Getting Forked by Microsoft
535 comments
·April 21, 2025diggan
vasco
If a megacorp wants your help to explain ANYTHING to them, you better be paid handsomely per hour. Wtf are people doing charity for trillion dollar empires.
giancarlostoro
It's also very possible they had been working on it already and wanted to compare notes, I certainly would if I were working on something internal and found a similar project, but I agree, ask them for a consultation fee. I don't see why they wouldn't pay it.
Both projects also share in license, so I have less of an issue with it personally. They're both MIT licensed.
evantbyrne
You are supposed to keep the original license for a fork.
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
Simply removing the copyright is a violation of the MIT license.
Beltiras
Their trackrecord is such that if I got a similar call my first question when possible would be how I was being reimbursed. They are welcome to fork anything of mine if they observe the license attached. I will take a look at any PR. I will NOT spend time explaining anything to their engineers unless reimbursed at my regular rates.
donalhunt
The number one rule about creating clean source (and IP) is not to look at competing implementations / patents. Was drilled in to me by legal over the years to avoid such issues. Really easy to unconsciously incorporate ideas from other projects.
This is not that though. Seems to be exactly what the maintainer is asserting and that's not OK. :/
RajT88
> I don't see why they wouldn't pay it.
I have seen plenty of dev managers refuse to pay for something if they didn't have to.
udev4096
Blatantly copying the code without proper attribution is a violation. Regardless, it's not your issue to be OK with it, if the author himself is uncomfortable with it
Maxious
Very possible, from the in repo documentation (which credits Spegel yet again) https://github.com/Azure/peerd/blob/main/docs/design.md it seems like there was a particular engineer at Microsoft who was working on Azure Container Registry who found it useful to integrate Azure Container Registry.
If they contributed it upstream, would we be discussing a blog post "how dare evil megacorp submit a PR that only implements their API! embrace extend extinguish!"? Probably.
keepamovin
Not just a megacorp. Anyone for a commercial purpose
freeamz
Hmm, think we ought to judge on a case by case basis. However, for megacorp and especially banks that has almost 0 to 1% access to cost of capital, vs rest of us who at at 20 - 30 % ( for credit card, loan sharks), then there should be a different license for these people. There should be a GLP type license adjusted to the cost of the capital.
dizhn
Probably expectation of some monetary gain. At the very least getting hired to keep working on the same thing. I do not blame him at all for this. Though when things didn't work out, all he thought he could realistically do is start accepting donations.
delusional
I think that worldview leads to a much poorer world.
Normal people aren't constantly engaging in a fight for survival in every aspect of their lives, and I don't think it's a good thing to ask them to. We should expect the people we deal with to be acting in good faith. I think it would be bad actually if I had to consider if you're going to make money off of my idea when talking to you.
Asking everybody to be constantly vigilant of possible exploitation by megacorps puts an undue burden on individuals. We should have strong and durable protections against those megacorps in other ways.
What I'm saying is that this sort of copying should be criminal (not just illegal, but criminal) and Microsoft, the legal entity, should be held accountable and fined. I acknowledge that this isn't currently possible with our legal framework, but we should work to make it possible.
diggan
> Normal people aren't constantly engaging in a fight for survival in every aspect of their lives, and I don't think it's a good thing to ask them to. We should expect the people we deal with to be acting in good faith. I think it would be bad actually if I had to consider if you're going to make money off of my idea when talking to you.
I agree with you, if we're talking about people acting as individual humans collaborating together on FOSS.
But this is really about a for-profit corporation acting in its own interests, using people to do its "deeds". Then I think it makes a lot of sense to treat any "Hey, could we chat to you about your project?" with a great deal of skepticism, because they have a goal with that conversation, it it's unlikely to align with your own goals, in most cases.
Ultimately, people from that corporation is reaching out to you because there is a potential/perceived benefit coming out of that conversation that they want to have with you. If it isn't extremely clear to you what that exact benefit is, I'd say the smart thing to do is being cautious, to avoid situations like this which happen from time to time it seems.
luqtas
> We should have strong and durable protections against those megacorps in other ways
like what? continue to use (pay) for their products and wait for regulations coming from lobbyist countries? /s
buran77
Because they're hoping not to antagonize the megacorp (too quickly). If a megacorp has you in their sights, especially in a country like the US where court battles are prohibitively expensive, pushing the envelope will just draw ire and aggression from that megacorp. A normal person has no negotiating leverage in front of MS especially when it comes to open source.
It's like negotiating with the mafia, you might get something out of it but if you cross the line you'll end up face down in a ditch and authorities will look the other way. Megacorps have stolen, copied, reverse engineered, replicated, etc. things since forever and it always worked out for them.
In this case MS didn't need any help. They could very well take everything and face no real repercussions (this is the reality when the majority is uneducated, and their elected representatives are greedy and spineless). So playing along gives some chance to get something positive out of it.
latexr
> especially in a country like the US where ending up in court is prohibitively expensive
What’s the scenario here where they could take you to court for refusing to (in GP’s words) doing charity for them?
Scenario 1: Microsoft contacts you and says they want to talk about your open-source project. You never reply.
Scenario 2: Microsoft contacts you (…). You reply “thank you, but I’m not interested. You are of course free to contribute or fork within the constraints of the license.”
Scenario 3: Microsoft contacts (…). You reply “sure! I charge $X/hour or I could do a flat rate of $Y for the meeting. Is that acceptable to you?”
What basis would they have for taking you to court in any situation? As soon as you got a legal letter for any of them, your first step should be to send it to as many news outlets you could think of.
phillebaba
I agree, after this happened to me I learned of a few other situations where the same thing happened to other friends.
On my end if was a mix of naivete and flattery which made me want to take the meeting. I suspect it is the same case for others. I will not make the same mistake the next time it happens.
brianwawok
Do you think this stops the fork? It’s not like they can’t read the code.
phillebaba
Well your license is only as good as you are able to enforce it. Even with the law there is no guarantees.
I grew up thinking that people would follow the spirit of open source rather than the specific letter of the law. This is obviously not true, and probably never has been.
orochimaaru
Don’t entertain meetings without compensation from megacrop. But the project is open source. The author provided the right for them to take it in any way possible and copy it. If I’m not mistaken the MIT license allows what they did.
I’m assuming the complaint is more about Microsoft duplicity in asking for information as opposed to the forking of the code. The latter is fine - the license explicitly allows it.
robmccoll
You are mistaken. The license explicitly allows it subject to the terms of the license:
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
Microsoft didn't follow these terms. They copied "substantial portions of the Software" and didn't include the notice.
palata
Which notice? None of the *.go source files I have opened in Spegel contain a notice. Microsoft cannot remove a notice that does not exist...
In my opinion, it's the Spegel author's fault: they should have added a notice in every single file!
lurk2
> Seems it isn't the first time Microsoft leads open source maintainers on, trying to extract information about their projects so they can re-implement it themselves while also breaking the licenses that the authors use.
Can’t they just read the source themselves? Why do they need the maintainer?
giancarlostoro
> The best advice for open source maintainers who are being approached by large tech companies is to be very wary
Drop them a consultation fee in the thousands per hour, get something out of it at least. If they're going to reimplement your project, there's absolutely 0 you can do, they will just hire an intern and tell them the requirements for what you have built without having to meet you, ask them for expenses out of your day covered.
Tireings
Or it was just a team inside Microsoft and he thought "Microsoft" talked to him and saw already dollar signs?
Open source license is there for reasons, he can sue them if they did it wrong.
cestith
Generally a court likes for a plaintiff to try to resolve a dispute before suing. The author should contact the Peerd team at Microsoft and point out that they seem to have overlooked their obligations under the license. Only if they refuse to do anything would it be worth considering a lawsuit.
SamuelAdams
Another example here, Google forked a GCS fuse driver and the author found out later and posted on HN about it: https://news.ycombinator.com/item?id=35790223
Edit: apparently Google did not use the author's codebase, instead using an Apache 2.0 licensed codebase [1] explained here [2].
[1]: https://github.com/kubernetes-sigs/gcp-filestore-csi-driver
null
ixwt
Microsoft at it again with Embrace, Extend, Extinguish.
koiueo
> I default to using the MIT license as it is simple and permissive
What's good about being "permissive"?
I keep hearing this argument, but I still don't understand, what's the incentive for authors of one-man projects to choose anything "permissive".
Do you enjoy your project getting forked, walled off and exploited for profit by someone who has never done you any good?
AGPLv3 still allows forking, still allows making profit (if your business model is sane). But it is at least backed by some prominent figures and organizations, and there are precedents where companies were forced to comply.
wat10000
I’ve released some utility libraries under permissive libraries. I like it when they get used. Even when it’s part of a large company’s closed-source app. Many people don’t like that, and that’s perfectly fine, that’s why there are different choices available.
What I’ll never understand is people who release their project with a permissive license and then get upset when a big company distributes their own version of the project in accordance with the license. If you don’t want that sort of appropriation then you need to pick a license that doesn’t allow it.
jenadine
Note that in this case Microsoft has not been following the license, as they removed the copyright notice
Copyright (c) 2024 The Spegel Authors
> The above copyright notice [...] shall be included in all copies or substantial portions of the Software.
SoftTalker
So if they had left that line in, everything would be cool?
To me, licenses like MIT or BSD pretty much imply "do whatever you want with this" I know it's not exactly that but if you really care to keep some control over what others do with the code, you need a more restrictive license (and even then people are still going to copy it, especially in the LLM era).
paxys
Microsoft credited the original author and project in the README, which is far more visible than a hidden copyright line somewhere in the terms and conditions. If attribution was what he wanted he should be really happy about he outcome, but clearly that's not what this is about. He is simply pissed that Microsoft used his project.
Salgat
Ignoring that Microsoft isn't following the MIT licensing requirements, this is my same approach with using the MIT license. I create open source software for the benefit of everyone, for profit or not for profit. The only thing I do wish in return is acknowledgement. That's why in this case, I'd reach out to Microsoft to fix that issue, and nothing more.
BeetleB
> The only thing I do wish in return is acknowledgement.
Make sure you pick a license that reflects what you want, then.
layer8
In the present case of Spegel, it wasn't in accordance with the license, because the fork removed the attribution.
wat10000
I get that, but it doesn’t really seem to be what the author is complaining about.
insane_dreamer
Because the “payment” that you get for its permissive use is the attribution (which can be personal gratification or it can professionally boost your profile/opportunities). MSFT robbed them of that.
ghostly_s
Yeah, as far as I can gather the only thing MS did wrong here is not explicitly crediting the project they forked the code from, and I don't get the impression the author would find adding that one sentence to the docs to be adequate redress. I don't get why you would take personal offense at a big company forking your code so they can mold it to their purposes - the license allows that. Now whether that's the right way for a "friend of the OSS community" to behave is a different question entirely, but anyone who ever bought that horseshit from them has had their head in the sand.
jen20
Using code per the terms of the license is one thing. Stealing it it another, and that is what Microsoft appear to have done.
atomicnumber3
It's bizarre to me how, despite people criticizing the GPL and GNU as too ideological, the people you refer to - the permissive people - somehow seem even MORE ideological. The GPL to me seems pragmatic - sure technically a minimal license like WTFPL (ignore all its legal issues for now) is some kind of minimalist idea of pure objective freedom. But the GPL has some key "restrictions" that aren't really restrictions and produce an ecosystem that WORKS. Meanwhile the permissive ecosystem is just waiting to be scooped up by bigcos at their whim.
kstrauser
I released a fun personal project under GPLv3 and the first filed issue was someone saying I should change the license to something friendlier to business interests.
Hell no. If they want to profit off my work, pay me. This is something I'm doing for fun, on my own terms. It’s Free for anyone to use as they want, so long as they keep it Free, too.
pjmlp
Right, dual license is the way in such cases.
Give downstream how much they are willing to give upstream.
paxys
Have to agree with this. There's an endless list of open source maintainers who publish an MIT-licensed project then are surprised when it is treated as an MIT-licensed project. If you want rights, assert them. No one else is looking out for you. Especially not Microsoft.
pyrale
In this case, there's an open source maintainer who was fine with a MIT license, and even helping onboard people from a big tech firm, only to realize that even attribution was too much to ask.
Since the terms of the license were violated, there's not much to learn about which license was chosen. The only lesson to learn is that big tech will steal everything that isn't nailed to the ground, and then some.
alganet
Maybe many MIT license users want a big company to take in their projects.
Big companies have resources to mimic it anyway, right? If they really want some tech, they can reproduce it.
Having a good idea flourish, whether it is in Microsoft's hands, manifested within Clojure, or in any other fruitful form, is good enough.
There is no license for a raw idea anyway. For the essence of it. Seeing it used means success, it means "you were right".
The secret counsel of idea honor keepers will eventually figure it out and make some kind of repairs.
matkoniecz
> What's good about being "permissive"?
it is good if you do not plan to go for violators anyway
I made some photos and published them on Wikimedia Commons (say, of random bicycle infrastructure).
I am fine with people using them without attribution, I expect that their use overall furthers my goals rather than damages it and if I would release it on CC-BY-SA 4.0 or similar I would not go to court over missing attribution.
Therefore I selected CC0, no reason to make things more complicated only to people following license.
I selected AGPL/GPL for some software where I would be happy to burn pile of money in case of license violation, up to and including litigating it in court for 10 years.
nicoburns
> what's the incentive for authors of one-man projects to choose anything "permissive".
The incentive is generally that people enjoy having their projects used, be that by commercial companies or otherwise.
koiueo
(A)GPLv3 does not prevent their projects from being used.
That's the point!
GPL family of licenses would've made a difference in this aspect for libraries (because afair if you link to GPL code, you must be GPL). But for an app? You can use it, fork it, modify it... Just make sure you make your changes available under the same license. Seems very fair to me.
nicoburns
> (A)GPLv3 does not prevent their projects from being used.
In practice, it does in many cases. Many companies have a blanket policy of avoiding these licences. But I agree that they make more sense for apps than libraries.
andybak
> (A)GPLv3 does not prevent their projects from being used.
It really does. It stops it being used by people who need or want to use other licences. I believe it stops it being used on iOS and (probably) Android apps. The GPL world and the permissive licence worlds are walled off from each other in significant ways for lots of reasons.
Source: I maintain an app where I didn't choose and can't change the licence. And I come across code I can't touch almost every week.
p_ing
Apple famously migrated away from bash (stuck on 3.2 in macOS 15) to zsh to avoid the GPLv3 'problem'.
krupan
All the replies to this spreading anti-GPL FUD are doing Microsoft's work for them. The idea that the GPL is "viral" and will latch onto any code it gets near is an Orwellian turn of phrase invented by Microsoft from what, 30 years ago? And it has worked because people are scared of the GPL! It's gonna get you! Don't even get close to it!
Nevermind that Red Hat built a billion dollar business on top of GPL licensed code. Never mind the millions of embedded systems being sold with GPL code in them. Nevermind Google, Facebook, Netflix, etc., etc. all eating Microsoft's lunch a thousand times over using GPL code. Businesses better stay away! It's dangerous!
nu11ptr
I won't use GPL libraries in my code. I'm quite confident I'm not the only one.
If there was no other choice, I may consider something LGPL or with the linking exception, but not until I had exhausted a search for something more permissive. To this day, I've never used GPL in any of my code, open source or closed. I've been writing code for 35 years daily.
kweingar
This is the reason why I am so confused by the strain of open source thought which says that large companies exploit OSS maintainers and ought to pay them.
Maintainers often pick permissive licenses specifically because they want companies to use the code. They want their project to grow and be adopted, and they reason that GPL would stifle adoption.
I don't really like the tactic of making your code as convenient as possible for anyone to grab off the shelf when they want to use it, and then later turning around and saying they should pay you. Why not do the payment part up front (by GPL-licensing the code and then selling dual licenses to interested companies)? Because then you wouldn't have any takers. Better to wait until people have integrated it into their systems before informing them that they ought to pay you.
boramalper
As @diggan wrote[0] elsewhere in the thread, the issue is not that MIT is permissive but that Microsoft did not honor the requirements of the license (despite it being permissive!):
> Does it matter what license you use if they actively ignore the terms in the license you did chose? MIT requires attribution, but they didn't. Why would any other terms be different? You surely could have put "You must license your project the same as the one you forked from" and they still would have ignored it, not sure what the difference would have been.
jxf
In distant times (before Microsoft's Satya era) I was the maintainer of a popular OSS product that scratched an important itch for specialist people who were doing work in the early cloud days. It solved my own problems, and I didn't want to make a business out of it, so I was content to release it as OSS.
A Microsoft director who ran a portfolio of product teams reached out to ask about a "collaboration". I said I'd be happy to send them my consulting agreement. There was a little grumbling about the rate but I just reiterated that it was my rate. After a lot of legal back and forth, they signed, I answered a bunch of questions for them in a 2-day workshop, and they paid.
If they want you badly enough, they'll pay. Don't work for free.
mathattack
And as you illustrated, for a one-off project, rate doesn't really matter. It just needs to get approved by someone senior enough, who will ask "Do we have anyone in-house that knows this?" and "How much will it cost to do all this ourselves?"
If the answer to the first question is "No" then you'll be very cheap compared to the second answer no matter how much you cost.
hypercube33
This article and your comment reminds me of the story about winget/appget https://medium.com/@keivan/the-day-appget-died-e9a5c96c8b22
Note - maybe they don't pay you the developer sometimes, however.
ryao
I initially was going to say:
Failing to abide by the MIT license is copyright infringement. My advice is to contact these guys: https://softwarefreedom.org/ They likely can file a cease and desist on your behalf.
However, I took a closer look at the files in question. The MIT license requires that they retain and provide copyright notices, but you never put copyright notices in your files. The only place where you appear to have placed a copyright notice is in the LICENSE file:
https://github.com/spegel-org/spegel/commit/23ed0d60f66dd292...
Things become interesting when I look at their LICENSE file. They appear to have tried to relicense this to Apache 2.0 before backpedaling and reinstating the MIT license:
https://github.com/Azure/peerd/commit/473a26c808907f2d9f7b7f...
Unless they forked from a very early version of the project that did not even have the LICENSE file, they removed the sole copyright notice you had in the repository. That brings us back to my original thoughts, which is that they have committed copyright infringement, and you should contact OSS friendly lawyers about it.
I am not a lawyer, but I do contribute to various OSS projects and all of the ones to which I have ever contributed have copyright notice headers at the top of every file to ensure proper attribution is maintained no matter where that code is used. Beyond having that sole missing copyright notice reinstated, I am not sure what else you could expect since none of your files have proper copyright headers in them. The SFLC guys would be in a better position to advise you, as they are actual lawyers.
boxed
It says "copyright microsoft" in that license file. Just because THAT file is MIT is irrelevant. They didn't retain the original license file. They should have APPENDED to it, keeping the original copyright holder name, otherwise it's just blatant copyright infringement that coincidentally is released under the same license.
ryao
I am not a lawyer, but I imagine a lawyer would find it alright if they just restore the missing notice. I do not imagine there is much else that can be done here since he cannot really claim to have been significantly damaged by the absence of a single line, but these matters are best discussed with attorneys.
johnisgood
> but you never put copyright notices in your files.
I thought having a LICENSE file in the project's root directory was sufficient. Is it not the case?
ryao
It is a fairly standard practice in at least some open source communities to add copyright notices to files that people have changed significantly, although there is no well defined minimum threshold for how much permits them to add a copyright notice. Thus, someone else can come along, fork the project, add copyright notices to all of the files and then give the impression that they wrote them, since there is no attribution aside from the one LICENSE file that you wrote. The git history might show the truth, but if they copy the files into a fresh git repository, that metadata will be lost. Projects take files from one another all the time, so there is no guarantee that they will preserve your commit history and then anyone curious who wrote the code needs to do digital archaeology.
That said, file level copyright notices are not perfect (since only the VCS shows who added what lines and that might not be preserved), but it is better than nothing and it is something that is guaranteed to persist as long as people are abiding by licenses. If they are not, that is copyright infringement and the copyright holder can do things like send cease and desist notices in response to the copyright notices being removed.
Also, I must emphasize that I am not a lawyer, but one might argue that it was not willful infringement if someone removed a copyright notice from 1 file by claiming it had been a mistake. However, if they remove it from all files, then nobody is going to believe it was not willful.
johnisgood
Thanks! I have some open source projects where I only have one LICENSE file (it is also in README), but I will consider adding it to all files, there are just too many files. :/ I am inconsistent, because I have projects that contain the copyright notice in all files.
ndiddy
It's not required, but it's generally safer to put a notice saying who owns the copyright and what license the file is released under at the top of each file. Some licenses like MIT, the BSD licenses, Zlib, etc are short enough that you can include the full license text in the notice, and others like GPL provide sample copyright header text to include. Here's an example of this from a random file in the SDL source code: https://github.com/libsdl-org/SDL/blob/main/src/video/SDL_bl...
Obviously Microsoft is still committing copyright infringement and in the wrong here. However, if the author had copyright notices in each file and then Microsoft stripped them out or changed the copyright information, it would make it harder for them to brush it off with "oops, we forgot to commit the correct LICENSE file" like I'm sure they'll do here.
veltas
Sufficient but a good idea to put copyright in all files.
Technically if there's no license found then it should be considered automatically copyrighted, with no permissions to copy. So leaving copyright license out actually makes it less open source.
ryao
The license does not necessarily need to be in the files. It could be a project level license in LICENSE, which is what the author here did.
dboreham
I would say: absolutely no (ianal). But I've had stand up arguments with colleagues in the recent past that I was unable to win. They wouldn't even ask the legal team for an opinion. But it's nice to see some evidence here that I was correct.
mikeortman
Just the absence of a license generally means the creator has all right reserved by default. You don’t need a license in every file because in much of the world copyright is given by default to the creator. A licensed file is permission to do something with that copyright material.
ryao
He had a top level license file that presumably applies to all files. He would not be the first to do that and will not be the last.
That said, if Microsoft had forked before the LICENSE was added or stated somewhere, they were reusing all-rights-reserved code, which is definitely copyright infringement. Again, I am not a lawyer.
scosman
If they forked from before the author had a license, it’s worse. MS had no right to use it.
I’ve contributed to plenty of project that don’t have the per-file copyrights. It’s a choice not a mistake.
ryao
> If they forked from before the author had a license, it’s worse. MS had no right to use it.
You are right, provided he did not have a notice saying it was MIT licensed elsewhere.
> I’ve contributed to plenty of project that don’t have the per-file copyrights. It’s a choice not a mistake.
I would consider it to be both a choice and a mistake. The two are not mutually exclusive. There is no evidence in the fork that he is the copyright holder of the original code and it looks like Microsoft is. Part of that is Microsoft’s fault, but part of that is the original author’s fault for not including per file copyright notices, such that Microsoft could add theirs and be the sole one listed in every file.
I would not be surprised if Microsoft’s legal department doing a scan of public repositories for stolen code mistook him for infringing on “their code” given that they have no information that he authored it rather than their employee. It sounds absurd, but it has happened. I know for a fact the sg3 utils author added copyright notices to his code examples because he was getting contacted by companies, whose engineers incorporated his code into their projects without attribution, that thought he had stolen their code:
https://github.com/doug-gilbert/sg3_utils
I know that because he told me by email in 2013.
bornfreddy
> There is no evidence in the fork that he is the copyright holder of the original code and it looks like Microsoft is. Part of that is Microsoft’s fault, but part of that is his fault for not including per file copyright notices, such that Microsoft could add theirs and be the sole one listed in every file.
Absolutely not! This is completely and only M$'s fault, whichever way you look at it. Copying a file and slapping your own license on it, without consideration of the original one, is never acceptable. Don't blaim the victim please.
As for incompetence - well maybe they (M$) need to get better at managing licenses? Accusing others of stealing when the reverse is true only makes everything worse. Let's not try to change the standard way of licensing because some developers can't be bothered to check the license (and even fix typos in comments, apparently).
As an aside, there is no need to add copyright / license to every file. I would even consider it an anti-pattern, because it pollutes the code with noise.
talkingtab
My personal thought is that we need a new kind of license: community open source. No corporations, just community.
The problem this addresses is not that Microsoft forked this project. The problem is that when a corporation like Microsoft does this, they harm our community[0]. Open source thrives because a bunch of individuals and groups collaborate.
Microsoft, is built around the concept of profit for stock owners at any cost. They may collaborate as long as their interest in profit is served, but otherwise, it is back to "Embrace, Extend, Extinguish" [1].
This lack of community ethic is endemic in corporations. It is also an existential threat to our community. Profit at any cost is not collaboration. It is predatory.
And yes, I know, corpies and other greedist will vote this down, blah, blah, blah.
[0] https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor...
[1] https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...
[edit clarity]
unsungNovelty
> My personal thought is that we need a new kind of license: community open source. No corporations, just community.
You are going exactly against the OSS philosophy. OSS shouldn't restrict the use of software just because you don't like it. It was created to fight exactly this. This is also why source available BS (like BSL) is against OSS. OSS is literally about being about hacking and changing software to suit your needs. It was never about the money part. You should create your software as proprietary if you are SO bothered with OSS. And you can always donate and contribute back to the OSS software you use. I don't think butchering OSS philosophy is the way.
The problem here is license illiteracy. Even I who for a while used to think I understood a lot about OSS license just had a doubt now:
When you fork, do you retain the copyright part? Copyright (c) 2024 The Spegel Authors
That is what we need to fix.
saulpw
The OSS philosophy was conceived to help end users, not for-profit corporations. Then for-profit corporations co-opted the "Open Source"(tm) label to ensure they could benefit from all this free labor. You and many others are falling for it, and doing their work for them by scolding OSS developers for "going against the OSS philosophy".
So screw this corporate "OSS philosophy", and stop telling people what they "should" do. Those licenses exist and people can use them and this is what happens. We can and should also make different licenses which protect our interests as developers and we don't need corporate shills invoking some philosophical argument to discourage us.
sbarre
> The OSS philosophy was conceived to help end users, not for-profit corporations
Citation needed here, if you're going to make such a bold claim.
The open source movement began as a counter to proprietary closed-source software, and nothing more. It has never been about "fairness" (however you define that) or about preventing anyone from profiting from OSS.
Now that said, fairness matters and I agree that some of what transpires today in the open source world doesn't feel fair.
But that's what new or difference licenses can accomplish, depending on the wants of the authors.
And that's different from the philosophy behind Open Source Software. We should be clear about that.
YetAnotherNick
The point is what do creators want to get out of their open source project. If it is the opportunity to sell, they can make it source available. If they don't want money, having open source license is better as it could mean more contributions.
unethical_ban
"It was never about the money part"
That seems to be the point being debated now. When a megacorp forks an OSS project and cuts out the author, how does that encourage developers? How does that encourage OSS?
And for that matter, perhaps less ideological but practical, how does that encourage small startups who want to be as open as possible while wanting to be able to scratch out a living working on something they care about?
You suggest staying closed source, rather than tweaking an open-source license to limit corporate forks, for the purpose of protecting OSS philosophy. It strikes me as odd.
BeetleB
> The problem is that when a corporation like Microsoft does this, they harm our community
What is this "our community"? My releasing something under the MIT license doesn't mean I'm part of whatever community you're invoking. It means I'm releasing something with an MIT license. That's it.
I certainly don't want to give companies like MS a "pause" before they decide to fork my project. I'm explicitly telling them they can do that. I absolutely do not want them to be hampered by notions of "What will this action look like?"
Don't impose your values on other people's use of my software.
jeremyjh
The k8s community is mostly people who work for commercial interests and use k8s in their companies. If you develop a component of the k8s ecosystem, and you want people to use it, you can't really exclude businesses from using it. There just aren't enough installations outside of commercial spaces for it to be relevant.
talkingtab
Very good point. Trying to think this through.
I think community source should be accessible and usable outside the community. A community license should have a provision for paid use by corporations. If Microsoft wants to use it that is fine - if they pay.
But if Microsoft wants to fork things, to me that is predatory. If I can't fork windows, why should they be able to fork community software? If they argue that people should pay for their products, it just seems fair to me that they should not get community products for free.
I guess the concept is playing by the same rules?
ryao
> I think community source should be accessible and usable outside the community. A community license should have a provision for paid use by corporations. If Microsoft wants to use it that is fine - if they pay.
That violates the first clause of the open source definition:
It probably violates 5 and 6 too.
> But if Microsoft wants to fork things, to me that is predatory. If I can't fork windows, why should they be able to fork community software? If they argue that people should pay for their products, it just seems fair to me that they should not get community products for free.
Windows is not open source software.
daedrdev
I think one of the most important parts of open source is that it's available to even those you don't like.
I simply do not get this corporate hate. Corporations and individuals can both use it for good and bad. A company might use open source to make a pacemaker to save lives or world improving research, or it might be Facebook and sell personal data.
eriksjolund
The license would no longer be open source if you limit use to only community.
See "6. No Discrimination Against Fields of Endeavor" in The Open Source Definition https://opensource.org/osd
philipwhiuk
> My personal thought is that we need a new kind of license: community open source. No corporations, just community.
It exists: https://creativecommons.org/licenses/by-nc-sa/4.0/
Hyperlisk
Yes! Another vote for CC-BY-NC-SA! I release my code under this license as well, even snippets I post on my (tiny) blog.
I think this is what a lot of people would use if it were more known about. I feel like a lot of people do not actually read what a license provides and just default to MIT because it is widely used.
talkingtab
As someone commented above, commercial use is an issue. Creative commons is good, but the non-commercial clause prevents it being useful in this case. It seems to be that the crucial issue here is the duplication of the project by forking.
I am unclear of where the boundaries could and should be, but in essence we want money to flow into community source projects. Corporations and commercial entities can and should pay a fair amount. If they don't want to pay, they should not be able to profit from the work of the community.
layer8
> the non-commercial clause prevents it being useful in this case. [...] Corporations and commercial entities can and should pay a fair amount.
There is nothing preventing the project owner from also granting individual paid commercial licenses. There are a number of GPLv3 (or other restrictive license) projects with a note like "contact us for commercial licenses" in the README.
Licenses aren't exclusive by default. If a company doesn't like the existing license, they are always free to contact the project owner(s) to request a custom license.
bdcravens
So only hobbyist software? NC applies to use as well as contribution.
seqizz
How about post-open license? https://postopen.org/
bdcravens
Does this exclude anyone who works for a corporation from contributing? I think the obvious answer is no, as long as someone is working in their own interests, but it would be very hard to establish. After all, Linus worked for the Transmeta Corporation during some of Linux's most seminal years.
benwilber0
Don't use one of the most permissive licenses in existence and certainly not one that doesn't provide copyleft. This is all very well established at this point and yet somehow the GPL seems to have gone out of vogue.
diggan
> Don't use one of the most permissive licenses in existence
Does it matter what license you use if they actively ignore the terms in the license you did chose? MIT requires attribution, but they didn't. Why would any other terms be different? You surely could have put "You must license your project the same as the one you forked from" and they still would have ignored it, not sure what the difference would have been.
gwd
> Does it matter what license you use if they actively ignore the terms in the license you did chose?
If they're breaking the license, go talk to a lawyer. You might start by approaching the SFLC [1] (although I haven't heard much from them recently).
diggan
Sometimes social pressure can be a cheaper approach, time will tell if it'll work in this case :)
YetAnotherNick
Is there any for profit law firm which works without fee in cases like these and split the earnings? Needing to pay lawyer upfront makes it hard for individuals to sue mega corp even if they were clearly wronged.
sublimefire
MS has internal tools that scan dependencies etc and flag them against legal team if anything is fishy. License choice matters quite a bit, they will not risk litigation.
diggan
Guess they should start using those tools when they setup their "looks-like-acquihire-but-really-is-a-brain-dump" meetings so they could flag the FOSS projects they want to rewrite internally.
baq
If you worked at a megacorp you’d know they care a whole lot about not allowing GPL code anywhere near their propertiary repos; this is usually enforced by IT security (NOT engineering) with dedicated scanners, confirmed matches are at least highest priority bugs.
liveafterlove
Is this really true? Whats the point of even licensing our repo then?
diggan
Well, there are other companies than Microsoft out there, most of which tend to respect FOSS licenses when they fork projects/interact with the ecosystem, at least in my experience.
staunton
A major point is communicating your intentions to people who care about them and who will respect how you wish your project to be treated.
bayindirh
MIT doesn't need attribution. Original BSD does, but revised and most widespread BSDs do not.
GPL/AGPL would prevented this somehow, requiring proper attribution via mandatory source code release, and allowing to track project origins. This would make it harder to label it as a "a Microsoft Product from Ground Up", and prevent Sherlocking the original application to a greater degree.
As a result, this would probably forced Microsoft to develop a new one from scratch, because they're allergic to GPL, because if they have breached GPL, they would be forced to comply, since GPL is court tested already.
So, write Free Software. Not Open Source. Esp. for your personal projects.
Zambyte
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
Source: the MIT license.
Asmod4n
GPL doesn’t help you with them taking your idea and doing a clean room implementation.
You’d need to patent your idea to stop that.
jeremyjh
GPL/AGPL might have improved the attribution, but they would not have prevented anything else from happening because Microsoft is publishing the source code.
throwaway2046
> somehow the GPL seems to have gone out of vogue.
Which GPL is that? The GPL 2 and 3 are incompatible with each other, making cross contribution between different FOSS projects practically impossible. The "v2 or later" licensing model does nothing to remedy the problem. See Rob Landley's talk on this topic.
hresvelgr
While Microsoft is certainly in the wrong for removing the copyright notice, I think the author has zero basis for complaint otherwise. If you're going to release software with one of the most permissable licenses, you need to accept that for all it entails. Consider what you're comfortable with and pick an appropriate license relative to your values.
hnlurker22
I think it's weird they didn't mention anything about Peerd or their plans on how to use Spegel to the author. They could've atleast said "btw we plan to do xyz" instead of leaving the author fantasizing about a collab.
layer8
No legal basis. They still might have an ethical basis regarding Microsoft's behavior, because law != ethics.
paxys
If the author has ethical concerns with companies using their work there's a simple way to make that explicit and unambigious – the license. No one can read their mind otherwise.
minus7
If you consult with someone over their project, then proceed to fork it behind their back, that's just being a dick, even if it was perfectly legal. We should not accept that kind of behavior. And that's even ignoring that the consultation was unpaid and the project was actually even stolen.
veber-alex
It's not the first time I see something like this.
The flake8 (MIT license) maintainer is upset that ruff is copying his lints, for example.
I find the whole thing bizarre.
null
unethical_ban
The author said that in the last line.
Highlight the part of the essay where he is claiming MS didn't have a right to do what they did.
The point of the article was that MS showed interest in his work, asked him about his designs. Said nothing about internal plans to fork it or use it. Then he shows up to a talk and sees them discussing his work.
Reading between the lines, it is 100% clear they didn't feel like telling him they planned to fork his software, and they danced around it. They didn't reach out to him afterward and say "thanks, we are building a fork and your free time was really useful".
The essay isn't claiming a legal issue. It's pointing out a substantial, practical issue with OSS that didn't exist nearly as prominently in the pre-cloud era: megacorps forking software and cutting out the OG developers.
skywhopper
Did they complain about anything else?
hoistbypetard
Mostly no, but I read the overall piece as a complaint that they got a fork when they were hoping to get a collaborator.
masswerk
Anyways, the real question should be: what is the most productive form for the project/technology? Separate efforts may not the answer, we're looking for.
wat10000
I mean, the title is “Getting Forked by Microsoft,” not “Microsoft Removed My Copyright Notice.” They don’t even outright state that the fork is missing the required attribution, you have to infer it.
palata
I tend to disagree with the criticism of Microsoft here.
The author of Spegel released it as MIT, which means that anyone can fork it as long as they keep the attribution. So if every file of the original project has a header containing the copyright, Microsoft has to keep it. Looking at Spegel, I haven't found a single source file containing an MIT header and copyright.
Microsoft added their header with their copyright in Peerd (because now that they changed the files, they own a copyright over parts of those files). Nothing says that they must add a line for the original author, and I could imagine that it's legally a risk for them to do it.
Moreover, a copyleft license wouldn't have changed anything here (except maybe discouraging Microsoft from reusing any of that code).
If you don't want anyone to reuse your code, don't open source it. The whole point of open source it is that you allow others to reuse it.
NobodyNada
The MIT license doesn't say anything about headers. The attribution requirement is:
> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
The license is saying you have to retain the license itself; it doesn't say anything about any other attribution notices that exists in the source files or anywhere else. It doesn't specify where you have to put the license; it could be in a comment in the code, or it could be in a file next to the code, and that doesn't change anything about the terms of the license.
If the original author put the license in comments, you can keep it in comments, but you could also move it to a standalone file. If the original author put it in a standalone file, you can keep it there or you can move it to a comment, but you can't remove it. If you distribute a compiled binary, you need to be sure you're including the license alongside the binary as well.
If Microsoft distributes a "substantial portion" of the software, and they do not include a copy of the original license (including the copyright statement at the top attributing the original author), they're in violation.
palata
Right. So they should just add a copy of that line somewhere in the repository, saying "some parts of this project come from this licence"?
NobodyNada
Yes, that is the condition of the MIT license.
hardwaresofton
The future continues to be AGPL
https://vadosware.io/post/the-future-of-free-and-open-source...
candiddevmike
We need an updated/modernized AGPL that more explicitly delineates what is dependent software. SSPL is probably too far, but it has the right idea.
hardwaresofton
What would be the goal of this? I ask because I think the nice thing about the current system is that the goals are well represented/easy to sum up and defendable.
What would be the goal of a license between AGPL and SSPL on the spectrum? Seems like such a license would at the very least be non-free? (which is perfectly ok)
candiddevmike
Some projects choose AGPL because they incorrectly read that it requires dependencies like calling web services or the underlying configuration management to be open source (such as Minio). SSPL goes beyond this and requires an unsatisfiable amount of dependencies to be open source. There should be a middle ground for folks like Minio and others that want to prevent competitive hosted offerings as that's how they fund the open source version.
Whether this would be considered non-free is up for debate IMO. Why would a license like this be considered non-free when the GPL is free? Is it the scope of it? The OSI would hate it because they represent the organizations this is meant to curtail.
Though most of this is moot if you can just launder code through a LLM and magically remove any licensing for it.
orthoxerox
AGPL without CLA, to be precise. AGPL with CLA is a trap.
jenadine
What's wrong with CLA? I've contributed to project with CLA. Have been using them and then wanted a feature and the project accepted my patch. Ther are still many people contributing to project with CLA.
phillebaba
I agree with this. It seems to be one of the licenses out there that scares the big three cloud providers.
hardwaresofton
And just to be really clear -- it's not actually a solution to cloud providers not reusing the code for profit (which I assume is the context you're implying, could be wrong here), because AGPL is free software, so people are free to reuse your code for commercial purposes. AGPL at least prevents making private improvements to open source networked code without contributing back.
I think in this situation it might have convinced Microsoft to contribute rather than fork... But then again, it's Microsoft. Also, they're well under their right to fork and keep the changes as long as the license stays the same, etc.
I think another important point might be that "free software" aims to protect the users of free software, not necessarily the profit-maximizing (I mean to use that phrase neutrally) ability of software developers.
ryao
The AGPL doesn't require them to contribute back. It only requires them to provide the code to end users upon request. No license as far as I know requires people to contribute back.
In many cases, project maintainers would not want the changed code anyway because it does not align with their vision for how things should be done. Linus Torvalds and his subsystem maintainers, for example, do not want people to send them code dumps containing the hacks people have done to private Linux source trees. They want proper commits that are done well and have been modified to comply with any feedback that they provide.
What the project maintainer here wanted were collaborators who would work with him as a team (which is not much different than what most OSS developers what), but no license requires that and it is rare to get that.
jezek2
The problem is that it scares away also others. Personally I avoid such projects for any purpose, they simply don't exist for me.
I also don't understand the cloud hosting argument, when we had a great whole era of Apache/PHP/MySQL stack based on exactly this idea of commercial hosting.
hardwaresofton
> The problem is that it scares away also others. Personally I avoid such projects for any purpose, they simply don't exist for me.
I think this isn’t a problem — not everyone has to contribute to any project! People sometimes struggle with the choice between GPL and MIT for similar reasons of popularity.
People who want the widest possible usage/corporate adoption can pick licenses that reflect that and embrace the tradeoff
lolinder
The anger over cloud hosting came from a specific set of Open Source companies that produced cloud software with the intention of earning money by selling hosting. Mongo, Elastic, and Hashicorp were the big ones. These companies failed to realize that the licenses they chose were incompatible with the business model they chose and then blamed the resellers for their own failure to plan.
It was particularly problematic for the FOSS companies because each of these players' plans was to resell the Big Three clouds and live off of the margin, so the instant that the cloud providers decided to just directly compete in the hosting space the original company physically couldn't compete on price.
The moral of the story is that if you're releasing cloud software as FOSS you can't plan your business around the idea that you'll be the only hoster.
lonelyprograMer
Whenever I see AGPL project, I close the page, and I believe many others would do the same.
OutOfHere
LGPL is sufficient (without the extra baggage of AGPL).
lolinder
The extra baggage in AGPL is what makes it work for the purposes that OP wants it. LGPL takes the GPL a step towards MIT, where AGPL takes it the opposite direction.
sneak
The AGPL is a nonfree license, and compliance with it is, as it is written, impossible.
hardwaresofton
It’s classified as free AFAIK, could you expand/lay down some points?
aryonoco
The FSF considers AGPL Free Software (of course).
The OSI considered AGPL, Open Source.
Debian considers AGPL to be compatible with Debian Free Software License Guidelines.
FreeBSD considers AGPL acceptable in its ports.
So when you say AGPL is non free, could you clarify exactly what you mean?
gwerbret
I suspect that what's happening internally (at Microsoft) is that someone's leveraging your work towards their next promotion packet. They went to their manager with "hey I've got this great idea" and followed it up with your code a few weeks later. Of course, this only works if they claim they were "inspired" by Spegel to "write their own code".
nosequel
> I suspect that what's happening internally (at Microsoft) is that someone's leveraging your work towards their next promotion packet.
It just so happens that the Microsoft engineer who originally changed the license in GitHub went from Senior to Principal engineer at Microsoft in the past two months (according to LinkedIn). So you probably aren't far off.
nicce
I wonder if there exists any system in place that this could backfire rapidly if this could be proved on some level. Unfortunately, world needs examples and consequences before anything changes. If this worked for this particular engineer, others will follow and will attempt the same. It will become a norm in big corps.
ryao
The commit histories for the LICENSE files in the two repositories are rather interesting. The original author placed a single copyright notice in that file. Microsoft on the other hand published it with their copyright notice and a Apache 2.0 license in place of the original copyright notice and MIT license. They also put copyright Microsoft and license apache 2.0 headers on all files. They then changed the Apache 2.0 license to MIT, but left their copyright notice in place of the original copyright notice in LICENSE:
https://github.com/Azure/peerd/commit/473a26c808907f2d9f7b7f...
Unless they forked a very early version that did not even have the LICENSE file, such that they never removed the original notice, this looks like copyright infringement to me. That said, I am not a lawyer.
throwaway277432
>chore: change to MIT license
What does "chore" mean in this context? Is the license just leftover from some MS open source template? If so there is perhaps some leeway, and the author maybe just didn't realize he needed to use the original MIT license file including the notices and not just a template one grabbed from the internet.
Any other explanation for such a "relicensing" would be extremely worrisome.
croemer
"chore" is a common conventional commit message type, see https://www.conventionalcommits.org/en/v1.0.0/
staunton
I'd say, in this case "chore" means "boring, nothing to see here".
jeremyjh
"chore" just means the type of change; as opposed to a fix, a feature, refactoring, there are some things that you have to do in the repo that can be called "chores".
FlyingSnake
That was my initial guess as well. I am glad that the author chose to take a high ground instead of naming and shaming the people behind this egregious act.
sublimefire
It might be just a decision to own the code as it probably ends up in production, e.g. run codeql and other tools to scan it, have controlled releases and limit access to the repo. They might have had some other stuff to change and did not want to bother doing it in the original repo with unexpected timelines from the repo owner. A fork is a logical step for a company.
em-bee
As a maintainer, it is my duty to come across as unbiased and factual as possible
i disagree with that. factual? sure, but unbiased? why? it's your project, and you have every right to be biased towards it. on the contrary, i expect you to, and i actually believe that not being biased towards your own project is very difficult so that i don't expect many people to be able to not be biased.
seb1204
I thought the same, as the sole maintainer he can be king and do as he pleases, his git, his baby.
jacobyoder
Came to post the same thing.
How can you not be biased? You built something. You want people to use it (assumption).
devrandoom
This is a candidate for name and shame. Microsoft is made up of people and actual real people made these decisions.
Who are they?
> As a sole maintainer of an open source project, I was enthused when Microsoft reached out to set up a meeting to talk about Spegel. The meeting went well, and I felt there was going to be a path forward ripe with cooperation and hopefully a place where I could onboard new maintainers.
Seems it isn't the first time Microsoft leads open source maintainers on, trying to extract information about their projects so they can re-implement it themselves while also breaking the licenses that the authors use. Not sure how people fell so hard for "Microsoft <3 Open Source" but it's never been true, and seems it still isn't, just like "Security is the #1 priority" also never been true for them.
Here is the previous time I can remember that they did something similar:
- https://news.ycombinator.com/item?id=23331287 - The Day AppGet Died (keivan.io) 1930 points | May 27, 2020 | 550 comments
The best advice for open source maintainers who are being approached by large tech companies is to be very wary, and let them contribute/engage like everyone else if they're interested, instead of setting up private meetings and eventually get "forked-but-not-really" without attribution.