"Bad guys can't use it" is per definition incompatible with free software.
For this author's definition of "bad guys" (megacorps), AGPL is probably the easiest poison pill. As with all poison pills, this will also make many (most?) "good" users unable to use it.
This project is no curl or database engine, it seems to be a slightly easier way to set HTTP response headers. I bet most of the uses are transitive (someone using something that uses something that uses a framework that uses something that uses this project).
In particular, this project is something small enough that nobody will pay for it, not because it's not worth it, but because the friction of paying for it is higher than rewriting it from scratch. And "the bad guys" are unlikely to use it directly in their major products due to the pure nature of it.
In most cases, but especially this one IMO, you just get to choose wheter to contribute to the commons, the actual commons, for everyone, including "the bad guys" - or not.
I don’t believe AGPL can be applied retroactively. What’s there today with MIT license stays and there can be a new version with the AGPL. Unless the author is planning major upgrades, the previous work is open to be forked and used with MIT.
Open source is like free speech. We are never going to control what people can say (as in who uses the sodtware and for what purpose). But we are happy that it exists.
Since the author mentioned trying to find a general solution, not one just for his project - here's one that could work:
Make a new standard license similar to the GPL, but one that includes machine-readable payment requirements, each consisting of:
- a UUID
- a minimum profit threshold
- a license fee, either a fixed amount or some well-defined formula (you'd probably want an inflation adjustment system)
- a recipient
Anyone who wants to use the software can do it, but if you cross the profit threshold, you have to pay, once per project. Dependents would naturally inherit the payment requirements of their dependencies, but you'd only pay once per dependency even if it was used in multiple projects (hence the UUID).
With high enough profit thresholds and small payments, this should avoid the license from becoming toxic:
* If you aren't a megacorp, you don't care because you're not hitting the thresholds.
* If you aren't a megacorp but dreaming of becoming one, you still don't care, because if you do become one, you can afford the cost, and the combined cost (payments + compliance cost) is well understood and limited.
* If you are a megacorp, you still don't care, because we're most likely talking about peanuts and the machine readable descriptions make it practical to comply, and you get a "software bill of materials" out of it as a side effect.
This relies on the minimum profit thresholds being high enough and the license fees low enough. This could be achieved by the text of the license itself being licensed only as long as you keep within certain thresholds.
Building a new license ecosystem and the critical mass behind it is a tall order, but I think this way it's not hopeless-from-the-start. The design isn't meant to "capture a fair share of the value" or anything like that, it's meant to be minimally toxic (because that's a hard requirement for having a chance of becoming popular) while still delivering some minimal contribution to big projects with a lot of dependents.
I was originally planning to suggest a revenue threshold, but I think profit is better, as it excludes nonprofits, startups in the starting-up phase, companies that aren't money printers, etc.
It is incompatible with all widely adopted definitions of Free software. If you restrict who can use your software, how, or for what purpose, it's fundamentally unfree.
The term that doesn't make any claims about whether a piece of software respects user freedoms is source-available, which these "everyone except the bad guys" licenses are commonly categorized as.
In theory you can change the licence and hope that those that use the software respect the licence terms, but that depends on trusting others.
I think of the case of the Russian programmer who was arrested and jailed for stealing proprietary code from Goldman Sachs. During the trial it was revealed that Goldman Sachs would use open source software and replace the software licence with their own:
"Open source was an idea that depended on collaboration and sharing, and Serge had a long history of contributing to it. He didn’t fully understand how Goldman could think it was O.K. to benefit so greatly from the work of others and then behave so selfishly toward them. “You don’t create intellectual property,” he said. “You create a program that does something.” But from then on, on instructions from Schlesinger, he treated everything on Goldman Sachs’s servers, even if it had just been transferred there from open source, as Goldman Sachs’s property. (At Serge’s trial Kevin Marino, his lawyer, flashed two pages of computer code: the original, with its open-source license on top, and a replica, with the open-source license stripped off and replaced by the Goldman Sachs license.)"
This is appalling. Maybe all open-source code could be published as part of a not-for-profit cooperative that defends the programmers that enter into it.
Ben Thompson and James Allworth discussed an idea on an episode of The Exponent (https://exponent.fm/) the idea of a "principle stack", and at which "layer" of the stack it's appropriate to address different societal issues. I wish I could find the episode again, it was quite a few years ago. The upshot being... maybe software licensing isn't the right place to address e.g. income inequality?
On the other hand, I definitely encourage tech workers (and all workers) to think about their place in the world and whether their work aligns with their personal values. I think the existence of free and open source software is a fantastic thing, but I think we should continue to evaluate whether it is in danger, or whether it could be better, or whether our efforts might be applied to something else.
For example, I'd love to see co-ops developing shared-source infrastructure based on principles of mutuality, which the sector is built upon anyway. The co-op principles already include cooperative and communitarian ideas which mesh really well with some aspects of open-source software development. But co-ops aren't about just giving everything away either. There could be a real new approach to building a software commons for mutual businesses, rather than a kind of freedom-washed way for big tech companies to benefit from free labour.
It is impossible to write a real "use for good, not evil" [1] license, because there's no formal, universally accepted notions of good and evil. While there are things that are universally considered good, or considered evil, the areas around them are large, nebulous, and are anything but clearly outlined. Hence legally avoiding the "anti-evil" license terms will always be a relatively easy option for a willing party. Moreover, there is a large range of issues and causes that are considered "good" by some and "evil" by others, so there will always be a controversy and disagreement even without any legal suits, where everyone would consider themselves sincerely right, not just technically correct while violating the spirit.
A weapon that only a lawful good character can wield is the stuff of fairy tales and board games, which do not reflect reality fully enough.
Unlike this, freedom is pretty well-defined, so e.g. GPL is upheld by courts.
I have this thinking that, in reality, there's no such thing as objectively 'good' or objectively 'bad'
It's all context and timing.
Almost everyone that will attack this idea will present actions that are loaded with context - murder, is killing when it's bad, self defence is killing when it's good.
If you look at everything, and look at it's non-contextual action, then you can easily find contextually 'good' and contextually 'bad' instances of that thing.
Even further, the story of the man who lost his horse [0] shows us that even if we say that something that happens is contextually good, or bad, the resulting timeline could actually be the complete opposite, meaning that, ultimately, we can never really know if something is good, or bad.
I think this is one of these cases where talking in abstract terms does not help people agree.
What I am hearing is if you remove context (and timing, lets say it is part of context) then there is no good or bad. But who said to remove context? Arent we saying then there is good and bad depending on context?
Many people, including myself, would agree in the abstract, while at the same time some situations being very clear once down to a real example.
It reminds me of people claiming pain is an illusion or facts not existing (very edgy), until someone slaps them in the face to prove "I did slap you, that is a fact". I think that is reality, and specific examples are easier.
How do you make good or bad resolvable? Is a piece of code being used by Tyson Foods okay? A vegetarian software engineer who contributed to the package might say “no, that use contributes to the killing of animals for food, which is bad.”
If you need to evaluate all the context to know whether a license is usable, it makes it extremely hard for “good guys” to use code under that license. (It’s generally very easy for “bad guys” to just use it quietly.)
It is not a computer program, but a an ethics problem. We can solve it by thinking of the context and the ethics of it.
I realize it is the topic of this thread, but OP did not mention anything in relation to licenses, and was just talking about good and bad not existing objectively (without context).
I think, if we came with a specific situation, most people with similar values might reach the same good/bad verdict, and a small minority might reach a different one.
I believe the Tyson Foods example is overly simplistic and still too abstract, because one can be vegetarian for many reasons, and these would affect the "verdict". In the real world, if we were working on that piece of software the question would be: Does the implementation of this specific hr SAP module for Tyson foods by me, a vegetarian against animals suffering unnecessarily, etc. as opposed as the abstract idea of any piece of code and any vegetarian. If a friend called you: I have this situation at work, they are asking me to write software to do x and I feel bad about it, etc. etc. I bet it would not be difficult to know what is right and wrong. Another aspect of it is, we could agree something is wrong (bad) and you might still do it. That does not mean there is no objective reality, just that you might not have options or that your values might not be the ones you think (or say) they are, for example.
But in a typical FOSS scenario, your decision to open source the code and Tyson Foods decision to use it are decoupled. You don't know who all the potential users are when you open source it, so you can't consider all the concrete cases and make sure that the license reflects them. In the same way Tyson Foods isn't going to contact all the creators of libraries they want to use and ask if their concrete use case is in line with the creator's ethics.
Agreed. This would be a logistical nightmare on both ends. Especially if the licenses can be revoked if and when Tyson Foods decides to change some of their policies and/or the author decides to change their political views.
I believe that this would effectively make sure that nobody uses these licenses.
In classic times there was no general concept of good or evil. The question was about if something is fitting in its context. With the rise of Christianity came the general concept of good or bad.
This was one of the many disagreements between Catholics and Protestants during the 16th-17th century, for instance, with some of the most powerful Catholic currents (e.g. Jesuits) being very much in favor of rethinking morality to take into account context, while the most powerful Protestant currents pushed for taking morality back to [their interpretation of] the manichean early Christian dogmas.
From the perspective of decreasing income inequality on a global scale, when multinationals fire workers in developed countries and replace them with lower-paid workers in developing countries, that is a very good thing, since people in developing countries need the jobs more. I would be skeptical of any license which privileges co-ops over multinationals for that reason. Co-ops are likely to reinforce existing global income inequality, due to labor protections for developed-world workers. A globally rich, privileged slacker gets to keep a job they're barely doing, because they had the good fortune of being born on the right dirt. It's modern feudalism.
I haven't yet fully digested this comment, but I will say right off the bat that there are many co-ops in the developing world. Nathan Schneider in Everything for Everyone describes the culture shock of arriving in Nigeria (IIRC) and co-ops being everywhere, just such a normal part of life.
Sure, I think the point I'm trying to make is that second and third-order effects can be complex and unexpected when it comes to economics.
For example, what if the dominance of co-ops in Nigeria is a contributor to economic stagnation? Do co-ops still count as "virtuous" if they're keeping a nation impoverished? Testing that hypothesis would be highly nontrivial, econometrics is hard.
Trying to license your software so as to reduce income inequality seems too ambitious. Licensing your software so it can e.g. be used by cleantech companies but not fossil fuel companies seems way more feasible by comparison.
Yes I don't disagree. I was using the income inequality statement as an example of what Thompson and Allworth might advise against. Software licensing might be at the wrong layer of the stack to have any impact on macroeconomics.
I think there's a kernel of truth in what you said, but you're also talking about avoiding accidental "income inequality" in this comment, and "economic stagnation" in the other.
It seems like you might've moved the goalpost a bit...
At the end of the day: any entity that works for the public good (be it a co-op, a non-profit or a state owned enterprise[1]) would be a better recipient of the free labour provided by f/oss hobbyists, than a for-profit multinational... And often economic performance is equivocated with financial performance. At the end of the day, if everyone can put food on the table[2] (here and in the developing world), I couldn't care less if some GDP metric might imply that "there's stagnation actually"
[1] My point being, that a SOE will have more bargainining power than a small co-op, and thus be able to fight unequal exchange and compensate for income inequality
[2] "food on the table" is a proxy for: food itself, shelter, healthcare, affordable heating (or cooling) and consumer goods and services (tech gadgets to learn and keep in touch with family, long distance transport to visit relatives, etc.)
I agree and it's happening. I co-founded Outpost Publishers Cooperative as a member services co-op to provide enterprise-level subscription services to publishers on Ghost (which is a non-profit).
I'm biased but I think the model of member-service co-ops (like Ace Hardware) providing tailored software services to particular industries is fertile ground. Free of VC incentives, reasonably profitable, aligned incentives, and the state of software tooling makes this doable.
And since this model doesn't require capturing as much value as a VC funded venture, it's more sustainable.
But the hard thing is figuring out how to get to decent product without upfront investment, in lieu of investment models that don't require outsize returns.
I can think of ways to create early capital but I've yet to see an industry think through how to fund smart suppliers without falling into the trap of thinking they need to be VCs.
> how to get to decent product without upfront investment
Yeah, this is the hard part.
I work in the small “ERP-like” business market and I’ve come up with some good ideas (based on the reaction of the people I talk to). But the problem is that even a small team of about five genuinely solid developers can cost around US $300,000–500,000 per year — and that’s even factoring in that I’m in LATAM!.
That’s a lot.
To make something like this happen, you need to convince fairly big players — the ones who have the capital and the patience, but more importantly the vision. And that’s the part that’s rare. At least in theory, that’s what VCs are supposed to bring.
That is fantastic to hear, kudos to you and best of luck! The funding is definitely an issue I'm chewing over in my mind as I think about these issues.
>at which "layer" of the stack it's appropriate to address different societal issues.
One problem with trying to restrict the availability of open-source software: In the limit, as LLMs become better and better at writing code, the value of open-source software will go to zero. So trying to restrict the availability of your code is skating away from where the puck is going. Perhaps your efforts to improve the world are better allocated elsewhere.
I mean, if you ignore the fact there would be no LLM's without wholesale scraping of the corpus of all software ever written.
LLM's are the least ethically sourced pieces of technology I've ever seen. That they have businesses built that haven't been sued out of existence for not asking for permission to train first is positively mind boggling.
You think there wasn't a reason Microsoft bought GitHub, whose ToS allowed them to expand their training corpus vastly beyond their own internal systems? Why Amazon does the same thing with CodeCommit? If your stuff is hosted somewhere with a ToS, you can bet that repo is getting into the training corpus. Having you flavor of LLM in today's is too valuable for any corp to pass up the opportunity.
Free software is about freedom. Restricting it from anyone means it's not free. There is no requirement that we must create free software but if it's called free I think it should always have the basic qualities of freedom; not only when it fits our purposes and our values.
There are already so many ways (and reasons) not to do free or open source software. People who find them convincing are using them. People who don't generally are not.
It seems like the author of the post is just potentially having a change of mind from one side to the other, which barely even seems noteworthy.
> There are already so many ways (and reasons) not to do free or open source software. People who find them convincing are using them.
To be honest, I don't think the space between GPL/MIT and commercial closed source is explored enough. I'm aware there's a few examples of things in between, but they are not common knowledge and they don't satisfy everyone. It is not a space that is easy to search online for established wisdom and comparisons in.
Basically every argument has been made before, but there's still 10,000 people a day who are just finding out about it for the first time (https://xkcd.com/1053/)
Clearly this sparked enough discussion and upvotes to make it to the front page of Hacker News, so people found it valuable.
It's a choice for the authors to make based on what type of free they believe in. I think free under MIT and GPL are two different philosophies on how you see "free".
MIT: free for anyone, do whatever you want
GPL: free if you also make your software free
AGPL: GPL but SaaS can't circumvent the requirement to make your software free
I see why principled open source proponents would select GPL or AGPL. They don't just want their code to be used freely by others, they also believe more software should be free and using GPL helps with that.
GPL restrictions don't make software under the GPL not "free" as in freedom. Just a different philosophy.
I like the GPL and think its "virality" is both clever and a worthwhile social goal, but I think it's misleading to call it "free". It directly restricts possible usage of the software in question -- yes, in a way that's designed to increase another kind of freedom, but it restricts nonetheless.
FWIW I have the same quarrel with people who talk about a country being "free". To my mind, a truly free country would have no laws. It would be a horrible place, because the restrictions that laws place on us tend to make things better for everyone (we may disagree on this law or that law, but some laws, like "Don't kill someone without a very good reason", would have >99% popular support anywhere in the world).
"More free" does not necessarily imply "better"; it could be better or worse. I'd like to shift usage of the words "free" and "freedom" in this direction, but think it's probably a lost cause as the words are too emotionally charged with connotations of "good".
If you prevent licensing software to large corporations, small corporations won't use it, either, because small corporations may get acquired by large ones. Such a license would be a "poison pill".
I am not a lawyer and this is not legal advice.
We picked the Boost license for the D Language Foundation because it is the closest to public domain we could find.
Besides, why would "bad guys" be deterred by a license, anyway?
Exactly. Unreasonable conditions imposed on everyone to "solve" an ideological or societal matter impose externalities on bystanders. It's religious fervor not backed by honest appreciation of human nature or reality. While I don't like end-uses that exploit or harm others, there is no meaningful magic spell that can police usage of code gifts apart from not giving away anything and micromanaging every single invocation for moral purity.
Umm, there is. Basically, thats the default in most of the world. My recomendation if that is what you want to do, is to put a note in the readme and in LICENSE.txt that says "this project is copyright by me. If you want to use i, reach out to me and if I like you, I will give you a license". Then if you like someone, give them a written statement that you like them, and grant them permission to use your project(s), and under what terms, if any.
I can't imagine that it wouldn't be. If a company has explicit written permission from the copyright owner granting permission to use that copyright, then they can use it.
Also, it wouldn't be a special license. If you wanted to do a "For my friends everything, for my enemies the law" thing, you'd just set it as all rights reserved and add special note encouraging people to ask for permission to use it.
Plus, copyright enforcement typically goes in the other direction. It's not about who you can sue, it's about who you can't. Licenses are just a way of specifying who you cannot sue. If you want everybody to use your project but don't want to bother with a license, you can make it all rights reserved (the legal default) and just not sue anybody. You could sue them if you wanted to (which is why nobody would ever use your code: because of the risk that you change your mind and sue them), but nobody is forcing you to.
Why would it not be enforceable? If you own the copyright on your software anybody that wants to use it has to get a license from you. The traditional way is for you to sell those licenses for money, but you could also decide to give them away based on how much you like the buyer.
Or a hybrid, sell them, but refuse to sell to certain entities and discount up to 100% to others based on how much you like them.
Of course it is, that’s literally contract law. You’re agreeing a contract to licence them access with specific terms.
The reason they invented the standard licences is to avoid this cost and effort. Do you really want to write a 200 page legal contract for every user for software you’re giving away for free?
Is that the implication? I thought that the legal contract you mentioned was a standard document, basically the same for everyone that was licensed. But I am not s lawyer, and I don't pretend to be one.
It would be neat to have this licese codified (Like we have MIT, GPL, etc), with the proper incentives to "ask for open source access, if I lile you, you might get it". And, of course, a "contract" that gave licensees the open source benefits.
Companies take that gift and use it to provide a service for cheaper than it would otherwise be if they had to build it all themselves.
You are already benefiting from open source - but it is a tiny benefit and subtle and very indirect and very diffuse.
Licensing is thorny but it’s personal choice too.. would you use a project whose license is “use it for now unless or until I decide you’re evil at my discretion”.. probably not. Probably, someone else would get the users you have now, and the corresponding popularity.
It is a tough choice, but it’s a lovely and important thing you’re doing when you provide the gift of open source software.
I think I probably would use a project that had a license that said "you can use this for now, but if I later decide I don't want evil people to use it, you'll have to maintain your own fork based on the last version before I made that decision."
Isn't that kind of always the bargain we're making? We can use someone's work as long as they're willing to let us, but if they change the license, we might not be able to continue using it.
All MIT/BSD projects are ike that. The mantainer can get up tomorrow and relicence the sofware. (Keeping some attributions if other persons contributed.) You are free to fork the last free version.
With [A]GPL it's only possible if there are no external contributions or everyone agree. Again, you are free to fork the last free version.
Do you want to spend your time creating a project the world finds useful, or do you want to make a political statement that gets ignored? Because any attempt to restrict the license turns into the latter.
If the project is even slightly useful, but with a restrictive license, someone else will create an alternative with a free license. The community will quickly move, and the time spent trying to push a political opinion will be wasted.
In the long term, a free software license is always going to win. Even when it's unsustainable for one maintainer, the software remains free, and if it's useful enough, others will take on the maintainer role.
For sustainability, that's going to be a mix of lobbying your government, and companies realizing they need to hire developers because the open source maintainers aren't able to do everything for free. Just realize that governments are slow with conflicting goals. And companies will minimize their costs, leaving the average open source maintainer at the edge of being sustainable.
The thing about having morality-based restrictions to the license is that there is no well defined legal standard for good and evil.
Creating such license will indeed discourage lawful corporations from making use of it because of the legal uncertainty.
It will discourage open source projects for making use of it because it's not open source and it's incompatible either from a legal or philosophical standpoint.
The only ones who would not discourage would be the ones you actually want to prevent using it since they would likely not care about the license terms at all and just use it regardless.
The end result would be essentially a dead project that would be either ignored by the programmer community if it started out with this license or be forked like what happened when other open source projects switched licenses example redis being replaced by valkey.
I understand the intention of what the author is trying to achieve, but I think the problem they will run into is how do you define "evil" in a legal document or license? There is a subset of acts and beliefs that wider society has deemed "evil", but I doubt large corporations are actively supporting sexual assault, torture, murder etc. What the author is referring to is things they find morally reprehensible but do not reach the level of the aforementioned acts enough to be expressly illegal and evil (and whether they are or not, IANAL).
I suspect the non-standard JSON license was in part a strategy to encourage third-party implementations, so that the format would become a standard.
(W3C standards, for example, require "multiple independent implementations to proceed along a standardisation path". https://www.w3.org/TR/webdatabase/ )
The best way to do this is to design something that is not appealing for those people to use, but is appealing for the people you want to support to use.
The best option to stop bad companies from doing bad things is to lobby your government to put in place laws against those bad things. Ban specific evils with regulation, thats much more effective than preventing people who do those evils from using a specific piece of software that is fairly easily replaced.
The rights are for the USER and he may use it for any purpose.
The responsibility comes with redistribution - you must pass the source code and along any modifications you have made - passing on the rights you received.
basically any restriction on the use makes it not free software.
You’re not wrong, but arguments like this ignore the point. For many authors and maintainers, ‘free software’ and ‘open source’ as traditionally defined result in unsustainable outcomes. The original article cites articles explaining several such issues.
Many people in the software industry are looking for new licensing models that take these systemic issues into account. It’s the ecosystem evolving to address current conditions. This should be expected and welcomed, but instead the idea is consistently written off by folks who would rather live by the old rules. The commons continues to suffer for it.
> For many authors and maintainers, ‘free software’ and ‘open source’ as traditionally defined result in unsustainable outcomes.
I'm very grateful for all this free software, but if a maintainer doesn't think what they are doing is sustainable then they need to stop doing it. That isn't much of a revelation. And if people want to release software that can only be used by people on their ideological wavelength then they can do that, but:
- The projects are probably not going to find much popularity.
- In many ways it is a remarkably entitled position; after all my dishwashing machine doesn't test my moral purity before cleaning my dishes. Why should my software?
- Any ideology that centres on identifying "the bad guys" is too naive to hold a community together without becoming unbelievably corrupt and an insult to whatever ideals the original believers had.
And the point should be ignored even more. Free software is a fairly specific thing, trying to co-opt it into something it isn't makes you the bad actor
Make your own idea instead of stealing and leeching off the success of others. Thats frankly disrespectful to even have the gall to do this. You definitely don't deserve ruining another's image for your idea of how society should work.
This is precisely what the author is attempting to do.
> I know my goal: shift the default in open source from “it’s free for anyone to use” to “please don’t use this if you’re evil”. I don’t just want to do this for my little project; I want to slowly change the discourse. I’m not sure how to do that effectively, if it’s even possible.
> I remain unconvinced at the societal value of “freedom to run the program as you wish, for any purpose”, often called freedom 0. I don’t want to donate my work to the bad guys!
They never use the term “free software” to describe their goals. To the extent they use the term “open source” it’s in the lowercase informal form. How else should they describe their ideas if not using this terminology?
There are lots of alternative movements to Free Software and Open Source, like Ethical Computing, Fair Source etc. Use one of those, or the more generic "source available" term.
People can reasonably agree on what "Open Source" means. Once you start trying to define "bad guys" and exclude them, you will get dozens of incompatible definitions and no consensus, and as a result, you'll have numerous incompatible ecosystems rather than one.
"Open Source" isn't perfect, not by any means. But any purported replacement for it has to be so obviously better that people are willing to switch and build consensus on the replacement.
I created a software license which is effectively BSD, but lists priority boycott targets and rationale from BDS (boycott-divest-sanction for Palestinian liberation), in an information-only section that has no bearing on the software freedoms and restrictions, but is nevertheless required to be copied as part of the license[1].
I don't actually recommend using this specific license yet, because the text from bdsmovement.net is not technically available under a permissive license (they told me I could use it... but I don't think the person fielding my request really understood what I was asking), but perhaps you can make something similar out of your preferred permissive software license (this is a no-go with GPL unfortunately because any derived license would be incompatible with GPL in addition to permissive-licensed software)
If you're a fan of BDS you can also just list the priority targets in your license, or give the BDS organizers another nudge via email.
I think the power of this is that such licenses wouldn't change how people might use the software. And big corps like Google, Amazon, et al may accidentally end up using such software (which is perfectly allowable via the license), but would then have to circulate a license which calls for their boycott and highlights their complicity in oppression. So I think it'd be fun if some software using this license makes its way into an end-user product of theirs
Google and Amazon have lawyers, they will take 1 second to review it and forbit it for internal use. They will do the same for every unusal license, not only for this one.
This is actually one creative idea, kudos.
I encourage you to reach out to OP as he was asking for discussion in case he didn't see this comment.
This is the only newer out of the box idea I saw in this thread
"creating software for free that largely benefits large corporations"
Who cares. The end result of this is that we all get to use amazing software, often for free.
Think of your open source contributions as a gift to all of humanity. I wouldn't get too hung up on the fact that bad people can use it. Hammer makers don't add conditions on who can buy their products, even if it could be used as a murder weapon. Take solace in the fact that your work is creating far more good than evil.
You're increasing the rate of innovation in the world. And we're all grateful for it.
Sounds good, but what happens when everyone else uses ideological purity filters too?
Because if what this guy is saying is reasonable, then it immediately follows that it's also reasonable for every ideology and religion to exclude the ones they don't like. For example: how does an antisimetic software license strike you? Because that would be a perfectly reasonable license for some people to enact, and fully justified by this article's logic.
No, I did not. From the article. This is, unfortunately, a straightforward case of poorly-considered moralizing with extremely bad consequences.
> Overall, these ideas lead me to believe that the open source movement needs to see itself as in a larger social context. Can we shift the balance of power away from massive companies and their massive harms? Can we prevent Nazis from using our software? Should we even try?
> I know my goal: shift the default in open source from “it’s free for anyone to use” to “please don’t use this if you’re evil”. I don’t just want to do this for my little project; I want to slowly change the discourse. I’m not sure how to do that effectively, if it’s even possible.
I don't know if you're just joking but this is the crux of the problem and what they are asking for has deep implications. If somebody can thoroughly define evil in a software license, please publish it for review so that we can learn from it.
It seems like CC-BY-NC (https://creativecommons.org/licenses/by-nc/4.0/) works perfectly for this: Anyone is allowed to use it, but they have to credit you, and they can't use it for commercial purposes.
You're still free to license it out commercially on other terms, the open-source community gets to make use of it as they please, and it ensures you're credited.
> the open-source community gets to make use of it as they please
Uhm... I wouldn't be so sure. Looks to me like such a license carries transitively to projects that depend on your software.
Suppose you're distributing a library on such terms. Then an open source project uses your library. Such a project can't then be used in a commercial fashion unless whoever distributes it gets a commercial license from the library's copyright owner. Now suppose the project uses multiple libraries with such terms. That's a burden.
Then again this may be a feature, not a bug, of the model you're proposing.
I suppose that it wouldn't work in practice, though. The AGPL license (and libraries with a GPL license instead of a LGPL one) aren't really widespread, probably because of the virality clause.
Let's say you accomplish your goal of dissuading "big corporations" and "bad guys" from using little auth middleware library, and you get a bunch of other open-source maintainers to do the same.
The "big corporations" will shrug and throw a few more tens of thousands into their R&D budget and will assign a few devs to create an alternative, and when they release it as open-source, they'll use it an opportunity to self-promote, it'll have a slick website, and "X by Big Corp" will become the go-to library.
The "bad guys" will just shrug and steal your code. Al Capone was brought down on tax evasion but I don't think you're going to get him on copyright infringement.
If you can somehow convince the majority of non-corporate developers to not use corporate-sponsored open-source, then that might be interesting, but not by much, because there aren't many of those.
Also, why does nobody say “oh wow, if other people hadn’t generously given time like this i would have to pay so much more for everything because everything companies do would cost more?”
This lens of viewing corporate give back to projects in direct $ or donated developer time is mildly useful for understanding the ecosystem as a whole, but grab hold of it more than lightly and it becomes a blindfold.
Always the same rant of people profiting open source without understanding it.
This guy is free to select whatever license it wants for his code. But don't expect profiting from the open source (in the common sense of free software) brand if you don't want to respect it's principes.
Would the package be as successful? Have has many users, contributors, ... The author is free to test that if he wants but his rant isnot justified for the whole open source world.
Also, I'm quite sure that he is also a freeloader happy to benefit without contributing. Even from big companies. I'm quite sure that he never paid or contributed for npm, GitHub or his IDE for example...
This raises a question in my head. If the author was to update the license to something restrictive, consumers and transitive consumers will npm update at some point, and likely not notice the dependency change.
They would then be breaking the license terms without realizing.
Is there anything in npm to protect against this? Projects have hundreds of dependencies, it's not feasible to manually check licenses haven't changed every time you update.
How are you planning to find out about violations of the license and then enforce license compliance? The GPL is very commonly violated, and license compliance costs a lot to enforce since you have to go to court, which also takes a long time.
This is a semi joke answer but I have worked at some of the big corps and see how they use OSS software. One way I have continuously thought about to prevent usage is to make all of the variables/function names/APIs contain profanity and PR incorrect jokes. I do know that every single corp has a profanity filter to prevent any bad word being added to code. It’s not bullet-proof but certainly makes it a lot more difficult to get that code on corpo servers and past legal.
Make it source available. It won't help, but you might feel better.
DuckStation (PS1 emulator) changed license from GPL to CC-BY-NC, because Chinese manufacturers were including it in their hw devices. Somehow I doubt that helped.
I don't know about good vs evil. That seems impossible. But I'd be interested in a license that prevented use by any company owned by one of the top 1% most valuable companies in the world. I have no idea if that's enforceable or not. Basically a license that restricts use for companies that are just trying to be acquired.
It's not open source when you disallow people and companies from using it. One big difference between open source and public domain is that code in the public domain doesn't force anyone to redistribute the changes.
I have had several projects where I didn't want to be forked, especially by a company with a marketing budget. I choose not to distribute it with an open source license. There's nothing wrong with that. Companies have sold copies of source to people who paid, so that's an option. But I don't know of any licenses like that which have been written for the public to use (copying a company license is a copyright violation)
Presumably they want to keep the project liberally licensed modulo the "no evil" part. A source-available license would probably be too restrictive for that purpose unless it is somehow made compatible with open/free licenses. But I am not a lawyer, so I have no fucking idea what I'm talking about.
It's literally the MIT license with an added clause of only using the software for good, not evil.
Obviously, corporate attorneys will advise not to use the software since good and evil aren't really well defined legal terms. It's also not open source using the osi definition.
There are perhaps 2500-3000 unique open source licenses, ranging from the half dozen most of you will know well to very obscure licenses which have come about because (for example) a research grant from a foundation with certain guiding principals indirectly paid for some of the development of some software as part of a larger research initiative. There's even a license that precludes use of the software in any military equipment other than that which is strictly of a defensive nature, due to the constitution of the country sponsoring (a small part of) the project.
This seems to pass a transitive requirement to users.
Suppose your libpopular forbids ill-faith actors from using it. Also suppose that I wrote a my-utility, a neutral tool, that depends on libpopular. If some bad actor uses my-utility for wrongdoing, will I be responsible for their behavior? Will my-utility be in breach of your license?
Your best solution is I think simply proprietary or CC-BY-NC + maybe non-government, then just license it to whoever you want that emails you. Consider just not making infrastructure software with free labor if you don't want to fund megacorps, because they will be the primary benefactors. Consider also that anything you upload to the internet goes into the LLM funnel which leads back to them. It's funny if you sold guns, shovels, or even printers everyone would be very understanding if you expressed a desire to not support Russia or whatever. Once its printer drivers though its "The only thing we can say for sure about the nature of evil is that you're a bad actor".
Thinking aloud here. Start by requiring that orgs get your permission via email to license your code. Over time, formalize the patterns in your approve/deny responses into an LLM-powered API which does an instant approve/deny, with a prompt you handcrafted and backtested based on real-world data. This could even work for e.g. Linux package installation: As a pre-install hook, a prompt asks the user what organization they work for (if any) and how they intend to use your code. Make it so users can still appeal a "deny" by sending you an email, but attempting to respond to the questions a second time with different answers violates the license [within a certain timeframe at least]. If other open source devs are also interested in this scheme, you could let them piggyback off of your infrastructure... answering your qs toggles a "virtue bit" which unlocks a bunch of "ethical packages", hosted in a dedicated repository to better track downloads. Support yourself by suing companies which violate your license terms.
Since organizations evolve over time, you could have a re-authorization flow every time your users want a major version update of your software.
A flaw in this proposal is that the very worst actors (scammers, black hats, etc.) are likely to be beyond the reach of the legal system in practice. Perhaps you could mitigate this a little bit by replacing Github Issues with a private support forum for trusted licensees.
That aside, even if something like this was “legally enforceable”, it adds enough friction, risk, and uncertainty to downstream consumers compared to a “vanilla” open source license that I expect most folks would choose an alternative to the “bespoke” license project where they could. Fine if you don’t care about getting usage, but that defeats much of the value that open source brings.
There are very few pieces of free software that don't lean very heavily on top of a mountain of other free software that make it possible, and I think the author would be surprised how much of that was written by people who strongly disagreed with his worldview and considered him a "bad guy".
There are plenty of licences to achieve this that'll make your code unusable.
CC-BY-NC allows you to ban commercial use. There is also the Hippocratic licence[2] which allows you to choose from a variety of "evil corporation" types, from fossil fuels, mineral exploration, the Taliban, companies that have more than 200% pay inequity, etc.
Pretty much all of these licences will make your project unusable and no longer free software, but hey, they exist!
I think part of what they're trying to do is change the discussion or the "norm". For example, if every developer suddenly changed to that style of license, would you still deem it unusable?
Yes, if only because of the broad patent grant. 3.1.6 is also concerning since it can be read as indemnification?
> Prevent any person from exercising his/her/their right to seek an effective remedy by a competent court or national tribunal (including domestic judicial systems, international courts, arbitration bodies, and other adjudicating bodies) for actions violating the fundamental rights granted to him/her/them by applicable constitutions, applicable laws, or by this License
There's also a clause allowing for specific performance which means, by using the licence for anything at a company, you're opening the risk of a court-appointed special master coming in and taking over your HR systems to enforce compliance.
You also can't terminate the licence to avoid this equitable relief:
> Additional Remedies: Termination of the License by failing to remedy harms in no way prevents Licensor or Supply Chain Impacted Party from seeking appropriate remedies at law or in equity.
It's a fascinating conceptual legal document but completely unusable. I'm not a lawyer but using anything under this licence seems incredibly risky to me.
Is there something like the societal license where you can select different levels of harm: a) can be used to kill people b) can only be used to harm people c) can only be used for animal testing d) no harm should come to any living creature, neither in thought nor action.
Something like the creative commons license just for evil.
I like to use non enforceable license such as “don’t do evil” license because it causes meltdowns in the legal departments of large tech companies trying to define what is evil and whether they are committing evil.
Even if its not enforceable, at least it can trigger some kind of a reflection in folks and their interactions with society that supports their existence.
Any such license is basically impossible to work with. It amounts to "I reserve the right to sue anyone who uses this software in the future for effectively random reasons". Because I could go on about the lack of a universally agreed-upon "good" or "evil" and the fact that what you call evil is people who think they are being good (the number of people who outright identify themselves as evil is a rounding error), but there's an even bigger problem, which is that who you think is evil today may change over time. How is anyone supposed to keep up with that? If you put a license like this on your software and you decide eightteen months from now that actually $POLITICAL_STANCE, which you previously thought was evil, has a point, and then you-four-years-from-now comes around to the idea that what they thought was good when they wrote the license is actually quite evil, what is any user of your code supposed to do with that?
In general, $YOUR opinions are too flighty to be basing licensing decisions on.
There's a generally established exception for military use, which works anyhow because even if you are hypothetically perfectly morally fine with military use you may not want to permit them to use it on the grounds you haven't tested it enough. See also the perfectly well-established "not to be used on medical devices" exemption. But if you want to conditionalize your license on, say, "whether or not you're willing to sign this petition about $POLITICAL_TOPIC", that's not something anyone can build on. It'll be a terminal license in the code tree.
If this means you don't want to contribute to open source because you are unwilling to accept this... by all means! If you don't like a contract, don't sign it. Nobody's forcing you to write open source software for free. But there isn't a practical "well, what if only people I agree with are allowed to use it" option, because then even the people you agree with today really can't base any significant decisions on that sort of foundation.
(And, in general, anyone who lives, say, 25 years, and has absolutely no changes of political opinion in that time period... yeah... that's probably a bad sign. I don't hate 25-year-ago-me or anything, but I've got a lot of disagreements with him, and I don't expect 25-year-from-now-me to completely agree with me today either. Certainly not enough to write anything into a license agreement.)
Finally, as another practical manner, this license is also signing up to someday appear in some court of law to litigate the matter of whether or not some person or other does or does not agree with you on some political matter, in a situation where it will be a judge deciding that and not you, and wow am I just not being paid enough for my free contributions to open source to go through that under any circumstances.
I think the question is do you want to actually stop certain entities from using the project, or do you just want to send a message? If you want to actually stop them then ultimately there is only one way, which is you sue them. If you're not willing to aggressively sue people who use your software in ways you don't want, then I think there's little point in taking the time to craft a license that expresses acceptable uses.
If you just want to send a message, then you can change the license and not take any further action.
I am not a lawyer and do not know all of the other things, but I will write what my idea is.
Some possibilities (while still being FOSS) might be:
- Use AGPL3 license, and do not make exceptions. (Alternatively, make an exception but make it possible to revoke the exception.)
- Design the program for uses that are not bad so that bad uses might be more difficult.
- Sue them, if this becomes necessary.
These combination might make it difficult for bad guys to use it for bad purposes, although some organizations might ignore the license and use it anyways, but you cannot really prevent that.
Unfortunately, for most evil and/or small corporations, licenses are weak requests and not binding contracts. They will strip the code from the license and integrate it into their software.
I expect any license change away from permissive/pushover licenses is just going to be interpreted as a rug pull and worked around using a fork, or another existing project or new project.
Honestly: By trying to control usage its not FOSS anymore and you yourself become a bad actor in the eyes if the FOSS idea. No soon to be unicorn can use any of your stuff.
May I add: You’d have to stop using VsCode or TypeScript, or even npm and Chrome, if you think big means bad, and you don’t want to fuel big corporations.
One can see how rediculous the whole idea of limiting FOSS in a “who can use this” way is.
Truly free will always win in the long way. Or you don’t think, a paid dev with some AI can replace your package fairly quickly?
Restricting licenses in this way stops it from being libre/free/open source. A fundamental aspect of libre/free/open source is that it's possible to use in a commercial setting. The FSF FAQ addresses this point specifically [0].
If the author wants to abandon libre/free/open source licenses, they should state so explicitly. As it stands, the blog post is ambiguous about whether the author wants to abandon libre/free/open source for a proprietary license or whether they want to strip libre/free/open source licenses of their freedom. I don't follow alternative licenses of this sort but I've seen licenses that allow gratis use up until some threshold of users or income is reached. For example, the Unreal engine license has something along these lines [1].
If the author wants to remain libre/free/open source while mitigating bad behavior by large corporate actors, the AGPL is a fine choice as it legally coerces the copyleft even behind network based software. I'm not sure I have any hard evidence but I've heard that large corporate actors avoid the AGPL for this reason.
I'm a little incredulous that authors choose one of the most "business friendly" but least libre/free/open source (while still being FOSS) licenses and then are shocked when businesses use it without any thought to remuneration. I've seen a few instances of people providing software under and MIT license, such as the helmet.js package discussed in this blog post, and then regretting their decision.
The MIT license is used as a "business friendly" license that is still libre/free/open but doesn't have the copyleft clause to mitigate bad behavior. Why did you choose the MIT license in the first place? Why abandon other libre/free/open source license alternatives and go straight to a proprietary solution?
I don't even know how to begin to address the issue of who gets to decide who the "bad guys" are and who the "good guys" are.
In my opinion, the reason for the success of FOSS is because it's an answer to overly restrictive copyright by enriching the commons. The commons, by definition, is free for public use. If you don't agree with creating a rich commons so that everyone can benefit, that's absolutely your right, just please don't call it open source.
def not my wheelhouse, but I assume easiest way to keep bad guys out is to use copyleft license and only enforce against bad guys. despite what some say in defense of billionaires, you don't actually need to enforce every violation of your rights; rights don't disappear under law just because you don't use them.
His Mastodon is linked at the bottom of the page and from what I've seen it's likely that this is because of a dislike of ICE.
The thing that confounds me is, this person thinks that what ICE is doing is illegal, so why does he think ICE would suddenly care about the law when it comes to software licenses?
You can either go the custom licence route, but many people do raise (valid) concerns that if you do that, it will be incompatible with others. I do not share that view but I can certainly understand it.
A possible alternative would be using a standard licence like MIT but putting swears/slurs in either the author list or the code itself so using it would be a PR risk, and this could work as a deterrent against commercial usage.
Open source benefits everyone. Large corporations can derive more benefit because they’re larger. I don’t blame them for using something I deliberately give away for free to everyone, including large corporations.
I don't understand why so many open source developers don't want truly free software. Your software isn't free if people can't do whatever they want with it.
"Evil" is also a bad descriptor to use. If I started giving out apples for free on the street (of which I had an infinite supply), I wouldn't be upset if nobody came back with an improved apple for me to use instead.
> I don’t just want to do this for my little project; I want to slowly change the discourse. I’m not sure how to do that effectively, if it’s even possible.
So he's decided that as the supreme arbiter of what is good and just that he'll be trying to slowly boil open source's collective frogs. How narcissistic.
> How can I bring more attention to this issue given the relative popularity of my project? Do I write a blog post? A callout in the documentation?
For end-user applications, there's potentially the
PolyForm Noncommercial License[1]. But since your project is a library, I would not recommend straying from well-known OSS licenses. Very few people would consider using a non-OSS library in a project of any kind.
The important thing to realize is that once you have release something, you have no control over how it is used. It doesn't matter whether it is an open source license or a commercial license. You have the right to take legal recourse, may that be over copyright infringement or licensing terms, but that requires both the means and desire to pursue what may be a lengthy process with an uncertain outcome. Worrying about stuff you cannot control is going to have a far more negative impact upon your life than it will upon those who are using your software for evil.
So what can you do?
Learn how to set boundaries. If a corporation demands something that you have no interest in providing, tell them no. If you are interested in providing it, request compensation for the work or request they submit a patch or let them wait until you can do the work on your terms.
For honest leechers, choose a license that discourages them. Switching from a MIT style license to a GPL style license won't prevent people from profiting from your work, but it will discourage those who want to make proprietary extensions to your work. Also realize that this won't stop dishonest leechers.
Continue to voice your concerns. Corporations don't feel guilt, but people inside them may. Even if the people within them don't feel guilt, they may still see you as an unreliable developer to exploit.
And if you want to read about open source vs source available, this GitHub with the Red Hat lawyer and co-author of GPLv2 provides a TLDR of the sentiment. The reference from Chad gives a deep dive into the discussion and origin of FSL’s language.
> I know my goal: shift the default in open source from “it’s free for anyone to use” to “please don’t use this if you’re evil”. I don’t just want to do this for my little project; I want to slowly change the discourse.
Good luck. Defining evil objectively is, of course, a challenge. But even with an unambiguous definition in hand, enforcing or detecting it is nigh impossible. Especially since the truly evil will simply lie, ignore the terms of your license, and use it anyway.
There is the MIT+ni*ger license. Please don't ban me, just saying. No company would ever use your software given this license, but your users may boycott you too
I've never understood open sourcing something, but only if I like you. The answer is to have proprietary license that you only give out to select users/companies.
Big business has actually tackled this kind of problem itself with supply chain ethics. It's a kind of collective action to not do business with "evil" companies. They've written down a clear list of what counts as evil and they're supposed to get all their suppliers (recursively!) to agree to it.
I solved this problem by not making my project open source. Instead I launched a limited-supply cryptocurrency for it and made it a rule that anyone who owns at least x tokens is entitled to a copy of the code with full rights to use, read and modify... Because there are a limited number of tokens, it means that there are a limited number of licenses and token price would go up with demand.
Terrible article. The whole style is annoying but let me just quote two things.
> The funniest thing is when Cuck Licensers complain that people are abiding by their licenses. They will complain that people took their code and made money off of it. They will complain when they don't get some social credit they feel like they deserve when their code is used in a project. They will complain if people fork their project and it becomes more popular than the original. They will complain when some tech giant takes their code and makes spyware out of it.
None of these things are prevented by making your code GPL. GPL only means that if they distribute the software, they also have to distribute the source. There is no requirement to provide “social capital”, to not make money or to not put spyware in it.
> With Cuck Licenses, you get the worst of two worlds: You get no credit for your work, […]
BSD-style licenses require attribution when distributing the software. So if Intel distributed MINIX, they had to put the license and Andrew Tanenbaum’s copyright notice somewhere in their documentation. That’s why we get all those screenshots of curl being in things.
1. the trouble with "bad guys" is they DGAF so good luck convincing them to change their ways
2. quit using permissive licenses if you expect corporations to "give back", Open Source != Free/Libre software. You seem interested in the latter, licenses/copyright laws matter to the !bad guys.
Take at any conflict in the world. Ok, nothing that China or Russia are involved in. IDK, let's keep it complicated and say, "waring factions in some African country that doesn't regularly make the news", or "skirmishing Muslim groups in the middle east" (So a hard no to Israel/Palestine which everybody has strongly polarised opinions about whether they're right or not).
Now, wait for every other npm package in the world to get polarised on whether or not to block your shitty package because you picked the wrong side in some faraway war that, to be honest, you don't give a shit about anyway. Or maybe you didn't even voice an opinion about said war? WHY DIDN'T YOU? WHAT ARE YOUR HIDING? WEAR THE RIBBON! CHANT THE CHANT!
Because that's all some people seem to have time for these days, and it's practically impossible to avoid the purity spiral if you show up on their radar. I've seen well known people (celebrities, academics, billionaires) get cancelled for not supporting some specific thing. Once you make this part of your software license people will rightly run like fuck from it.
What's your stance on:
- veganism
- India / Pakistan
- Climate change (no fly stickers, do you fly??)
- GM
- You country's immigration policy
- Some other country's immigration policy
- Trump (even if you're not American)
- Taiwan
- Taxation
- Houtis
- Sulki racing (Irish travellers)
- Islam Vs Christianity / Judaism / Hinduism
- Communism / Socialism
Or, just maybe, this is a few lines of code that is concerned with X and not (all these things, Jesus give me a break)
The end result of this would be a completely broken ecosystem. Package version hell, but worse.
Short of engaging in equally authoritarian control-freakery? I don't see how.
I'm amused by one package author that I'll leave unnamed who has a list on his site enumerating political parties around the world at one end of the political spectrum and announcing that supporters of these parties are disinvited to use his work.
I'm all: "Dude, get over yourself. Parties ALL suck. Now, do good, and consider investing less time on posturing."
"Bad guys can't use it" is per definition incompatible with free software.
For this author's definition of "bad guys" (megacorps), AGPL is probably the easiest poison pill. As with all poison pills, this will also make many (most?) "good" users unable to use it.
This project is no curl or database engine, it seems to be a slightly easier way to set HTTP response headers. I bet most of the uses are transitive (someone using something that uses something that uses a framework that uses something that uses this project).
In particular, this project is something small enough that nobody will pay for it, not because it's not worth it, but because the friction of paying for it is higher than rewriting it from scratch. And "the bad guys" are unlikely to use it directly in their major products due to the pure nature of it.
In most cases, but especially this one IMO, you just get to choose wheter to contribute to the commons, the actual commons, for everyone, including "the bad guys" - or not.
I don’t believe AGPL can be applied retroactively. What’s there today with MIT license stays and there can be a new version with the AGPL. Unless the author is planning major upgrades, the previous work is open to be forked and used with MIT.
Open source is like free speech. We are never going to control what people can say (as in who uses the sodtware and for what purpose). But we are happy that it exists.
Since the author mentioned trying to find a general solution, not one just for his project - here's one that could work:
Make a new standard license similar to the GPL, but one that includes machine-readable payment requirements, each consisting of:
- a UUID
- a minimum profit threshold
- a license fee, either a fixed amount or some well-defined formula (you'd probably want an inflation adjustment system)
- a recipient
Anyone who wants to use the software can do it, but if you cross the profit threshold, you have to pay, once per project. Dependents would naturally inherit the payment requirements of their dependencies, but you'd only pay once per dependency even if it was used in multiple projects (hence the UUID).
With high enough profit thresholds and small payments, this should avoid the license from becoming toxic:
* If you aren't a megacorp, you don't care because you're not hitting the thresholds.
* If you aren't a megacorp but dreaming of becoming one, you still don't care, because if you do become one, you can afford the cost, and the combined cost (payments + compliance cost) is well understood and limited.
* If you are a megacorp, you still don't care, because we're most likely talking about peanuts and the machine readable descriptions make it practical to comply, and you get a "software bill of materials" out of it as a side effect.
This relies on the minimum profit thresholds being high enough and the license fees low enough. This could be achieved by the text of the license itself being licensed only as long as you keep within certain thresholds.
Building a new license ecosystem and the critical mass behind it is a tall order, but I think this way it's not hopeless-from-the-start. The design isn't meant to "capture a fair share of the value" or anything like that, it's meant to be minimally toxic (because that's a hard requirement for having a chance of becoming popular) while still delivering some minimal contribution to big projects with a lot of dependents.
I was originally planning to suggest a revenue threshold, but I think profit is better, as it excludes nonprofits, startups in the starting-up phase, companies that aren't money printers, etc.
That's a nice idea, but it isn't really "open source" or "free software" if you implement that.
I read that Star Wars still hasn’t turned a profit. This is only slightly in jest.
There are a lot of those, source available but not open source licenses, like the BSL, FSL, etc.
> "Bad guys can't use it" is per definition incompatible with free software
It's incompatible with 1 definition of free software. More and more developers are unhappy with this definition.
It is incompatible with all widely adopted definitions of Free software. If you restrict who can use your software, how, or for what purpose, it's fundamentally unfree.
The term that doesn't make any claims about whether a piece of software respects user freedoms is source-available, which these "everyone except the bad guys" licenses are commonly categorized as.
No, the devs aren't unhappy with this definition.
The ceos that want to market their software as open source are ಥ ‿ ಥ
I believe you could just draft your own license and forbid companies generating a certain amount to use it.
In theory you can change the licence and hope that those that use the software respect the licence terms, but that depends on trusting others.
I think of the case of the Russian programmer who was arrested and jailed for stealing proprietary code from Goldman Sachs. During the trial it was revealed that Goldman Sachs would use open source software and replace the software licence with their own:
"Open source was an idea that depended on collaboration and sharing, and Serge had a long history of contributing to it. He didn’t fully understand how Goldman could think it was O.K. to benefit so greatly from the work of others and then behave so selfishly toward them. “You don’t create intellectual property,” he said. “You create a program that does something.” But from then on, on instructions from Schlesinger, he treated everything on Goldman Sachs’s servers, even if it had just been transferred there from open source, as Goldman Sachs’s property. (At Serge’s trial Kevin Marino, his lawyer, flashed two pages of computer code: the original, with its open-source license on top, and a replica, with the open-source license stripped off and replaced by the Goldman Sachs license.)"
From: https://www.vanityfair.com/news/2013/09/michael-lewis-goldma...
From the article:
> ‘If you tell me everything, I’ll talk to the judge, and he’ll go easy on you.’
Reminder: That's a lie. Shut up and ask for your lawyer.
Indeed. As to why, see this video with Regent Law Professor James Duane: https://www.youtube.com/watch?v=d-7o9xYp7eE
It's pretty shocking.
This is appalling. Maybe all open-source code could be published as part of a not-for-profit cooperative that defends the programmers that enter into it.
I think that's sort of what the FSF does for *GPL licenses.
Two thoughts.
Ben Thompson and James Allworth discussed an idea on an episode of The Exponent (https://exponent.fm/) the idea of a "principle stack", and at which "layer" of the stack it's appropriate to address different societal issues. I wish I could find the episode again, it was quite a few years ago. The upshot being... maybe software licensing isn't the right place to address e.g. income inequality?
On the other hand, I definitely encourage tech workers (and all workers) to think about their place in the world and whether their work aligns with their personal values. I think the existence of free and open source software is a fantastic thing, but I think we should continue to evaluate whether it is in danger, or whether it could be better, or whether our efforts might be applied to something else.
For example, I'd love to see co-ops developing shared-source infrastructure based on principles of mutuality, which the sector is built upon anyway. The co-op principles already include cooperative and communitarian ideas which mesh really well with some aspects of open-source software development. But co-ops aren't about just giving everything away either. There could be a real new approach to building a software commons for mutual businesses, rather than a kind of freedom-washed way for big tech companies to benefit from free labour.
It is impossible to write a real "use for good, not evil" [1] license, because there's no formal, universally accepted notions of good and evil. While there are things that are universally considered good, or considered evil, the areas around them are large, nebulous, and are anything but clearly outlined. Hence legally avoiding the "anti-evil" license terms will always be a relatively easy option for a willing party. Moreover, there is a large range of issues and causes that are considered "good" by some and "evil" by others, so there will always be a controversy and disagreement even without any legal suits, where everyone would consider themselves sincerely right, not just technically correct while violating the spirit.
A weapon that only a lawful good character can wield is the stuff of fairy tales and board games, which do not reflect reality fully enough.
Unlike this, freedom is pretty well-defined, so e.g. GPL is upheld by courts.
[1]: https://www.json.org/license.html
> "the Software shall be used for Good, not Evil."
For JSLint, Crockford gave an exemption though: "I give permission to IBM, its customers, partners, and minions, to use JSLint for evil."
https://gist.github.com/kemitchell/fdc179d60dc88f0c9b76e5d38...
I have this thinking that, in reality, there's no such thing as objectively 'good' or objectively 'bad'
It's all context and timing.
Almost everyone that will attack this idea will present actions that are loaded with context - murder, is killing when it's bad, self defence is killing when it's good.
If you look at everything, and look at it's non-contextual action, then you can easily find contextually 'good' and contextually 'bad' instances of that thing.
Even further, the story of the man who lost his horse [0] shows us that even if we say that something that happens is contextually good, or bad, the resulting timeline could actually be the complete opposite, meaning that, ultimately, we can never really know if something is good, or bad.
[0] https://oneearthsangha.org/articles/the-old-man-who-lost-his...
I think this is one of these cases where talking in abstract terms does not help people agree.
What I am hearing is if you remove context (and timing, lets say it is part of context) then there is no good or bad. But who said to remove context? Arent we saying then there is good and bad depending on context?
Many people, including myself, would agree in the abstract, while at the same time some situations being very clear once down to a real example.
It reminds me of people claiming pain is an illusion or facts not existing (very edgy), until someone slaps them in the face to prove "I did slap you, that is a fact". I think that is reality, and specific examples are easier.
P.S. I would add values into the context.
How do you make good or bad resolvable? Is a piece of code being used by Tyson Foods okay? A vegetarian software engineer who contributed to the package might say “no, that use contributes to the killing of animals for food, which is bad.”
If you need to evaluate all the context to know whether a license is usable, it makes it extremely hard for “good guys” to use code under that license. (It’s generally very easy for “bad guys” to just use it quietly.)
> How do you make good or bad resolvable?
It is not a computer program, but a an ethics problem. We can solve it by thinking of the context and the ethics of it.
I realize it is the topic of this thread, but OP did not mention anything in relation to licenses, and was just talking about good and bad not existing objectively (without context).
I think, if we came with a specific situation, most people with similar values might reach the same good/bad verdict, and a small minority might reach a different one.
I believe the Tyson Foods example is overly simplistic and still too abstract, because one can be vegetarian for many reasons, and these would affect the "verdict". In the real world, if we were working on that piece of software the question would be: Does the implementation of this specific hr SAP module for Tyson foods by me, a vegetarian against animals suffering unnecessarily, etc. as opposed as the abstract idea of any piece of code and any vegetarian. If a friend called you: I have this situation at work, they are asking me to write software to do x and I feel bad about it, etc. etc. I bet it would not be difficult to know what is right and wrong. Another aspect of it is, we could agree something is wrong (bad) and you might still do it. That does not mean there is no objective reality, just that you might not have options or that your values might not be the ones you think (or say) they are, for example.
But in a typical FOSS scenario, your decision to open source the code and Tyson Foods decision to use it are decoupled. You don't know who all the potential users are when you open source it, so you can't consider all the concrete cases and make sure that the license reflects them. In the same way Tyson Foods isn't going to contact all the creators of libraries they want to use and ask if their concrete use case is in line with the creator's ethics.
Agreed. This would be a logistical nightmare on both ends. Especially if the licenses can be revoked if and when Tyson Foods decides to change some of their policies and/or the author decides to change their political views.
I believe that this would effectively make sure that nobody uses these licenses.
In classic times there was no general concept of good or evil. The question was about if something is fitting in its context. With the rise of Christianity came the general concept of good or bad.
Even that evolved with time.
This was one of the many disagreements between Catholics and Protestants during the 16th-17th century, for instance, with some of the most powerful Catholic currents (e.g. Jesuits) being very much in favor of rethinking morality to take into account context, while the most powerful Protestant currents pushed for taking morality back to [their interpretation of] the manichean early Christian dogmas.
> there are things that are universally considered good, or considered evil
What a bold claim.
From the perspective of decreasing income inequality on a global scale, when multinationals fire workers in developed countries and replace them with lower-paid workers in developing countries, that is a very good thing, since people in developing countries need the jobs more. I would be skeptical of any license which privileges co-ops over multinationals for that reason. Co-ops are likely to reinforce existing global income inequality, due to labor protections for developed-world workers. A globally rich, privileged slacker gets to keep a job they're barely doing, because they had the good fortune of being born on the right dirt. It's modern feudalism.
I haven't yet fully digested this comment, but I will say right off the bat that there are many co-ops in the developing world. Nathan Schneider in Everything for Everyone describes the culture shock of arriving in Nigeria (IIRC) and co-ops being everywhere, just such a normal part of life.
Sure, I think the point I'm trying to make is that second and third-order effects can be complex and unexpected when it comes to economics.
For example, what if the dominance of co-ops in Nigeria is a contributor to economic stagnation? Do co-ops still count as "virtuous" if they're keeping a nation impoverished? Testing that hypothesis would be highly nontrivial, econometrics is hard.
Trying to license your software so as to reduce income inequality seems too ambitious. Licensing your software so it can e.g. be used by cleantech companies but not fossil fuel companies seems way more feasible by comparison.
Yes I don't disagree. I was using the income inequality statement as an example of what Thompson and Allworth might advise against. Software licensing might be at the wrong layer of the stack to have any impact on macroeconomics.
Fair.
I think there's a kernel of truth in what you said, but you're also talking about avoiding accidental "income inequality" in this comment, and "economic stagnation" in the other.
It seems like you might've moved the goalpost a bit...
At the end of the day: any entity that works for the public good (be it a co-op, a non-profit or a state owned enterprise[1]) would be a better recipient of the free labour provided by f/oss hobbyists, than a for-profit multinational... And often economic performance is equivocated with financial performance. At the end of the day, if everyone can put food on the table[2] (here and in the developing world), I couldn't care less if some GDP metric might imply that "there's stagnation actually"
[1] My point being, that a SOE will have more bargainining power than a small co-op, and thus be able to fight unequal exchange and compensate for income inequality
[2] "food on the table" is a proxy for: food itself, shelter, healthcare, affordable heating (or cooling) and consumer goods and services (tech gadgets to learn and keep in touch with family, long distance transport to visit relatives, etc.)
I agree and it's happening. I co-founded Outpost Publishers Cooperative as a member services co-op to provide enterprise-level subscription services to publishers on Ghost (which is a non-profit).
I'm biased but I think the model of member-service co-ops (like Ace Hardware) providing tailored software services to particular industries is fertile ground. Free of VC incentives, reasonably profitable, aligned incentives, and the state of software tooling makes this doable.
And since this model doesn't require capturing as much value as a VC funded venture, it's more sustainable.
But the hard thing is figuring out how to get to decent product without upfront investment, in lieu of investment models that don't require outsize returns.
I can think of ways to create early capital but I've yet to see an industry think through how to fund smart suppliers without falling into the trap of thinking they need to be VCs.
> how to get to decent product without upfront investment
Yeah, this is the hard part.
I work in the small “ERP-like” business market and I’ve come up with some good ideas (based on the reaction of the people I talk to). But the problem is that even a small team of about five genuinely solid developers can cost around US $300,000–500,000 per year — and that’s even factoring in that I’m in LATAM!.
That’s a lot.
To make something like this happen, you need to convince fairly big players — the ones who have the capital and the patience, but more importantly the vision. And that’s the part that’s rare. At least in theory, that’s what VCs are supposed to bring.
I'd say too we aren't the only ones. Plausible Analytics is a great, mission-driven, open-soutce non-profit providing cookie-free web analytics.
And they let us bulk buy for our member publishers.
There's so much potential in what you are suggesting!
That is fantastic to hear, kudos to you and best of luck! The funding is definitely an issue I'm chewing over in my mind as I think about these issues.
>at which "layer" of the stack it's appropriate to address different societal issues.
One problem with trying to restrict the availability of open-source software: In the limit, as LLMs become better and better at writing code, the value of open-source software will go to zero. So trying to restrict the availability of your code is skating away from where the puck is going. Perhaps your efforts to improve the world are better allocated elsewhere.
I mean, if you ignore the fact there would be no LLM's without wholesale scraping of the corpus of all software ever written.
LLM's are the least ethically sourced pieces of technology I've ever seen. That they have businesses built that haven't been sued out of existence for not asking for permission to train first is positively mind boggling.
> all software ever written
LLMs aren't usually trained on large proprietary codebases like the ones from Google, Microsoft or Apple?
You think there wasn't a reason Microsoft bought GitHub, whose ToS allowed them to expand their training corpus vastly beyond their own internal systems? Why Amazon does the same thing with CodeCommit? If your stuff is hosted somewhere with a ToS, you can bet that repo is getting into the training corpus. Having you flavor of LLM in today's is too valuable for any corp to pass up the opportunity.
Free software is about freedom. Restricting it from anyone means it's not free. There is no requirement that we must create free software but if it's called free I think it should always have the basic qualities of freedom; not only when it fits our purposes and our values.
> shift the default in open source from “it’s free for anyone to use” to “please don’t use this if you’re evil”
Point the author makes is precisely that they don't want to do free software, and they'd like to convince you not to do free software
There are already so many ways (and reasons) not to do free or open source software. People who find them convincing are using them. People who don't generally are not.
It seems like the author of the post is just potentially having a change of mind from one side to the other, which barely even seems noteworthy.
> There are already so many ways (and reasons) not to do free or open source software. People who find them convincing are using them.
To be honest, I don't think the space between GPL/MIT and commercial closed source is explored enough. I'm aware there's a few examples of things in between, but they are not common knowledge and they don't satisfy everyone. It is not a space that is easy to search online for established wisdom and comparisons in.
Source Available licenses + commercial agreements seem to cover that middle ground well.
Basically every argument has been made before, but there's still 10,000 people a day who are just finding out about it for the first time (https://xkcd.com/1053/)
Clearly this sparked enough discussion and upvotes to make it to the front page of Hacker News, so people found it valuable.
It's a choice for the authors to make based on what type of free they believe in. I think free under MIT and GPL are two different philosophies on how you see "free".
MIT: free for anyone, do whatever you want
GPL: free if you also make your software free
AGPL: GPL but SaaS can't circumvent the requirement to make your software free
I see why principled open source proponents would select GPL or AGPL. They don't just want their code to be used freely by others, they also believe more software should be free and using GPL helps with that.
GPL restrictions don't make software under the GPL not "free" as in freedom. Just a different philosophy.
I'd choose a different framing to that:
MIT: freedom for devs
GPL: freedom for users
AGPL: freedom for SaaS users
I like the GPL and think its "virality" is both clever and a worthwhile social goal, but I think it's misleading to call it "free". It directly restricts possible usage of the software in question -- yes, in a way that's designed to increase another kind of freedom, but it restricts nonetheless.
FWIW I have the same quarrel with people who talk about a country being "free". To my mind, a truly free country would have no laws. It would be a horrible place, because the restrictions that laws place on us tend to make things better for everyone (we may disagree on this law or that law, but some laws, like "Don't kill someone without a very good reason", would have >99% popular support anywhere in the world).
"More free" does not necessarily imply "better"; it could be better or worse. I'd like to shift usage of the words "free" and "freedom" in this direction, but think it's probably a lost cause as the words are too emotionally charged with connotations of "good".
And yet there are licenses restricting open source use. You should absolutely stop people from using your work if it doesn't align with your values.
If you prevent licensing software to large corporations, small corporations won't use it, either, because small corporations may get acquired by large ones. Such a license would be a "poison pill".
I am not a lawyer and this is not legal advice.
We picked the Boost license for the D Language Foundation because it is the closest to public domain we could find.
Besides, why would "bad guys" be deterred by a license, anyway?
> Besides, why would "bad guys" be deterred by a license, anyway?
I imagine because we're talking about a subcategory of "bad guys" who still like to stay within the confines of the law (supposedly at least).
Exactly. Unreasonable conditions imposed on everyone to "solve" an ideological or societal matter impose externalities on bystanders. It's religious fervor not backed by honest appreciation of human nature or reality. While I don't like end-uses that exploit or harm others, there is no meaningful magic spell that can police usage of code gifts apart from not giving away anything and micromanaging every single invocation for moral purity.
[dead]
Why isn't there a "if I like you you can use it"
I like you @WalterBright you can use any of my stuff even if you get acquired
Umm, there is. Basically, thats the default in most of the world. My recomendation if that is what you want to do, is to put a note in the readme and in LICENSE.txt that says "this project is copyright by me. If you want to use i, reach out to me and if I like you, I will give you a license". Then if you like someone, give them a written statement that you like them, and grant them permission to use your project(s), and under what terms, if any.
I sort of like this. I wonder if it is enforceable.
"For my friends everything, for my enemies the law" software license.
> I wonder if it is enforceable.
I can't imagine that it wouldn't be. If a company has explicit written permission from the copyright owner granting permission to use that copyright, then they can use it.
Also, it wouldn't be a special license. If you wanted to do a "For my friends everything, for my enemies the law" thing, you'd just set it as all rights reserved and add special note encouraging people to ask for permission to use it.
Plus, copyright enforcement typically goes in the other direction. It's not about who you can sue, it's about who you can't. Licenses are just a way of specifying who you cannot sue. If you want everybody to use your project but don't want to bother with a license, you can make it all rights reserved (the legal default) and just not sue anybody. You could sue them if you wanted to (which is why nobody would ever use your code: because of the risk that you change your mind and sue them), but nobody is forcing you to.
Why would it not be enforceable? If you own the copyright on your software anybody that wants to use it has to get a license from you. The traditional way is for you to sell those licenses for money, but you could also decide to give them away based on how much you like the buyer.
Or a hybrid, sell them, but refuse to sell to certain entities and discount up to 100% to others based on how much you like them.
Of course it is, that’s literally contract law. You’re agreeing a contract to licence them access with specific terms.
The reason they invented the standard licences is to avoid this cost and effort. Do you really want to write a 200 page legal contract for every user for software you’re giving away for free?
Is that the implication? I thought that the legal contract you mentioned was a standard document, basically the same for everyone that was licensed. But I am not s lawyer, and I don't pretend to be one.
It would be neat to have this licese codified (Like we have MIT, GPL, etc), with the proper incentives to "ask for open source access, if I lile you, you might get it". And, of course, a "contract" that gave licensees the open source benefits.
Thank you kindly!
There's not a whole lot of point to acquiring Boost licensed software. Of course, they could always acquire me and pay me handsomely!
Such a poison pill could be considered a feature insofar as it discourages consolidation of companies.
There are very few, if any, projects big enough to be a consideration to NOT acquire an entire company.
Big companies can implement economies of scale. This is what makes the country wealthy.
Big business drives the economy. Small businesses are the future big businesses.
For example, automobiles cannot be made by artisans for anyone but the wealthy.
Open source is a gift you’re giving.
Companies take that gift and use it to provide a service for cheaper than it would otherwise be if they had to build it all themselves.
You are already benefiting from open source - but it is a tiny benefit and subtle and very indirect and very diffuse.
Licensing is thorny but it’s personal choice too.. would you use a project whose license is “use it for now unless or until I decide you’re evil at my discretion”.. probably not. Probably, someone else would get the users you have now, and the corresponding popularity.
It is a tough choice, but it’s a lovely and important thing you’re doing when you provide the gift of open source software.
I think I probably would use a project that had a license that said "you can use this for now, but if I later decide I don't want evil people to use it, you'll have to maintain your own fork based on the last version before I made that decision."
Isn't that kind of always the bargain we're making? We can use someone's work as long as they're willing to let us, but if they change the license, we might not be able to continue using it.
All MIT/BSD projects are ike that. The mantainer can get up tomorrow and relicence the sofware. (Keeping some attributions if other persons contributed.) You are free to fork the last free version.
With [A]GPL it's only possible if there are no external contributions or everyone agree. Again, you are free to fork the last free version.
No. Things given away are inanimate and lack agency.
> Companies take that gift and use it to provide a service for cheaper than it would otherwise be if they had to build it all themselves.
Citation needed.
Cheaper for the company. Whether they pass those savings on to their customers is another matter.
> Whether they pass those savings on to their customers is another matter.
Competition determines the price, not COGS.
Then why would I care?
Lots and lots of AWS.
https://www.youtube.com/watch?v=Ps3AI1kTIR4
Do you want to spend your time creating a project the world finds useful, or do you want to make a political statement that gets ignored? Because any attempt to restrict the license turns into the latter.
If the project is even slightly useful, but with a restrictive license, someone else will create an alternative with a free license. The community will quickly move, and the time spent trying to push a political opinion will be wasted.
In the long term, a free software license is always going to win. Even when it's unsustainable for one maintainer, the software remains free, and if it's useful enough, others will take on the maintainer role.
For sustainability, that's going to be a mix of lobbying your government, and companies realizing they need to hire developers because the open source maintainers aren't able to do everything for free. Just realize that governments are slow with conflicting goals. And companies will minimize their costs, leaving the average open source maintainer at the edge of being sustainable.
The thing about having morality-based restrictions to the license is that there is no well defined legal standard for good and evil.
Creating such license will indeed discourage lawful corporations from making use of it because of the legal uncertainty.
It will discourage open source projects for making use of it because it's not open source and it's incompatible either from a legal or philosophical standpoint.
The only ones who would not discourage would be the ones you actually want to prevent using it since they would likely not care about the license terms at all and just use it regardless.
The end result would be essentially a dead project that would be either ignored by the programmer community if it started out with this license or be forked like what happened when other open source projects switched licenses example redis being replaced by valkey.
Stallman's take on the issue: https://www.gnu.org/philosophy/programs-must-not-limit-freed...
I understand the intention of what the author is trying to achieve, but I think the problem they will run into is how do you define "evil" in a legal document or license? There is a subset of acts and beliefs that wider society has deemed "evil", but I doubt large corporations are actively supporting sexual assault, torture, murder etc. What the author is referring to is things they find morally reprehensible but do not reach the level of the aforementioned acts enough to be expressly illegal and evil (and whether they are or not, IANAL).
See https://news.ycombinator.com/item?id=5138866 - a person gave permission for IBM to "use JSLint for evil".
Take a look at the original json.org license and all the problems that the "not for evil" clause they added to it had caused.
Ultimately though, if you put a non free license on your libraries, somebody will cry foul, fork it, and evil will still happen.
I suspect the non-standard JSON license was in part a strategy to encourage third-party implementations, so that the format would become a standard.
(W3C standards, for example, require "multiple independent implementations to proceed along a standardisation path". https://www.w3.org/TR/webdatabase/ )
Some background in https://gist.github.com/kemitchell/fdc179d60dc88f0c9b76e5d38...
Basically you end up with something not legally enforceable. And will someone actually doing evil care about your license?
They would if they could get sued. But it's unlikely, so they won't.
Best cure is to use GPL, any evil company would not be able to handle *having* to give back anything to project they used /s
GPL mandates giving forward to users, not giving back to the project. It is also commonly violated.
Well then you just use some copyleft language to ensure the same license (or something you deem compatible) is used.
Just because you can fork something doesn't always mean you're able to just change the license.
The best way to do this is to design something that is not appealing for those people to use, but is appealing for the people you want to support to use.
It really seems like you just don't want to be open source. That's your choice.
The best option to stop bad companies from doing bad things is to lobby your government to put in place laws against those bad things. Ban specific evils with regulation, thats much more effective than preventing people who do those evils from using a specific piece of software that is fairly easily replaced.
Exactly. FOSS isn't the right vehicle to legislate morality or control-freak end-uses of gifts. It's uncool.
Just make it GPL, there is no chance evil company would tolerate the enforcement of giving back, let alone lawyers to make sure they comply.
GPL does not restrict the USE of the software.
The rights are for the USER and he may use it for any purpose.
The responsibility comes with redistribution - you must pass the source code and along any modifications you have made - passing on the rights you received.
basically any restriction on the use makes it not free software.
GPL does not prohibit evil uses. You can put GPLed crap in weapons systems that are used for striking civilian targets.
If a weapon includes AGPLed code, do targets of the weapon have a right to view the source code?
Specifically GPL3 or AGPL. Having worked for Big Tech in the past, those two licences were verboten.
If you're having thoughts about who can and cannot use your free software, I think you're no longer interested in free software.
You’re not wrong, but arguments like this ignore the point. For many authors and maintainers, ‘free software’ and ‘open source’ as traditionally defined result in unsustainable outcomes. The original article cites articles explaining several such issues.
Many people in the software industry are looking for new licensing models that take these systemic issues into account. It’s the ecosystem evolving to address current conditions. This should be expected and welcomed, but instead the idea is consistently written off by folks who would rather live by the old rules. The commons continues to suffer for it.
> For many authors and maintainers, ‘free software’ and ‘open source’ as traditionally defined result in unsustainable outcomes.
I'm very grateful for all this free software, but if a maintainer doesn't think what they are doing is sustainable then they need to stop doing it. That isn't much of a revelation. And if people want to release software that can only be used by people on their ideological wavelength then they can do that, but:
- The projects are probably not going to find much popularity.
- In many ways it is a remarkably entitled position; after all my dishwashing machine doesn't test my moral purity before cleaning my dishes. Why should my software?
- Any ideology that centres on identifying "the bad guys" is too naive to hold a community together without becoming unbelievably corrupt and an insult to whatever ideals the original believers had.
> arguments like this ignore the point.
And the point should be ignored even more. Free software is a fairly specific thing, trying to co-opt it into something it isn't makes you the bad actor
Make your own idea instead of stealing and leeching off the success of others. Thats frankly disrespectful to even have the gall to do this. You definitely don't deserve ruining another's image for your idea of how society should work.
This is precisely what the author is attempting to do.
> I know my goal: shift the default in open source from “it’s free for anyone to use” to “please don’t use this if you’re evil”. I don’t just want to do this for my little project; I want to slowly change the discourse. I’m not sure how to do that effectively, if it’s even possible.
> I remain unconvinced at the societal value of “freedom to run the program as you wish, for any purpose”, often called freedom 0. I don’t want to donate my work to the bad guys!
They never use the term “free software” to describe their goals. To the extent they use the term “open source” it’s in the lowercase informal form. How else should they describe their ideas if not using this terminology?
There are lots of alternative movements to Free Software and Open Source, like Ethical Computing, Fair Source etc. Use one of those, or the more generic "source available" term.
https://en.wikipedia.org/wiki/Focal_point_(game_theory)
People can reasonably agree on what "Open Source" means. Once you start trying to define "bad guys" and exclude them, you will get dozens of incompatible definitions and no consensus, and as a result, you'll have numerous incompatible ecosystems rather than one.
"Open Source" isn't perfect, not by any means. But any purported replacement for it has to be so obviously better that people are willing to switch and build consensus on the replacement.
I created a software license which is effectively BSD, but lists priority boycott targets and rationale from BDS (boycott-divest-sanction for Palestinian liberation), in an information-only section that has no bearing on the software freedoms and restrictions, but is nevertheless required to be copied as part of the license[1].
I don't actually recommend using this specific license yet, because the text from bdsmovement.net is not technically available under a permissive license (they told me I could use it... but I don't think the person fielding my request really understood what I was asking), but perhaps you can make something similar out of your preferred permissive software license (this is a no-go with GPL unfortunately because any derived license would be incompatible with GPL in addition to permissive-licensed software)
If you're a fan of BDS you can also just list the priority targets in your license, or give the BDS organizers another nudge via email.
I think the power of this is that such licenses wouldn't change how people might use the software. And big corps like Google, Amazon, et al may accidentally end up using such software (which is perfectly allowable via the license), but would then have to circulate a license which calls for their boycott and highlights their complicity in oppression. So I think it'd be fun if some software using this license makes its way into an end-user product of theirs
[1]: https://ossforpalestine.top/
Google and Amazon have lawyers, they will take 1 second to review it and forbit it for internal use. They will do the same for every unusal license, not only for this one.
This is actually one creative idea, kudos. I encourage you to reach out to OP as he was asking for discussion in case he didn't see this comment. This is the only newer out of the box idea I saw in this thread
"creating software for free that largely benefits large corporations"
Who cares. The end result of this is that we all get to use amazing software, often for free.
Think of your open source contributions as a gift to all of humanity. I wouldn't get too hung up on the fact that bad people can use it. Hammer makers don't add conditions on who can buy their products, even if it could be used as a murder weapon. Take solace in the fact that your work is creating far more good than evil.
You're increasing the rate of innovation in the world. And we're all grateful for it.
Sounds good, but what happens when everyone else uses ideological purity filters too?
Because if what this guy is saying is reasonable, then it immediately follows that it's also reasonable for every ideology and religion to exclude the ones they don't like. For example: how does an antisimetic software license strike you? Because that would be a perfectly reasonable license for some people to enact, and fully justified by this article's logic.
Do unto others, and all that.
No, what is deemed evil by this blog, is what exploites open source. For open source software, that's very relevant.
Just like anti democratic values are relevant for democracies.
Don't straw man this.
No, I did not. From the article. This is, unfortunately, a straightforward case of poorly-considered moralizing with extremely bad consequences.
> Overall, these ideas lead me to believe that the open source movement needs to see itself as in a larger social context. Can we shift the balance of power away from massive companies and their massive harms? Can we prevent Nazis from using our software? Should we even try?
> I know my goal: shift the default in open source from “it’s free for anyone to use” to “please don’t use this if you’re evil”. I don’t just want to do this for my little project; I want to slowly change the discourse. I’m not sure how to do that effectively, if it’s even possible.
Your project would no longer be open source. It would become source-available proprietary software.
"No man is wise enough to know all the evil that he does." -Rochefoucald
I don't know if you're just joking but this is the crux of the problem and what they are asking for has deep implications. If somebody can thoroughly define evil in a software license, please publish it for review so that we can learn from it.
It seems like CC-BY-NC (https://creativecommons.org/licenses/by-nc/4.0/) works perfectly for this: Anyone is allowed to use it, but they have to credit you, and they can't use it for commercial purposes.
You're still free to license it out commercially on other terms, the open-source community gets to make use of it as they please, and it ensures you're credited.
> the open-source community gets to make use of it as they please
Uhm... I wouldn't be so sure. Looks to me like such a license carries transitively to projects that depend on your software.
Suppose you're distributing a library on such terms. Then an open source project uses your library. Such a project can't then be used in a commercial fashion unless whoever distributes it gets a commercial license from the library's copyright owner. Now suppose the project uses multiple libraries with such terms. That's a burden.
Then again this may be a feature, not a bug, of the model you're proposing.
I suppose that it wouldn't work in practice, though. The AGPL license (and libraries with a GPL license instead of a LGPL one) aren't really widespread, probably because of the virality clause.
Let's say you accomplish your goal of dissuading "big corporations" and "bad guys" from using little auth middleware library, and you get a bunch of other open-source maintainers to do the same.
The "big corporations" will shrug and throw a few more tens of thousands into their R&D budget and will assign a few devs to create an alternative, and when they release it as open-source, they'll use it an opportunity to self-promote, it'll have a slick website, and "X by Big Corp" will become the go-to library.
The "bad guys" will just shrug and steal your code. Al Capone was brought down on tax evasion but I don't think you're going to get him on copyright infringement.
If you can somehow convince the majority of non-corporate developers to not use corporate-sponsored open-source, then that might be interesting, but not by much, because there aren't many of those.
Options:
1) make useless software
2) go closed source
3) ?
Also, why does nobody say “oh wow, if other people hadn’t generously given time like this i would have to pay so much more for everything because everything companies do would cost more?”
This lens of viewing corporate give back to projects in direct $ or donated developer time is mildly useful for understanding the ecosystem as a whole, but grab hold of it more than lightly and it becomes a blindfold.
Always the same rant of people profiting open source without understanding it.
This guy is free to select whatever license it wants for his code. But don't expect profiting from the open source (in the common sense of free software) brand if you don't want to respect it's principes.
Would the package be as successful? Have has many users, contributors, ... The author is free to test that if he wants but his rant isnot justified for the whole open source world.
Also, I'm quite sure that he is also a freeloader happy to benefit without contributing. Even from big companies. I'm quite sure that he never paid or contributed for npm, GitHub or his IDE for example...
This raises a question in my head. If the author was to update the license to something restrictive, consumers and transitive consumers will npm update at some point, and likely not notice the dependency change.
They would then be breaking the license terms without realizing.
Is there anything in npm to protect against this? Projects have hundreds of dependencies, it's not feasible to manually check licenses haven't changed every time you update.
How are you planning to find out about violations of the license and then enforce license compliance? The GPL is very commonly violated, and license compliance costs a lot to enforce since you have to go to court, which also takes a long time.
This is a semi joke answer but I have worked at some of the big corps and see how they use OSS software. One way I have continuously thought about to prevent usage is to make all of the variables/function names/APIs contain profanity and PR incorrect jokes. I do know that every single corp has a profanity filter to prevent any bad word being added to code. It’s not bullet-proof but certainly makes it a lot more difficult to get that code on corpo servers and past legal.
Make it source available. It won't help, but you might feel better.
DuckStation (PS1 emulator) changed license from GPL to CC-BY-NC, because Chinese manufacturers were including it in their hw devices. Somehow I doubt that helped.
I don't know about good vs evil. That seems impossible. But I'd be interested in a license that prevented use by any company owned by one of the top 1% most valuable companies in the world. I have no idea if that's enforceable or not. Basically a license that restricts use for companies that are just trying to be acquired.
It's not open source when you disallow people and companies from using it. One big difference between open source and public domain is that code in the public domain doesn't force anyone to redistribute the changes.
I have had several projects where I didn't want to be forked, especially by a company with a marketing budget. I choose not to distribute it with an open source license. There's nothing wrong with that. Companies have sold copies of source to people who paid, so that's an option. But I don't know of any licenses like that which have been written for the public to use (copying a company license is a copyright violation)
There are many open source licenses that don’t force redistribution of the code.
Correct, I'm saying public domain never requires that which is different from open source licenses, which may require it (and other stipulations)
This is already explored - use source available instead of open source.
Presumably they want to keep the project liberally licensed modulo the "no evil" part. A source-available license would probably be too restrictive for that purpose unless it is somehow made compatible with open/free licenses. But I am not a lawyer, so I have no fucking idea what I'm talking about.
They could use the json.org license: https://www.tldrlegal.com/license/the-json-license
It's literally the MIT license with an added clause of only using the software for good, not evil.
Obviously, corporate attorneys will advise not to use the software since good and evil aren't really well defined legal terms. It's also not open source using the osi definition.
It's also unenforceable, therefore useless.
There are perhaps 2500-3000 unique open source licenses, ranging from the half dozen most of you will know well to very obscure licenses which have come about because (for example) a research grant from a foundation with certain guiding principals indirectly paid for some of the development of some software as part of a larger research initiative. There's even a license that precludes use of the software in any military equipment other than that which is strictly of a defensive nature, due to the constitution of the country sponsoring (a small part of) the project.
This seems to pass a transitive requirement to users.
Suppose your libpopular forbids ill-faith actors from using it. Also suppose that I wrote a my-utility, a neutral tool, that depends on libpopular. If some bad actor uses my-utility for wrongdoing, will I be responsible for their behavior? Will my-utility be in breach of your license?
Your best solution is I think simply proprietary or CC-BY-NC + maybe non-government, then just license it to whoever you want that emails you. Consider just not making infrastructure software with free labor if you don't want to fund megacorps, because they will be the primary benefactors. Consider also that anything you upload to the internet goes into the LLM funnel which leads back to them. It's funny if you sold guns, shovels, or even printers everyone would be very understanding if you expressed a desire to not support Russia or whatever. Once its printer drivers though its "The only thing we can say for sure about the nature of evil is that you're a bad actor".
Thinking aloud here. Start by requiring that orgs get your permission via email to license your code. Over time, formalize the patterns in your approve/deny responses into an LLM-powered API which does an instant approve/deny, with a prompt you handcrafted and backtested based on real-world data. This could even work for e.g. Linux package installation: As a pre-install hook, a prompt asks the user what organization they work for (if any) and how they intend to use your code. Make it so users can still appeal a "deny" by sending you an email, but attempting to respond to the questions a second time with different answers violates the license [within a certain timeframe at least]. If other open source devs are also interested in this scheme, you could let them piggyback off of your infrastructure... answering your qs toggles a "virtue bit" which unlocks a bunch of "ethical packages", hosted in a dedicated repository to better track downloads. Support yourself by suing companies which violate your license terms.
Since organizations evolve over time, you could have a re-authorization flow every time your users want a major version update of your software.
A flaw in this proposal is that the very worst actors (scammers, black hats, etc.) are likely to be beyond the reach of the legal system in practice. Perhaps you could mitigate this a little bit by replacing Github Issues with a private support forum for trusted licensees.
https://en.wikipedia.org/wiki/Copyleft
OSS has allowed me to help real customers in times of need. It’s a tiny company. But there must be many others.
The benefits are dispersed broadly while the “evil” appears to be more concentrated and easier to identify.
Don’t lose sight of the benefits.
(PS We contribute to projects and individuals.)
This reminds me of the whole Lerna debacle a few years back.
https://www.vice.com/en/article/open-source-devs-reverse-dec...
That aside, even if something like this was “legally enforceable”, it adds enough friction, risk, and uncertainty to downstream consumers compared to a “vanilla” open source license that I expect most folks would choose an alternative to the “bespoke” license project where they could. Fine if you don’t care about getting usage, but that defeats much of the value that open source brings.
There are very few pieces of free software that don't lean very heavily on top of a mountain of other free software that make it possible, and I think the author would be surprised how much of that was written by people who strongly disagreed with his worldview and considered him a "bad guy".
Personally, I haven't found better licenses yet than the AGPL and PPL (Peer Production License).
There are plenty of licences to achieve this that'll make your code unusable.
CC-BY-NC allows you to ban commercial use. There is also the Hippocratic licence[2] which allows you to choose from a variety of "evil corporation" types, from fossil fuels, mineral exploration, the Taliban, companies that have more than 200% pay inequity, etc.
Pretty much all of these licences will make your project unusable and no longer free software, but hey, they exist!
[2] https://firstdonoharm.dev/build/
I think part of what they're trying to do is change the discussion or the "norm". For example, if every developer suddenly changed to that style of license, would you still deem it unusable?
Yes, if only because of the broad patent grant. 3.1.6 is also concerning since it can be read as indemnification?
> Prevent any person from exercising his/her/their right to seek an effective remedy by a competent court or national tribunal (including domestic judicial systems, international courts, arbitration bodies, and other adjudicating bodies) for actions violating the fundamental rights granted to him/her/them by applicable constitutions, applicable laws, or by this License
There's also a clause allowing for specific performance which means, by using the licence for anything at a company, you're opening the risk of a court-appointed special master coming in and taking over your HR systems to enforce compliance.
You also can't terminate the licence to avoid this equitable relief:
> Additional Remedies: Termination of the License by failing to remedy harms in no way prevents Licensor or Supply Chain Impacted Party from seeking appropriate remedies at law or in equity.
It's a fascinating conceptual legal document but completely unusable. I'm not a lawyer but using anything under this licence seems incredibly risky to me.
Is there something like the societal license where you can select different levels of harm: a) can be used to kill people b) can only be used to harm people c) can only be used for animal testing d) no harm should come to any living creature, neither in thought nor action.
Something like the creative commons license just for evil.
I like to use non enforceable license such as “don’t do evil” license because it causes meltdowns in the legal departments of large tech companies trying to define what is evil and whether they are committing evil.
Even if its not enforceable, at least it can trigger some kind of a reflection in folks and their interactions with society that supports their existence.
> d) no harm should come to any living creature
Can corn farmers use it?
Can it be used in a factory that makes anti-mosquito nets?
Any such license is basically impossible to work with. It amounts to "I reserve the right to sue anyone who uses this software in the future for effectively random reasons". Because I could go on about the lack of a universally agreed-upon "good" or "evil" and the fact that what you call evil is people who think they are being good (the number of people who outright identify themselves as evil is a rounding error), but there's an even bigger problem, which is that who you think is evil today may change over time. How is anyone supposed to keep up with that? If you put a license like this on your software and you decide eightteen months from now that actually $POLITICAL_STANCE, which you previously thought was evil, has a point, and then you-four-years-from-now comes around to the idea that what they thought was good when they wrote the license is actually quite evil, what is any user of your code supposed to do with that?
In general, $YOUR opinions are too flighty to be basing licensing decisions on.
There's a generally established exception for military use, which works anyhow because even if you are hypothetically perfectly morally fine with military use you may not want to permit them to use it on the grounds you haven't tested it enough. See also the perfectly well-established "not to be used on medical devices" exemption. But if you want to conditionalize your license on, say, "whether or not you're willing to sign this petition about $POLITICAL_TOPIC", that's not something anyone can build on. It'll be a terminal license in the code tree.
If this means you don't want to contribute to open source because you are unwilling to accept this... by all means! If you don't like a contract, don't sign it. Nobody's forcing you to write open source software for free. But there isn't a practical "well, what if only people I agree with are allowed to use it" option, because then even the people you agree with today really can't base any significant decisions on that sort of foundation.
(And, in general, anyone who lives, say, 25 years, and has absolutely no changes of political opinion in that time period... yeah... that's probably a bad sign. I don't hate 25-year-ago-me or anything, but I've got a lot of disagreements with him, and I don't expect 25-year-from-now-me to completely agree with me today either. Certainly not enough to write anything into a license agreement.)
Finally, as another practical manner, this license is also signing up to someday appear in some court of law to litigate the matter of whether or not some person or other does or does not agree with you on some political matter, in a situation where it will be a judge deciding that and not you, and wow am I just not being paid enough for my free contributions to open source to go through that under any circumstances.
There is zero overlap between projects that are actually interesting and those that have weird activist licenses.
Preventing the only people who will realistically use your work from using it is a pointless gesture.
If you’re not charging for it then who cares? I’d rather have people actually using it than have a super restrictive licence and an empty project.
I think the question is do you want to actually stop certain entities from using the project, or do you just want to send a message? If you want to actually stop them then ultimately there is only one way, which is you sue them. If you're not willing to aggressively sue people who use your software in ways you don't want, then I think there's little point in taking the time to craft a license that expresses acceptable uses.
If you just want to send a message, then you can change the license and not take any further action.
Post is dated 2026-01-01, I guess it was maybe not meant to be released yet?
I am not a lawyer and do not know all of the other things, but I will write what my idea is.
Some possibilities (while still being FOSS) might be:
- Use AGPL3 license, and do not make exceptions. (Alternatively, make an exception but make it possible to revoke the exception.)
- Design the program for uses that are not bad so that bad uses might be more difficult.
- Sue them, if this becomes necessary.
These combination might make it difficult for bad guys to use it for bad purposes, although some organizations might ignore the license and use it anyways, but you cannot really prevent that.
This library has already been scanned and used for training AI. It is too late for a license change to have any effect. New projects, maybe.
> 38 massive car brands that use curl. The second slide: 0 of them give anything back.
"Open".
Unfortunately, for most evil and/or small corporations, licenses are weak requests and not binding contracts. They will strip the code from the license and integrate it into their software.
I expect any license change away from permissive/pushover licenses is just going to be interpreted as a rug pull and worked around using a fork, or another existing project or new project.
If your project is a library, stamping a copyleft license on it will shun away corporations, AI training aside. Bad guys won't care either way.
The "no evil" goal is commendable but impossible.
Honestly: By trying to control usage its not FOSS anymore and you yourself become a bad actor in the eyes if the FOSS idea. No soon to be unicorn can use any of your stuff.
May I add: You’d have to stop using VsCode or TypeScript, or even npm and Chrome, if you think big means bad, and you don’t want to fuel big corporations.
One can see how rediculous the whole idea of limiting FOSS in a “who can use this” way is.
Truly free will always win in the long way. Or you don’t think, a paid dev with some AI can replace your package fairly quickly?
1 word: AGPL-3.0
Offer a dual license model if needed. People may fork, but I'd say its still worth it.
Restricting licenses in this way stops it from being libre/free/open source. A fundamental aspect of libre/free/open source is that it's possible to use in a commercial setting. The FSF FAQ addresses this point specifically [0].
If the author wants to abandon libre/free/open source licenses, they should state so explicitly. As it stands, the blog post is ambiguous about whether the author wants to abandon libre/free/open source for a proprietary license or whether they want to strip libre/free/open source licenses of their freedom. I don't follow alternative licenses of this sort but I've seen licenses that allow gratis use up until some threshold of users or income is reached. For example, the Unreal engine license has something along these lines [1].
If the author wants to remain libre/free/open source while mitigating bad behavior by large corporate actors, the AGPL is a fine choice as it legally coerces the copyleft even behind network based software. I'm not sure I have any hard evidence but I've heard that large corporate actors avoid the AGPL for this reason.
I'm a little incredulous that authors choose one of the most "business friendly" but least libre/free/open source (while still being FOSS) licenses and then are shocked when businesses use it without any thought to remuneration. I've seen a few instances of people providing software under and MIT license, such as the helmet.js package discussed in this blog post, and then regretting their decision.
The MIT license is used as a "business friendly" license that is still libre/free/open but doesn't have the copyleft clause to mitigate bad behavior. Why did you choose the MIT license in the first place? Why abandon other libre/free/open source license alternatives and go straight to a proprietary solution?
I don't even know how to begin to address the issue of who gets to decide who the "bad guys" are and who the "good guys" are.
In my opinion, the reason for the success of FOSS is because it's an answer to overly restrictive copyright by enriching the commons. The commons, by definition, is free for public use. If you don't agree with creating a rich commons so that everyone can benefit, that's absolutely your right, just please don't call it open source.
[0] https://www.gnu.org/licenses/gpl-faq.en.html#NoMilitary
[1] https://www.unrealengine.com/en-US/license
def not my wheelhouse, but I assume easiest way to keep bad guys out is to use copyleft license and only enforce against bad guys. despite what some say in defense of billionaires, you don't actually need to enforce every violation of your rights; rights don't disappear under law just because you don't use them.
The evil car companies filling our roads with cars!!!!
Whats the context to wanting to stop "bad guys" from using your open source project?
Might want to elaborate while you're on the front page!
His Mastodon is linked at the bottom of the page and from what I've seen it's likely that this is because of a dislike of ICE.
The thing that confounds me is, this person thinks that what ICE is doing is illegal, so why does he think ICE would suddenly care about the law when it comes to software licenses?
You can either go the custom licence route, but many people do raise (valid) concerns that if you do that, it will be incompatible with others. I do not share that view but I can certainly understand it.
A possible alternative would be using a standard licence like MIT but putting swears/slurs in either the author list or the code itself so using it would be a PR risk, and this could work as a deterrent against commercial usage.
Open source benefits everyone. Large corporations can derive more benefit because they’re larger. I don’t blame them for using something I deliberately give away for free to everyone, including large corporations.
I don't understand why so many open source developers don't want truly free software. Your software isn't free if people can't do whatever they want with it.
"Evil" is also a bad descriptor to use. If I started giving out apples for free on the street (of which I had an infinite supply), I wouldn't be upset if nobody came back with an improved apple for me to use instead.
> I don’t just want to do this for my little project; I want to slowly change the discourse. I’m not sure how to do that effectively, if it’s even possible.
So he's decided that as the supreme arbiter of what is good and just that he'll be trying to slowly boil open source's collective frogs. How narcissistic.
> How can I bring more attention to this issue given the relative popularity of my project? Do I write a blog post? A callout in the documentation?
No. Because it doesn't matter.
I share your sentiment. He needs to decide if his software is open-source or not.
It goes both ways. Open-source devs don't owe you free bug patches. People profitting from open-source don't owe you a share of their income.
For end-user applications, there's potentially the PolyForm Noncommercial License[1]. But since your project is a library, I would not recommend straying from well-known OSS licenses. Very few people would consider using a non-OSS library in a project of any kind.
[1]: https://polyformproject.org/licenses/noncommercial/1.0.0/
The important thing to realize is that once you have release something, you have no control over how it is used. It doesn't matter whether it is an open source license or a commercial license. You have the right to take legal recourse, may that be over copyright infringement or licensing terms, but that requires both the means and desire to pursue what may be a lengthy process with an uncertain outcome. Worrying about stuff you cannot control is going to have a far more negative impact upon your life than it will upon those who are using your software for evil.
So what can you do?
Learn how to set boundaries. If a corporation demands something that you have no interest in providing, tell them no. If you are interested in providing it, request compensation for the work or request they submit a patch or let them wait until you can do the work on your terms.
For honest leechers, choose a license that discourages them. Switching from a MIT style license to a GPL style license won't prevent people from profiting from your work, but it will discourage those who want to make proprietary extensions to your work. Also realize that this won't stop dishonest leechers.
Continue to voice your concerns. Corporations don't feel guilt, but people inside them may. Even if the people within them don't feel guilt, they may still see you as an unreliable developer to exploit.
On what license to choose, this talk by Adam Jacob is good:
https://www.youtube.com/watch?v=rmhYHzJpkuo
And if you want to read about open source vs source available, this GitHub with the Red Hat lawyer and co-author of GPLv2 provides a TLDR of the sentiment. The reference from Chad gives a deep dive into the discussion and origin of FSL’s language.
https://github.com/liquibase/liquibase/issues/7374
> I know my goal: shift the default in open source from “it’s free for anyone to use” to “please don’t use this if you’re evil”. I don’t just want to do this for my little project; I want to slowly change the discourse.
Good luck. Defining evil objectively is, of course, a challenge. But even with an unambiguous definition in hand, enforcing or detecting it is nigh impossible. Especially since the truly evil will simply lie, ignore the terms of your license, and use it anyway.
There is the MIT+ni*ger license. Please don't ban me, just saying. No company would ever use your software given this license, but your users may boycott you too
Horseshoe theory proven right again.
I've never understood open sourcing something, but only if I like you. The answer is to have proprietary license that you only give out to select users/companies.
Big business has actually tackled this kind of problem itself with supply chain ethics. It's a kind of collective action to not do business with "evil" companies. They've written down a clear list of what counts as evil and they're supposed to get all their suppliers (recursively!) to agree to it.
A reminder that Open Source means surrendering your monopoly over commercial exploitation:
https://drewdevault.com/2021/01/20/FOSS-is-to-surrender-your...
Ironically, if you change so that your software is so longer free software, but "source available", then you become one of the bad guys.
At least that's how the community generally reacts.
Change the license. There will be CVEs. Require modest payment for updates from large firms.
Blackmail? Surely that can’t be the solution.
That would create a market for creating your own set of fact CVEs (using AI of course) everytime the rent came due.
I solved this problem by not making my project open source. Instead I launched a limited-supply cryptocurrency for it and made it a rule that anyone who owns at least x tokens is entitled to a copy of the code with full rights to use, read and modify... Because there are a limited number of tokens, it means that there are a limited number of licenses and token price would go up with demand.
Big fan of this opinion on the matter https://lukesmith.xyz/articles/why-i-use-the-gpl-and-not-cuc...
Terrible article. The whole style is annoying but let me just quote two things.
> The funniest thing is when Cuck Licensers complain that people are abiding by their licenses. They will complain that people took their code and made money off of it. They will complain when they don't get some social credit they feel like they deserve when their code is used in a project. They will complain if people fork their project and it becomes more popular than the original. They will complain when some tech giant takes their code and makes spyware out of it.
None of these things are prevented by making your code GPL. GPL only means that if they distribute the software, they also have to distribute the source. There is no requirement to provide “social capital”, to not make money or to not put spyware in it.
> With Cuck Licenses, you get the worst of two worlds: You get no credit for your work, […]
BSD-style licenses require attribution when distributing the software. So if Intel distributed MINIX, they had to put the license and Andrew Tanenbaum’s copyright notice somewhere in their documentation. That’s why we get all those screenshots of curl being in things.
Sounds like the guy that invented bicycle helmets. He didn’t want Nazis to feel safe letting their kids ride bikes to school either.
What are the odds.
OP's rant is about Helmet.js, his sorta-popular NPM package. You drew a fascinating parallel.
1. the trouble with "bad guys" is they DGAF so good luck convincing them to change their ways
2. quit using permissive licenses if you expect corporations to "give back", Open Source != Free/Libre software. You seem interested in the latter, licenses/copyright laws matter to the !bad guys.
No.
Take at any conflict in the world. Ok, nothing that China or Russia are involved in. IDK, let's keep it complicated and say, "waring factions in some African country that doesn't regularly make the news", or "skirmishing Muslim groups in the middle east" (So a hard no to Israel/Palestine which everybody has strongly polarised opinions about whether they're right or not).
Now, wait for every other npm package in the world to get polarised on whether or not to block your shitty package because you picked the wrong side in some faraway war that, to be honest, you don't give a shit about anyway. Or maybe you didn't even voice an opinion about said war? WHY DIDN'T YOU? WHAT ARE YOUR HIDING? WEAR THE RIBBON! CHANT THE CHANT!
Because that's all some people seem to have time for these days, and it's practically impossible to avoid the purity spiral if you show up on their radar. I've seen well known people (celebrities, academics, billionaires) get cancelled for not supporting some specific thing. Once you make this part of your software license people will rightly run like fuck from it.
What's your stance on:
- veganism
- India / Pakistan
- Climate change (no fly stickers, do you fly??)
- GM
- You country's immigration policy
- Some other country's immigration policy
- Trump (even if you're not American)
- Taiwan
- Taxation
- Houtis
- Sulki racing (Irish travellers)
- Islam Vs Christianity / Judaism / Hinduism
- Communism / Socialism
Or, just maybe, this is a few lines of code that is concerned with X and not (all these things, Jesus give me a break)
The end result of this would be a completely broken ecosystem. Package version hell, but worse.
> Can we prevent Nazis from using our software?
Short of engaging in equally authoritarian control-freakery? I don't see how.
I'm amused by one package author that I'll leave unnamed who has a list on his site enumerating political parties around the world at one end of the political spectrum and announcing that supporters of these parties are disinvited to use his work.
I'm all: "Dude, get over yourself. Parties ALL suck. Now, do good, and consider investing less time on posturing."
> Can we prevent Nazis from using our software?
Releasing it in the year 2025 is a pretty good guarantee of this, unless someone develops a time machine.
Errrr there is currently a worldwide upswing in nationalism. Oh that’s fine because it’s not Nazis but Neo-Nazis - the new kind.
Thankfully history doesn’t repeat itself.
Sorry for getting snarky.
[dead]
You can probably close-source and sell for cheap, pick and choose who you sell it to.
[dead]