>I am considering relicensing my tools under some sort of Attribution-ShareAlike license similar to the BY-SA the content on this site is licensed under.
Please don't use CC licenses for code, it's not what they are designed for and the CC actively discourages it[0]. Consider using the AGPL[1] or similar instead.
The author is sharing second thoughts about using the MIT license and yes, bad actors are going to break bad, but the point of licensing is to control re-use within the (enforceable) legal framework of copyright. Reciprocal licenses (thanks Lawrence Rosen[1] for that term less charged than copyleft or viral) cede less control, and provide more footholds for enforcement. Remember that GPL has (sometimes) worked as intended in adversarial commericial settings [2,3].
To be honest I prefer copyleft or viral over reciprocal. Reciprocal licensing is traditionally an arrangement where a given license is interchangeable with another license.
For example, drivers licenses are often reciprocal between states. I've worked for firms which has reciprocal licensing agreements with some of their manufacturers. Copyleft is neither.
The big place that permissive licenses are promoted is in the giant tech companies. This is not a coincidence; it benefits them. That does not mean it benefits us.
With smaller companies we see a lot of *GPL with additional commercial licensing options ... which (assuming the main product is not a library with a non-LGPL license) often is actually still easy to comply with (especially if you only use somebody's prebuilt binaries) if you actually bother, no matter how much the hate train complains.
For individuals it varies a lot by ideology rather than deep thought, but permissive-license-regret is common.
> Most irksome of all, in a fair number of cases they sit centrally on pages covered in ads and SEO keywords. My tools are being associated with a genuinely bad user experience.
For the record, any license that does not allow users to do that would NOT be a free software license.
Most licenses, even permissive ones, do require attribution of some sort, which in theory should move the SEO to the original.
The problem is that:
1. BSD-4-clause included an advertising clause and that was considered burdensome (similarly, GFDL-with-invariant-clauses is forbidden by e.g. Debian), so the attribution only has to remain somewhere.
2. Embedded-in-an-archive links probably don't count much for SEO. Some aspects of GPL and/or AGPL can help in some circumstances ("appropriate legal notices"), but automated AGPL requirement satisfaction in the presence of forks can actually be pretty tricky to implement even among good actors.
3. even though it's illegal, stripping of license headers remains very common
I hate that people think they can control the definitions of "free" and "open" . I don't care about these biased propaganda definitions. If you want to promote your definition use a branded trademarkable name, don't try to steal our shared use of common words.
It's useful when words mean things. That goes double when the words are used for marketing. Like, yeah in theory it's odd for the OSI to define "Open Source", but in practice it turns out the only people who seem to object to this are people who really want the social capital from calling their stuff open source while actually screwing over the users.
“Free” means something. If you want to stop people distributing your software through a site that has ads, then it’s not “free.”
“Open source” means something too. The control people have is in using shared definitions.
Language is malleable, so if enough people use a word incorrectly it changes the definition. But those people get to be called wrong for years until enough people misuse it to make it right.
I'm not going to go looking for them, but the impression I get of the sort of copycatters described is that they really won't care what the licence is, if the source is available they'll be there anyway - the blog post will just be complaining that it's against the terms of the licence (and probably not pursuing legal action) instead.
I don't think it really matters. These things will exist, anyone who matters will realise they're not legit. They won't make significant sales (without significant added value) it won't detract from your reputation; etc.
In fact, they already don't care. MIT requires attribution, and the author mentions in the article that "With noted exception, they don't credit me as the author or provide any sort of link back."
If they were actually violating the license, it'd be pretty easy and cheap to send DMCA takedowns to search engines, wouldn't it? (And possibly also whoever's hosting the copycat pages.)
I get your point, but i guess it’s sadder to see people complying with the license terms in an assholish manner than see people completely breaching the terms of the license.
Author here. This was a frustrated rant after discovering these people serving my circle generator and frankly moreso my .htaccess rewrite generator on sites plastered with ads get more traffic than I do. It's honestly a little childish. I'd take the whole post with a grain of salt.
I used to to have a little cottage industry that helped me pay the bills of people finding my rewrite generator, not knowing what they're doing, and reaching out for help with their htaccess files. It's been a couple years now since anyone has reached out. On realizing that, I started looking into it.
Part of that decline is clearly Apache becoming less relevant, but the other part (I think anyway) is that I've fallen way down the SEO ranks, frustratingly behind people hosting my own tools.
Like I said, it's a rant. Think of it as such.
Everything is still MIT and by all likelihood going to stay that way.
Practical question - though IANAL - if they're not providing attribution, then aren't they out of compliance even with the MIT license, in which case you could hit them with a DMCA take down?
Thanks for chiming in. Before I delved into Linux, I spent a lot of time with the BSDs. Because of the more permissive license used by the BSDs, I learned that the work put into these projects is for the benefit of mankind. Whether that's an individual, small project, or a greedy corporation, everyone and all get to benefit and, yes, you've seen the negative side of that.
@author You should consider your (likely) emotional and (definitely) ideological reaction to AGPL / GPL-style licensing and be pragmatic about which license you use for what.
I always work from first principals, and have written code which includes proprietary, public domain, and various forms of copyleft. They all have their place.
The licensing discussions become... religious in nature. It should really a pragmatic question of what kinds of ecosystem and behaviors you want.
The choice is and isn't about freedom. Most people are constrained by capitalist free markets (or other organizational mechanisms). If I'm competing and I keep your code open and a competitor makes theirs proprietary, they have an advantage. Ergo, in many domains, you see people forced to engage in obnoxious behavior as you're seeing to be competitive. Everyone can WANT to keep things open (or any other good behavior) but NOT be able to do it.
Something like the GPL can force everyone to do what they wanted to do, if their freedom wasn't taken away by the invisible hand of the market. Ditto for many regulations. Things which seem constraining can be liberating once you put a market system around it.
Is there a license that only requires mentioning? Like exactly CC-BY but for code?
I'm in a similar position as the post. I make scripts and tools that I want to share online for anyone to use. I would like to allow everyone unrestricted access to it, but only if there is a mention and a link to the original page in a user-visible place.
You want to use the tool? Go on, but mention me as the author.
You want to modify the tool privately for your own purposes and use it on your company? Go on, but mention me as the original author.
You want to take the tool, include ads, and sell it? Go on, but mention me as the author.
This is due to past experiences with people taking my scripts and just reuploading saying they made it. I only want to be credited as the original author, that's it (and for the third example, the ad-filled copy, my idea is that if you get money from my work that's...ok, but only if you let people know where you got it to (so they can decide if they prefer the free original or yours).
MIT only requires to keep the license file, but from my understanding it's just a file that users may not even see.
GPL (and AGPL) requires you to share your modifications, which is a restriction I don't really care.
CC-BY is the closest to it (in fact I think is exactly what I'm asking for) but for some reason it is not advised to be used on code...
The specific problem the author mentions likely would not be solved by a more restrictive license. SEO squatters take whatever they want, and I doubt it would be worth it to sue them for breaking license terms.
While I agree that this isn't a licensing issue, it presents a malware threat for regular users - especially of the more popular software. If you care about the safety of the users, it may be well worth knocking the squatters off search results using DMCA. (In this particular case, I believe that attribution is required by the license).
In the long term, we need ways to make genuine sources more discoverable and verifiable.
Genuine question: Relicensing to a more restrictive one would not stop them from copying it, right? And even if they do - would you considering pursuing legal actions against them?
My advice: split your work into two camps, the types of projects you would be happy if everybody used and benefited from (even without crediting you), and the types of projects that you would not be happy seeing others republish without your name. Choose a permissive license like MIT for the former, and keep the latter closed source.
In my case[1], although I have several hundred MIT repos, I have many others that I feel an emotional connection to and do not share publicly.
It's interesting: generally speaking OSS licenses concern copyright for the code, but not trademarks for the name of the project. Licensing Project Foobar under an OSS license should not really be seen as granting permission to use the name "Project Foobar".
But I just realized that the MIT license is worded in such a way that one could draw that inference, and it might stand up in court.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
One could probably make a compelling argument that "you have the right to deal in this Software without restriction" and "you have the right to sell this software" as including the right to sell it under the same name.
If one is going to use the MIT license (or anything else that doesn't call out the copyright/trademark distinction) it would probably be good to include a supplemental notice that reads something like "The MIT license here does not confer any rights to use the name 'Project Foobar'. You must distribute any copies or derivative works under a different name or we will sue you into oblivion for trademark infringement" (or something roughly along those lines).
I do not think so. First of all, the license is clear that it is a “copyright license”. In my view, that calls out the distinction from trademark by exclusion. It would not be a reasonable interpretation to assume a trademark license unless trademark is explicitly mentioned and even less so when the license is explicitly described as a “copyright” license. The license defines “The Software” and, again, I see no reason to infer trademark as being part of that definition.
The license also requires you to include attribution and to declare the copyright of the licensor. So, while you have access to the software, ownership has clearly not transferred. You have a copyright license ( that has to be declared ). Nothing more.
So is this the new way to hack personal cellphones? I have nothing at all to do with technology but The Open Source Software License has been on my personal cellphones for about 5 years. It started with a person I knew cyber stalking me by controlling my phone. Settings of that phone showed there was another device with more access to my account than I did my phone was used once in awhile. Google maps showed his contact name and that he knew my beginning specific location ETA to my next specific location etc. he blocked important contacts and emails. It just got worse as he got better at it by using the MIT Open Source Software. He got into my MGH Patient Gateway and changed my medical records and not to make me look good he did it to hurt me and make me look legitimately paranoid/ crazy/ drug addict etc. I thought he was a friend and had no idea until about a year ago what was actually happening and because it was during Pandemic my Doctors/ Surgeons don't realize my records were changed . How can I stop this?
> they don't credit me as the author or provide any sort of link back
But this is simply not true. MIT requires keeping the copyright notice intact, which would be a credit. People that aren’t going to follow this requirement weren’t going to follow the GPL or whatever alternative you pick either, so either sue them or don’t worry about which one you picked exactly.
He covers this in a couple places in the post. There is no requirement under MIT to redistribute the source for any changes you make or anything you build with it.
If they redistribute the source then yes, but that’s not the concern in the post.
Including a comment in the JavaScript file is broadly considered good enough to satisfy this requirement of the MIT license, even though most people won't ever see it.
GPLv3, on the other hand, is much more explicit about saying that the copyright notice must appear in the actual user interface of the application.
I can relate. After some years I first switched to the Apache 2 license, later for some code AGPLv3. My stuff is mostly garbage and some software debt but who knows ;)
Now I start leaning towards: if one doesn’t want others to use it, don’t release it.
Well, with any license releasing code for useful tools will result in unlimited 'borrowings'. In most cases enforcement against small player is difficult. And impossible if it becomes popular in darknet/underground. My recommendation to the author: forget about it. You can add more watermarks in the code, or stop coding at all blaming a.. bad people, someone specifically, the laws, etc. if it make you feel better. As for me if I give something away I don't expect my axx to be kissed. Still can add it to my resume.
You are not alone here. For the past 15 years, I've been trying to figure out how this works and what license to apply to the new programming language. It seems like a strange waste of time, as with AI coming, it will be easy to bypass licenses and clone your code legally, and managers are already discussing this. I think this is the reason for the decline in the software startup market.
So, what does the author actually wants from the licence?
Is it ok that other people take the code, modify it but don't open the modifications? If not, then GPL or AGPL. If you want that they can still build sth around it, but otherwise not modifying your library, then LGPL.
Or is this ok, but the main issue is no attribution to the original source? BSD licence maybe? Or Apache? Or what else?
> Many of them have made minor or major modifications to the tools, and next to none provide the source to those modifications.
> I am considering relicensing my tools under some sort of Attribution-ShareAlike license similar to the BY-SA the content on this site is licensed under.
The attribution required by GPL/LGPL is fairly weak and in practice doesn't prevent the kind of "exploitation" discussed here. Ultimately if you don't market your work you will get steamrolled by people who do; I'm not sure this can or should be fixed.
> I want you to use things I've written. On top of that I don't believe it's my place to force you to then open source things you have written that expand upon my source code.
I'm a big proponent of the GPL and the AGPL, but no they don't sound like good solutions to the author's problems. It might solve the attribution issue but it's going to go counter to the author's other goals.
I thought the MIT license required attribution, but on rereading the requirement is pretty weak: You're only required to keep the original copyright notice.
tldr; OP felt that releasing libraries under MIT License benefited the community, but releasing apps was a mistake because other sites bested them in the SEO game. That probably caused a Bing blackout, and certainly meant losing in SEO to crapware-filled sites.
I'm thinking the optimal course would be a GPL release + trademarking the software name so that there could be more control about attribution and what sites get to use the name?
Yes. The (A)GPL is there for a good reason (in part, this one - ensuring one's work and other's work on it remains free and open source and commercial freeloaders can't get a free ride), and trademark law ensures you retain control of your software's brand. MIT and BSD... well, look where they come from - they're not designed with those purposes in mind. If you care about an aspect of a licensing solution, use a license designed and fit for purpose - just as you'd use a library designed and fit for purpose.
AGPL does not stop that kind of use at all, though. As long as you stick to making the application have a quine functionality on all channels, it doesn't matter if the link is 0.01% of text on page compared to SEO spam.
If they are modifying the frontend so it’s their own code, no copy left license would work because no copyright would be triggered. Output of the tool wouldn’t be covered.
About 15 years ago I sold a car I owned. Its fair market value was $5,000, but to get that I'd have to wash it, put an ad on Craigslist, deal with the scammers who want to pay with fake money orders, meet with potential buyers, let them test-drive it, etc., and I didn't have the time or patience to do all that. So instead I sold it to a coworker at a low price, maybe $4,000. I sent an email to the company's water-cooler list and included a photo of the car. Within probably 15 minutes someone replied saying the car would be perfect for his mom. By the end of the day, I had received a personal check, signed over the title, etc., and I thought that was the end of it.
A few days later another coworker emailed me with a screenshot of a Craigslist ad for a car like mine. In fact, it actually was for my car! The first coworker listed it for something like $5,250, and by the time Coworker #2 pinged him, he'd already sold it for that price. Coworker #1 didn't even take a new picture -- he just reposted the one I'd taken!
At first I felt exploited. Here I was, being nice to my coworkers and offering a discounted car. And I later confirmed that the guy who bought it actually did lie about intending it for his mom, which made the whole thing seem even more unsavory. But I calmed down after a few minutes. I remembered that my plan was to sell it to a coworker rather than deal with the scumbags on Craigslist, and I was willing to take a big discount for that. "Being nice to my coworkers" was just the story that I told myself to justify my priorities. I got exactly what I wanted out of the original deal: an easy way to get rid of a car I didn't need anymore. And unlike me, someone else was willing to put in the effort to flip the car and extract that last $1,000 or so of value. My instant emotional reaction was to feel vaguely cheated, or that the guy I sold it to was a sleaze. But he didn't actually hurt me. I got what I wanted, and so did he.
In the case of this software tool, I'd ask the article author whether, in retrospect, he wishes that he'd kept the tool rights and gone down the SEO rabbit hole to monetize it for himself. Let's say further than he was successful, obtaining $X/month in ad revenue. Would he feel better in that case? I'd guess not; for most values of $X, he'd conclude it wasn't worth his time. But what happens once he concedes that he's not going to put in the effort? Does he still not open-source it solely to prevent anyone from monetizing it? That's the key question. Would he feel better knowing that he prevented someone else from benefiting?
When we give gifts, we hope the recipient will use it in the way we would have. Use the tool to create awesome ovals. Drive your family around in the car. It's hard when the recipient instead uses it "the wrong way." SEO the tool. Flip the car. But that's always a risk when truly giving a gift with no strings attached.
In retrospect I view that part as an example of "don't hate the player, hate the game." In negotiated deals like this, it's not unusual to represent yourself as the right choice even if the terms you're offering aren't the best. See homebuyer offer letters for a particularly nauseating example. Who knows or really cares whether those parts of the deal are honest?
Maybe the car truly would have been great for his mom.
I basically have two modes for releasing code: All rights reserved, or public domain / CC0. My reasons are pragmatic. The latter improves the former by letting future me shamelessly plagiarize past me with zero responsibilities to point it out to anyone.
>I am considering relicensing my tools under some sort of Attribution-ShareAlike license similar to the BY-SA the content on this site is licensed under.
Please don't use CC licenses for code, it's not what they are designed for and the CC actively discourages it[0]. Consider using the AGPL[1] or similar instead.
[0] https://creativecommons.org/faq/#can-i-apply-a-creative-comm...
[1] https://www.gnu.org/licenses/why-affero-gpl.html
AGPL wouldn't prevent any of the abuses he describes, though.
It's not an abuse. This is by design. It's one thing many don't get about Open Source. The goal is to not discriminate against any kind of use.
If you want to discriminate users by how they use it, then you don't want open source.
7 replies →
Or just like MPL too :-)
The author is sharing second thoughts about using the MIT license and yes, bad actors are going to break bad, but the point of licensing is to control re-use within the (enforceable) legal framework of copyright. Reciprocal licenses (thanks Lawrence Rosen[1] for that term less charged than copyleft or viral) cede less control, and provide more footholds for enforcement. Remember that GPL has (sometimes) worked as intended in adversarial commericial settings [2,3].
[1] https://www.oreilly.com/library/view/open-source-licensing/0...
[2] https://www.tp-link.com/us/support/gpl-code/
[3] https://www.zdnet.com/article/software-freedom-conservancy-w...
To be honest I prefer copyleft or viral over reciprocal. Reciprocal licensing is traditionally an arrangement where a given license is interchangeable with another license.
For example, drivers licenses are often reciprocal between states. I've worked for firms which has reciprocal licensing agreements with some of their manufacturers. Copyleft is neither.
The big place that permissive licenses are promoted is in the giant tech companies. This is not a coincidence; it benefits them. That does not mean it benefits us.
With smaller companies we see a lot of *GPL with additional commercial licensing options ... which (assuming the main product is not a library with a non-LGPL license) often is actually still easy to comply with (especially if you only use somebody's prebuilt binaries) if you actually bother, no matter how much the hate train complains.
For individuals it varies a lot by ideology rather than deep thought, but permissive-license-regret is common.
4 replies →
> Most irksome of all, in a fair number of cases they sit centrally on pages covered in ads and SEO keywords. My tools are being associated with a genuinely bad user experience.
For the record, any license that does not allow users to do that would NOT be a free software license.
Most licenses, even permissive ones, do require attribution of some sort, which in theory should move the SEO to the original.
The problem is that:
1. BSD-4-clause included an advertising clause and that was considered burdensome (similarly, GFDL-with-invariant-clauses is forbidden by e.g. Debian), so the attribution only has to remain somewhere.
2. Embedded-in-an-archive links probably don't count much for SEO. Some aspects of GPL and/or AGPL can help in some circumstances ("appropriate legal notices"), but automated AGPL requirement satisfaction in the presence of forks can actually be pretty tricky to implement even among good actors.
3. even though it's illegal, stripping of license headers remains very common
I hate that people think they can control the definitions of "free" and "open" . I don't care about these biased propaganda definitions. If you want to promote your definition use a branded trademarkable name, don't try to steal our shared use of common words.
It's useful when words mean things. That goes double when the words are used for marketing. Like, yeah in theory it's odd for the OSI to define "Open Source", but in practice it turns out the only people who seem to object to this are people who really want the social capital from calling their stuff open source while actually screwing over the users.
5 replies →
“Free” means something. If you want to stop people distributing your software through a site that has ads, then it’s not “free.”
“Open source” means something too. The control people have is in using shared definitions.
Language is malleable, so if enough people use a word incorrectly it changes the definition. But those people get to be called wrong for years until enough people misuse it to make it right.
4 replies →
I'm not going to go looking for them, but the impression I get of the sort of copycatters described is that they really won't care what the licence is, if the source is available they'll be there anyway - the blog post will just be complaining that it's against the terms of the licence (and probably not pursuing legal action) instead.
I don't think it really matters. These things will exist, anyone who matters will realise they're not legit. They won't make significant sales (without significant added value) it won't detract from your reputation; etc.
In fact, they already don't care. MIT requires attribution, and the author mentions in the article that "With noted exception, they don't credit me as the author or provide any sort of link back."
MIT doesn't require public attribution on the user's website. Here's what it requires:
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
If you leave the MIT license anywhere in your server alongside the licensed code, with no public access, you are complying.
2 replies →
Yeah that's my point, they're doing it because they can (literally can, as in the source is available) not because the licence allows them to.
If they were actually violating the license, it'd be pretty easy and cheap to send DMCA takedowns to search engines, wouldn't it? (And possibly also whoever's hosting the copycat pages.)
It looks they are not violating anything though.
3 replies →
I get your point, but i guess it’s sadder to see people complying with the license terms in an assholish manner than see people completely breaching the terms of the license.
But I suppose I'm saying I don't think they have that arseholish manner - they are simply replicating it because it is available.
I.e. if you don't like it the solution is not AGPL or source available but no reuse allowrd or whatever, it's closed source.
3 replies →
Author here. This was a frustrated rant after discovering these people serving my circle generator and frankly moreso my .htaccess rewrite generator on sites plastered with ads get more traffic than I do. It's honestly a little childish. I'd take the whole post with a grain of salt.
I used to to have a little cottage industry that helped me pay the bills of people finding my rewrite generator, not knowing what they're doing, and reaching out for help with their htaccess files. It's been a couple years now since anyone has reached out. On realizing that, I started looking into it.
Part of that decline is clearly Apache becoming less relevant, but the other part (I think anyway) is that I've fallen way down the SEO ranks, frustratingly behind people hosting my own tools.
Like I said, it's a rant. Think of it as such.
Everything is still MIT and by all likelihood going to stay that way.
Practical question - though IANAL - if they're not providing attribution, then aren't they out of compliance even with the MIT license, in which case you could hit them with a DMCA take down?
Attribution and retaining a copyright notice are two separate things.
Thanks for chiming in. Before I delved into Linux, I spent a lot of time with the BSDs. Because of the more permissive license used by the BSDs, I learned that the work put into these projects is for the benefit of mankind. Whether that's an individual, small project, or a greedy corporation, everyone and all get to benefit and, yes, you've seen the negative side of that.
@author You should consider your (likely) emotional and (definitely) ideological reaction to AGPL / GPL-style licensing and be pragmatic about which license you use for what.
I always work from first principals, and have written code which includes proprietary, public domain, and various forms of copyleft. They all have their place.
The licensing discussions become... religious in nature. It should really a pragmatic question of what kinds of ecosystem and behaviors you want.
The choice is and isn't about freedom. Most people are constrained by capitalist free markets (or other organizational mechanisms). If I'm competing and I keep your code open and a competitor makes theirs proprietary, they have an advantage. Ergo, in many domains, you see people forced to engage in obnoxious behavior as you're seeing to be competitive. Everyone can WANT to keep things open (or any other good behavior) but NOT be able to do it.
Something like the GPL can force everyone to do what they wanted to do, if their freedom wasn't taken away by the invisible hand of the market. Ditto for many regulations. Things which seem constraining can be liberating once you put a market system around it.
Except neither GPL, nor AGPL, would do anything about the case described. And that's even with AGPL violating freedom 0 through its tangled text.
5 replies →
Is there a license that only requires mentioning? Like exactly CC-BY but for code?
I'm in a similar position as the post. I make scripts and tools that I want to share online for anyone to use. I would like to allow everyone unrestricted access to it, but only if there is a mention and a link to the original page in a user-visible place.
You want to use the tool? Go on, but mention me as the author. You want to modify the tool privately for your own purposes and use it on your company? Go on, but mention me as the original author. You want to take the tool, include ads, and sell it? Go on, but mention me as the author.
This is due to past experiences with people taking my scripts and just reuploading saying they made it. I only want to be credited as the original author, that's it (and for the third example, the ad-filled copy, my idea is that if you get money from my work that's...ok, but only if you let people know where you got it to (so they can decide if they prefer the free original or yours).
MIT only requires to keep the license file, but from my understanding it's just a file that users may not even see. GPL (and AGPL) requires you to share your modifications, which is a restriction I don't really care.
CC-BY is the closest to it (in fact I think is exactly what I'm asking for) but for some reason it is not advised to be used on code...
Scammers gonna scam, whatever license you use - but, that said, this is the exact use case that the AGPL license is made for.
Discussed (a bit) at the time:
Releasing my tools under the MIT License was probably a mistake - https://news.ycombinator.com/item?id=37111145 - Aug 2023 (7 comments)
The specific problem the author mentions likely would not be solved by a more restrictive license. SEO squatters take whatever they want, and I doubt it would be worth it to sue them for breaking license terms.
While I agree that this isn't a licensing issue, it presents a malware threat for regular users - especially of the more popular software. If you care about the safety of the users, it may be well worth knocking the squatters off search results using DMCA. (In this particular case, I believe that attribution is required by the license).
In the long term, we need ways to make genuine sources more discoverable and verifiable.
First, you wanted people to use your tools and you gave them away for free under the MIT license.
Now you’re complaining that people are using your tools.
You can’t have your cake and eat it too.
Author here, and I agree. In the post I'm just lamenting my past choices. I gave people leeway and they used it. That is my failing, not theirs.
Genuine question: Relicensing to a more restrictive one would not stop them from copying it, right? And even if they do - would you considering pursuing legal actions against them?
1 reply →
Simply don't shy away from copyleft licenses. MIT has its uses, but GPL is there for you too.
My advice: split your work into two camps, the types of projects you would be happy if everybody used and benefited from (even without crediting you), and the types of projects that you would not be happy seeing others republish without your name. Choose a permissive license like MIT for the former, and keep the latter closed source.
In my case[1], although I have several hundred MIT repos, I have many others that I feel an emotional connection to and do not share publicly.
[1] https://github.com/mattdesl
> In some cases, they are even beating me in search results for my own tools.
Correct me if im wrong but the license does not give them the right to name. Author should still be able to request them to change the name?
It's interesting: generally speaking OSS licenses concern copyright for the code, but not trademarks for the name of the project. Licensing Project Foobar under an OSS license should not really be seen as granting permission to use the name "Project Foobar".
But I just realized that the MIT license is worded in such a way that one could draw that inference, and it might stand up in court.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
One could probably make a compelling argument that "you have the right to deal in this Software without restriction" and "you have the right to sell this software" as including the right to sell it under the same name.
If one is going to use the MIT license (or anything else that doesn't call out the copyright/trademark distinction) it would probably be good to include a supplemental notice that reads something like "The MIT license here does not confer any rights to use the name 'Project Foobar'. You must distribute any copies or derivative works under a different name or we will sue you into oblivion for trademark infringement" (or something roughly along those lines).
I do not think so. First of all, the license is clear that it is a “copyright license”. In my view, that calls out the distinction from trademark by exclusion. It would not be a reasonable interpretation to assume a trademark license unless trademark is explicitly mentioned and even less so when the license is explicitly described as a “copyright” license. The license defines “The Software” and, again, I see no reason to infer trademark as being part of that definition.
The license also requires you to include attribution and to declare the copyright of the licensor. So, while you have access to the software, ownership has clearly not transferred. You have a copyright license ( that has to be declared ). Nothing more.
1 reply →
Or use Fooweasel in the source code and Foobar™ in the binaries.
Wouldn't that fall under trademark and not copyright law?
So is this the new way to hack personal cellphones? I have nothing at all to do with technology but The Open Source Software License has been on my personal cellphones for about 5 years. It started with a person I knew cyber stalking me by controlling my phone. Settings of that phone showed there was another device with more access to my account than I did my phone was used once in awhile. Google maps showed his contact name and that he knew my beginning specific location ETA to my next specific location etc. he blocked important contacts and emails. It just got worse as he got better at it by using the MIT Open Source Software. He got into my MGH Patient Gateway and changed my medical records and not to make me look good he did it to hurt me and make me look legitimately paranoid/ crazy/ drug addict etc. I thought he was a friend and had no idea until about a year ago what was actually happening and because it was during Pandemic my Doctors/ Surgeons don't realize my records were changed . How can I stop this?
> they don't credit me as the author or provide any sort of link back
But this is simply not true. MIT requires keeping the copyright notice intact, which would be a credit. People that aren’t going to follow this requirement weren’t going to follow the GPL or whatever alternative you pick either, so either sue them or don’t worry about which one you picked exactly.
He covers this in a couple places in the post. There is no requirement under MIT to redistribute the source for any changes you make or anything you build with it.
If they redistribute the source then yes, but that’s not the concern in the post.
Including a comment in the JavaScript file is broadly considered good enough to satisfy this requirement of the MIT license, even though most people won't ever see it.
GPLv3, on the other hand, is much more explicit about saying that the copyright notice must appear in the actual user interface of the application.
Agreed. His problem isn't the license. His problem is thinking a text file is going to stop a bad actor.
The text file isn't to stop the bad actor, it's to let you send DMCA requests to their host/search engines.
2 replies →
I can relate. After some years I first switched to the Apache 2 license, later for some code AGPLv3. My stuff is mostly garbage and some software debt but who knows ;)
Now I start leaning towards: if one doesn’t want others to use it, don’t release it.
Well, with any license releasing code for useful tools will result in unlimited 'borrowings'. In most cases enforcement against small player is difficult. And impossible if it becomes popular in darknet/underground. My recommendation to the author: forget about it. You can add more watermarks in the code, or stop coding at all blaming a.. bad people, someone specifically, the laws, etc. if it make you feel better. As for me if I give something away I don't expect my axx to be kissed. Still can add it to my resume.
You are not alone here. For the past 15 years, I've been trying to figure out how this works and what license to apply to the new programming language. It seems like a strange waste of time, as with AI coming, it will be easy to bypass licenses and clone your code legally, and managers are already discussing this. I think this is the reason for the decline in the software startup market.
As someone who prefers the MIT license, I honestly couldn't give a shit if you're using it to make billions by kicking children.
So, what does the author actually wants from the licence?
Is it ok that other people take the code, modify it but don't open the modifications? If not, then GPL or AGPL. If you want that they can still build sth around it, but otherwise not modifying your library, then LGPL.
Or is this ok, but the main issue is no attribution to the original source? BSD licence maybe? Or Apache? Or what else?
> If you want that they can still build sth around it, but otherwise not modifying your library, then LGPL.
They can modify the library under LGPL, they just have to redistribute the source for those modifications under LGPL also
> Many of them have made minor or major modifications to the tools, and next to none provide the source to those modifications.
> I am considering relicensing my tools under some sort of Attribution-ShareAlike license similar to the BY-SA the content on this site is licensed under.
Wouldn't the LGPL be well-suited to this?
The attribution required by GPL/LGPL is fairly weak and in practice doesn't prevent the kind of "exploitation" discussed here. Ultimately if you don't market your work you will get steamrolled by people who do; I'm not sure this can or should be fixed.
Yes, and in some cases the GPL and AGPL.
> I want you to use things I've written. On top of that I don't believe it's my place to force you to then open source things you have written that expand upon my source code.
I'm a big proponent of the GPL and the AGPL, but no they don't sound like good solutions to the author's problems. It might solve the attribution issue but it's going to go counter to the author's other goals.
3 replies →
I think you mean the Affero license: https://en.m.wikipedia.org/wiki/Affero_General_Public_Licens...
I thought the MIT license required attribution, but on rereading the requirement is pretty weak: You're only required to keep the original copyright notice.
tldr; OP felt that releasing libraries under MIT License benefited the community, but releasing apps was a mistake because other sites bested them in the SEO game. That probably caused a Bing blackout, and certainly meant losing in SEO to crapware-filled sites.
I'm thinking the optimal course would be a GPL release + trademarking the software name so that there could be more control about attribution and what sites get to use the name?
Yes. The (A)GPL is there for a good reason (in part, this one - ensuring one's work and other's work on it remains free and open source and commercial freeloaders can't get a free ride), and trademark law ensures you retain control of your software's brand. MIT and BSD... well, look where they come from - they're not designed with those purposes in mind. If you care about an aspect of a licensing solution, use a license designed and fit for purpose - just as you'd use a library designed and fit for purpose.
AGPL does not stop that kind of use at all, though. As long as you stick to making the application have a quine functionality on all channels, it doesn't matter if the link is 0.01% of text on page compared to SEO spam.
2 replies →
Just use BSD license then? Isn’t that the most permissive of all?
Not sure they can change the license at all?
The author doesn’t own copyright for the code changes they accepted over the years.
But kudos to the author for acknowledging they picked up a dumb license. Sad not to see the GPL or AGPL considered though.
You can take MIT software and add additional restrictions to it, which is the main difference between MIT and GPL in the first place
i've been in similar situation..
just keep going. ignore them. They will disappear sooner or later.. while you will keep showing up. That IS what matters.
IMO
If they are modifying the frontend so it’s their own code, no copy left license would work because no copyright would be triggered. Output of the tool wouldn’t be covered.
Either give code away or don't. Don't demand contributions or be a control freak about their use because it's wasted energy and uncool.
Change the license?
About 15 years ago I sold a car I owned. Its fair market value was $5,000, but to get that I'd have to wash it, put an ad on Craigslist, deal with the scammers who want to pay with fake money orders, meet with potential buyers, let them test-drive it, etc., and I didn't have the time or patience to do all that. So instead I sold it to a coworker at a low price, maybe $4,000. I sent an email to the company's water-cooler list and included a photo of the car. Within probably 15 minutes someone replied saying the car would be perfect for his mom. By the end of the day, I had received a personal check, signed over the title, etc., and I thought that was the end of it.
A few days later another coworker emailed me with a screenshot of a Craigslist ad for a car like mine. In fact, it actually was for my car! The first coworker listed it for something like $5,250, and by the time Coworker #2 pinged him, he'd already sold it for that price. Coworker #1 didn't even take a new picture -- he just reposted the one I'd taken!
At first I felt exploited. Here I was, being nice to my coworkers and offering a discounted car. And I later confirmed that the guy who bought it actually did lie about intending it for his mom, which made the whole thing seem even more unsavory. But I calmed down after a few minutes. I remembered that my plan was to sell it to a coworker rather than deal with the scumbags on Craigslist, and I was willing to take a big discount for that. "Being nice to my coworkers" was just the story that I told myself to justify my priorities. I got exactly what I wanted out of the original deal: an easy way to get rid of a car I didn't need anymore. And unlike me, someone else was willing to put in the effort to flip the car and extract that last $1,000 or so of value. My instant emotional reaction was to feel vaguely cheated, or that the guy I sold it to was a sleaze. But he didn't actually hurt me. I got what I wanted, and so did he.
In the case of this software tool, I'd ask the article author whether, in retrospect, he wishes that he'd kept the tool rights and gone down the SEO rabbit hole to monetize it for himself. Let's say further than he was successful, obtaining $X/month in ad revenue. Would he feel better in that case? I'd guess not; for most values of $X, he'd conclude it wasn't worth his time. But what happens once he concedes that he's not going to put in the effort? Does he still not open-source it solely to prevent anyone from monetizing it? That's the key question. Would he feel better knowing that he prevented someone else from benefiting?
When we give gifts, we hope the recipient will use it in the way we would have. Use the tool to create awesome ovals. Drive your family around in the car. It's hard when the recipient instead uses it "the wrong way." SEO the tool. Flip the car. But that's always a risk when truly giving a gift with no strings attached.
> My instant emotional reaction was to feel vaguely cheated, or that the guy I sold it to was a sleaze.
Were you cheated? Probably not. But the guy was definitely on a sleaziness spectrum.
In retrospect I view that part as an example of "don't hate the player, hate the game." In negotiated deals like this, it's not unusual to represent yourself as the right choice even if the terms you're offering aren't the best. See homebuyer offer letters for a particularly nauseating example. Who knows or really cares whether those parts of the deal are honest?
Maybe the car truly would have been great for his mom.
I mean, I wouldn't do it, just because I don't want to deal with everything. But everyone got exactly what they wanted. I see no sleaze.
4 replies →
Closed source would fix this.
GPL would not (CC licenses is not appropriate to code)
Please ~ MIT or Close Source projects. Don't GPL, GPL is for assholes and the antithesis of free code.
They could try creating a strong brand and using copyright and trademarks.
But the author says the post was just a needed rant - https://news.ycombinator.com/item?id=39414296
[dead]
Better than the GPL poison pill
I basically have two modes for releasing code: All rights reserved, or public domain / CC0. My reasons are pragmatic. The latter improves the former by letting future me shamelessly plagiarize past me with zero responsibilities to point it out to anyone.