Here’s a phenomenon that occurs primarily in the arts that I find fascinating. “Oh. You love art? Well why don’t you share some? It’ll be great publicity. Someone will snap you up in no time! If you’re actually any good…”
Followed by: “Are you stupid? If you really thought it was that good, you should have charged for it. No wonder someone stole it. Totally your fault.”
Keep that in mind when reading this article:
tldr; person who created two very, very popular javascript libraries bricked both of them. Purposefully. Lots of people have opinions on this. And many, many apps went ‘poof’ temporarily when the free js library locked them into an infinite loop.
Make sense?
Let’s dissect this, then. This is not about someone wanting compensation for a project. It’s about someone absolutely done with corporate citizens exploiting them. Who then complain “Well, if you don’t like being exploited why did you give it up for free?”
Being abusive to creators is being abusive. Period.
Why do I care?
First about me: as a freelance author / writer / editor, I’ve had a lot of exposure to industry over the last few decades. I worked for a time at Paramount marketing as a ‘continuity expert’ for Star Trek; this means with licensed products, I accepted or denied the content based on whether it fell in line with previously established Star Trek lore (which solely came from TV and movies). That exposed me to these facts. That Paramount, at the time, had a wide variety of content they could pull from. But they also had written in this particular caveat: if you write for them, they can use your material in their official lore -without- further compensation OR attribution.
There were at least two pieces of costuming and a plot point in Star Trek: Enterprise taken from Star Trek: Starfleet Academy (a video game) that I worked on. And one plot point from material originally created for Star Trek: Shattered Universe (another video game) which I directly wrote.
Most companies give their freelancers one payment and then done. No royalties. Attribution, though. So attribution is nice. But I actually lost friendships when people assumed I was promoting a book (Fading Suns: Passion Play). Simply because it had my name on it. They assumed it was for my own profit. I’ve had to fight, multiple times, across multiple companies — some of them international in scope — whose writing contract included the right to -all IPs created- during the term of service. Even if technically ‘off-work’ or ‘off-site’. These are ‘standard’ clauses. I’m thankful the producers working with me went to bat with legal to get that removed just for me.
I had a well-established Hollywood writer ask me to revise a script. Which I did, and then got it to a producer. He rejected the script (no problem, common thing). About 8 months later, that same producer, under the recommendation of the same established writer, approached me. This time with an ‘original sci-fi script’ he had to potentially revise (for free, payment pending production). I immediately recognized it. A lightly revised version of the script I originally sent him but now with his name on it.
Thanks to poverty, I spent about a year working on and off again with a producer whose business model was ‘hire more talented people than him and pretend the work was mostly his.’ That was an infuriating trip into ghost-writing. Don’t think I’ll do that again, anytime soon.
Now, as a note, I’ve also worked with some great folks. And the issues above are certainly not unusual in the industry. I’ve got fanfic that I posted with the idea that’s it part of my “forward-facing publicity.” Well knowing that I’ll never see a red cent out of it (I’m on ao3 under WT Maxwell).
These experiences started me down the path of asking this one question:
Why did this programmer do this thing in this way?
Licensing Issues
So the original software under question was published under the MIT license, which I’ll pull up here:
The MIT License (MIT)
Copyright © 2022
<copyright holders>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
https://mit-license.org/
As you can note in the text, there is no guarantee that the software will be good. Or that it will be useful, or that it will be updated or fixed if it’s not compatible. Even that any user, ever, has any recompense if the software proves to be actively damaging. That last bit is important. There have been lawsuits filed against major industry players who created software that actively destroyed competitor’s hardware (in one case, graphics cards). That gets into the idea of criminal intent. If you are distributing malware, then criminal laws do apply.
So the legal contract is, pretty much literally “Caveat Emptor”. Let the buyer beware. Some have argued that it’s a simple contract. “Person A releases something to everyone that everyone can use. Everyone should be able to use it. Changing those terms violates the contract.” But that’s not really an equivalence to what is going on here. A more apt metaphor would be this:
Imagine an author giving a publisher their story for free for a charity edition. The publisher has a wildly successful run. No problem, yet. But then, responding to feedback on the story, the publisher asks the writer to change it so the publisher can republish it. And then the publisher finds a different market so the publisher asks them to change it again. Then the publisher needs them to translate it into a different language. Oh… there’s a typo on page 7 that everybody missed. The publisher has just been sued by someone claiming the story triggered them so the writer must produce a new version for the new edition (and the publisher needs it by Friday, so hurry up!).
None of this with compensation. All of it on the writer’s time.
Is that fair?
A better analogy would be tabletop roleplaying games. Those are designed, written, and then playtested before release. But then the comments start flooding back and the changes need to be produced. Errata. Issues with die rolls. That unforseen trigger that ended up in the books. That problematic author who turns out to be a bigot or a racist whose work needs to be removed.
This is something that’s very common in software and, sadly, has become a bit of a feature. I remember an infamous meeting which my coworkers were forced to attend back in the 90s (I pled ebola at the time and so got to skip out). There, someone affiliated with Microsoft, told a room full of software designers that Microsoft worked on a schedule NOT functionality. As long as a product basically worked, they’d release it, even if vital functions were not compatible, relying instead on Day 1 patches. And the patches / upgrades would keep coming until they were dropped for the next full version.
This is a fairly common problem in the videogame industry, with QA cut in favor of releasing a buggy beta to the public and letting them suffer through it. And plenty of viable software with a few rough patches ends up with people demanding the devs fix it. Because that’s now their expectation (set by the Microsoft folks).
So what is the point of talking about buggy patches and Day 1 fixes in this context? Simply this: according to the contract, there are no legal expectations or ramifications of having nonfunctional software; and there is no industry expectation that software must work from iteration to iteration because of current industry practices.In short, our “antagonist” in this particular story did nothing legally wrong. What he did do was violate a social contract. An implied trust we’ve leashed people to in order to operate in modern society.
The big question is then: why did he do that?
Anger Issues
I’ve got clear expertise in observing corporate malfeasance. And the legality of the situation is equally clear: the developer broke no written contractual promises. I also understand observational bias, and so I write my commentary on this occurrence with the clear intention to check myself as an observor against the facts presented in the linked article.
colors.js was up and in the wild about 10 years ago. With updates to the software done reliably until about a couple of years ago. What happened a couple of years ago? In Nov 2020, the developer posted the following:
Respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work.There isn’t much else to say.Take this as an opportunity to send me a six figure yearly contract or fork the project and have someone else work on it.
This came after the developer lost virtually everything in an apartment fire. The resulting brush with homelessness made the developer more than a little bitter. Which is understandable. (source: https://ilikekillnerds.com/2020/11/marak-takes-an-open-source-stand/)
We’re talking the heart of the pandemic here. It doesn’t take Occam’s Razor to intuit that this dev’s hurting even without the documented evidence re: the apartment fire. The stress is apparent. Then there’s the debacle with Log4j, where hackers found an exploitable hole in a javascript library. Developers used Log4j, oh, just about everywhere. Which caused major, sincere, severe panic. This highlighted how -many- people are reliant on a relative handful of libraries. That’s certainly more salt on the wound. It brought attention to the fact that others are making serious $$$. All while the dev is under serious stress and that’s what broke the dev.
Anger makes people do stupid things. And people love to take anger and call it ‘infantile’ to try and ‘other’ their opponents. People use this tactic against communities of color and the queer community. And folks used the same tactic here.
Yep, the dev lashed out, but it wasn’t anything illegal. It was a massive cry for attention. Pair it with the dev’s response, mentioning Aaron Swartz. Aaron spent his entire life trying to create an open space for information. Swartz’s life centered around the ideals of communication and sharing at the core of the internet experience.
Amid many, many contributions, Aaron liberated articles from JSTOR, which is (primarily) a subscription service to preserve academic articles. I use the word “liberate” specifically. While what JSTOR and other academic repositories (or scientific publication sites) do is legal, there is a deep conversation going on with academics and scientists as to whether it is immoral and unethical.
The cops popped Swartz for what he did. He ended up committing suicide, rather than facing 35 years in prison for allowing people to read academic articles for free.
In short, many consider Swartz to be a hero, who ethics ran up against the law. The dev clearly considers himself in a similar vein, like many folks who have provided clear worth to society. Evidenced by the amount of times others use their code. And how vital javascript libraries like this are to the continued functioning of modern society.
Let’s look at the impact of that:Github suspended the dev’s account for something the dev could legally do. There is nothing in the license that says the dev can’t. What that means is that the dev can’t access not only these two libraries. OR any of the hundred or so other projects the dev maintains.
Github can do this because places like Github or Google or Facebook technically own any material posted on their site. (if you are using Google docs professionally, I would suggest… not). Now, part of this is so that the corporation can sue/prosecute on your behalf if someone hacks the server. And rarely are they going to “steal your stuff to sell it” because that’s not their business.
But they can.
When someone violates the social contract, as what clearly happened in this case, they can shut a real person out. And take all of their legitimate work, and leave it accessible because the person has put the company’s reputation as potential risk.
A situation where a set of people feed off the free work of others with no recompense to the host — especially in times of stress — is parasitic.
A situation where the parasites can then shut down the person’s access to the ability to exist in this society (i.e. the way they make money) is downright abusive.
The dev said, in essence, “I’M HURTING! WHY WON’T YOU LOVE ME?!”
And the response was “Shut the fuck up and get back to work, bitch.”
That, to me, is fundamentally abusive.