original project in the README. Peerd is quite different from Spegel, it's not just a copy with a small patch.
Sure, they should do it right. But really, a polite, small PR fixing that would probably be a good first step.
You don't need a 12 month process with a legal department to not take code without giving credit. This is not untrodden ground.
> they mentioned the original project in the README
They thank them for their "generous insights". That's not the same thing. If I take chapters unmodified from Harry Potter and thank Rowling for her "generous insight", that's still not okay.
> Peerd is quite different from Spegel, it's not just a copy with a small patch.
Nobody said it was. It does, however, copy functions and other entire blocks of code with comments directly from Spegel without giving attribution. That is wrong. That is plagiarism.
> You don't need a 12 month process with a legal department to not take code without giving credit. This is not untrodden ground.
Well, I have been in big companies where it takes a lot of time for the legal department to check those things. Not because it's fundamentally hard, but because the queue of things they have to do is pretty big.
> They thank them for their "generous insights". That's not the same thing.
Sure, it's wrong. But it's not "purposely stealing without giving any credit at all" either. It feels like an engineer did that, tried to give credit and did it wrong. And now we go on and on saying how this engineer is evil.
It's not that an engineer is evil, it's that this mistake should not be happening in a company like Microsoft. It's professionally incompetent at the very best. No trained and professional programmer should be accidentally plagiarizing code.
Your argument is fairly asinine. When you fork an open source project under the MIT license you have an obligation to include the original license in all copies or substantial copies of the code. The author of the fork may also sublicense, which allows them to add new terms to the license, but not remove the original license.
Forking and/or copying files from the Spegel code base into the Peerd code base is permitted, but since the Spegel code base had a single license file covering the entire repo, then the onus is on Microsofts engineers to update the code they copied and include the original license terms, for example, by including something like:
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
// Some code Copyright (c) 2024 The Spegel Authors, under MIT license
If your argument is that they aren't required to do this because the original code didn't have a license header in the file, then it would follow that you are arguing that the MIT license doesn't apply to the code that was copied, in which case Microsoft is using unlicensed code stolen from an open source project.
While I haven't worked at MS specifically, I would assume that like every other tech company I have worked at, they have a team or working group that specializes in adherence to open source licenses specifically to avoid both the legal implications and the bad PR implications of misusing open source software.
The details are less important. The code that is copied needs to be attributed, either with comments, or a license file that states which files came from the project, or something else, but the specific code does need to be recognizable by a reader as coming from that other source. Comments and copyright headers are the easiest way to do this.
Still, to me it's not even clear if "substantial parts of the code" were copied. What the article shows is really small snippets of pretty generic code. Ok, it keeps the original comment and the overall form. But if it's 15 lines, it may even count as "fair use", couldn't it? Remembering how LLMs use the concept of "fair-use" by stealing everything everywhere...
My point is that Peerd seems like it's loosely based on Spegel. Maybe a fork that was heavily modified. Not sure if they should track all the code that looks like it was not modified enough and attribute it everywhere.
Probably they should keep a copy of the original LICENSE file somewhere, sure. And if one asks politely, maybe they will do it.
Again: they did credit the original project. So it feels a bit aggressive to say that they "stole it without giving any credit".
> Still, to me it's not even clear if "substantial parts of the code" were copied. What the article shows is really small snippets of pretty generic code. Ok, it keeps the original comment and the overall form. But if it's 15 lines, it may even count as "fair use", couldn't it? Remembering how LLMs use the concept of "fair-use" by stealing everything everywhere...
Fair use allows for commentary, news reporting, criticism, teaching, research, and scholarship and there are guidelines. Most cases where fair use is sought as a defense requires litigation to clear it up. The other alternative when forking an extremely permissive MIT license is to just follow the license.
> Probably they should keep a copy of the original LICENSE file somewhere, sure. And if one asks politely, maybe they will do it.
They are required to do so by the original license of Spegel. Does Microsoft ask politely when people violate MS licensing by say, pirating their software, or do they work with 3 letter agencies and a massive enforcement team to ensure their licenses are followed?
> My point is that Peerd seems like it's loosely based on Spegel. Maybe a fork that was heavily modified. Not sure if they should track all the code that looks like it was not modified enough and attribute it everywhere.
Yes. Every other tech company I have worked at, including Mozilla, a company that publishes almost everything they do as open source, has had folks dedicated to ensuring license compliance.
> Again: they did credit the original project. So it feels a bit aggressive to say that they "stole it without giving any credit".
They didn't provide credit in the way that the license requires. This isn't a case where a new community member forked or copied code into their first open source project. This is one of the biggest companies in the world with a well-known history of taking and using OSS without proper attribution. I like and use many MS products, but they absolutely do not deserve the benefit of the doubt.
> This isn't a case where a new community member forked or copied code into their first open source project. This is one of the biggest companies in the world with a well-known history of taking and using OSS without proper attribution.
Next time you work in a big company and you feel that the legal department is a PITA and slows you down, remember how people react when they are not, like here :-).
I don't know why you are trying so hard to carry water for a team of engineers at a company that has the history to know better.
The team that built peerd had the good sense to consult with the author of Spegel before moving forward with their project. A simple note to their business line lawyer (or whatever they call them at Microsoft) at work to say "hey, we are going to use some of this code from this open source project, what do we need to do?" would have taken less time and effort than setting up the meeting with the Spegel person/folks. That is assuming there isn't an easy to find page on how to consume open source software on Microsoft intranet. Every major company I have worked for (HSBC, Mozilla, Amazon, Fastly, Cisco, to name some) has had this going back to 2005. This isn't rocket science.
You also don't need to be a legal expert to comply with most open source licenses, and the MIT license in particular is really easy to comply with. Just copy the code, and whatever file you copy the code into gets an attribution comment at the top.
I'm all for going against leadership when they purposely abuse people (like Zuckerberg telling his engineers to torrent copyrighted data for their LLM).
I would be in favour of checking what small companies do with licences. In my experience, the vast majority of startups blatantly abuse open source all the time.
But here it seems like it's all about an engineer who did some kind of attribution, but didn't do it correctly. And people are happy to say that it's all part of a big evil plan by Microsoft to take over the world.
But it doesn't here! You are totally allowed to completely copy an MIT file, modify it and add your copyright to it!
You should just keep the copyright that is already present in the file! But in the case of Spegel, I don't think that the files contain a copyright header in the first place.
Very possible, from the in repo documentation (which credits Spegel yet again) https://github.com/Azure/peerd/blob/main/docs/design.md it seems like there was a particular engineer at Microsoft who was working on Azure Container Registry who found it useful to integrate Azure Container Registry.
If they contributed it upstream, would we be discussing a blog post "how dare evil megacorp submit a PR that only implements their API! embrace extend extinguish!"? Probably.
> If they contributed it upstream, would we be discussing a blog post "how dare evil megacorp submit a PR that only implements their API! embrace extend extinguish!"? Probably.
Considering how often that happens VS how little times stories like that appear on the frontpage of HN, I'd wager a guess that we wouldn't be discussing it like we're discussing the current license violation.
Yes, charity. That's exactly what these trillion dollar empires think of those open source maintainers. Microsoft pulled this same stunt multiple times on os maintainers.
Open source has been hijacked by trillion dollar hyperscalers.
It's time we switch to "fair source" or "equitable source".
Put MAU/DAU/ARR/market cap limits in your license. Open to everyone with a market cap under $1B or revenues under $100M. All others, please see our "business@" email.
Place viral terms like the AGPL that requires that all other systems touched by your code to be open - especially the backend/server components that typically remain hidden.
We're giving away power to these companies for free, and they use their scale and reach to turn our software into a larger moat that ensnares us and taxes us in everything else we do.
Your contribution of open source in one area might bubble up as Microsoft or Google's ability to control what you see or how you distribute software to customers. It's intangible and hard to describe these insane advantages and network effects big players like this have to lay people, but I know we as software engineers understand this.
Open source has been weaponized against us. They get free labor and use our work to tax us, pin us down, out compete us, and control us. We need to fight back.
I’m still tweaking the execution of the license, but in principle my thinking is, “if you’re using my software to make money, and you’re making a lot of money, you should probably be paying me to use my software”.
It still boggles my mind that people don't understand this. The FUD and misinformation that's been spreading about the GPL and the FSF the last decade almost seems like an intentional campaign brought on by exactly those who benefit from you using a "permissive" license the most.
The key is that "permissive" is passive voice. It's more permissive for corporations in that they are allowed to use it to tie their customers even tighter to them. Compare this with "restrictive" (for corporations) AKA "copyleft" which ensures that users' freedom is maintained, by restricting how corporations can limit them.
Then the company just re-implements your project; they have the resources to.
Most software isn't hard to reverse-engineer, and most people aren't exceptional; if a group is big enough to create a GPL-licensed product that competes with Microsoft's, they're big enough to create an MIT-licensed product that competes with Microsoft's.
I like GP’s comment “don’t discuss anything in private and/or offer priority support without being paid”. Also:
- Ensure you get attribution, and support others who deserve attribution
- Develop open-source alternatives to paid programs
- Donate to others who write open-source
I disagree that open-source contributed much to companies becoming so rich. I believe it was more that people gave them (money and) private data, e.g. made posts and interactions that only exist on their locked-down platform. I doubt a lack of open-source and accessible development tools would’ve prevented Google and Facebook; if anything, they would've been founded by richer or more networked people. And it certainly won't prevent them now.
Those companies can produce legal abstraction hacking solutions faster then you can develop shielding ones. You needs something poisonous ,costing money or work with each usage preventing mass adoption without a complete rewrite .
Open source will inevitably succeed, but only in the long run. In the short term VC (or tech giant) cash will dominate any conversation. There's absolutely nothing you can legally do from preventing reimplementation (which is a good thing, because it means over the long term we will reimplement everything as free software).
I don't understand why we don't just lean into the "osi = corporate, copyleft = good faith" model that's worked perfectly well for the last thirty years.
Wait what? I didnt realize this was the case and I say this as a huge alpine fan. Will look into whether there is an option to setup a recurring donation and will do so if its the case.
We don't need yet another license, especially not a use license. Just use a GPL, the version (LGPL, GPL, or AGPL) depending on what you are concerned with.
> Open source has been weaponized against us.
This was always going to be the case. We Free Software advocates have been saying this for decades.
And you're not even to the most important part: this isn't about you, me, or megacorps. It's about users.
Getting someone who worked on the thing or someone close to the author to be hired by your company and bumped to a high prestige position probably has more effect on law than a license (just an intuition).
"Hey, that guy worked with the author, and he was hired and now is a super top dog there... he must be the true genius behind it"
I mean that for ideas, not materialized code. You guys are so focused on small text files and miss the big picture sometimes.
The WRT54g led to a variety of user-serviceable firmware worldwide, including dd-wrt and openwrt. It gave, and continues to give, new life to otherwise wifi devices that shipped with a abandoned propeietary software. It was a revolution in wifi router firmware, and still is.
It was created because Linksys shipped GPL code to customers but didn't provide the source.
My work is with DSLs: domain specific languages. The work is in the idea realm (most of the time is spent there), not the source code implementation, which is often trivial once the language is developed.
The gratification also is different. Seeing others use the language is the best one can hope to achieve nowadays. Maybe publish a book about it, but that sounds more trouble than it is worth (judging by how books on patterns, a similar realm, are often misquoted and misused).
That's why all this talk about licenses sounds like nonsense.
Ideas are not copyrightable, so you can't prevent anyone from using them without keeping them secret, and even then folks might come up with the same idea independently.
True, although software patents aren't supposed to be a thing in some places, so your success in protecting software ideas might be location dependent, or time dependent as case law changes. Thats probably why I forgot about them.
That's incompatible with why I do OSS. For me OSS is the ratchet for humanity, the way we fight enshittification and force companies to innovate and compete with each other to make better things. As soon as you abandon that mission and split it into fiefdoms, you're now just the thing that true OSS has to disrupt in order for humanity as a whole to get better software.
A shame though it is, helping everybody the same amount is not likely to get your much gratitude from anyone. But that's the job.
Hmm, think we ought to judge on a case by case basis. However, for megacorp and especially banks that has almost 0 to 1% access to cost of capital, vs rest of us who at at 20 - 30 % ( for credit card, loan sharks), then there should be a different license for these people. There should be a GLP type license adjusted to the cost of the capital.
There should not be any difference between small or large entitise in how you deal with them as an opensource maintainer. Just because someone has more money (or less), should not automatically mean you treat them with more leniency or ethics.
You set up your standard, and stick to it whomever comes.
Companies are never just money. There is a monumental difference between:
1. A small company which is barely profitable but is building something which aligns with your values and you see as a positive to the world.
2. A massive mega corporation whose only purpose is profit, mistreats employees, and you view as highly unethical.
You shouldn’t treat those the same way. It’s perfectly ethical to offer your work for free to the first one (helping them succeed in creating a better world) and charging up the wazoo (or better yet, refusing to engage in any way with) the second one.
A company is not a person, and can literally have its entire staff changed in short order. Or be bought.
Companies have no morals. Sometimes people in companies do, but again, that person can vanish instantly.
You should treat a company as a person which may receive a brain transplant at any time. Most especially, when writing contracts or having any expectation of what that company will do.
A business that is privately owned, is run by its founders and which represents the lion's share of its officers income and net worth can be dealt with like any other small business.
Some guy who makes bespoke firmware for industrial microcontrollers or very niche audio encoding software isn't Microsoft. You won't be able to do business with him in a useful way if you treat him like Microsoft.
There exist companies which have taken VC money, and others which haven’t. We’ve carved out one exception, but this doesn’t indicate that small personally-run companies can’t exist, right?
The key is contract. Casual chat with a corporate representative who isn’t selling you something about something you own requires some sort of contractual relationship and consideration.
If you want to be extreme don't distribute it to them in the first place. Licenses do not come into effect until after distribution. So you could have a pay-to-download model that comes with a %100 discount if you're a lone developer or an organization with under X amount of revenue. You wouldn't be able to stop someone redistributing it after the fact, but you're not engaging.
Unfortunately now that everything is based on automated pipelines, something that doesn't integrate well is not so good.
Although at work we have a provider of proprietary software that has an APT repository where the URL includes a secret token, so they can track from where it's being accessed.
Interacting with faceless entities with the power to buy multiple countries the same way you'd interact with some interested independent young person wanting to learn.
Interesting moral proposition, I doubt you'd get many followers. I think it's perfectly reasonable to treat people differently from corporations, and random small and medium corporations differently than huge megacorps without losing any sleep.
Specially in business, charging more to those that can pay more is a very common approach.
No, it's also because some consumers can't pay the "original" price. Steam in "developing" countries is a classic example — you as a game developer can ask a guy from my country $60 for a game (and some companies do try that), but he will simply go back to torrent trackers because $60 is a week's worth of living expenses.
gaben figured that out and successfully expanded into many markets that were considered basket cases for software licensing.
That's a really silly precommitment. If you were sensible, your actual commitment should be "help the next person who requires help, provided that help can be provided in the form of one dollar".
That's why the premise in the grandparent post is ridiculous.
But the license of a piece of software is not ridiculous - if you chose a very permissive license, you cannot then go and choose who should or shouldnt be profiting off your software. The license was a pre-commitment.
But lots of people make this pre-commitment, but then makes a moral/ethical judgement post-facto when someone rich seems to be able to extract more value out of the software than what "they deserve", and complain about it.
"Permissive" licenses, in fields where abusive corporations are known to operate, are a really silly precommitment. Copyleft exists for a reason. But, even if you (foolishly) made that precommitment, that doesn't then mean you have to do free labour for the abusive corporations, out of some misguided ideological consistency. (Such consistency is the hobgoblin of little minds.)
I mean, the MIT license might be a “more permissive” license but it says very explicit things that Microsoft is explicitly ignoring. Your license choice doesn’t matter when they ignore the license anyway.
If a guy comes begging for money out of rolls royce, I guess they either are pretty bad at begging or have a pretty bad sense of humor. I guess I wouldn't give money to them, it doesn't seem like it'll help them regardless.
> You set up your standard, and stick to it whomever comes.
Why? Most businesses don't entertain standard rates, either. It's case-by-case negotiations ("call us", "request quote"). Why should I, as a private person putting stuff out there for free, set up "my standard" and stick to it?
Clearly you have yet to experience some of the less savoury behaviours from Megacorps sharks. You're looking at people trying to make a name for themselves internally and if this means being economical with attributions, this is the least they would do for their place in the California sun.
> No, this begging is particularly different because it capitalizes on the good will of open source developers.
> Microsoft, Apple, and Google are standing on the internet in their trillion dollar business suits with a sign that reads "Starving and homeless. Any free labor will help."
> They aren't holding people up at gun point. Rather they hold out their Rolex encrusted hand and beg, plead, and shame open source developers until they get free labor.
> Once they get this free labor they rarely give credit.
> They're ungrateful beggars that take their donated work hours, jump in their Teslas, and ride off to make more trillions proclaiming, "Haha! That open source idiot just gave me 10 hours of free labor. What a loser."
Because they're hoping not to antagonize the megacorp (too quickly). If a megacorp has you in their sights, especially in a country like the US where court battles are prohibitively expensive, pushing the envelope will just draw ire and aggression from that megacorp. A normal person has no negotiating leverage in front of MS especially when it comes to open source.
It's like negotiating with the mafia, you might get something out of it but if you cross the line you'll end up face down in a ditch and authorities will look the other way. Megacorps have stolen, copied, reverse engineered, replicated, etc. things since forever and it always worked out for them.
In this case MS didn't need any help. They could very well take everything and face no real repercussions (this is the reality when the majority is uneducated, and their elected representatives are greedy and spineless). So playing along gives some chance to get something positive out of it.
> especially in a country like the US where ending up in court is prohibitively expensive
What’s the scenario here where they could take you to court for refusing to (in GP’s words) doing charity for them?
Scenario 1: Microsoft contacts you and says they want to talk about your open-source project. You never reply.
Scenario 2: Microsoft contacts you (…). You reply “thank you, but I’m not interested. You are of course free to contribute or fork within the constraints of the license.”
Scenario 3: Microsoft contacts (…). You reply “sure! I charge $X/hour or I could do a flat rate of $Y for the meeting. Is that acceptable to you?”
What basis would they have for taking you to court in any situation? As soon as you got a legal letter for any of them, your first step should be to send it to as many news outlets you could think of.
“Ending up in court” vs “Microsoft suing you.” I think the implication is that if MS simply decided to unilaterally fork the project and change the license, the OS maintainer’s only real recourse is the court system (and the court of public opinion), and that would be expensive.
> I felt there was going to be a path forward ripe with cooperation and hopefully a place where I could onboard new maintainers
He was hoping for a fruitful collaboration and offered the help towards this goal. MS taking whatever they wanted anyway just proves that they had no intention to cooperate, let alone to pay handsomely for something that was already free.
Ending up in court means you need to sue the megacorp to enforce the license. This makes it a free lunch for a megacorp.
With every single scenario MS takes whatever they need. They don't have to pay, don't need the help to read code, and you can't afford to force them to respect the license.
P.S.
> As soon as you got a legal letter for any of them, your first step should be to send it to as many news outlets you could think of.
There's a guy rotting away in a El Salvadorian prison with a lot of press to keep him comfort. Not sure your letter will capture the world's attention like you think it will.
Probably expectation of some monetary gain. At the very least getting hired to keep working on the same thing. I do not blame him at all for this. Though when things didn't work out, all he thought he could realistically do is start accepting donations.
I think that worldview leads to a much poorer world.
Normal people aren't constantly engaging in a fight for survival in every aspect of their lives, and I don't think it's a good thing to ask them to. We should expect the people we deal with to be acting in good faith. I think it would be bad actually if I had to consider if you're going to make money off of my idea when talking to you.
Asking everybody to be constantly vigilant of possible exploitation by megacorps puts an undue burden on individuals. We should have strong and durable protections against those megacorps in other ways.
What I'm saying is that this sort of copying should be criminal (not just illegal, but criminal) and Microsoft, the legal entity, should be held accountable and fined. I acknowledge that this isn't currently possible with our legal framework, but we should work to make it possible.
> Normal people aren't constantly engaging in a fight for survival in every aspect of their lives, and I don't think it's a good thing to ask them to. We should expect the people we deal with to be acting in good faith. I think it would be bad actually if I had to consider if you're going to make money off of my idea when talking to you.
I agree with you, if we're talking about people acting as individual humans collaborating together on FOSS.
But this is really about a for-profit corporation acting in its own interests, using people to do its "deeds". Then I think it makes a lot of sense to treat any "Hey, could we chat to you about your project?" with a great deal of skepticism, because they have a goal with that conversation, it it's unlikely to align with your own goals, in most cases.
Ultimately, people from that corporation is reaching out to you because there is a potential/perceived benefit coming out of that conversation that they want to have with you. If it isn't extremely clear to you what that exact benefit is, I'd say the smart thing to do is being cautious, to avoid situations like this which happen from time to time it seems.
And this is done by the owners of Github. Throw away open source licenses, create your own, make anyone who forks your code perpetually pay for your work, or ask money for your work.
"Luckily, I persisted. Spegel still continues strong with over 1.7k stars and 14.4 million pulls"
Yeah, your time is your most precious resource and what you get in return? Recognition? virtual stars, pulls, essentially numbers, essentially nothing. And then you get robbed.
I am genuinely interested: everybody here says that they removed the copyright headers. But when I browse through the Spegel sources, they do not contain a copyright header...
To me it's the Spegel author's fault: there should be a copyright header in every single file, such that Microsoft would have to keep it.
It's in the LICENSE file. With a MIT license, you assign a copyright to the project, or to a certain set of files. The Spegel license attributes copyright to "the Spegel authors", while Peerd attributes it to "Microsoft Corporation".
If some of the peerd code was lifted from Spegel, it's blatant stealing. Code attribution is the only thing a MIT license asks people to honor, and Microsoft couldn't even do that.
Can’t help but feel no matter what they’d done there would be some route of thought that leads them to wronging the author other than just paying and using the code as is. I don’t know why a corporation would do that though as they likely have their own changes and direction they want for it and working with an unknown 3rd party on that could be a nightmare.
From the authors reaction they chose the wrong license for the project.
> If some of the peerd code was lifted from Spegel, it's blatant stealing.
Could we say "it's incorrect attribution"?
> and Microsoft couldn't even do that.
Did you consider it may have been done by an engineer who, in good faith, thought they were giving proper credit by adding it to the README? Would you want that engineer fired because of the bad attribution?
It's not like Microsoft is making millions out of this. Sure, they should fix the attribution. It's a mistake.
Most startups/small companies I've seen rely heavily on open source and fail to honour every single licence. This is bad and nobody cares. Here, Microsoft mentioned the project in the README (which is not enough, but not nothing), and I'm pretty sure that they can fix it if someone opens an issue. But overall, companies like Microsoft do honour licences a lot better than startups in my experience.
BigTech is evil for many reasons, but maybe we could consider that this is just an honest mistake.
Of course it was a mistake. In fact, as of 20 minutes ago, the mistake appears to be sorted out, with both the main license file and the offending files sporting new copyright headers.
But corporations hiding behind their workers is a no-go. Corporations get to enjoy their successes, and it's fair to hold them accountable for their failures. Least Microsoft can do is a bit of public comms work detailing what they will do to ensure these mistakes are not repeated in the future.
Microsoft does credit the authors on their README. Maybe it's not exactly the right way to do it, but they do it.
Now if it's not the right way to do it, what about opening a PR and asking to change it? Instead of writing a blog post to complain about them?
Now maybe those engineers thought they did well, will get issues internally because of the bad publicity for Microsoft, and next time they want to use an open source project their legal department will be even more of a pain in the ass because if they aren't, then random people on the Internet use that to do bad publicity for the company.
Why not assuming that they are in good faith here? There are enough reasons to hate Microsoft other than this one.
The question is who does the copyright belong to in this repository. It is both original author and Microsoft (because they took authors code and modified it). So the License file should mention both.
I am not convinced that the main LICENSE file should mention both. I feel like somewhere, in the project, there should be a copy of the original license.
When you depend on a third-party, you don't add their copyright in your main LICENSE file.
In case of deps, the dependency comes with its own LICENSE file.
In this case the code is essentially forked, integrated and intermingled, so that is why it should be in the LICENSE file.
If it was file or two, it would be fine to add a comment pointing to the license file in the repo, if it was a directory, or to copy it verbatim to that file. It all the copied code was in a directory then having it in directory would be fine.
In this case it looks like they took the original code and heavily modified it, so the simplest way to solve it is one LICENSE with both notices.
I don't read anything suggesting that in the MIT licence. I don't see why they couldn't say "the fork came with its own LICENSE file, which we moved in this subfolder, and now the root LICENSE file is the one of our new project".
The question is, "If I look at this repo, who owns the copyright?"
Sure, you could move the original LICENSE into a directory. Still, if the files are intermingled, you should have a prominent notice that says, " Hey, these files have mixed copyright ownership."
Seems it isn't the first time Microsoft leads open source maintainers on, trying to extract information about their projects so they can re-implement it themselves while also breaking the licenses that the authors use. Not sure how people fell so hard for "Microsoft <3 Open Source" but it's never been true, and seems it still isn't, just like "Security is the #1 priority" also never been true for them.
Here is the previous time I can remember that they did something similar:
- https://news.ycombinator.com/item?id=23331287 - The Day AppGet Died (keivan.io) 1930 points | May 27, 2020 | 550 comments
The best advice for open source maintainers who are being approached by large tech companies is to be very wary, and let them contribute/engage like everyone else if they're interested, instead of setting up private meetings and eventually get "forked-but-not-really" without attribution.