Good job taking responsibility, Matt. Handling this the right way.
I do think there's a larger discussion about trillion dollar companies just forking a project and announcing it as a new feature for their platform without even talking to the original creator.
If there's anything to improve, "reach out first" will be a start.
It's open source. You don't have to reach out. There's nothing legally or morally wrong with what you did. But you can do better. A trillion dollar company can do better to act grateful to be in the position that it's in. To be seen as a leader in a space instead of as a consumer of free work.
I honestly think there's room for more than gratitude with, as you said, a trillion dollar company. I know its hard to find a balance when we want free and open tools, developed in a spirit of sharing and enabling innovation. But something feels slimy about an enormous company deriving a huge amount of revenue from a FOSS project, when they could easily compensate developer(s) with barely an impact to their bottom line.
I know its not required by licensing - but "legal" doesn't always mean "right".
Amazon stealing OSS products and repackaging them for profit is a behavior they are replicating over and over. Big and small projects alike are neither protected nor immune (see Mongo, Elastic, Redis,...)
To see so much of the developer community respond by placing blame on the developers is heartbreaking and at the root of the tragedy of open source. It's either: your fault for using a permissive license OR shame on you for not using a permissive license. Where is the outrage at the predatory companies cannibalizing open source?
We need to remember who the real enemy of open source is. The only company that benefits from open source shaming is Amazon.
> Amazon stealing OSS products and repackaging them (...)
Since when does providing managed services started to pass off as "stealing"?
Am I stealing FLOSS projects as well if I install them on a production environment?
It makes zero sense to try to pull this sort of bait-and-switch scam with FLOSS. If you release a project into the world while explicitly stating that everyone in the whole world is free to use it as they see fit then don't complain that someone was free to use it as they saw fit.
I think you have a point. But there does seem to be a difference between say using FLOSS project X as a dependency in my app vs AWS tweaking it, introducing it as a direct competitor to X, and leveraging their huge marketshare to sell it. Seems like not illegal, not even sure if it's ethically shaky, but there does seem to be a difference right?
Or, a situation about which you might want to ruminate:
A customer is doing a full migration to the cloud. They're already using FLOSS project X on-prem and asks 'Hey, <cloud vendor>, project X is a super important part of our environment? We can't move forward unless you support it. Also, can you manage this for me? I'd really prefer not to roll my own servers.'
What would YOU, as the cloud vendor, do? Give up the on the business (both upfront migration costs and down line usage and maintenance costs), or legally exercise the license that project X's creator CHOSE?
Also, consider that, at your scale (you being the cloud vendor), if 1 customer is having this issue, it's impacting tens if not hundreds of others.
As someone who works for AWS and fields feature requests from customers constantly, the above situation very common.
As a trillion dollar company, it can acquire open source project that is vital for it's customer base rather than leeching of that project. You shouldn't make unethical practices of companies as necessary evil.
> But there does seem to be a difference between say using FLOSS project X as a dependency in my app vs AWS tweaking it, introducing it as a direct competitor to X, and leveraging their huge marketshare to sell it.
Is there really a difference at all? You're complaining that a managed service is somehow "a direct competitor". Compete in what? I mean, am I really competing with the project if I get a few instances up and running?
By your line of reasoning, they are actually helping the project grow and establish itself as relevant piece of infrastructure. Somehow I don't see this being used as a justification to demand a share of the revenue the other way around.
In the end, all I see is people complaining that someone who uses a project that was always freely distributed happens to have deep wallets, and somehow hey feel entitled to some cash just because a third party is rich. Where does this make any sense?
A managed service is "a direct competitor" in usage of the original software. And usage is the one that mostly drives development back into the service.
There isn't a legal difference in AWS repackaging an OSS project, and a company using it internally, but there is a difference in terms of the end result of how the project develops.
That's why I've seen that most comments is support of AWS are either ideologues or their livelyhood depends on a large company that's doing this.
TBH, in that scenario, AWS are usually growing the market for X such that the share of the market for X taken by the X developers probably increases after AWS joins the market for X.
Of course the blame is on the developers. If you don't want commercial enterprises to repackage your project and exclude you, choose a license that says that! How is this even controversial?
Because then everybody will jump at you and shout "OMG you don't allow for repackaging, don't ever dare to imply that your code is Open Source with all the permissions and liberties that your free labor should grant, so we don't have interest in your shitty proprietary stuff and will never check it out".
As seen on HN multiple times.
Which is what the parent refers to with the more politely put "either your fault for using a permissive license OR shame on you for not using a permissive license"
We know that building a business is hard. There is no silver bullet that provides both the adoption rates of OSS and the monetizability of proprietary software. So you pick one, and live with the consequences.
You can both want a project to be usable commercially and still feel bad about being iced out by people who are vastly better off financially than you are. I had a big project for my Ph.D. thesis that was good enough to get spun out into a startup. They didn't even offer me a job.
They were under no obligation to, but it set my career back five years and I'm still angry about missing out on the obvious route from graduating to being really awesome at what I wanted to be really awesome at.
It's not controversial that they did this, I was a junior employee and they didn't have a ton of money. It still significantly damaged my career to be forced to start all over on a totally new thing despite literally inventing what they were doing without me.
Blame? There doesn't have to be blame for that to suck for the little guy.
Why is it stealing? And how does "blame" enter the picture at all? Developers went into it with their eyes open. That's not shaming or blaming them, there simply is no "blame" to be had. They made something and decided to give it away with few/no strings attached. There's decades of precedent for such projects being used to great financial profit by millions of people, so I don't find it plausible that most developers aren't fully aware of what they're doing. In fact I'd argue many want exactly this to happen. To develop something that proves incredibly useful and gets adopted by many users.
If someone did inadvertently choose a more permissive license than intended, I'm not sure what to say. "Blaming" them has too negative a connotation, but there is some responsibility on their part for the mistake, though I can sympathize with them given that licensing choice can be complex.
There's a catch 22 with choosing a restrictive license though. On the one hand it may help you monetize a product if it becomes popular, but on the other hand it becomes a lot harder to gain users and achieve that level of popularity.
However I acknowledge that the open source ecosystem and incentives have deep seated problems on this. The rise of networked society is in many ways built on such work, so there is a public good achieved that might never have been possible otherwise. On the other hand, maintaining a project can be thankless and exhausting. There's been plenty of discussions on how to help this situation, with no clear answer that I'm aware of. I certainly don't have one.
I think the legal aspect of the licensing determines what is "right", otherwise the definition of "right" can be interpreted different ways. Don't be fooled, both parties entered into a contract. One when they published the software, and one when they used the software. Any expectations outside of that are left undocumented.
Even agreed-upon contracts can be predatory. Maybe there should be a license that says "free and clear for everyone but trillion-dollar companies, because they should really compensate developers for value".
I personally think it would be a great look for Amazon if they made it a policy to compensate developers from whom they derive significant economic value. Because they can, and because the developers deserve it.
If developers expected to get compensated for the work they explicitly and voluntarily released for anyone and everyone in the world for absolutely free, wouldn't they have released it under different terms? I mean, it sounds awfully dishonest to do a 180 on the expectations once a user with a deep enough wallet happens to be singled out.
No, they really don't. You don't see companies giving away their products under a permissive license to, afterwards, stating that we should not pay attention to the license because they now want a chunk of our paycheck. That would be as dishonest as it gets, and the dishonesty in that doesn't change if we replace a company with a single-person company.
When you put a certain license on your freely redistributed code, the assumption is that you're doing it it with your eyes open, and agree with all the ramifications.
Free software which requires a copyright notice to be retained in the source, but has no restrictions on run-time can be used in exactly that way: someone builds it, modifies it to taste and puts it into operation in such a way that your name does not appear anywhere.
You don't necessarily want that. Do you want some AWS customers contacting you about issues with it because they found your name?
What is legal coincides with what is right, because the developers had every opportunity to choose a license which exactly reflects what they think is right. It's a reasonable assumption is that they did exactly that.
It doesn't sound exactly like taking responsibility to me. It's more an acknowledgment of the fact and damage control. Taking responsibility would suggest admitting fault and taking action to make things right. His statement doesn't have any of these. 'I am looking into it' is too vague and doesn't mean much.
Probably Amazon's legal department doesn't let him say much more, but then his statement sounds unconvincing and doesn't serve the purpose of taking responsibility and assuring the comunity of their good intentions.
By admitting fault I mean if you have done something wrong to speak up. Legally there is no fault as far as I can judge, but there is a moral fault. Not giving credit, not trying to involve the developer in their effort and not offering any kind of reward for his effort is definitely a fault in my dictionary.
These kinds of actions damage the community much more than some people realize. Open source developers lose trust in the idea of sharing their work when seeing how huge companies with limitless resources take advantage of their effort. This happens little by little but in the end we become cynical and when we see good intended initiatives from these companies we don't trust them and simply refuse to participate.
I tought Microsoft has abandoned its evil demeanor and has become a good open source citizen until this happened:
I think what they did is much worse than this, because they intentionally misled the developer by giving an impression that they were going to hire him and when he came for an interview they tricked him to share his ideas about the future of his product. What's similar is the reaction of both companies - half-heartedly acknowledging something that has already become public knowledge and giving some vague promise for fixing things.
> I do think there's a larger discussion about trillion dollar companies just forking a project and announcing it as a new feature for their platform without even talking to the original creator.
I always find these messages weird, because in the end it's one engineer like you and I who looked at some open sourced stuff and decided to use it, and perhaps it didn't really do what they wanted so they forked it, and it ended up being used in whatever product they were working on, and in the grand scheme of things it was not about a big trillion dollar company being evil, it was about how engineers do their work nowadays.
Morality is a code of values a person may hold, whereas ethics is a philosophic (scientific) approach to discovering and defining such codes, and an attempt to answer two specific questions - whether a human being needs a code of values, and if so, what code of values they should choose to flourish as a human being (and not as any other "being").
So, a person may be clear morally, based on a code of values that puts an emphasis on a legal aspect of interactions between people, but from the perspective of ethics we can observe that such a code may not be sufficient to fully realise their potential of flourishing as a human being.
Well, disagreeing about which words to use doesn't necessarily mean there's any disagreement about the object-level situation, but FWIW, the definition I've generally heard is that "ethics" refers to the whole general "ought" side of the is-ought distinction, which is further divided into: axiology, which outcomes are actually desireable in the first place; morality, what actions and strategies people ought to follow to achieve those outcomes; and law (not, unfortunately, to be confused with actual law), how groups of people ought to act in order to deal with coordination problems and evil people.
> So clearly Amazon has no moral scruples about doing what they did
Dude, they picked a software project that was released to the world under a license that explicitly allows anyone and everyone to use it as they see fit, and they proceeded to use the software.
Please do explain exactly wheredo you see any breech in morality.
I do think there's a larger discussion about trillion dollar companies just forking a project and announcing it as a new feature for their platform without even talking to the original creator.
If there's anything to improve, "reach out first" will be a start.
It's open source. You don't have to reach out. There's nothing legally or morally wrong with what you did. But you can do better. A trillion dollar company can do better to act grateful to be in the position that it's in. To be seen as a leader in a space instead of as a consumer of free work.