alt Hacker NewsStopping bad guys from using my open source project (feedback wanted)
Comments
I expect any license change away from permissive/pushover licenses is just going to be interpreted as a rug pull and worked around using a fork, or another existing project or new project.
The evil car companies filling our roads with cars!!!!
Restricting licenses in this way stops it from being libre/free/open source. A fundamental aspect of libre/free/open source is that it's possible to use in a commercial setting. The FSF FAQ addresses this point specifically [0].
If the author wants to abandon libre/free/open source licenses, they should state so explicitly. As it stands, the blog post is ambiguous about whether the author wants to abandon libre/free/open source for a proprietary license or whether they want to strip libre/free/open source licenses of their freedom. I don't follow alternative licenses of this sort but I've seen licenses that allow gratis use up until some threshold of users or income is reached. For example, the Unreal engine license has something along these lines [1].
If the author wants to remain libre/free/open source while mitigating bad behavior by large corporate actors, the AGPL is a fine choice as it legally coerces the copyleft even behind network based software. I'm not sure I have any hard evidence but I've heard that large corporate actors avoid the AGPL for this reason.
I'm a little incredulous that authors choose one of the most "business friendly" but least libre/free/open source (while still being FOSS) licenses and then are shocked when businesses use it without any thought to remuneration. I've seen a few instances of people providing software under and MIT license, such as the helmet.js package discussed in this blog post, and then regretting their decision.
The MIT license is used as a "business friendly" license that is still libre/free/open but doesn't have the copyleft clause to mitigate bad behavior. Why did you choose the MIT license in the first place? Why abandon other libre/free/open source license alternatives and go straight to a proprietary solution?
I don't even know how to begin to address the issue of who gets to decide who the "bad guys" are and who the "good guys" are.
In my opinion, the reason for the success of FOSS is because it's an answer to overly restrictive copyright by enriching the commons. The commons, by definition, is free for public use. If you don't agree with creating a rich commons so that everyone can benefit, that's absolutely your right, just please don't call it open source.
1 word: AGPL-3.0
Offer a dual license model if needed. People may fork, but I'd say its still worth it.
If your project is a library, stamping a copyleft license on it will shun away corporations, AI training aside. Bad guys won't care either way.
The "no evil" goal is commendable but impossible.
You can either go the custom licence route, but many people do raise (valid) concerns that if you do that, it will be incompatible with others. I do not share that view but I can certainly understand it.
A possible alternative would be using a standard licence like MIT but putting swears/slurs in either the author list or the code itself so using it would be a PR risk, and this could work as a deterrent against commercial usage.
Whats the context to wanting to stop "bad guys" from using your open source project?
Might want to elaborate while you're on the front page!
Open source benefits everyone. Large corporations can derive more benefit because they’re larger. I don’t blame them for using something I deliberately give away for free to everyone, including large corporations.
The important thing to realize is that once you have release something, you have no control over how it is used. It doesn't matter whether it is an open source license or a commercial license. You have the right to take legal recourse, may that be over copyright infringement or licensing terms, but that requires both the means and desire to pursue what may be a lengthy process with an uncertain outcome. Worrying about stuff you cannot control is going to have a far more negative impact upon your life than it will upon those who are using your software for evil.
So what can you do?
Learn how to set boundaries. If a corporation demands something that you have no interest in providing, tell them no. If you are interested in providing it, request compensation for the work or request they submit a patch or let them wait until you can do the work on your terms.
For honest leechers, choose a license that discourages them. Switching from a MIT style license to a GPL style license won't prevent people from profiting from your work, but it will discourage those who want to make proprietary extensions to your work. Also realize that this won't stop dishonest leechers.
Continue to voice your concerns. Corporations don't feel guilt, but people inside them may. Even if the people within them don't feel guilt, they may still see you as an unreliable developer to exploit.
On what license to choose, this talk by Adam Jacob is good:
https://www.youtube.com/watch?v=rmhYHzJpkuo
And if you want to read about open source vs source available, this GitHub with the Red Hat lawyer and co-author of GPLv2 provides a TLDR of the sentiment. The reference from Chad gives a deep dive into the discussion and origin of FSL’s language.
I solved this problem by not making my project open source. Instead I launched a limited-supply cryptocurrency for it and made it a rule that anyone who owns at least x tokens is entitled to a copy of the code with full rights to use, read and modify... Because there are a limited number of tokens, it means that there are a limited number of licenses and token price would go up with demand.
> I know my goal: shift the default in open source from “it’s free for anyone to use” to “please don’t use this if you’re evil”. I don’t just want to do this for my little project; I want to slowly change the discourse.
Good luck. Defining evil objectively is, of course, a challenge. But even with an unambiguous definition in hand, enforcing or detecting it is nigh impossible. Especially since the truly evil will simply lie, ignore the terms of your license, and use it anyway.
A reminder that Open Source means surrendering your monopoly over commercial exploitation:
https://drewdevault.com/2021/01/20/FOSS-is-to-surrender-your...
Ironically, if you change so that your software is so longer free software, but "source available", then you become one of the bad guys.
At least that's how the community generally reacts.
I don't understand why so many open source developers don't want truly free software. Your software isn't free if people can't do whatever they want with it.
"Evil" is also a bad descriptor to use. If I started giving out apples for free on the street (of which I had an infinite supply), I wouldn't be upset if nobody came back with an improved apple for me to use instead.
> I don’t just want to do this for my little project; I want to slowly change the discourse. I’m not sure how to do that effectively, if it’s even possible.
So he's decided that as the supreme arbiter of what is good and just that he'll be trying to slowly boil open source's collective frogs. How narcissistic.
> How can I bring more attention to this issue given the relative popularity of my project? Do I write a blog post? A callout in the documentation?
No. Because it doesn't matter.
Change the license. There will be CVEs. Require modest payment for updates from large firms.
There is the MIT+ni*ger license. Please don't ban me, just saying. No company would ever use your software given this license, but your users may boycott you too
I've never understood open sourcing something, but only if I like you. The answer is to have proprietary license that you only give out to select users/companies.
Big business has actually tackled this kind of problem itself with supply chain ethics. It's a kind of collective action to not do business with "evil" companies. They've written down a clear list of what counts as evil and they're supposed to get all their suppliers (recursively!) to agree to it.
Sounds like the guy that invented bicycle helmets. He didn’t want Nazis to feel safe letting their kids ride bikes to school either.
No.
Take at any conflict in the world. Ok, nothing that China or Russia are involved in. IDK, let's keep it complicated and say, "waring factions in some African country that doesn't regularly make the news", or "skirmishing Muslim groups in the middle east" (So a hard no to Israel/Palestine which everybody has strongly polarised opinions about whether they're right or not).
Now, wait for every other npm package in the world to get polarised on whether or not to block your shitty package because you picked the wrong side in some faraway war that, to be honest, you don't give a shit about anyway. Or maybe you didn't even voice an opinion about said war? WHY DIDN'T YOU? WHAT ARE YOUR HIDING? WEAR THE RIBBON! CHANT THE CHANT!
Because that's all some people seem to have time for these days, and it's practically impossible to avoid the purity spiral if you show up on their radar. I've seen well known people (celebrities, academics, billionaires) get cancelled for not supporting some specific thing. Once you make this part of your software license people will rightly run like fuck from it.
What's your stance on:
- veganism
- India / Pakistan
- Climate change (no fly stickers, do you fly??)
- GM
- You country's immigration policy
- Some other country's immigration policy
- Trump (even if you're not American)
- Taiwan
- Taxation
- Houtis
- Sulki racing (Irish travellers)
- Islam Vs Christianity / Judaism / Hinduism
- Communism / Socialism
Or, just maybe, this is a few lines of code that is concerned with X and not (all these things, Jesus give me a break)
The end result of this would be a completely broken ecosystem. Package version hell, but worse.
1. the trouble with "bad guys" is they DGAF so good luck convincing them to change their ways
2. quit using permissive licenses if you expect corporations to "give back", Open Source != Free/Libre software. You seem interested in the latter, licenses/copyright laws matter to the !bad guys.
> Can we prevent Nazis from using our software?
Short of engaging in equally authoritarian control-freakery? I don't see how.
I'm amused by one package author that I'll leave unnamed who has a list on his site enumerating political parties around the world at one end of the political spectrum and announcing that supporters of these parties are disinvited to use his work.
I'm all: "Dude, get over yourself. Parties ALL suck. Now, do good, and consider investing less time on posturing."
[dead]
[dead]
You can probably close-source and sell for cheap, pick and choose who you sell it to.
Honestly: By trying to control usage its not FOSS anymore and you yourself become a bad actor in the eyes if the FOSS idea. No soon to be unicorn can use any of your stuff.
May I add: You’d have to stop using VsCode or TypeScript, or even npm and Chrome, if you think big means bad, and you don’t want to fuel big corporations.
One can see how rediculous the whole idea of limiting FOSS in a “who can use this” way is.
Truly free will always win in the long way. Or you don’t think, a paid dev with some AI can replace your package fairly quickly?