[dak1]

I'm extremely disappointed to see how many comments on here focus on the very narrow legal questions and amount to: "Your license didn't say they couldn't."

Open source software is more than a license and code. It is a community and the digital public square.

And the Tragedy of the Commons is just as applicable to our public square as it is to William Forster Lloyd's common land.

Either we as a community hold ourselves and others within our community to a higher standard than the text of a license, or licenses will inevitably become increasingly restrictive in the future, to the detriment of all.

[frabert]

Honestly, this point is kind of nonsense to me. If people acted as if they were held to the higher standard, we would not need licenses. People (especially when they're not acting alone, e.g. corporations) act in their monetary interest, most of the time. Hence, stick to the license that's least restrictive that still ticks all the boxes you feel are important. If you feel attribution is important, choose a license that makes it legally binding.

[wpietri]

There's plenty of sense to it.

Every contract, every law states what we see as the bare minimum required not to be actively harmful. They're society's skeleton. But bodies are more than bone, and societies are more than people doing the bare legal minimum.

Look at what the law requires of parents, for example. Food, shelter, clothing, school attendance, a lack of physical abuse. But parents who do the legal minimum and no more are awful parents, and awful people. But more laws wouldn't help. What kind of law could guarantee love? What kind of police could enforce it?

Community spirit is not something that can be expressed in a contract. Acting like people should have foreseen a particular asshole and tried to defend against them contractually is victim-blaming. The actual solution is for assholes to hear from the community that the behavior isn't welcome.

[frabert]

I'd call this wishful thinking and something that's been proven time and time again to be not working as well as it should, in practice.

[wpietri]

It's not perfect, but it works very well. None of my contributions to open source projects happened because they were required by license. On my own projects I've had people give generously of their time and expertise out of community spirit. Are some people jerks anyhow? Sure. But a different license wouldn't have changed that.

[Gehinnn]

I think it worked with Microsoft. They have a much better image now with regards to open source.

[josalhor]

If I suggest an idea from a coworker in a meeting as if it was mine, that move would be seen, at the very least, as somewhat rude. If I got that idea from examining the competition, that would be seen as a smart move.

Sure, if attribution is a requirement then the natural thing to do is to turn it into a legal requirement. But I don't think that is the discussion here.

It comes down to how we want to treat open source. In order to encourage open source, I believe giving credit, even if not required, is courteous. Corporations are not monolithic entities that are perfectly defined. People work on these corporations.

[geodel]

> If I suggest an idea from a coworker in a meeting as if it was mine, that move would be seen, at the very least, as somewhat rude.

It will be lot more rude if your coworker now hit social media berating you for stealing other people's ideas. If just office ideas were this important may be they need to be submitted with process of academic journals with proper attribution.

It can't be both ways: "Announcing that take my idea / software and run with it" And if someone does, telling them "you are first rate moocher, aren't ya?"

[Aeolun]

> It will be lot more rude if your coworker now hit social media berating you for stealing other people's ideas

Would it? I’d be inclined to agree with the coworker.

The message is not ‘stealing other people’s ideas’, it’s ‘stealing other people’s ideas without acknowledgement’.

[geodel]

> stealing other people’s ideas without acknowledgement’

Huh, I never heard of 'stealing with acknowledgement'. That'd be plain usage.

> I’d be inclined to agree with the coworker.

I'd think that co-worker would be subject of constant derision where people would run every trivial thing by them asking if they had thought it originally.

Edit: To be clear I support directly confronting folks taking ideas often without attribution or taking to higher ups if that is so important. But social shaming means the person better be prepared to live up to much higher public standards than it would be for some interpersonal issue.

[rbanffy]

Corporations the size of Amazon are imune to shame. If it's not a hard requirement, they'll only comply if it's not against their self interest to do so.

[lioeters]

I agree this is about the culture of software and open source in particular.

Reducing the issue to the bare minimal legal requirement is stooping low, that we cannot expect corporations to behave ethically, with common decency and respect, unless forced to do so by law. Sure, that's the real world, but we should demand better of the people who run and work in these corporations.

[toyg]

> that move would be seen, at the very least, as somewhat rude.

In a few places I worked at, this was just par for the course. It's all in the (corporate) game.

As much as decent, polite, and courteous people do exist (and I try to be one of them), it's a fact of life that assholes exist, and they often prosper on the back of such decent people.

[young_unixer]

> If you feel attribution is important, choose a license that makes it legally binding.

Some of us think copyright is unfair and we want to use it as little as possible. That means using MIT or BSD licenses.

That doesn't mean we are against attribution. We are only against the use of coercion to get attribution.

We can say "It would be nice if you give attribution" without saying "I'm going to use my legal rights to coerce you into giving me attribution"

[kevincox]

That seems like a very hard line to me. Copyright gives fairly comprehensive control over use, however trying to draw a line somewhere down full-control, attribution or no control seems very hard.

As it is today you can use your full control to allow full use with attribution. Of course the "unfairness" probably comes from the fact that you can't force others to do the same.

In my opinion the best option is to keep copyright at "full control" with a time limit. Probably 10-20 years. However that doesn't solve your desire for only attribution.

[tengbretson]

> If people acted as if they were held to the higher standard, we would not need licenses.

In the same way that we must continue to steer our car even in the presence of guard rails, we must continue to act morally in the presence of rules.

[unethical_ban]

Essentially, you don't believe there is any gray area for something to be legal and yet a dick move.

[save_ferris]

> Open source software is more than a license and code. It is a community and the digital public square.

Unfortunately, there's absolutely nothing about the OSS community that actually instills this mantra in people. I like to think that I also see OSS as a community and digital public square, but there's no universality to that philosophy.

> Either we as a community hold ourselves and others within our community to a higher standard than the text of a license, or licenses will inevitably become increasingly restrictive in the future, to the detriment of all.

There's just no way that the community will ever do this because there are inherently conflicting incentives to participating in OSS. If you tried to explicitly motivate people to do this, you'd immediately get pushback from the individualistic elements of the community that don't want to participate in something that they feel is politically motivated or that Amazon did nothing wrong.

OSS is a great thing that has tremendously benefited the industry, but the idealism of a community acting together without any consequences or incentives to do so is truly folly. As much as I wish OSS had more of a true community feel to it (and I think there are little pockets where this is tangibly felt), OSS largely exists to provide tools for commercial software development. Those people are out to build businesses and accrue wealth, not fortify the OSS community. I'm sure there are people that actually work to accomplish both, but the vast majority of founders and companies I've worked for in my career don't see OSS as a community. They see it as a giant puzzle box where each piece is an OSS project and their goal is connect pieces together in order to sell a product to somebody. Get acquired/IPO and you've solved the puzzle.

[tannhaeuser]

> OSS is a great thing that has tremendously benefited the industry

I'm beginning to question this. The proliferation and commoditization of F/OSS is what made SaaS business thrive, and made it so that integration and polish is the only avenue left to make a buck, leading to our paltry attention economy, oligopoly, and platform lock-in by network effects. This after decades of personal computing striving to liberate users from mainframes. F/OSS is also drying out - when was the last time you used a piece of software that truly achieved something useful on its own rather than solving a perceived problem that only exists because of the idiosyncratic nature of the web and cloud stacks? Meanwhile, maintainers of popular F/OSS get nothing in return.

[pwdisswordfish0]

> The proliferation and commoditization of F/OSS is what made SaaS business thrive[...] after decades of personal computing striving to liberate users from mainframes.

That's because of developers' (read: devops folk) own narrow focus of open source. When someone talks about open source having won, they're referring to how their company has three dozen services published on GitHub that can somehow be strung together to approximate 60% of what their company is actually putting in people's hands at the end of the day. That's open source for you.

Stallman and his acolytes had it right all along about focusing on free software as a philosophy meant to empower users and not career programmers (who already generally make more than the average household...). It doesn't matter if a smattering of SaaSsy services are open source if (a) it's mired in the sort of headaches that are par for the course in devops today with respect to actually being able to run the thing, and (b) the app that real, actually people are jabbing with their fingers and literally touching is still proprietary.

So it's not a problem of too much open source; it's a problem of not enough, and a problem of eschewing with the user-focused underpinnings of free software along the way, to instead follow the career devopser's AWS/GitHub/whatever-powered path while advertising it as win. To borrow liberally from Alan Kay, the computing revolution hasn't been won—because it has not yet even happened.

[save_ferris]

> The proliferation and commoditization of F/OSS is what made SaaS business thrive, and made it so that integration and polish is the only avenue left to make a buck, leading to our paltry attention economy, oligopoly, and platform lock-in by network effects.

Do I think F/OSS played a role in these issues? Absolutely. Do I think it's the primary role in causing these issues? Definitely not. I'd argue that weak antitrust law, ill-intentioned VC money, and lack of oversight of software titans play the biggest role in what you've described here. Yes, F/OSS gave the companies tools to iterate over app development quickly, but they were pushed for hockey stick growth and total market domination by the checkbooks, and the government has completely failed to police their behavior. F/OSS gave people with questionable incentives the ability to do questionable things, but it didn't create the motivation to do those questionable things.

> when was the last time you used a piece of software that truly achieved something useful on its own rather than solving a perceived problem that only exists because of the idiosyncratic nature of the web and cloud stacks?

I actually use a fair amount of F/OSS that is independently useful to me, projects like Hammerspoon, MIDIMonitor, VLC, MuseScore, and others. Yes, the majority of F/OSS that I use is for commercial purposes, but that's certainly not exclusive.

> Meanwhile, maintainers of popular F/OSS get nothing in return.

I completely agree with this, and I think it's one of the most critical problems to the F/OSS movement.

[Intermernet]

"when was the last time you used a piece of software that truly achieved something useful on its own rather than solving a perceived problem that only exists because of the idiosyncratic nature of the web and cloud stacks?"

Go and Rust. Probably unpopular opinions, but I'm very glad those two languages are open source.

[pwdisswordfish0]

I'd bet that this outlook is the sort of narrow-sighted, can't-even-understand-the-question sort of thinking that the person you're responding to had in mind when asking the question—as what not to focus on when talking about the successes of FOSS. That even with the point made in a very straightforward way it gets responses like this is a huge signal of what sort of problem we're dealing with.

Go and Rust amount to infrastructure, not software that "truly achieve[s] something useful on its own".

[dboreham]

It benefitted the hardware industry in the same way free gasoline would benefit the auto industry.

[ryukafalz]

> when was the last time you used a piece of software that truly achieved something useful on its own rather than solving a perceived problem that only exists because of the idiosyncratic nature of the web and cloud stacks?

All the time. One I use every day? Emacs. (Which long predates anything web or cloud related.) For a more recently developed example? Guix.

Setting aside the fact that a very large portion of the software I use outside work is free software.

[pas]

SaaS was a natural emergence from the Internet. Software is eating the world, and eventually it will eat itself too.

[quicklime]

I see what you mean, but in this particular case, there are licenses that explicitly require the sort of attribution that the tweeter was asking for - e.g. the BSD license with the "advertising clause", or maybe the AGPL. For some reason, open source developers are choosing not to use these licenses, and complaining about it later.

If it were the case that AWS broke some unspoken social convention that is hard to legally enforce, I'd be more sympathetic. But it feels more like the author made a choice to license their software using Apache 2 over other licenses.

[dak1]

A lot of how people and even companies conduct themselves has as much to do with cultural norms as it does with strict legal requirements.

It looks like Matt Asay, the lead for the open source and marketing team at AWS, has already reached out and said he's looking into it (and thanked Tim for the contribution).

I think there's generally a cultural norm to recognize an individual's contributions in general, especially when freely given.

If the comments on here largely echoed that sentiment and demonstrated that it was a cultural norm, expect AWS (and others) to be more likely to adhere to it in the future — it costs almost nothing, but there's definitely a value in having a positive reputation.

We do have the capacity as a community to define and uphold such cultural norms. Laws and licenses are not as binary as code.

[mekal]

I think recognition by AWS would have been nice (win-win for both parties) but lack of it does not warrant public shaming.

If someone doesn't thank you for your "free" services, then keep your head down, plow ahead and take comfort in knowing you're doing a good enough job for a company like Amazon to use your stuff. And if that's not enough, send them a private message and let them know how you feel.

Given that everyone thinks like me, I wonder if some of the "Your license didn't say they couldn't." comments might be a defensive reaction to what they see as an unjustified public shaming. Like an unjustified honk on the road. This is twitter at its best right? Someone says something that pushes the right buttons (intentionally or not), people kick it up a notch by reacting defensively and we're off to the races!

[serguzest]

You are talking about a trillion dollar company. I am sure their feeling wasn't hurt from "public shaming" Please save your empathy for the independent open source developer who spent his valuable hours on the project.

[mekal]

Fair point.

[appleflaxen]

If you choose a license which explicitly lets them, and they do, then appealing to community is simply silly. If community and reciprocity is important to you, you simply must choose a GPL-like license that requires it.

If you don't want it, simply say so! But if you say you don't care... don't complain when people do.

[CydeWeys]

This, incidentally, is why I tend to prefer the AGPL for stuff I write myself, as it aligns most closely with this "digital public square" idea. I'd simply rather not have an Amazon use my work in this sort of taking-without-giving way at all.

Meanwhile, the open source code I write for my employer is Apache 2.0 licensed because the permissive licenses seem to be the most friendly towards large corporations and hence is what they prefer.

[devthrowawy]

This is incredibly naive. FOSS ultimately is business (if the code has any real value) and that's why there are licenses, to keep industry in 'check'. If RMS shared your optimism there would be no FOSS. Business are not people, they are entities driven by profit and the limits of law. Call it greed if you want but that's how you get endless $1 loafs of bread and the ability to fly anywhere in the US for a couple hundred bucks or less. If you really want something to be so, get it in writing. There is no 'community' like you illude to. Maybe in certain corners of the web or for some more notable projects, but there is plenty of FOSS that is really the backbone of a lot of sw and non sw infrastructure that is contributed to almost exclusively by corporations that are in competition with each other. FOSS is not just web devs hanging out on twitter making some app with a cute logo that will be forgotten in 3 years. There is big business going on and without a good license you have nothing.

[pedro2]

  Open source software is more than a license and code.

Nope. You are thinking "Free Software". "Open Source" is "just" that: a legal license which may or may not have ethical considerations and fuzzy feelings.

You may wish to read https://www.gnu.org/philosophy/open-source-misses-the-point .

[joseluisq]

It's very disappointing, not the laws called "facts" but this disjunction of the community arguing or even joking around simple people stuff credits. Which costs nothing to do it.

For me this never ending OSS disagreement is just an excuse to take just benefits of the community but with zero retribution (there is no progress on that).

Someday, people will understand that Software is crafted by humans but not by a bunch of companies or self-thought computers.

[eplanit]

You'd have to get the warm and fuzzy emotional parts (community, public square, commons) codified into the license in order to enforce that "higher standard".

[varispeed]

Big companies use OSS to avoid hiring employees and paying their wages plus taxes. It is a loophole that should be regulated.

[OmarShehata]

In what world does any company use open source software to save money??

What is the alternative? Develop everything yourself in-house? That's not just expensive, it's dumb, because you'll get worse/less reliable software in general.

[dboreham]

> Open source software is more than a license and code. It is a community and the digital public square.

I've never found this square.

[whatsmyusername]

No it’s not. It’s just a license. I will never bet against the tragedy of the commons because it’s easy money.

[loriverkutya]

Corporations have nothing to do with community or people or ethical standards or environmental stuff or privacy. For a company an open source license is nothing else than the code and a license. For them, this is a very narrow legal question.

Corporations does not care about much but shareholders' interests. If you want to change that, you need to come up with a different system than capitalism, which encourages the standards you want to see.

[benjaminjosephw]

Capitalism doesn't _require_ the heartless pursuit of shareholder value. You're confusing the system with one particular ideology.

Changing incentives, standards and cultural norms absolutely is possible within a capitalist system. In fact, it's required. Otherwise, capitalist economies quickly descend into oligarchies with skewed markets that favor those with all the capital.

If profit were the only motive without any other rules in play, that wouldn't be capitalism at all. We need interventions in order to preserve a healthy system. To suggest otherwise is to defend an ideology that isn't capitalism itself.