For this author's definition of "bad guys" (megacorps), AGPL is probably the easiest poison pill. As with all poison pills, this will also make many (most?) "good" users unable to use it.

This project is no curl or database engine, it seems to be a slightly easier way to set HTTP response headers. I bet most of the uses are transitive (someone using something that uses something that uses a framework that uses something that uses this project).

In particular, this project is something small enough that nobody will pay for it, not because it's not worth it, but because the friction of paying for it is higher than rewriting it from scratch. And "the bad guys" are unlikely to use it directly in their major products due to the pure nature of it.

In most cases, but especially this one IMO, you just get to choose wheter to contribute to the commons, the actual commons, for everyone, including "the bad guys" - or not.

Ben Thompson and James Allworth discussed an idea on an episode of The Exponent (https://exponent.fm/) the idea of a "principle stack", and at which "layer" of the stack it's appropriate to address different societal issues. I wish I could find the episode again, it was quite a few years ago. The upshot being... maybe software licensing isn't the right place to address e.g. income inequality?

On the other hand, I definitely encourage tech workers (and all workers) to think about their place in the world and whether their work aligns with their personal values. I think the existence of free and open source software is a fantastic thing, but I think we should continue to evaluate whether it is in danger, or whether it could be better, or whether our efforts might be applied to something else.

For example, I'd love to see co-ops developing shared-source infrastructure based on principles of mutuality, which the sector is built upon anyway. The co-op principles already include cooperative and communitarian ideas which mesh really well with some aspects of open-source software development. But co-ops aren't about just giving everything away either. There could be a real new approach to building a software commons for mutual businesses, rather than a kind of freedom-washed way for big tech companies to benefit from free labour.

I think of the case of the Russian programmer who was arrested and jailed for stealing proprietary code from Goldman Sachs. During the trial it was revealed that Goldman Sachs would use open source software and replace the software licence with their own:

"Open source was an idea that depended on collaboration and sharing, and Serge had a long history of contributing to it. He didn’t fully understand how Goldman could think it was O.K. to benefit so greatly from the work of others and then behave so selfishly toward them. “You don’t create intellectual property,” he said. “You create a program that does something.” But from then on, on instructions from Schlesinger, he treated everything on Goldman Sachs’s servers, even if it had just been transferred there from open source, as Goldman Sachs’s property. (At Serge’s trial Kevin Marino, his lawyer, flashed two pages of computer code: the original, with its open-source license on top, and a replica, with the open-source license stripped off and replaced by the Goldman Sachs license.)"

From: https://www.vanityfair.com/news/2013/09/michael-lewis-goldma...

I am not a lawyer and this is not legal advice.

We picked the Boost license for the D Language Foundation because it is the closest to public domain we could find.

Besides, why would "bad guys" be deterred by a license, anyway?

Companies take that gift and use it to provide a service for cheaper than it would otherwise be if they had to build it all themselves.

You are already benefiting from open source - but it is a tiny benefit and subtle and very indirect and very diffuse.

Licensing is thorny but it’s personal choice too.. would you use a project whose license is “use it for now unless or until I decide you’re evil at my discretion”.. probably not. Probably, someone else would get the users you have now, and the corresponding popularity.

It is a tough choice, but it’s a lovely and important thing you’re doing when you provide the gift of open source software.

If the project is even slightly useful, but with a restrictive license, someone else will create an alternative with a free license. The community will quickly move, and the time spent trying to push a political opinion will be wasted.

In the long term, a free software license is always going to win. Even when it's unsustainable for one maintainer, the software remains free, and if it's useful enough, others will take on the maintainer role.

For sustainability, that's going to be a mix of lobbying your government, and companies realizing they need to hire developers because the open source maintainers aren't able to do everything for free. Just realize that governments are slow with conflicting goals. And companies will minimize their costs, leaving the average open source maintainer at the edge of being sustainable.

Ultimately though, if you put a non free license on your libraries, somebody will cry foul, fork it, and evil will still happen.

Creating such license will indeed discourage lawful corporations from making use of it because of the legal uncertainty.

It will discourage open source projects for making use of it because it's not open source and it's incompatible either from a legal or philosophical standpoint.

The only ones who would not discourage would be the ones you actually want to prevent using it since they would likely not care about the license terms at all and just use it regardless.

The end result would be essentially a dead project that would be either ignored by the programmer community if it started out with this license or be forked like what happened when other open source projects switched licenses example redis being replaced by valkey.

People can reasonably agree on what "Open Source" means. Once you start trying to define "bad guys" and exclude them, you will get dozens of incompatible definitions and no consensus, and as a result, you'll have numerous incompatible ecosystems rather than one.

"Open Source" isn't perfect, not by any means. But any purported replacement for it has to be so obviously better that people are willing to switch and build consensus on the replacement.

Who cares. The end result of this is that we all get to use amazing software, often for free.

Think of your open source contributions as a gift to all of humanity. I wouldn't get too hung up on the fact that bad people can use it. Hammer makers don't add conditions on who can buy their products, even if it could be used as a murder weapon. Take solace in the fact that your work is creating far more good than evil.

You're increasing the rate of innovation in the world. And we're all grateful for it.

Because if what this guy is saying is reasonable, then it immediately follows that it's also reasonable for every ideology and religion to exclude the ones they don't like. For example: how does an antisimetic software license strike you? Because that would be a perfectly reasonable license for some people to enact, and fully justified by this article's logic.

Do unto others, and all that.

I don't actually recommend using this specific license yet, because the text from bdsmovement.net is not technically available under a permissive license (they told me I could use it... but I don't think the person fielding my request really understood what I was asking), but perhaps you can make something similar out of your preferred permissive software license (this is a no-go with GPL unfortunately because any derived license would be incompatible with GPL in addition to permissive-licensed software)

If you're a fan of BDS you can also just list the priority targets in your license, or give the BDS organizers another nudge via email.

I think the power of this is that such licenses wouldn't change how people might use the software. And big corps like Google, Amazon, et al may accidentally end up using such software (which is perfectly allowable via the license), but would then have to circulate a license which calls for their boycott and highlights their complicity in oppression. So I think it'd be fun if some software using this license makes its way into an end-user product of theirs

[1]: https://ossforpalestine.top/

You're still free to license it out commercially on other terms, the open-source community gets to make use of it as they please, and it ensures you're credited.

DuckStation (PS1 emulator) changed license from GPL to CC-BY-NC, because Chinese manufacturers were including it in their hw devices. Somehow I doubt that helped.

The "big corporations" will shrug and throw a few more tens of thousands into their R&D budget and will assign a few devs to create an alternative, and when they release it as open-source, they'll use it an opportunity to self-promote, it'll have a slick website, and "X by Big Corp" will become the go-to library.

The "bad guys" will just shrug and steal your code. Al Capone was brought down on tax evasion but I don't think you're going to get him on copyright infringement.

If you can somehow convince the majority of non-corporate developers to not use corporate-sponsored open-source, then that might be interesting, but not by much, because there aren't many of those.

I have had several projects where I didn't want to be forked, especially by a company with a marketing budget. I choose not to distribute it with an open source license. There's nothing wrong with that. Companies have sold copies of source to people who paid, so that's an option. But I don't know of any licenses like that which have been written for the public to use (copying a company license is a copyright violation)

Since organizations evolve over time, you could have a re-authorization flow every time your users want a major version update of your software.

A flaw in this proposal is that the very worst actors (scammers, black hats, etc.) are likely to be beyond the reach of the legal system in practice. Perhaps you could mitigate this a little bit by replacing Github Issues with a private support forum for trusted licensees.

They would then be breaking the license terms without realizing.

Is there anything in npm to protect against this? Projects have hundreds of dependencies, it's not feasible to manually check licenses haven't changed every time you update.

CC-BY-NC allows you to ban commercial use. There is also the Hippocratic licence[2] which allows you to choose from a variety of "evil corporation" types, from fossil fuels, mineral exploration, the Taliban, companies that have more than 200% pay inequity, etc.

Pretty much all of these licences will make your project unusable and no longer free software, but hey, they exist!

[2] https://firstdonoharm.dev/build/

Suppose your libpopular forbids ill-faith actors from using it. Also suppose that I wrote a my-utility, a neutral tool, that depends on libpopular. If some bad actor uses my-utility for wrongdoing, will I be responsible for their behavior? Will my-utility be in breach of your license?

I'm not in a position to get full time job and definitely not an entrepreneur, I'd like to collaborate on my ideas, see it grow and may be become useful. The counter-argument from my peers is that it will be just ai-copyed with slight change in variable naming.

This guy is free to select whatever license it wants for his code. But don't expect profiting from the open source (in the common sense of free software) brand if you don't want to respect it's principes.

Would the package be as successful? Have has many users, contributors, ... The author is free to test that if he wants but his rant isnot justified for the whole open source world.

Also, I'm quite sure that he is also a freeloader happy to benefit without contributing. Even from big companies. I'm quite sure that he never paid or contributed for npm, GitHub or his IDE for example...

https://www.vice.com/en/article/open-source-devs-reverse-dec...

That aside, even if something like this was “legally enforceable”, it adds enough friction, risk, and uncertainty to downstream consumers compared to a “vanilla” open source license that I expect most folks would choose an alternative to the “bespoke” license project where they could. Fine if you don’t care about getting usage, but that defeats much of the value that open source brings.

The benefits are dispersed broadly while the “evil” appears to be more concentrated and easier to identify.

Don’t lose sight of the benefits.

(PS We contribute to projects and individuals.)

Something like the creative commons license just for evil.

I like to use non enforceable license such as “don’t do evil” license because it causes meltdowns in the legal departments of large tech companies trying to define what is evil and whether they are committing evil.

Even if its not enforceable, at least it can trigger some kind of a reflection in folks and their interactions with society that supports their existence.

If you just want to send a message, then you can change the license and not take any further action.

Some possibilities (while still being FOSS) might be:

- Use AGPL3 license, and do not make exceptions. (Alternatively, make an exception but make it possible to revoke the exception.)

- Design the program for uses that are not bad so that bad uses might be more difficult.

- Sue them, if this becomes necessary.

These combination might make it difficult for bad guys to use it for bad purposes, although some organizations might ignore the license and use it anyways, but you cannot really prevent that.

1) make useless software

2) go closed source

3) ?

Also, why does nobody say “oh wow, if other people hadn’t generously given time like this i would have to pay so much more for everything because everything companies do would cost more?”

This lens of viewing corporate give back to projects in direct $ or donated developer time is mildly useful for understanding the ecosystem as a whole, but grab hold of it more than lightly and it becomes a blindfold.

If you’re not charging for it then who cares? I’d rather have people actually using it than have a super restrictive licence and an empty project.

May I add: You’d have to stop using VsCode or TypeScript, or even npm and Chrome, if you think big means bad, and you don’t want to fuel big corporations.

One can see how rediculous the whole idea of limiting FOSS in a “who can use this” way is.

Truly free will always win in the long way. Or you don’t think, a paid dev with some AI can replace your package fairly quickly?

At least that's how the community generally reacts.

The "no evil" goal is commendable but impossible.

Might want to elaborate while you're on the front page!

[1]: https://polyformproject.org/licenses/noncommercial/1.0.0/

A possible alternative would be using a standard licence like MIT but putting swears/slurs in either the author list or the code itself so using it would be a PR risk, and this could work as a deterrent against commercial usage.

"Open".

Offer a dual license model if needed. People may fork, but I'd say its still worth it.

If the author wants to abandon libre/free/open source licenses, they should state so explicitly. As it stands, the blog post is ambiguous about whether the author wants to abandon libre/free/open source for a proprietary license or whether they want to strip libre/free/open source licenses of their freedom. I don't follow alternative licenses of this sort but I've seen licenses that allow gratis use up until some threshold of users or income is reached. For example, the Unreal engine license has something along these lines [1].

If the author wants to remain libre/free/open source while mitigating bad behavior by large corporate actors, the AGPL is a fine choice as it legally coerces the copyleft even behind network based software. I'm not sure I have any hard evidence but I've heard that large corporate actors avoid the AGPL for this reason.

I'm a little incredulous that authors choose one of the most "business friendly" but least libre/free/open source (while still being FOSS) licenses and then are shocked when businesses use it without any thought to remuneration. I've seen a few instances of people providing software under and MIT license, such as the helmet.js package discussed in this blog post, and then regretting their decision.

The MIT license is used as a "business friendly" license that is still libre/free/open but doesn't have the copyleft clause to mitigate bad behavior. Why did you choose the MIT license in the first place? Why abandon other libre/free/open source license alternatives and go straight to a proprietary solution?

I don't even know how to begin to address the issue of who gets to decide who the "bad guys" are and who the "good guys" are.

In my opinion, the reason for the success of FOSS is because it's an answer to overly restrictive copyright by enriching the commons. The commons, by definition, is free for public use. If you don't agree with creating a rich commons so that everyone can benefit, that's absolutely your right, just please don't call it open source.

[0] https://www.gnu.org/licenses/gpl-faq.en.html#NoMilitary

[1] https://www.unrealengine.com/en-US/license

"Evil" is also a bad descriptor to use. If I started giving out apples for free on the street (of which I had an infinite supply), I wouldn't be upset if nobody came back with an improved apple for me to use instead.

> I don’t just want to do this for my little project; I want to slowly change the discourse. I’m not sure how to do that effectively, if it’s even possible.

So he's decided that as the supreme arbiter of what is good and just that he'll be trying to slowly boil open source's collective frogs. How narcissistic.

> How can I bring more attention to this issue given the relative popularity of my project? Do I write a blog post? A callout in the documentation?

No. Because it doesn't matter.

So what can you do?

Learn how to set boundaries. If a corporation demands something that you have no interest in providing, tell them no. If you are interested in providing it, request compensation for the work or request they submit a patch or let them wait until you can do the work on your terms.

For honest leechers, choose a license that discourages them. Switching from a MIT style license to a GPL style license won't prevent people from profiting from your work, but it will discourage those who want to make proprietary extensions to your work. Also realize that this won't stop dishonest leechers.

Continue to voice your concerns. Corporations don't feel guilt, but people inside them may. Even if the people within them don't feel guilt, they may still see you as an unreliable developer to exploit.

https://www.youtube.com/watch?v=rmhYHzJpkuo

And if you want to read about open source vs source available, this GitHub with the Red Hat lawyer and co-author of GPLv2 provides a TLDR of the sentiment. The reference from Chad gives a deep dive into the discussion and origin of FSL’s language.

https://github.com/liquibase/liquibase/issues/7374

Good luck. Defining evil objectively is, of course, a challenge. But even with an unambiguous definition in hand, enforcing or detecting it is nigh impossible. Especially since the truly evil will simply lie, ignore the terms of your license, and use it anyway.

2. quit using permissive licenses if you expect corporations to "give back", Open Source != Free/Libre software. You seem interested in the latter, licenses/copyright laws matter to the !bad guys.

https://drewdevault.com/2021/01/20/FOSS-is-to-surrender-your...

In general, $YOUR opinions are too flighty to be basing licensing decisions on.

There's a generally established exception for military use, which works anyhow because even if you are hypothetically perfectly morally fine with military use you may not want to permit them to use it on the grounds you haven't tested it enough. See also the perfectly well-established "not to be used on medical devices" exemption. But if you want to conditionalize your license on, say, "whether or not you're willing to sign this petition about $POLITICAL_TOPIC", that's not something anyone can build on. It'll be a terminal license in the code tree.

If this means you don't want to contribute to open source because you are unwilling to accept this... by all means! If you don't like a contract, don't sign it. Nobody's forcing you to write open source software for free. But there isn't a practical "well, what if only people I agree with are allowed to use it" option, because then even the people you agree with today really can't base any significant decisions on that sort of foundation.

(And, in general, anyone who lives, say, 25 years, and has absolutely no changes of political opinion in that time period... yeah... that's probably a bad sign. I don't hate 25-year-ago-me or anything, but I've got a lot of disagreements with him, and I don't expect 25-year-from-now-me to completely agree with me today either. Certainly not enough to write anything into a license agreement.)

Finally, as another practical manner, this license is also signing up to someday appear in some court of law to litigate the matter of whether or not some person or other does or does not agree with you on some political matter, in a situation where it will be a judge deciding that and not you, and wow am I just not being paid enough for my free contributions to open source to go through that under any circumstances.

Short of engaging in equally authoritarian control-freakery? I don't see how.

I'm amused by one package author that I'll leave unnamed who has a list on his site enumerating political parties around the world at one end of the political spectrum and announcing that supporters of these parties are disinvited to use his work.

I'm all: "Dude, get over yourself. Parties ALL suck. Now, do good, and consider investing less time on posturing."

Can we prevent Marxist–Leninist–Maoists from using our software? Should we even try?

Take at any conflict in the world. Ok, nothing that China or Russia are involved in. IDK, let's keep it complicated and say, "waring factions in some African country that doesn't regularly make the news", or "skirmishing Muslim groups in the middle east" (So a hard no to Israel/Palestine which everybody has strongly polarised opinions about whether they're right or not).

Now, wait for every other npm package in the world to get polarised on whether or not to block your shitty package because you picked the wrong side in some faraway war that, to be honest, you don't give a shit about anyway. Or maybe you didn't even voice an opinion about said war? WHY DIDN'T YOU? WHAT ARE YOUR HIDING? WEAR THE RIBBON! CHANT THE CHANT!

Because that's all some people seem to have time for these days, and it's practically impossible to avoid the purity spiral if you show up on their radar. I've seen well known people (celebrities, academics, billionaires) get cancelled for not supporting some specific thing. Once you make this part of your software license people will rightly run like fuck from it.

What's your stance on:

- veganism

- India / Pakistan

- Climate change (no fly stickers, do you fly??)

- GM

- You country's immigration policy

- Some other country's immigration policy

- Trump (even if you're not American)

- Taiwan

- Taxation

- Houtis

- Sulki racing (Irish travellers)

- Islam Vs Christianity / Judaism / Hinduism

- Communism / Socialism

Or, just maybe, this is a few lines of code that is concerned with X and not (all these things, Jesus give me a break)

The end result of this would be a completely broken ecosystem. Package version hell, but worse.