this post was submitted on 16 Jun 2024
1005 points (88.7% liked)

linuxmemes

20880 readers
7 users here now

I use Arch btw


Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
 

Context:

Permissive licenses (commonly referred to as "cuck licenses") like the MIT license allow others to modify your software and release it under an unfree license. Copyleft licenses (like the Gnu General Public License) mandate that all derivative works remain free.

Andrew Tanenbaum developed MINIX, a modular operating system kernel. Intel went ahead and used it to build Management Engine, arguably one of the most widespread and invasive pieces of malware in the world, without even as much as telling him. There's nothing Tanenbaum could do, since the MIT license allows this.

Erik Andersen is one of the developers of Busybox, a minimal implementation of that's suited for embedded systems. Many companies tried to steal his code and distribute it with their unfree products, but since it's protected under the GPL, Busybox developers were able to sue them and gain some money in the process.

Interestingly enough, Tanenbaum doesn't seem to mind what intel did. But there are some examples out there of people regretting releasing their work under a permissive license.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 216 points 5 months ago (5 children)

The MIT license guarantees freedom for developers. The GPL guarantees freedom for end users.

[–] [email protected] 92 points 5 months ago (3 children)

The MIT license guarantees that businesses will use it because it's free and they don't have to think about releasing code or hiding their copyright infringement. The developers I've seen using that license, or at least those who put some thought into it, did do because they want companies to use it and therefore boost their credibility through use and bug reports, etc. They knowingly did free work for a bunch of companies as a way to build their CV, basically. Like your very own self-imposed unpaid internship.

The GPL license is also good for developers, as they know they can work on a substantial project and have some protections against others creating closed derived works off of it. It's just a bit more difficult to get enterprise buy-in, which is not a bad thing for many projects.

[–] [email protected] 52 points 5 months ago (2 children)

Not all of us write code simply for monetary gain and some of us have philosophical differences on what you can and should own as far as the public commons goes. And not all of us view closed derivatives as a ontologically bad.

[–] [email protected] 17 points 5 months ago (1 children)

And not all of us view closed derivatives as a ontologically bad.

Please explain how allowing a third-party to limit computer users' ability to control and modify their own property is anything other than ontologically bad?

[–] [email protected] 23 points 5 months ago (1 children)

If I release something free of restrictions to the world as a gift, that is my prerogative. And a third party's actions don't affect my ability to do whatever I want with the original code, nor the users of their product's ability to do what they want with my code. And the idea of "property" here is pretty abstract. What is it you own when you purchase software? Certainly not everything. Probably not nothing. But there is a wide swath in between in which reasonable people can disagree.

If you are an intellectual property abolitionist, I doubt there is much I can say to change your mind.

[–] [email protected] 6 points 5 months ago* (last edited 5 months ago) (1 children)

I'm not convinced something being your "perogative" and it being "ontologically bad" are mutually exclusive, so I don't see how that's a rebuttal.

I want to know why you think it isn't bad, not why you think you're allowed to do it.

[–] [email protected] 8 points 5 months ago

Because I don't know why it is closed source. Is it a personal project? A private project? A sensitive project? I don't see a moral imperative for any of those to be free and open to all users.

[–] [email protected] 3 points 5 months ago (1 children)

Software licenses don't change ownership. That requires transfer of copyright, like with contributor agreements.

Though I am aware that a small set of people seek less copyleft licenses because they think they're better. They are usually wrong in their thinking, but they do exist.

I'm not sure what you are referring to about ontologically bad. Has someone said this?

[–] [email protected] 7 points 5 months ago (1 children)

I'm not sure what you are referring to about ontologically bad. Has someone said this?

I'm going by the vibe of the comments of people here who are generally anti-MIT. That the very nature of allowing someone to use your code in a closed-source project without attribution is bad. Phrasing it as "hiding their copyright infringement", for example, implies that it is copyright infringement per se regardless of the license or the spirit in which it was released.

[–] [email protected] 7 points 5 months ago

Oh no I mean that there are companies that just don't care about licensing and plod ahead hoping it's never an issue. Like having devs build a "prototype" that they know uses AGPL code and saying, "we will swap this out later" and then 6 months later the "prototype" is in production.

Personally, I make a lot of my personal projects' code closed because I specifically don't want it to be useable by others. Not for jerky reasons, but strategic ones. IMO common licenses don't achieve what a lot of people hope they do.

[–] [email protected] 15 points 5 months ago* (last edited 5 months ago) (1 children)

You're not seeing the whole picture: I'm paid by the government to do research, and in doing that research my group develops several libraries that can benefit not only other research groups, but also industry. We license these libraries under MIT, because otherwise industry would be far more hesitant to integrate our libraries with their proprietary production code.

I'm also an idealist of sorts. The way I see it, I'm developing publicly funded code that can be used by anyone, no strings attached, to boost productivity and make the world a better place. The fact that this gives us publicity and incentivises the industry to collaborate with us is just a plus. Calling it a self-imposed unpaid internship, when I'm literally hired full time to develop this and just happen to have the freedom to be able to give it out for free, is missing the mark.

Also, we develop these libraries primarily for our own in-house use, and see the adoption of the libraries by others as a great way to uncover flaws and improve robustness. Others creating closed-source derivatives does not harm us or anyone else in any way as far as I can see.

[–] [email protected] 4 points 5 months ago (1 children)

If the government is the US (federal), I think you are technically supposed to release your code in the public domain by default. Some people work around this but it's the default.

But anyways, the example you've given is basically that you're paid with government funds to do work to assist industry. This is fairly similar to the people that do the work for free for industry, only this time it's basically taxpayersl money subsidizing industry. I've seen this many times. There is a whole science/engineering/standards + contractor complex that is basically one big grift, though the individual people writing the code are usually just doing their best.

I'm also an idealist of sorts. The way I see it, I'm developing publicly funded code that can be used by anyone, no strings attached, to boost productivity and make the world a better place. The fact that this gives us publicity and incentivises the industry to collaborate with us is just a plus.

Perhaps it makes the world a better place, perhaps it doesn't. This part of the industry focuses a lot on identifying a "social good" that they are improving, but the actual impact can be quite different. One person's climate project is another's strategic military site selector. One person's great new standard for transportation is another's path to monopoly power and the draining of public funds that could have gone to infrastructure. This is the typical way it works. I'm sure there can be exceptions, though.

Anyways, I would recommend taking a skeptical eye to any position that sells you on its positive social impact. That is often a red flag for some kind of NGO industrial complex gig.

Calling it a self-imposed unpaid internship, when I'm literally hired full time to develop this and just happen to have the freedom to be able to give it out for free, is missing the mark.

Well you're paid so of course it wouldn't be that.

Also, we develop these libraries primarily for our own in-house use, and see the adoption of the libraries by others as a great way to uncover flaws and improve robustness. Others creating closed-source derivatives does not harm us or anyone else in any way as far as I can see.

Sometimes the industries will open bug reports for their free lunches, yes. A common story in community projects is that they realize they're doing a lot of support work for companies that aren't paying them. When they start to get burned out, they put out calls for funding so they can dedicate more time to the project. Sometimes this kind of works but usually the story goes the other way. They don't get enough money and continue to burn out. You are paid so it's a bit different, but it's not those companies paying you, eh?

You aren't harmed by closed source derivatives because that seems to be the point of your work. Providing government subsidy to private companies that enclose the derivative product and make money for their executives and shareholders off of it.

[–] [email protected] 2 points 5 months ago (1 children)

You are almost on point here, but seem to be missing the primary point of my work. I work as a researcher at a university, doing more-or-less fundamental research on topics that are relevant to industry.

As I wrote: We develop our libraries for in-house use, and release the to the public because we know that they are valuable to the industry. If what I do is to be considered "industry subsidies", then all of higher education is industry subsidies. (You could make the argument that spending taxpayer money to educate skilled workers is effectively subsidising industry).

We respond to issues that are related either to bugs that we need to fix for our own use, or features that we ourselves want. We don't spend time implementing features others want unless they give us funding for some project that we need to implement it for.

In short: I don't work for industry, I work in research and education, and the libraries my group develops happen to be of interest to the industry. Most of my co-workers do not publish their code anywhere, because they aren't interested in spending the time required to turn hacky academic code into a usable library. I do, because I've noticed how much time it saves me and my team in the long run to have production-quality libraries that we can build on.

[–] [email protected] 5 points 5 months ago

You are almost on point here, but seem to be missing the primary point of my work. I work as a researcher at a university, doing more-or-less fundamental research on topics that are relevant to industry.

This is something I'm very familiar with.

As I wrote: We develop our libraries for in-house use, and release the to the public because we know that they are valuable to the industry. If what I do is to be considered "industry subsidies", then all of higher education is industry subsidies. (You could make the argument that spending taxpayer money to educate skilled workers is effectively subsidising industry).

This is largely the case, yes. Research universities do the basic research that industry then turns into a product and makes piles of cash from. And you are also correct that subsidizing STEM education is a subsidy for industry. It very specifically is meant to do that. It displaces industry job training and/or the companies paying to send their workers to get a degree. It also has the benefit of increasing overall supply in theur labor market, which helps drive down wages. Companies prefer having a big pool of potential workers they barely have to train.

We respond to issues that are related either to bugs that we need to fix for our own use, or features that we ourselves want. We don't spend time implementing features others want unless they give us funding for some project that we need to implement it for.

That's good!

In short: I don't work for industry, I work in research and education, and the libraries my group develops happen to be of interest to the industry. Most of my co-workers do not publish their code anywhere, because they aren't interested in spending the time required to turn hacky academic code into a usable library. I do, because I've noticed how much time it saves me and my team in the long run to have production-quality libraries that we can build on.

I think your approach is better. I also prefer to write better-quality code, which for me entails thinking more carefully about its structure and interfaces and using best practices like testing and CI.

[–] [email protected] 14 points 5 months ago (2 children)

All my own OSS stuff I always release MIT licensed because I want to be able to use the libraries in my closed source job.

[–] [email protected] 18 points 5 months ago (1 children)

Be really careful with this.

Depending on how you contribute to your OSS code, commits you make on company time are considered property of the company. You could, unknowingly, be forcing your code to be closed source if your company ever decides to make a claim for it.

I prefer to keep things bifurcated. I never reuse my own library and if I do, I rewrite it whole cloth.

[–] [email protected] 13 points 5 months ago (1 children)

“Company time” doesn’t mean much to me, as a remote salaried worker with relatively flexible schedules. Not touching anything but work code from my company machine should be enough, as far as I could understand. Not a lawyer, though.

[–] [email protected] 1 points 5 months ago

It will come down to the laws in your country and how much money you plan to spend on lawyers if your employer wants to force the issue.

[–] [email protected] 10 points 5 months ago (1 children)

If you're the copyright holder, nothing stops you from releasing your work under more than once license. It is not necessary to use permissive licensing; you are perfectly free to release your stuff to the general public with a copyleft license while also granting your company a separate license even with proprietary terms if you want.

[–] [email protected] 10 points 5 months ago (2 children)

Only until you have any other contributor, as you're then no longer the sole copyright holder. If you still want to work like that you'll need a CLA.

[–] [email protected] 7 points 5 months ago

Sure, but I was taking "all my own OSS stuff" at face value.

[–] [email protected] 4 points 5 months ago (1 children)

Correct me if I'm wrong but if I start a project with a GPL and a custom proprietary license for use at work wouldn't that also apply to any contributions by 3rd parties later on to that projevt? Afaik only adding or switching licenses with existing 3rd party contributions is difficult without a CLA.

[–] [email protected] 1 points 5 months ago

Kinda. IANAL, but here's my understanding: If you're explicitly dual-licensing and publish the proprietary license then contributions can be assumed to also follow the same dual licensing. You'd need to be extremely careful with writing the proprietary license though, since your business is now using non-employee proprietary code.

If you write "the copyright holder may choose to allow an entity to use this work", then you do actually need permission from every contributor. If you write "this work may be copied, modified and redistributed freely by Blah enterprises" now the business cannot be sold without losing access (or possibly have it's name changed). If you write "Neshura may freely copy, modify and redistribute this" then you can't be fired or move jobs without the company losing access.

You can also never ever change this license, since every contributor needs to agree. So if a mistake is made when writing it you're just fucked.

On the other hand with a CLA that transfers copyright ownership you don't need to dual-license at all since everything already belongs to the business. Much less risky.

[–] [email protected] 6 points 5 months ago

The MIT license guarantees freedom for ~~developers~~ proprietary software conglomerates to use FOSS code in their proprietary products. The GPL guarantees freedom for ~~end users~~ the entire FOSS community, both for users and developers.

[–] [email protected] 5 points 5 months ago

This is the best way I've heard it said.

[–] [email protected] 4 points 5 months ago

I want to develop plugin for former MIT-licensed software. Now I can't.

[–] [email protected] -5 points 5 months ago (1 children)

Nah, it's called the cuck license for a reason.