AWS uses a lot of open source, and we contribute a lot, both in terms of code (first-party projects like Firecracker and Bottlerocket, but also third-party projects like Redis, GraphQL, Open Telemetry, etc.), testing, credits, foundation support, and more. But open source is ultimately about people and communities, and I personally feel we could have done more to acknowledge the great work Tim and his co-maintainers have done, and try to support their Headless Recorder work. We're talking with Tim now about this.
(While I think we do far better than sometimes acknowledged, we're also always looking to improve, and appreciate all the feedback that helps us toward that goal.)
I do think there's a larger discussion about trillion dollar companies just forking a project and announcing it as a new feature for their platform without even talking to the original creator.
If there's anything to improve, "reach out first" will be a start.
It's open source. You don't have to reach out. There's nothing legally or morally wrong with what you did. But you can do better. A trillion dollar company can do better to act grateful to be in the position that it's in. To be seen as a leader in a space instead of as a consumer of free work.
I know its not required by licensing - but "legal" doesn't always mean "right".
To see so much of the developer community respond by placing blame on the developers is heartbreaking and at the root of the tragedy of open source. It's either: your fault for using a permissive license OR shame on you for not using a permissive license. Where is the outrage at the predatory companies cannibalizing open source?
We need to remember who the real enemy of open source is. The only company that benefits from open source shaming is Amazon.
Since when does providing managed services started to pass off as "stealing"?
Am I stealing FLOSS projects as well if I install them on a production environment?
It makes zero sense to try to pull this sort of bait-and-switch scam with FLOSS. If you release a project into the world while explicitly stating that everyone in the whole world is free to use it as they see fit then don't complain that someone was free to use it as they saw fit.
A customer is doing a full migration to the cloud. They're already using FLOSS project X on-prem and asks 'Hey, <cloud vendor>, project X is a super important part of our environment? We can't move forward unless you support it. Also, can you manage this for me? I'd really prefer not to roll my own servers.'
What would YOU, as the cloud vendor, do? Give up the on the business (both upfront migration costs and down line usage and maintenance costs), or legally exercise the license that project X's creator CHOSE?
Also, consider that, at your scale (you being the cloud vendor), if 1 customer is having this issue, it's impacting tens if not hundreds of others.
As someone who works for AWS and fields feature requests from customers constantly, the above situation very common.
Is there really a difference at all? You're complaining that a managed service is somehow "a direct competitor". Compete in what? I mean, am I really competing with the project if I get a few instances up and running?
By your line of reasoning, they are actually helping the project grow and establish itself as relevant piece of infrastructure. Somehow I don't see this being used as a justification to demand a share of the revenue the other way around.
In the end, all I see is people complaining that someone who uses a project that was always freely distributed happens to have deep wallets, and somehow hey feel entitled to some cash just because a third party is rich. Where does this make any sense?
There isn't a legal difference in AWS repackaging an OSS project, and a company using it internally, but there is a difference in terms of the end result of how the project develops.
That's why I've seen that most comments is support of AWS are either ideologues or their livelyhood depends on a large company that's doing this.
As seen on HN multiple times.
Which is what the parent refers to with the more politely put "either your fault for using a permissive license OR shame on you for not using a permissive license"
Don't want to pay me? Well get payed the same way.
There are plenty of business opportunities for commercial software, it is just hard and takes effort, like everything in life.
They were under no obligation to, but it set my career back five years and I'm still angry about missing out on the obvious route from graduating to being really awesome at what I wanted to be really awesome at.
It's not controversial that they did this, I was a junior employee and they didn't have a ton of money. It still significantly damaged my career to be forced to start all over on a totally new thing despite literally inventing what they were doing without me.
Blame? There doesn't have to be blame for that to suck for the little guy.
If someone did inadvertently choose a more permissive license than intended, I'm not sure what to say. "Blaming" them has too negative a connotation, but there is some responsibility on their part for the mistake, though I can sympathize with them given that licensing choice can be complex.
There's a catch 22 with choosing a restrictive license though. On the one hand it may help you monetize a product if it becomes popular, but on the other hand it becomes a lot harder to gain users and achieve that level of popularity.
However I acknowledge that the open source ecosystem and incentives have deep seated problems on this. The rise of networked society is in many ways built on such work, so there is a public good achieved that might never have been possible otherwise. On the other hand, maintaining a project can be thankless and exhausting. There's been plenty of discussions on how to help this situation, with no clear answer that I'm aware of. I certainly don't have one.
I personally think it would be a great look for Amazon if they made it a policy to compensate developers from whom they derive significant economic value. Because they can, and because the developers deserve it.
You certainly can have a contract around a license, but that is a whole other topic.
Free software which requires a copyright notice to be retained in the source, but has no restrictions on run-time can be used in exactly that way: someone builds it, modifies it to taste and puts it into operation in such a way that your name does not appear anywhere.
You don't necessarily want that. Do you want some AWS customers contacting you about issues with it because they found your name?
What is legal coincides with what is right, because the developers had every opportunity to choose a license which exactly reflects what they think is right. It's a reasonable assumption is that they did exactly that.
One is doing development, which requires innovation and time; other is providing service, which requires economy of scale and network effect.
It might be better if the end user tips like likecoin, which will automatically divide the tips to direct and indirect upstream contributor.
Probably Amazon's legal department doesn't let him say much more, but then his statement sounds unconvincing and doesn't serve the purpose of taking responsibility and assuring the comunity of their good intentions.
These kinds of actions damage the community much more than some people realize. Open source developers lose trust in the idea of sharing their work when seeing how huge companies with limitless resources take advantage of their effort. This happens little by little but in the end we become cynical and when we see good intended initiatives from these companies we don't trust them and simply refuse to participate.
I tought Microsoft has abandoned its evil demeanor and has become a good open source citizen until this happened:
I think what they did is much worse than this, because they intentionally misled the developer by giving an impression that they were going to hire him and when he came for an interview they tricked him to share his ideas about the future of his product. What's similar is the reaction of both companies - half-heartedly acknowledging something that has already become public knowledge and giving some vague promise for fixing things.
I always find these messages weird, because in the end it's one engineer like you and I who looked at some open sourced stuff and decided to use it, and perhaps it didn't really do what they wanted so they forked it, and it ended up being used in whatever product they were working on, and in the grand scheme of things it was not about a big trillion dollar company being evil, it was about how engineers do their work nowadays.
Just don't repeat Microsofts smooth talk, make-your-own and ghost strategy ;-)
It is possibly even worse than just forking.
That's why "Amazon can do better." Not to act more altruistically, but to do better. If they keep doing things like this, it won't be good for them.
So, a person may be clear morally, based on a code of values that puts an emphasis on a legal aspect of interactions between people, but from the perspective of ethics we can observe that such a code may not be sufficient to fully realise their potential of flourishing as a human being.
So clearly Amazon has no moral scruples about doing what they did, but to us (or others) it's ethically ambiguous.
Dude, they picked a software project that was released to the world under a license that explicitly allows anyone and everyone to use it as they see fit, and they proceeded to use the software.
Please do explain exactly wheredo you see any breech in morality.
If it's not in black and white then it's not part of the license. Spirit isn't defined.
To paraphrase Theo de Raadt, if you're not happy for your code to be used in a puppy mulching machine then don't license it under a permissive license.
Eric Raymond famously wrote about the customs of open source in Homesteading the Noosphere: "I have observed these customs in action for 20 years, going back to the pre-FSF ancient history of open-source software. They have several very interesting features. One of the most interesting is that most hackers have followed them without being fully aware of doing so."
It is possible for us to have norms of mutual respect beyond what is legally required. I think those norms are actually at the heart of open source and have been since the beginning. I hope we never abandon them just because they are "not in black and white".
 - http://www.catb.org/~esr/writings/cathedral-bazaar/homestead...
But Amazon is a member of the OSS community, and AWS relies heavily on developers, many of whom care a great deal about the spirit of OSS and being a good and responsible member of the community.
That does not mean that is probably doing it for the ones that will be graceful of it. Opensource is not just about licenses but a way of creating.
"At Serge’s trial Kevin Marino, his lawyer, flashed two pages of computer code: the original, with its open-source license on top, and a replica, with the open-source license stripped off and replaced by the Goldman Sachs license." 
I don't understand. Wasn't the project released under a license that explicitly grants anyone the right to freely use it as they see fit?
The only reason I was ever given was "we use it and think it is great therefore we won't release it." The implication was "If what you wrote was junk we'd let you release it."
Needless to say I never tried to get Amazon to release any of my software during my time there after that, because the response was so poor.
Edit: If Amazon releases my code, I'll be happy to add a tiny credit to Amazon in Notices.Txt and in no other way be thankful to Amazon.
Email me at firstname.lastname@example.org, and tell me what the internal code names for your projects were, and were you were in the org. I'll see what I can do.
It goes without saying though that supporting the open source core (and the core developers) would also go a long way.
The long tail of AWS services is a massive waste of time.
Regarding "giving back" by a company like Amazon, we often talk about the problem of open source maintenance being thankless and difficult due to time commitment and lack of compensation, etc. Personally I don't think direct $$ compensation is the answer, but how about a policy that, for example, dedicated X number of developer hours to the main branch? As in, Amazon tasks a few developers to each give 10 hours of time in direct collaboration with the maintainer(s) to perform tasks the maintainers may have in their queue. That way "giving back" for a project you use is specific and alleviats some of the burden of running a project for exactly those projects from which Amazon benefits.
This is something we are very aware of, and discussions about this cross my desk weekly.
One big problem of the many problems I face regarding such proposals is the people who are the best at writing open source who need the money the most are not the people who are good at writing grant proposals and are good at sucking the money out of such funding systems.
Offer him money and do it in public.