
I give permission for IBM [...] to use JSLint for evil. - huhtenberg
http://dev.hasenj.org/post/3272592502
======
hopeless
I tried to get approval to use an (entirely IBM-developed) open source library
at IBM. The process took months and hadn't finished when I finally left. If I
remember correctly, it was going to take approval from the team lead, 3
lawyers, and a VP (and possibly someone else, I can't remember). And that's
after spending about a week or two running code scans to check for
"suspicious" keywords like 'evil'^ and then individually checking each of the
~10,000 issues.

I know why IBM has to these issue so seriously but remember this when you
wonder why big companies can't execute as quickly as startups. And remember,
the library I wanted to use only had contributions from IBM developers and was
under the favoured Eclipse licence.

^ As an aside, putting 'evil' in your licence is pretty dumb. There is no
definition of evil which can be argued over in any court. What you consider
'good', someone else almost certainly considers 'evil'

~~~
SeanLuke
> As an aside, putting 'evil' in your licence is pretty dumb. There is no
> definition of evil which can be argued over in any court. What you consider
> 'good', someone else almost certainly considers 'evil'

People keep arguing that the license is bad because "evil" is ambiguous. But
there's a legal concept called "Contra proferentem", which stipulates that
ambiguity in a contract (or license) benefits the party which did not draft
it. Crockford's clause has no force because he drafted it.

<http://en.wikipedia.org/wiki/Contra_proferentem>

~~~
mpyne
> Crockford's clause has no force because he drafted it.

Am I the only one who finds it concerning that a clause which legally cannot
be enforced is placed into a license anyways? I'm not sure how this helps the
complaints against the JSLint license.

~~~
taybin
While it would be nice to have a license static checker that removes unused
clauses, I'm not sure that's actually possible.

It might be possible to write an obfuscator though...

------
shared4you
This is old news, already appeared on HN, for ex:

1\. <http://news.ycombinator.com/item?id=763165>

2\. <http://news.ycombinator.com/item?id=3693108>

3\. <http://news.ycombinator.com/item?id=4762035>

TIP: Just search on <http://www.hnsearch.com> to see if you are not posting a
duplicate.

I understand that repetitions are sometimes ok for the benefit of new readers
and all, so...

~~~
huhtenberg
I think it's well worth a repost.

Excellent tip though, excellent.

~~~
RexRollman
Maybe there should be a "most often reposted" section in HN.

~~~
Cthulhu_
Or a simple link check.

~~~
simias
I think there already is, it's just that the cache gets flushed form time to
time.

What would be nice would be a way to merge several stories in a same comment
thread, and maybe then "bump" older threads in case of reposts.

------
mmahemoff
This issue came up again recently with the Democrats' voter registration
application
([http://pauladamsmith.com/blog/2013/01/dnc_voter_reg_foss.htm...](http://pauladamsmith.com/blog/2013/01/dnc_voter_reg_foss.html)).

The take-home is don't do that. Don't modify a standard open source contract
on a whim as it will inevitably cause serious hassle later. Okay if you have
some major ethical/legal objection, then just beware it will cause some major
hassle.

JSON is an exception. It came along when the programming world was desperate
to be liberated from XML bondage...a fine solution surfaced at the right place
and right time. And also at a time when people cared less about open source
license specifics. For any average project, you're adding more barriers to
adoption than you probably realise.

(I said more about this the last time
<http://news.ycombinator.com/item?id=4762261>)

~~~
WayneDB
I disagree that JSON has "liberated" most of the programming world from XML.
In many, many, many places where XML has been used in the past, it is still
used because JSON is a very poor substitute in those cases.

~~~
mmahemoff
Pretty much all APIs from web/tech/startups now are JSON-based, I think. I'm
sure XML is still used in enterprise and legacy situations, but it would have
been a lot more widespread if JSON didn't come along.

~~~
WayneDB
Of course JSON caught on with startups who are mostly targeting web users,
whose programmers are mostly web developers who write a lot of Javascript.

XML is used for far more than just APIs though. However, I suspect that you
personally weren't thinking "just APIs" when you wrote that _the programming
world was desperate to be liberated from XML bondage_.

Be honest. You think JSON is far superior to XML in almost every way and you
would never consider XML for any task. Also tell us what kind of programming
you do most of the day and who you do it for.

Me - I write operations software for a pharmaceutical services company to run
a warehouse, call center, marketing and miscellaneous. I float between writing
web, desktop and back-end services apps. Most of our clients and partners (big
pharmaceutical companies) are working with XML - even for new services and
data exchanges. We barely ever see JSON coming from those companies.

I'd argue that there are more of these enterprises out there than there are
web startups. If you had said "web programming world", I might not have
disagreed.

~~~
abraininavat
"Only web developers use JSON" does not imply "JSON is good only for web
development".

You're writing a lot, but telling us little. Why is JSON bad for non-web
applications?

~~~
jebblue
JSON describes objects in compact notation, XML describes the world in terms
two computers talking to each other can understand and it is very readable for
humans who need to debug it and it can be validated with a DTD.

------
throwaway_ibmer
IBM seek repeated permission like this for lots of reasons, but mainly to
avoid possible problems in the future. I've been through this process a few
times getting permission to include 3rd party packages in our products. It's
long and drawn out but I can see why they do it.

It all boils down to the fact that it's not just as simple as IBM trusting the
license terms as shown.

For example, someone can take some code protected by GPLv2, naughtily strip
off that license and apply a completely different (friendlier) license such as
MIT or Eclipse. If IBM trusted this code (and license) as supplied then it
(IBM) could get sued because it is (unknowingly) using GPLv2 licensed code and
not honoring the conditions. It matters not one bit that they thought it was
MIT or Eclipse licensed. It matters not one bit that someone else did the
naughty thing of changing the license. IBM can still get sued, and
theoretically be forced to publish source code that they may not want to, and
people love suing IBM.

Another example question is: Did all contributors to the code have permission
from their employers (if appropriate) to participate in the development of the
package and relinquish their (the employer's) rights to any claim for the
code?

The license is only as strong as its weakest link.

I know I've had a package turned down because we weren't able to get in
contact with every contributer in order to convince the legal team that this
wasn't a risk.

In other words, IBM want to be absolutely sure that including this code isn't
ever going to come back and bite them in the ass if they do use this package.

------
jobigoud
I really hate this type of licenses. Articles contributed to Code Project
default to a license with this type of clause too.

It makes it impossible to include it in a GPL project. It breaks freedom zero,
the freedom to "run the program, for any purpose".

------
0x0
Inside the iOS terms & credits page deep inside settings, this license is
present. So I guess you can't use iPhones for evil.

~~~
glass-
You also can't use iTunes in the "development, design, manufacture, or
production of nuclear, missile, or chemical or biological weapons."

~~~
mpyne
Which is at least a specific set of prohibitions instead of a wishy-washy
poorly-defined one.

------
eksith
The genius of this license is that not only does it stop semi-evil people
(because truly evil people don't care about the author's wishes), it stops
stupid people. Which, in a long about way, is a type of unintended evil.

------
benesch
Since the video link in the article seems not to work:
[http://www.youtube.com/watch?v=-C-JoyNuQJs&feature=playe...](http://www.youtube.com/watch?v=-C-JoyNuQJs&feature=player_detailpage#t=2480s)

~~~
Samuel_Michon
Also, the part about the license starts at the 39:45 mark.

------
drobilla
"Ha ha ha, I intentionally cause huge legal problems for the Open Source world
and the software world in general, hilarious, right?"

This stupid little license game of Crockford's is childish and inappropriate.
The more he jokes about it the less respect I have for him. Grow up.

------
drucken
JSON license _"The Software should be used for Good, not Evil."_

Reply: _"I give permission for IBM, its customers, partners, and minions, to
use JSLint for evil."_

I wonder if they sought further clarification if evil is the same as Evil?

------
nraynaud
I need to send this guy some beer (it's like flowers for men).

