Why did I not spell this out in the blog post? For my own amusement. I also think it shows that licenses really don't matter all that much as some people think, they are not computer code.
They matter as long you're willing to enforce them, and have the time and money to do so.
In that case, you may be able to submit some form of take down request to GitHub against that project and other projects who are using your library.
edit: wow, one of the projects that depended on your library was arduino up to 2020. https://github.com/arduino/arduino-cli/commit/09b4e8804fbd61...
edit2: was also used by AWS up to last week when they removed it. https://github.com/awslabs/karpenter/commit/d84365e8c44178ea...
the library is currently in use by Heroku/SalesForce to build deploy java apps (or something like that) https://github.com/heroku/java-buildpack/blob/master/go.mod
I wonder what sort of settlement you could get if you were to send them a lawyer for real.
The damages probably amount to $0. "Don't use this code, no seriously don't" isn't exactly an advertisement of the value it provide.
which doesn't even use go.
And they'd like you to even move away from that replacement to an ever newer replacement: https://github.com/heroku/buildpacks-jvm
This is why the GPL is more developer friendly than other licenses. If a business doesn't like the GPL you can offer to relicense your code, ... for money. And money is the restitution you seek when the license is violated.
Non-free licensed code has been on GitHub for quite some time. It's not only about free software and you should not assume so, as in all software.
Edit: changed FOSS to "free"
It would be an interesting precedent, forcing companies to comply with everything their advertisements say and doing away with any sort of fine print and ToS. I’m all for it, in fact. Total Ankh-Morporkization!
By technicality, the license has been violated by quite a large variety of corporations: Microsoft, AWS, Heroku, Bilibili, Baidu, Apache, Arduino, etc. [0~6], and much much more 
If you do personal projects that are open source it's equally important to know what licenses your dependencies have if you release those projects to the public.
I would describe an end user count, revenue size, etc in order to apply special circumstances to corporations. Drone.io does a great job of this.
The lawyer seemed genuinely surprised and said they would read up on it. I'm pretty sure my bringing this up in a friendly manner caused them to question their assumptions. Had I picked a fight during the presentation I'd just be labeled a basement dweller.
However, this lawyer also told me something interesting. To some extent it doesn't matter whether I was able to change his mind. As long as other lawyers in the field have this bogeyman concept in mind, the use of GPL will get flagged in due diligence, etc. and it's easier to simply not use a component with strong copyleft when developing a product (unless it's as irreplaceable as Linux).
This is a long-winded way of saying that selling exceptions will likely scare off potential purchasers long before they are in a position to consider the purchase. Most shops have a blanket "no GPL ever" policy and a dev won't even bother with the component even for a prototype.
With BSD/MIT licences everything is clear and less ambiguous, and if I get something wrong then it is usually something easy to fix.
If I were a general counsel, I wouldn’t trust all my developers to follow the GPL licenses properly nor would I trust developers to correctly avoid simple mistakes. A default ban limits liability, reduces risks of negative publicity, and anyone that needs an exception has to justify it.
Idealistically, I love the GPL, and I truely believe in the goal of share and share alike.
Practically I understand why following the *GPL licences is difficult and that it involves multiple risks for a business, and so many commercial businesses sensibly prefer to avoid the costs.
> (F) Platform Limitation- The licenses granted in sections 2(A) & 2(B) extend only to the software or derivative works that (1) are run on a Microsoft Windows operating system product, and (2) are not Excluded Products.
So you could not deliver it on Safari, but also not on Chrome if it ran on Mac.
Aaaand that is why the JSXLSX implementation was developed, exactly the same as xlsx.js but without the restriction.
Sure, it's funny, but it's a joke at the expense of everyone else. This is like going to a party and walking up to every person and making a joke at their expense. Were the jokes funny? Maybe. Does everything think you're an asshole? Almost certainly.
In this case the license was silly, but if this library had been GPL, it’d still have been a massive violation by most of those big companies, and that’s something we need to pay more attention to.
People shouldn't use software without checking the license, but if you're making a joke, for a pattern that's actually something used in the industry, because you believe that pattern is bad, yeah, you should label it a joke.
If someone spends the time to integrate mystery code without taking the time to check the license allows it then frankly they dug that hole themselves.
You absolutely have the power to end the controversy by switching to a more mainstream license then adding a clear disclaimer like “use at your own risk”.
GitHub currently lists 465 projects that depend on your library, which means more than a handful of devs find it useful.
(We fleshbags could probably use more widespread application and understanding of formal language and notation as well—the most cumbersome description of linear interpolation I’ve ever seen was in the section on a real estate tax hike in the tax code; it had paragraphs! I mean, I feel for those who didn’t have a good time in high-school algebra, but I don’t see how they could reasonably deal with that monstrosity either.)
Algebrophobia apparently is a thing.
Culturally, yes, and I can’t help but be awed at how stupid and self-inflicted it is. (See “Mathematician’s lament”, et al.) Introducing algebra into legal practice now would probably be a spectacularly bad idea even if it were possible. That’s why I mentioned “more widespread application and understanding of formal language”. Passing this hurdle is a massive ordeal—if I meaningfully contributed to it and knew that, I could probably die a happy man—but, I mean, we were talking disembodied brains in VR here.
By the way, can anyone explain what it is people actually like about A Brief History of Time? I went on to study some of this stuff, but the book appears both unnecessarily convoluted and surprisingly stingy with actual information compared to my preferred pop sci fare. I like me some enigmatic promises of explanations, but Hawking’s were left mostly unfulfilled, or so it seemed to me.
To give a few examples, https://www.google.com/books/edition/The_Boy_s_Own_Annual/X7...
"Sure as goodness, I thought you both did it as a lark", from a book published in 1895, so it's reasonable to assume it was already in some level of common idiom by then. It's unlikely The Boys Own Annual was trail blazing in its use of language.
Or https://www.google.com/books/edition/The_Fortnightly_Review/... from 1929. "D you remember I got certified as a lunatic for trying to make a living by betting that one horse would reach a post before another, I admit it was silly, but I only did it as a lark"
Language changes and evolves over time. You're attempting to be King Canute, except maybe one apparently deluded enough to believe the courtiers, only not as the tide is on the way in, but as the tide is long past and you've almost drowned.
The ship sailed on the point you're making before you were even born.
> on/as a lark idiom
> US, informal
> just as a way to have fun
> She entered the race on/as a lark.
> lark noun [C] (ACTIVITY)
> an activity done for enjoyment or amusement:
> He started hang-gliding years ago as a lark.
https://dictionary.cambridge.org/dictionary/english/lark (definition from the Cambridge Academic Content Dictionary)
On a lark, for a lark, as a lark, larking about, and so on are all common. It's not some obscure quotation or meaning, it's just a simile comparing with the bird (perceived as happy).
The “lark” in the idiom “on a lark” has nothing to do with a simile to birds. It derives from an old Norse word which means “to play.” https://en.wiktionary.org/wiki/lark#Etymology_2
Using correct terms helps to communicate effectively. What is wrong with promoting correct use of English? I always appreciate it when my coworkers promote correct programming idioms to me, it helps me become a better programmer.
As has been mentioned elsewhere, language is constantly changing. It isn't even that slow of a process. As a result the vast majority of linguists view linguistics as a descriptive rather than prescriptive science. The "prescriptive" approach to linguistics is much more common among teachers but hopefully that is also being tempered.
The reason why this matters is because prescriptive approaches to language have a long history of being used to enforce class, ethnicity and geography based discrimination.
I think there is a fine line to walk here. If you are going to fight against the changing of language, you need a good reason. I personally really dislike the confusion of "literal" and "figurative" (where "literal" now figuratively means "figurative") because it clearlt reduces the expressivity of the language. In contrast, the advent of "irregardless" doesn't reduce the expressivity of the language (though it foes add some minor complexity as it is an annoying exception in the meaning of the "ir" prefix.) Similarly, the common use of "me" instead of "I" in "and" clauses is commonly touted as a misuse of language even though I have never encountered as usage where it added ambiguity and is extremely common. I've had people tell me they take it as a marker of low intelligence while those same people will make a very similar mistake by switching "me" for "myself" in and clauses.
I do think there is value in teaching people about the historical and cross-cultural uses of language, as this increases our ability to understand eachother. I also think there are times where we should push back against language shifts that descrease the effectiveness of the language. However, I think it has to be done with care to avoid perpetuating injustice and becoming irrelevant as the real language in use shifts.
In your particular case, you seem to be denying the existence of fairly commonly used phrases that don't actually have any negative impact on the information carrying ability of the language.
This is a sloppy argument. Nothing about teaching correct English enforces discrimination and in fact it does the opposite by leveling the playing field.
If one day teachers stopped teaching grammar, that would only worsen the linguistic shift across the races and classes, allowing them to more easily discriminate between each other.
Even if you want to erase the idea that there is a “correct” English, the inevitable presence of the differences in speech will regress the concept to “my tribe’s English” and eventually “my tribe’s language.”
Teaching and promoting a standard and correct English promotes a more liberal society. I’m puzzled that sloppy arguments like the one you made above continually permeate culture when it only takes a few logical steps to see how it results in an outcome opposite to what you want.
That's where we are already. What you propose is forcing the other tribes to speak your tribe's english.
I am not saying that there aren't advatages to teaching people about other tribe's dialects. If you combine that with inclusive policies you can merge dialects. When you enforce a specific dialect, then you exclude and alienate speakers of other dialects and this will INCREASE linguistic drift.
I see nothing sloppy about my argument and I don't think that particular word (especially when you make no effort to explain what is "sloppy") is more of an ad hominem attack than perhaps you intended.
> When you enforce a specific dialect, then you exclude and alienate speakers of other dialects and this will INCREASE linguistic drift.
How exactly would that happen? It would provide a means for other dialects to adopt the standard dialect and communicate with the wider community. That’s the opposite of increasing linguistic drift. In the situation you’re suggesting, you’re expecting everyone to understand and communicate in every other dialect simultaneously. That’s just an unrealistic expectation.
> That's where we are already. What you propose is forcing the other tribes to speak your tribe's english.
I propose everyone who desires to participate in the English-speaking world voluntarily unite and find consensus under standard English. Stop taking something personally that isn’t personal and speak the standard English so that we may all better communicate and information can more freely disseminate across more populations.
Imagine if people started making the argument that correcting incorrect Python was racist/classist and people should just start forking Python if they do not like standard Python. That would be silly yet that is what you are suggesting. Obviously having a single agreed-upon dialect of Python is beneficial to everyone and it shouldn’t be personally offensive to recommend that people program in standard Python.
It definitely is not a talking point. This is a stance I have arrived at after studying linguistics, philosohy of language and psychology then doing lots of traveling and spending over a decade thinking about it, all as someone who is inclined towards engaging in language pedantry. If there are errors in reasoning, those errors are mine since it is a stance I arrived at without hearing it from other people.
> How exactly would that happen?
How it always happens? How much time have you spend in multi-lingual contexts? How do you think creols and slang develope? Language naturally evolves to fit the needs of people who use it.
> I propose everyone who desires to participate in the English-speaking world voluntarily unite and find consensus under standard English.
Who decides what is standard? Can the standard change? Is it fair to set that standard as something that one group learns at home and another group has to study and practice to use?
> Stop taking something personally that isn’t personal
It's hard to get more personal than the language you think in and use to talk to the people closest to you.
> we may all better communicate and information can more freely disseminate across more populations.
You say "we", but the "we" for whom it is easier is limited to the people that already speak the annoited "correct" dialect.
> Imagine if people started making the argument that correcting incorrect Python was racist/classist and people should just start forking Python if they do not like standard Python.
Programming "languages" aren't actually languages in any sense that makes your argument here have any value. Programming "languages" are actually complicated mathematical notations. Funnily enough, your example, python, actually has two versions in use. If everyone refused to use python 3 because it was "bad python" then the communtiy would have been worse off.
The fundemental problem with your position is that it is inherently hypocritical, arbitrary and self-serving. You distinguish between the age of "as a lark" and "on a lark" based on an arbirary point in time. There are plenty of idioms / meanings that are younger than "as a lark" but that you hypocritically would accept as just fine. For example, you use the term "forking" in a manner that is both semantically and grammatically very new. If a word or usage arises as part of your dialect, it automatically becomes part of the "standard", but if it arises in the dialect of an outgroup then it qualifies as "incorrect english".
I am not opposed to developing language standards, but those standards need to be both responsive to shifts in the language and inclusive for a wide range of dialects. Ideally you can also teach this standard without impicitly judging people as stupid and uneducated when they use their native dialect. You also need to be careful about using adherence to this standard as a gatekeeper to prevent people from having equal opportunities.
> How it always happens? How much time have you spend in multi-lingual contexts? How do you think creols and slang develope? Language naturally evolves to fit the needs of people who use it.
This is a failure to demonstrate how promoting language standards may result in increased discrimination.
Again, whether a language standard is promoted or not, people will discriminate against others who differ from them. The existence of a language standard removes the confusion and ambiguity as to what the correct form of the language is. This enables everyone to participate in the usage of the language equally.
> Funnily enough, your example, python, actually has two versions in use. If everyone refused to use python 3 because it was "bad python" then the communtiy would have been worse off.
Right and it took an official body with authority over the language to get everyone to reunite over Python 3. If no official body stepped up and no standard version was declared, there may still be large fragmentation between Python 2 and 3. Everyone clearly understands fragmentation of a language community is a stark negative. You are suggesting we pretend that a standard form of English does not exist which would only result in further fragmentation of English, which just as in Python, would be a bad thing for the community at large.
> Ideally you can also teach this standard without impicitly judging people as stupid and uneducated when they use their native dialect.
No one in this thread ever suggested using language standards for this purpose. And again, the existence of a language standard is largely orthogonal to this phenomenon. Judging people as stupid comes from differences in people, not language standards. In the absence of the existence of a “correct English” the judgements would transition from “you are not speaking correct English” (which is shared by all) to “you are not speaking my tribe’s English” (which is unique to a single tribe and would be a lot more tribally divisive).
> Who decides what is standard?
Whoever is the appropriate authority of the language. It could be a national government or an academic organization. Language standardization isn’t a new concept, nearly all European languages have gone through a standardization phase. It’s a solved problem. This is the equivalent of saying we can’t standardize Python because there is no obvious way to decide who is allowed to standardize it. That is just silly. Either an interested committee will form or a pre-existing authority will take on the responsibility.
It does that right now, no "may" about it.
> Again, whether a language standard is promoted or not, people will discriminate against others who differ from them.
"Promoted" is a too nice a word when the reality is that the standard is used limit the opportunities of people who don't follow the standard.
> You are suggesting we pretend that a standard form of English does not exist
It doesn't exist. There is no single standard English, there isn't even a standard set of spellings for English.
> Judging people as stupid comes from differences in people, not language standards.
I've literally had people tell that they assume someone is stupider if they use the "me" instead of "I" in an "and" clause.
> Whoever is the appropriate authority of the language. It could be a national government or an academic organization. Language standardization isn’t a new concept, nearly all European languages have gone through a standardization phase.
There is no such authority for English, so there is no standard?
Also, "standardisation" didn't work for German or Spanish (the other two European languages I speak) as local dialects diverge significantly from the "official standard". It is far from "solved".
> This is the equivalent of saying we can’t standardize Python because there is no obvious way to decide who is allowed to standardize it.
That isn't what I said at all.
> In the absence of the existence of a “correct English” the judgements would transition from “you are not speaking correct English” (which is shared by all) to “you are not speaking my tribe’s English” (which is unique to a single tribe and would be a lot more tribally divisive).
Those judgements already happen. Teaching people about each other's dialects would make them less foriegn and lead to less judgement and better understanding.
When you take that position that there is "one correct English", that makes it harder to encourage people to learn each other's dialects and it encourages discrimination against people whose dialects differ more from the one correct English.
Finally, I'll repeat myself: I am not wholey opposed to language standards on principle. A good language standard would be determined inclusive organization that is representative of all its speakers, would be a living standard that changes as the underlying language and it's dialects change (i.e
descriptive), and would understood as common reference point for communication rather than as the one correct way of using that language ( i.e. not proscriptive).
English does not have such a such a standard and other language standards I am aware of are not super effective and tend to be rather eurocentric and not inclusive of their broader populations.
> It does that right now, no "may" about it.
If language standards indeed cause discrimination, please demonstrate how. Otherwise this is a baseless claim.
> I've literally had people tell that they assume someone is stupider if they use the "me" instead of "I" in an "and" clause.
So you think if a standard English did not exist, then people would no longer judge others who speak differently from them as stupid?
> A good language standard would be determined inclusive organization that is representative of all its speakers, would be a living standard that changes as the underlying language and it's dialects change (i.e descriptive), and would understood as common reference point for communication rather than as the one correct way of using that language ( i.e. not proscriptive).
Right so you support the idea of a language standard, likely for all the benefits I’ve listed, except when people use them to make other people feel bad. Just a note to everyone reading this: the subject of making people feel bad is a social phenomenon that is entirely orthogonal to whether or not a language standard is “proscriptive.” The term he is looking for is “normative” and all standards, language or not, must be normative to a degree.
That wasn't my claim. My claim was that prescriptive approaches to language facilitate and magnify discrimination and have historically frequently been used to justify and enforce discrimination. You can look at how regional UK dialects affect employability and education outcomes. You can look at the way speakers of the ebonics dialect have been forces to learn to change not just their dialect but their accent to get jobs. There is such a wealth of examples of the roles that language plays in descrimination that suggesting otherwise seems odd to me.
> So you think if a standard English did not exist, then people would no longer judge others who speak differently from them as stupid?
I think if we encouraged people to gain more exposure to other dialects in school and didn't teach people that those dialects are wrong then there would be less judging of people based on how they speak rather than what they are saying.
> Right so you support the idea of a language standard, likely for all the benefits I’ve listed, except when people use them to make other people feel bad.
That is not what I said. I might support a standard, depending on how that standard is determined, how it is promoted and how flexible it is to change.
My concerns with linguistic standards has nothing to do with "making people feel bad" and everything to do with denying opportunities to people. I've stated this repeatedly so I'm not sure why this isn't getting through...
> The term he is looking for is “normative” and all standards, language or not, must be normative to a degree.
No, the term is the one I used originally but then mistyped in my last response "prescriptive" ("proscriptive" is the opposite, telling people what not to do rather than what what to do.)
"Normative" and "prescriptive" are similar but distinct terms. When you tell people how to speak, that is prescriptive, when you judge people based on how they speak, that is normative. So in my view, prescriptive linguistics encourages normative behaviors around language.
If you apply for a job in China and you only speak broken Chinese, resembling a pidgin language, it’s not “discrimination” if you are not hired. Similarly, if you apply to a position where you are expected to speak standard English and you only speak a lesser known dialect, that is not discrimination either. It’s not meeting job requirements. Yes it’s unfortunate that those who don’t have the skill of speaking standard English cannot obtain those jobs, just as it’s unfortunate non-Chinese speakers cannot obtain jobs in Chinese-speaking areas. The good news is that we have brains that are capable of learning new skills.
> My claim was that prescriptive approaches to language facilitate and magnify discrimination and have historically frequently been used to justify and enforce discrimination.
This is just false. Discrimination is a social phenomenon that itself is causal to your so-called prescriptive approach to language, not the other way around. In other words, the pre-existing discriminatory attitude causes the exclusionary behavior in language not vice versa. It’s silly to blame racism/classism on the promotion of correct English. Especially when the existence of a standard for correct English makes it clear and unambiguous for new people entering the English-speaking world how they can most effectively communicate with existing English speakers.
Except the dialects are often local to the places where the opportunities are being sought and can exist due to a long history of racism driven segregation...so you analogy is completely erroneous.
> In other words, the pre-existing discriminatory attitude causes the exclusionary behavior in language not vice versa.
I'm glad to hear you admit alteast part of this. If you grant that discrimination leads to some language prescriptions, is it that hard to see how those prescriptions, when used normatively by people with no intention of racism, can end up perpetuating the exact racist attitudes that lead to the creation of those language prescriptions?
This is precisely my point: this history and the current reality means that we should be care about how and when it is worth spreading prescriptive approaches to language, ideally limiting it to times when ambiguity is created or meaning is lost.
“Local” is totally subjective. The core point is that requiring that a job application speaks in a certain manner is not necessarily unjust and likely in the vast majority of cases is a pragmatic matter. Language / dialect is not an intrinsic property of someone’s identity. People are able to learn new accents, dialects, and languages. Accents being the easiest to learn. It’s not a protected class. The existence of a standard makes it easier for newcomers to learn the language.
> If you grant that discrimination leads to some language prescriptions, is it that hard to see how those prescriptions, when used normatively by people with no intention of racism, can end up perpetuating the exact racist attitudes that lead to the creation of those language prescriptions?
No, that’s nonsense. If someone’s feelings are unintentionally hurt because they are made aware that their English is not correct, that is not racism.
OED cites P.G.Wodehouse (for a lark), and J.Krantz (of a lark).
The phrase “as a lark” probably emerges as a mixture of “as a joke” and “on a lark.”
> If you’re not interested in how it works and you just want to do monkey patching, then you can find the library here.
> Wrapping it up in a nice library
> I took the above code and put it in an easy to use library. It supports 32 bit, reversing patches, and patching instance methods. I wrote a couple of examples and put those in the README.
Then in the README:
> Make sure you read the notes at the bottom of the README if you intend to use this library.
Either the author is confused or has decided that he doesn't want to maintain an hack. Anyway license is pretty clear.
There was an HN thread when it was released.
But your blog post language suggests that you are okay with and even incentivizes people trying this out (even if trying it out might be technically illegal, because it infringes your rights).
I think you should have mentioned something about the license in your blog post. As it stands, "If you’re not interested in how it works and you just want to do monkey patching, then you can find the library here." is misleading. If the user wants to do monkey patching, they better not look at your code and program their own solution.
Your project, on the other hand, just looks like it was designed to waste people's time. Congrats I guess?
For me the question is whether the misleading blog post would be found by a court to be an implicit license separate from the one in the codebase. My guess is that it would depend on several factors including the specific circumstances of the accused infringer and the specifics of contract/copyright law in the relevant jurisdiction, but probably at least sometimes yes.
Though I'm an anarchist who thinks people give the law as written far too much weight. (As opposed to what the population as a whole thinks is good or bad)
Or is this just a post-hoc "its just a joke bro. Y u mad?"
Regardless, its your code, do what you want.
Thanks for chiming in and clear the misunderstanding.
> If you publish your source code in a public repository on GitHub, according to the Terms of Service, other users of GitHub have the right to view and fork your repository.
> Any User-Generated Content you post publicly, including issues, comments, and contributions to other Users' repositories, may be viewed by others. By setting your repositories to be viewed publicly, you agree to allow others to view and "fork" your repositories (this means that others may make their own copies of Content from your repositories in repositories they control).
> If you set your pages and repositories to be viewed publicly, you grant each User of GitHub a nonexclusive, worldwide license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub's functionality (for example, through forking). You may grant further rights if you adopt a license. If you are uploading Content you did not create or own, you are responsible for ensuring that the Content you upload is licensed under terms that grant these permissions to other GitHub Users.
This allows you to browse and use the fork button to create a repository. It's unclear if the second paragraph is clarifying, or adding to the first term. If it's additive, then you might also have permission to host your own private repo off service.
Nowhere does it give you a license to _use_ the contents of the repository in your software. Nor does it allow you to publish the contents outside github - the first paragraph does not address publishing, and the second makes it clear that paragraph only applies "through Github's functionality".
To clarify, I did not mean to say that it does; I merely wanted to make people aware of the fact that some "default" restrictions are lifted when you publish on GitHub (just like when I type this comment on HN).
Recently open sourced, but has been used for twenty years in real products from MS and others. It's not so crazy as you might think!
An example of a real use I had for it: redirecting messages from OutputDebugString to a log file. AFAIK that is the best way to do it, when you only want the output from your one process. "Why not just call a proper logging function directly instead?" Because the OutputDebugString calls were coming from inside my GPU driver. Real life is not some ivory tower of perfection. An imperfect world requires imperfect solutions.
This library patches a third party runtime, one that explicitly forbids this kind of instrumentation and has a famously unstable ABI.
You can do whatever you want to get your job done, and this is certainly one way to do it, but it’s absolutely a dangerous hack.
"This is as unsafe as it sounds and I don't recommend anyone do it outside of a testing environment."
… which is exactly dow it is used in dapr
> This is only used in the test (and thus not.compiled and distributed in our binaries).
> … which is exactly dow it is used in dapr
Eh... There's a difference between "a testing environment" as used in that quote and "as part of an automated test" as you mean here.
To me the former implies an experimental and/or ad-hoc environment, while the latter implies a stable, production environment.
I am however glad this issue came up. The author does not appear to want to screw anyone over legally on this - so why not take it as a lesson learned and go from there?
It only needs some build-in YouTube and Getty-Images browser to select fairuseify targets. (It should work for all kind of media, of course).
I think we've solved the copyright issue right now finally for good, didn't we?
I like a license that says that I reserve the right to sue whoever I feel like suing. If you use it, make sure I don't feel like suing you (e.g. make no money) or that I can't catch you (i.e. be an outlaw.)
> "Copyright Bouke van der Bijl
I do not give anyone permissions to use this tool for any purpose. Don't use it.
I’m not interested in changing this license. Please don’t ask.
Used by counter on GitHub is at 464. The way it's worded would imply that they are all violating the license? How can this be enforced for inconsequential small pet projects? Is this really something to worry about, particularly with what (seems to me) to be a sort-of spurious license?
Sure you can ignore him and wait for him to lawyer up and make your life miserable. Considering that IT specialists which have capacity to contribute to open source are typically not poor or have idealogical interests, I would not take the bets.
Respect the wishes of the people you take code from.
License checking is like code coverage. If you are a professional you take care of it.
Actually it does matter and you don't have to. In practice pet projects are basically never going to be sued, it's simply not worth it. As a side note, a lot of techy people struggle to separate the law as written with the law as practiced.
The ethics question is more interesting, but for something like this which is clearly satirical? No harm, no foul.
The contextual author does not care for sure. But generally it is an ethical problem like you said but also a practical one. Once you stack enough pet (or should I say lpad) projects together something bigger comes out. And the liability is hidden three layers down the dependency tree.
Yes. My read of the situation is not that it's a license that intends to stop people from using it, but rather that it's a license that selects for a specific target audience that doesn't care about copyrights or is anti-copyright.
In my opinion, that's a perfectly valid audience to select for, although a license that specifically prohibited any licensee from ever filing a lawsuit over a copyright claim or sending a DMCA takedown might be a funnier way to accomplish it.
I still wouldn’t use this code, because I don’t want to break the law. Being anti-copyright doesn’t mean you also need to be against due process.
I’m not interested in changing this license. Please don’t ask.
It's a neat blog post, shows interesting internals, and no - you should not do it.
Then why publish the blog post and put it into a package??
> 5. License Grant to Other Users
> If you set your pages and repositories to be viewed publicly, you grant each User of GitHub a nonexclusive, worldwide license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub's functionality (for example, through forking). You may grant further rights if you adopt a license. If you are uploading Content you did not create or own, you are responsible for ensuring that the Content you upload is licensed under terms that grant these permissions to other GitHub Users
Did I imply otherwise? Git submodules are just links. Please explain how linking to a submodule is not allowed.
Was someone disputing the right of OP to share a link to the blog post or the repository?
> you grant each User of GitHub a nonexclusive, worldwide license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub's functionality (for example, through forking)
You can run the code on GitHub Codespaces & GitHub Actions, you can fork the code to make changes, and you can dynamically link/embed the code in other projects on GitHub through git submodules.
I think this would fall under "use" which I dispute the GitHub TOS allows.
> and you can dynamically link ended the code in other projects on GitHub through git submodules.
Sure. As long as you do not compile and run it, you can link it until you turn blue in the face.
With GitHub Codespaces and GitHub Actions you aren't compiling or running the code, GitHub is.
From my understanding, this satisfies the following:
> solely on GitHub as permitted through GitHub's functionality
I don't think anyone who's posted so far is a lawyer, but the claim is precisely that GitHub's ToS do relinquish the rights to run the code, so long as you only do so on GitHub and through their published interface.
GitHub ToS> If you set your pages and repositories to be viewed publicly, you grant each User of GitHub a nonexclusive, worldwide license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub's functionality (for example, through forking).
> running it on a third party service does not magically launder the license
Totally agreed. By uploading to GitHub publicly you've granted an _additional_ license and asserted that you had the legal right to do so. It's kind of like when open source projects will also sell a proprietary license on request -- companies aren't magically beholden to the GPL'd version just because it exists somewhere; they get to choose which of their available licenses they'd prefer to use.
The "legal print" in this case is five lines long, written in (contrary to most licenses) very plain english, located in the root of the repository, in a file named 'LICENSE.md'. It's not exactly hidden where a reasonable person might overlook it. "We didn't know" isn't a very convincing defense.
It's commonly understood that open source software may be copyleft.
I think not mentioning a license that says "No use permitted" amongst some instructions on how to use it is deceptive.
> "We didn't know" isn't a very convincing defense.
Good thing "mean", is a matter of subjective perception and not of law, then. Or do you suggest everything legal is automatically good?
Edit: it actually was: https://news.ycombinator.com/item?id=28265605
How can someone include some dependency without checking the license? That's actually the very first thing to do, before you can even consider using something!
Not doing this is extremely unprofessional. Additionally it's stupid and very dangerous: You can bring yourself and/or your company into serous trouble. Really serous trouble.
Do people really pull in some random stuff without even looking a little bit what it is? This would make the old write-up¹ about someone placing the ultimate backdoor everywhere a certainty by now.
Sorry for ranting but this whole thing is a real-world satire, imho. The license was a joke, OK. But that it didn't fool only some random hobby hacker but alleged professionals at big corps is truly egregious. I can't stop shaking my head…
Where I work for we have automated license scanners for this reason. They would flag such a use. But this open source project, and apparently 467 other cases, missed that. Maybe the contributors assumed the author had done their due diligence, maybe they just don't check in general, it's hard to know.
But my point wasn't about transitive deps (directly). The point is about pulling something new into your project.
At the point you include something that something needs to tell you the license for itself and for all its dependencies. If it doesn't that's already fishy in its own rights (and you should turn back or start investigating for real). You need to look at the provided license lists of course.
Yes, I see more and more projects that don't list licenses for their deps. But that's usually already a license volition on its own! You can't use something like that, it's obviously problematic.
Having some tools that download random stuff form the internet may be OK when you're doing something for yourself. But at the moment you want to publish that something you're obligated to check the licenses. That's a know thing. If you don't that's very shoddy work, and actually you could get sued for all resulting damages.
So no matter what it's actually impossible to include code with a problematic license, given no botchers were involved anywhere deeper in the chain.
And here we're at the core of what I've said:
It's completely baffling to me how something like that could possibly happen. At least as long as I try to believe that no complete idiots work in the industry, people who aren't even capable of reading, and don't know even the most basic things about the job they try to do. People that therefore shouldn't be allowed to touch anything as they could create great danger for their surroundings and for themself!
But OK, maybe I just have to accept that the software industry is not different to this here:
is-odd, 486.139 downloads weekly
true, 504 too many
false, circa 700
is-number, 46.806.043 (!!!)
These are the one I hate more, but it's full of unnecessary one-line packages. Some of them are even used by the big players. I just don't understand...
There's something really appealing about replacing code at runtime to "hack" the bypass normal behavior of the language. For testing/mocking this can even be useful.
Some flaws, but was able to download a bunch of licenses :)
>I do not give anyone permissions to use this tool for any purpose. Don't use it.
So no use rights either.
Wouldn't that effectively bar the use of DRM? If I buy a blu-ray, I can't legally watch it unless I have a player capable of unlocking the content.
That may be one of the "specific circumstances," as there is a law that specifically forbids bypassing DRM.
Depends on jurisdiction.
Where I think this case gets murky is that the item in question is not distributed or used by users of the software, but is part of the production process for it.
If you can figure out how to use software code that someone else wrote, without making your own copy of it first, I suppose that would not be in violation. I’m not aware of any way to do that, though.
> (a) Making of Additional Copy or Adaptation by Owner of Copy.—Notwithstanding the provisions of section 106, it is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy or adaptation of that computer program provided:
> (1) that such a new copy or adaptation is created as an essential step in the utilization of the computer program in conjunction with a machine and that it is used in no other manner, or
Read GitHub's TOS, they explicitly state you give them the right to copy your work in order to allow for forking because their lawyers KNOW they have no rights otherwise and could be sued.
GitHub's TOS requires permission to copy, because github is not just executing your code.
There is, and you can. It's called patent law. If the author of this license also had a patent, they could deny others the ability to use it. But unlike copyright, you are not automatically granted a patent for your creations.
edit: Although, "This is only used in the test (and thus not.compiled and distributed in our binaries)." https://github.com/dapr/dapr/issues/3563#issuecomment-901563...
There's no assertion that the method is patented so you'd probably be free to also use the technique, as long as you don't reuse or incorporate the original work. If your code consequently looks like the author's then that's usually fine too, c.f. NEC v. Intel (1989), although actually relying on this precedent is a question balancing your access to legal resources vs how much the author really gives a shit.
"If you set your pages and repositories to be viewed publicly, you grant each User of GitHub a nonexclusive, worldwide license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub's functionality (for example, through forking)."
I think these override it?
The only weak spot is GitHub Actions/Code spaces/etc for dev tools I guess. Because that falls under "GitHub service" and is a functionality of it.
1. GitHub has a valid license to distribute it (as a result of their TOS)
2. Running the downloaded code is not copyright infringement (or not obviously so, and hasn't been established as so in any court that I am aware of)
3. Using the APIs is not copyright infringement (see Oracle v Google, if that was fair use this almost certainly is)
Thus no copyright infringement has occurred.
Still, keeping this in the codebase is at best boobytrapping your code to create accidental future instances of copyright infringement, and it's an interesting case of people not checking licenses (since it's pretty clear they didn't realize this in advance).
That sentence is wrong, GitHub’s terms of service explicitly give users a right to download, and also run, the code of any project that is publicly visible. Please read the terms, especially section D “5. License Grant to Other Users”. https://docs.github.com/en/github/site-policy/github-terms-o...
> you grant each User of GitHub a nonexclusive, worldwide license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub's functionality
Sure you are, that is just not true.
> You are forbidden from downloading the content for any other purpose
The rights GitHub grants allow a copy to be made. What you can’t do is redistribute the code, that part is clear. But what you do with it on your machine when not showing it to anyone else is not prohibited by GitHub’s terms, nor by copyright law. I’ve read both. If you have too, and believe otherwise, please cite the relevant sections.
From the GitHub TOS someone posted:
"... license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub's functionality (for example, through forking)"
I'm not sure if cloning from GitHub to your local computer falls under "reproduce Your Content solely on GitHub as permitted through GitHub's functionality" (due to "solely on GitHub" part).
(Again, not a lawyer, not super familiar with this part of copyright law, but...) I'd argue that the copy is made on githubs server and then sent to me, and I simply move the sole copy around (or to the extent that I make a new copy it is a lawful copy of the network traffic for archival purposes under 17 USC 117 (a) (2)). That "git clone" is clearly a integral part of githubs service so the license is clearly intended to cover it. That "git clone" is not meaningfully different from "wget" from "a web browser" - again the license is clearly intended to cover this. That any liability that does exist falls on GitHub as the party making the copy.
I'm not sure which if any of those arguments would convince a court though
The question I'm addressing in 3 is whether or not the source code becomes a derivative work of the dependency (meaning writing it in the first place would be illegal). The only portion of the dependency that the source code copied was the names of a few functions/modules (part of the API). Copying that part of the API into the work seems very analagous to the Oracle/Google case, except even less was copied and it is even less of a market place competitor (but again, I'm not a lawyer).
I am contending (with citations to the law) that you simply don't need a license to execute other peoples code once you legally have a copy of it.
The answer is likely no (within the U.S. at least), based on conversations I’ve had with lawyers who specialize in intellectual property law.
While arguing on HN is a fun intellectual exercise, I would encourage anyone to talk things over with a lawyer before putting financial resources at risk by intentionally violating the expressed license (or lack thereof) in published software code. Even if it is published on GitHub.
The license literally says "you can't use this". How are so many people confused about the license in this thread?
Based on what law/authority?
Copyright law forbids making copies, derivative works, etc. Not using things. You're allowed to read a book without a license.
Moreover copyright law makes an explicit exception for the copies required to run a computer program on a machine that aren't used in other ways (i.e. copying it to ram/registers): https://www.law.cornell.edu/uscode/text/17/117
The author may say "you can't use this", but it is not clear to me that he has any legal authority to do so.
Simply reading the words "Don't use it" does not bind you, because there is no grant of use; there is no offer or exchange of value, so no contract has been formed, and the statement is at best advisory. It is equal to writing "All rights reserved", which is to say, you retain whatever rights pre-existed under statutory and common law, such as right of fair use and so forth, and anything due to Github's ToS.
Engineers often fall into the trap of thinking the law is a programming language. It isn't, mercifully.
If you stole a copy of Microsoft Office on CD from a shop (back when that was a thing) it seems clear that using the software would have been a copyright infringement because you wouldn't have been the owner.
In this case you have the right to download the software (via the github agreement) but how does that relate to ownership and the legal exemption? I've no idea.
You can also refer to this thread and pay particular attention to toyg's response.
Lol (quoting your profile here since I think it's fair to give other people the expectation that you won't engage)
> toyg's response.
I both agree with his reponse and would categorize my use of the case here as within that (the only code copied out of the dependency is API related).
I can't force you to debate this, but I also have to say I don't think casting vague aspirations without an explanation is a useful form of comment.