Hacker News new | past | comments | ask | show | jobs | submit login
Crockford on JSON license (2011) (gist.github.com)
249 points by samuel246 on July 21, 2023 | hide | past | favorite | 59 comments



While this is funny, it does highlight that you should probably have an actual legal opinion if you decide to write your own license. A less tongue-in-cheek example that I've run into is https://dst.lbl.gov/ACSSoftware/colt/license.html. "any usage related to military applications is expressly forbidden", which is still poorly defined enough that it makes lots of corporate lawyers nervous and you end up having to remove those packages even for stuff that isn't really a military application just because it's not clear how military-adjacent something is allowed to be. It's especially ironic since it's being distributed by a Department of Energy national lab. I wonder if DOE national labs ever have military applications...

It's also not clear to me that this does actually make it illegal for the military to just use it directly, even if they cared about following the letter of the law. If copyright is the real power behind the enforcement of open-source licenses, I'm not sure usage is something the license grantor gets to dictate as long as you're not redistributing something.


For those not aware, DoE is literally responsible for the design, testing, and manufacture of US nuclear weapons.

https://en.wikipedia.org/wiki/United_States_Department_of_En...


In the Soviet Union, they gave its counterpart a wonderfully euphemistic name of "Ministry of Medium Machinery Building". Everyone knows what is "heavy machinery" and while "light machinery" is not a thing one could imagine what it could mean, but medium machinery? What the hell could that even be?


I mean... no?

There is nothing compelling these organisations to use that particular piece of software. When contacted the author could just shrug and say "not my problem" and the organisation would just have to find some other software to use.

The author has no obligation to make things easier for people that don't know if they are doing evil or not, or if they are military or not.


There's nothing compelling the author, no, except for in the situation outlined above they're really doing nothing to prevent military use, but they are hampering adoption among companies scrupulous or careful enough to not run afoul of a poorly defined legal term. Seems counter-productive to the apparent motives.


With something like this, the apparent motive is more likely to signal to other people his views on the military, more so than actually preventing them from using the software.


Only law abiding people follow the law too, what's the point of them?


There isn't even a law preventing direct military usage of that library as far as I understand, because they're not violating copyright law by just downloading something, which by the way is hosted using federal funds. But the absurdity of high energy physics / national nuclear research labs saying you can't use the software for military applications, and then this mainly comes up in civilian applications with nervous lawyers? Yeah it's missing the point more than you seem to be implying.


Laws that are at least somewhat enforced can be good. Laws that are never enforced are counterproductive.


Depends, if the alternative is those laws are changed or removed from the statute books, their existence counterproductive for sure.

If the alternative is all the bad laws society regularly bends or ignores outright (suggesting there’s little or no democratic support for them) start being aggressively enforced, I’ll take never enforced every time.

In many societies there’s plenty of the latter.


Can you be certain about that? Has anyone tried to test a no military use clause in court?


This sort of confusing 'anti-pentagon' license goes back to way back when, and was supposedly one of the reasons RMS established "Freedom Zero" to run the software "for any purpose". But yeah, high energy physics just might have military applications...


Can confirm DOE labs work on military adjacent things all the time


Yes my question was, itself, tongue-in-cheek. I've been told that a customer insisted the packages in question be removed because although they did nothing military-related, they did happen to have a customer that is well-known for being a contractor on military projects and they didn't want to be getting in trouble just because their civilian service was used by a civilian company that did military-adjacent work.

And even if LBL isn't developing nuclear weapons they seem a mite closer to it than that.


Hmm, doesn't the LGPL allow you to remove any additional restrictions?


It says it does, but in at least one lawsuit courts have outright said that this language does not apply to copyright holders. Which is explicitly opposed to the FSF's own intent drafting the license, which was to prohibit copyright owners from calling their license "GPL plus (insert nonfree clause here)"


It is like the license needs a bootstrapping license


Interesting - do you mean because of the "Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed" clause? I wonder.


No, the GPLv3 includes this language:

> All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.

And the LGPLv3 incorporates the GPLv3 by reference, then grants additional permissions.


So the whole thing had no point other than making life hard for organisations with actual principles, like Debian. And he wonders why people get pissed off.


If Debian's principles are free software then obviously their values are incompatible with this license due to the restrictions it imposes.

It's not a hard choice for Debian to make - they just put it in non-free with thousands of other packages.


> If Debian's principles are free software then obviously their values are incompatible with this license due to the restrictions it imposes.

Restrictions which he clearly has no willingness to actually enforce. So they only serve to make life hard for the decent folks.

> It's not a hard choice for Debian to make - they just put it in non-free with thousands of other packages.

Sure, but that then has other consequences - they can't use it as a dependency in their build system, they have to move downstream stuff into contrib or look for replacement dependencies, ....


actually, the way i see it, the fact that people took the effort to contact the developer shows that they really wanted to use that. otherwise they would have just used it silently and the developer might not even find out about it. in some cases that might even have been an opportunity to earn some money.


I mean if he didn't charge IBM (and for such a broad license) he's surely not charging anyone else. I guess he opens a line of communication with them in some sense, but it's with some random staffer in the legal department rather than anyone who's going to be hiring contractors, and surely there would be friendlier ways if that was the goal (hell, just asking people to say hi would be starting you off on better terms).


FWIW, I always recommend charging 3 months of jr dev time for cross-licensing and use the cash to pay for a project-related internship. It's win-win-win:

- you get help with your project,

- the project (and its corporate user) gets new features or bug fixes or refactors,

- the student gets a learning experience.

Mentoring does take a surprising amount of time, so you can also tack on a little extra and treat yourself to a weekend at a ski report (or whatever your thing is) as a "thank you" to yourself for the free mentorship :)


He makes a good point. Don’t ask me what it is though.


I only just got here but I believe the point is that IBM and their customers (and minions, of course; strangely, not their patsies but maybe they fall under minions) are privileged to use this software for Evil.


I’d heard this one before. And yep, sure enough, it was sourced from a video from 2011. Definitely one of my favourites tho. It was also previously discussed in 2022 at https://news.ycombinator.com/item?id=31027104 and in 2013 at https://news.ycombinator.com/item?id=5138866 and probably at other times, but I’m on my phone and can’t search it up now. Also, I’m pretty sure if you wanted to, you can now use JSLint for evil. (And if you really think about it, if you’re evil, wouldn’t you just break the license terms as part of your evil deeds? Or is this how they catch you, like tax evasion?)


I'd refer you to the term "lawful evil", but I suspect Wizards of the Coast would sue me.


It is sort of interesting how there are practical logistical issues with making bespoke licenses.

I would not want my work to end up being used by weapons manufacturers[0]. I honestly would like to put this into licenses. But there would be endless kvetching at such a license being used, of course. But so much OSS tooling is relying on how we have ended up with a lot of mutual compatible licenses, and having any sort of weirdness ends up excluding you from being bundled in repros.

There is a line that could be crossed here (and has been crossed by more than one very large project!), and I get ... annoyed at 'licenses' like the WTFPL. But when people get frustrated at seeing American companies deploy tooling to help with things like mass censorship in authoritarian regimes, I think about how we might be a couple license changes away from making that job way harder.

[0]: Not making a blanket statement for people working there! I simply do not want to participate.


I like the “open source will be enforced” nature of GPLv3 for that reason. Yes,it does mean that a developer some some huge company will have to write their own version of your project instead of just using yours and thus your code would be less widely used than if it hadn’t, but on the other hand if I choose to work on something for free and available to everyone you making the thing you made also free and available to everyone is completely reasonable, benefitting open source projects and community use while also making it disproportionately harder for people trying to hide the software in a different evil program of some sort. Obviously it’s not perfect but I’ve always viewed the relative exclusivity of the GPL to be one of its pros.


I was talking with a small startup founder about a project I had licensed under AGPL. He asked, "How do you know if someone uses your project against your licence though?" with a smile. His point wasn't anything new, but I still didn't have a great answer. I just said that it would require the company being honest and purchase a commercial license, and that I have personally worked at companies that evaluate their licenses to make sure they are in compliance.

But his immediate reaction being the thought of abusing the license was irritating. I can't say that I have never thought this way (of using "free" software, licenses be damned) when I was younger & in school. But as the owner of legitimate business, it seems so perverse. It screws small creators and discourages them from sharing their work with everyone.


GPL violations are constant and everywhere, this definitely isn't new. I've even seen BSD license violations before. My DSL modem/router violates the licenses of micro_httpd (BSD), samba/Linux/busybox (GPL) and probably more. Basically, you have to go out and look for violations and prosecute them. If the Software Freedom Conservancy prevails in their lawsuit against Vizio, then it will make it possible for any recipient of GPLed binaries to sue for GPL compliance. That means that lawsuits for compliance don't need to involve the copyright holder and projects can outsource compliance efforts to the userbase of open source copylefted projects. That doesn't necessarily help your project though, since it sounds like most users of your project will be on the proprietary/commercial version?

https://sfconservancy.org/copyleft-compliance/vizio.html


For what it’s worth - we had to audit/list all licenses for OSS components & dependencies on at least 3 separate occasions during fundraising diligence processes. I would guess nobody read it too closely but GPL code would definitely have stuck out. I imagine bigger companies have this process pretty well structured.


Its not like paid software is immune from unlicensed use.


The license was from 2002[0], and the IBM update was from 2011[1]. What's the point of this gist which only vaguely mentions Douglas Crockford (through a lawyer quote and a the gist name)?

[0]: https://codedocs.org/what-is/douglas-crockford [1]: https://web.archive.org/web/20170722132351/https://dev.hasen...


Best I can tell, neither the video linked from TFA nor an earlier version submitted previously to HN remain online. See: <https://news.ycombinator.com/item?id=36809645>

Whether or not there's a more definitive source I haven't investigated.


Cryptographers often tell software engineers that they shouldn't roll their own crypto. I think lawyers would tell software engineers that they shouldn't roll their own license. If you really intend or want other people to be able to use the software you wrote, for the love of god please pick a sane, well-known license so that people can use your software with full knowledge of the legal implications.


I’m impressed that IBM is actually doing their due diligence.


Impressed or depressed?


The referred license: https://www.json.org/license.html Debian thinks it is a nonfree license: https://wiki.debian.org/qa.debian.org/jsonevil


It's little wonder that javascript is such a fraught, inferior language and ecosystem given it was so heavily influenced by Crockford and Eich. In a way I'm glad that the future of compute in the browser (such as WASM, et. al), will be dictated by corporate overlords so we don't have to deal with such mercurial personalities.


What is the browser-based debugging tool story for compiled-to-WASM languages?


You must really hate GPL then



Some lawyers need to discover eslint.


I think it's pretty funny that the lawyer suspects some of their clients are probably evil and his response is just to try to fix the clause so that evil is allowed.

Rather than trying to find a job that doesn't involve evil.


The correct reading is that the lawyer recognizes, correctly, that “evil” has no clear legal meaning and therefore wants to clarify what the author actually meant before deciding whether to use his software.


I love this style it’s like John Mulaney


Amazing writing. Question, is there any US judicial precedent for what is evil and what is not?


No, which is why this license is probably much more restrictive than its author intended. Many serious organizations simply won’t use something for which the meaning of the license terms is unclear to this extent. That of course doesn’t mean they “plan on using it for evil” or anything of the sort.


I’d think that it wouldn’t make for a very restrictive license. Since there’s no agreement on what “evil” means whatsoever, it doesn’t seem that different from putting “You can not use this code to hooplebop shanglefronks”

Edit: I guess there’s that TV show “Evil”. It would be funny if IBM had that production company as a client.


> there’s no agreement on what “evil” means whatsoever

Indeed, which is why lawyers won’t want to take the risk.

I’m sure they wouldn’t want to use software whose license claims you can’t “hooblepop shanglefronks” either, for that matter, without discussing with the owner to clarify what that means.

Essentially the practical meaning of this license is “this can’t be used by companies with careful lawyers who take license terms seriously”, which I doubt was the intent.


IBM did assist the nazis with the holocaust so


Probably. Most of the US has a legal system based on common law. I think it would really depend on the context though, because I don't know how you can use a linting program "for evil."


Have it lint PHP?


How do you define evil? that's a good question.


Evil is the malevolent being from Time Bandits of course. And you definitely shouldn't touch it:

https://youtu.be/QKGbguoildA


well good, it is not like IBM was ever involved in the holocaust or something




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: