68 comments

[ 1.6 ms ] story [ 131 ms ] thread
Looking forward to being downvoted into oblivion: Who cares? What practical real-world implications does this have?
From the sticking-it-to-microsoft-now-that-they-want-to-play-nice-with-the-open-source-community department
Seems a bit like pedantic nitpicking. I’m pretty sure the developer community is happy with vs code as it is, FOSS advocates don’t own the word ‘free’.
There are enough people who remember the "linux is a cancer" days to be a huge stickler about this and make it a real headache for MS. Look at the recent GVFS name change for an identical situation.
Does the binary version of VS code send telemetry by default? I mean, that's an implication.

This goes back to the older GNU GPL vs BSD/MIT/Apache and how each group will call the other group permissive/restrictive. The spirit of free software from the 90s/00s, specifically that of the FSF/Linux communities, isn't really reflected anymore today.

Today most open source projects are commercially supported. I wrote a longer article detailing this a while back:

https://penguindreams.org/blog/the-philosophy-of-open-source...

> Does the binary version of VS code send telemetry by default? I mean, that's an implication.

Does it matter? There are binary versions of open source and Free Software programs that send telemetry as well.

Open source only means that the source is available. Free Software only means that that the source must be provided to the user if you distribute a binary of the program. THAT'S IT. There are no other guarantees of privacy or freedoms from telemetry and data gathering. That's not what the licenses are about. People need to stop assuming that the licenses say something more than what they state.

Only the "grrr Micro$oft" people care. They're effectively using the same model that Google uses for Chrome/Chromium or Android/AOSP.
I think the real problem is that Microsoft worked so hard to obscure the relationship between the two via the branding and naming. It feels slimy and damages trust. I'm a career JavaScript developer and I didn't know there was a separate, "truly open source" version.

For comparison, look at Chrome vs Chromium. Similar project structure, but the branding and project communication are much better. Everybody (who would care) is readily aware of both versions and the difference between the two, and the fact that Chrome isn't fully open-source.

Arguably, there is no actual difference in code. Configuration of the package file is the only thing they change. I'm guessing the primary motivation for the license change is that the business people want to keep a strong hold specifically on the Visual Studio trademarks. Which to me, just says they would've been better off giving VSCode a different name.
How do you know the only thing they change is the configuration? Unless you're internal to Microsoft, there's not really a way to know. Obscured telemetry has been a running problem with Microsoft in recent years, so it's understandable that people would be suspicious of hidden changes to an application advertised as open-source.
I mean, decompiling the app is likely not hard. ILSpy is a thing, and you can even compare against a decompiled open source version.

FUD about "obscured telemetry" isn't worth much here either: They specifically have a telemetry URL in the configuration file, and they not only specify that they set it in the thread, but they instruct you on how you can verify the configuration's contents on the proprietary version. Telemetry exists in VSCode, but the code is open source, and you can inspect it to your heart's content.

Here:

Here's how it works. When you build from the vscode repository, you can configure the resulting tool by customizing the product.json file. This file controls things like the Gallery endpoints, “Send-a-Smile” endpoints, telemetry endpoints, logos, names, and more.

When we build Visual Studio Code, we do exactly this. We clone the vscode repository, we lay down a customized product.json that has Microsoft specific functionality (telemetry, gallery, logo, etc.), and then produce a build that we release under our license.

And:

You can look at the product.json that is installed with the Visual Studio Code product to see what we configure.

Willing to bet if the product.json is easily visible in the compiled version, you can even adjust it to work like the open source version if you'd like, by removing the telemetry URL.

If arch packages are anything to go buy, I think the component that searches for vs code extensions might not be freely available.
You mean kind of like the branding and naming of "Javascript", and how its relationship to java was intentionally obscured?
I think the real problem is that Microsoft worked so hard to obscure the relationship between the two via the branding and naming. It feels slimy and damages trust.

Did they? Was that their intent - to obscure? If Microsoft “worked so hard” then it should be easy to point to evidence.

I'm a career JavaScript developer and I didn't know there was a separate, "truly open source" version.

It kind of seems like because you didn’t know something, it implies that someone is engaging in intentional, malicious behavior.

The whole point of the ticket is that it's unclear and ambiguous throughout their website. Also, the OSS version doesn't even have a different name. It's still just "VSCode". Compare this to Chromium which has a related-but-distinct name and related-but-distinct icon.

The point I was trying to make is that I myself am immersed in the target community for this software, yet the messaging was not clear to me. I use React, I've worked with Electron, Atom is my go-to editor. I am VSCode's target user, and I did not remotely get the message. That suggests their messaging was either really bad, or intentionally misleading.

I'm not getting it, what part is not free? All the code is at https://github.com/Microsoft/vscode under the MIT license and you can download a prebuild version, which is also free to use.
The ticket is about “free” as in freedom. VS Code comes with a restrictive license agreement.
Specifically, the pre-built binaries that microsoft provides come with restrictive license agreements. The source code is still MIT.

There's presumably some difference between the Microsoft pre-builds and whatever you get from source. Apparently at the very least, the contents of product.json (https://github.com/Microsoft/vscode/blob/master/product.json...) defining names are different.

License says you aren't allowed to attempt to derive or reverse engineer the source code. So basically the code is available, but if you look at it you are violating the license.

edit: binaries are under a restrictive license and code is not. So definitely don't use those binaries, as they are likely riddled with telemetry crap that isn't in the open source version.

That sounds like two legal departments did not talk to each other.
That restrictive license refers to the build, at best. The vscode source is under MIT at github, there is no need to reverse engineer the build and the license of the build won't affect the license of the source code.
I mean, even Mozilla doesn't let you release binaries with Firefox or Thunderbird branding. Gentoo can get away with it because you're building/using it locally, but when Debain wanted to place Firefox into their package build system, they had to rename it Ice Weasel.
That's not true. Mozilla did not want (even slightly) modified versions of Firefox or Thunderbird to be labelled as such.

The issue has been solved and, currently, Debian has renamed its package back to Firefox.

On top of it, this has probably nothing to do with this topic. (copyrights and branding being very different topics)

Hmmm. So the source is open and free. The compiled versions shall not be reversed. How can one validate that the compiled versions being provided are direct results of what's in the repo? Ie. Not a version with some bonus magic.
(comment deleted)
The chrome dev tools are right in there in vscode so you can take a look at what's executed. It's also hardly reverse engineering if the code is all there to look at, and even debuggable and modifyable at runtime. I fail to see any issues here.
good luck debugging and modifying the c++ code via the chrome dev tools.
You wouldn't need to since VSCode is written entirely in JavaScript/TypeScript.
Just because something is written in Javascript, doesn't mean it doesn't include a binary.

For example, sass-loader is/was dependent on node-sass which is a binary install. Lots of file utilities on NPM are similarly reliant on C code that may only compile on your machine correctly if you are lucky.

(comment deleted)
If you read the issue, the first few lines say:

> The main landing page https://code.visualstudio.com for Visual Studio Code currently does the following:

> it states the offered version is "Free. Open Source." which suggests free software to anyone who knows what the difference of "free" and "open-source" in the common word use is

> Below it immediately offers download buttons for something licensed under https://code.visualstudio.com/License/ which is absolutely not free software in any modern definition of the word.

for me it sounds more like legal ass covering than close sourcing vscode, so nobody can sue them for collecting telemetry or autoupdating, etc
Well that and the PR nightmare of people submitting pull requests to remove said telemetry code and then dominating the front page of hackernews / technology reddit / slashdot / what have you when MS closes the pull request. It's honestly quite a slimy brilliant thing they've done here.
I think I might be missing the sliminess here. MS invested time and money to build software and is offering it for free. As part of that offering they are bundling up the software to the point that you can just download it and run it. In exchange for this they want to be able to collect usage statistics so they know how their software is being used. They are also giving you the option to download the software from source and build it yourself if you don't want them to see how you are using the software. This all seems pretty fair to me.
Agreed. It doesn't seem any different to what, for example, Red Hat do with RHEL (which I also don't see the problem with).
Microsoft has a much darker past to come back from with this, so the stakes and expectations are much higher and community willingness to forgive much lower
The telemetry code (spyware) that is clearly in the binaries but missing from the MIT-licensed source code (people have already determined that the binaries don't match a build of the source code).
The telemetry usage is directly in the MIT source: https://github.com/Microsoft/vscode/blob/f05063d13da8c6112ed...

The telemetry extension is open source too: https://github.com/Microsoft/vscode-extension-telemetry

And you can unpack the source for the distributed electron bundle yourself: https://medium.com/how-to-electron/how-to-get-source-code-of...

Then there is literally no reason for the license discrepancy
There is certainly A reason for the license discrepancy. It just may or may not be a good one.
"Free" has unfortunately ambiguous meanings when it comes to software. The poster here isn't talking about the monetary sense; he's talking about "free" as in "free to do whatever you want with it". Microsoft stipulates things you can't do with the software, and it sounds like parts of the final product are even closed-source, similar to what Google does with Chrome vs Chromium. Except in that example, the distinction and the existence of the OSS version are much more clear and well-known.
We have an unambiguous term for that. It's FOSS.
Sure, but the author of the ticket just said "free", hence the confusion.
The complaint was that main site is advertising that VS Code is "Free. Open Source." which apparently is different from "Free and Open Source Software".
VS Code binary is vscode plus custom package.json which configures telemetry, gallery, logo, etc. and therefor has a custom license. Similar to Chrome & Chromium, Oracle JDK & OpenJDK, Xamarin Studio & MonoDevelop, etc. [1]

Seems fair play to me.

[1] https://github.com/Microsoft/vscode/issues/60#issuecomment-1...

Great link, clear cut answer which ought to settle the whole question.
I was curious about what comprised the "etc." A little further down in the issue you linked, chrisdias said, "You can look at the product.json that is installed with the Visual Studio Code product to see what we configure."

I don't really know how to interpret this file, but the copy in VS Code 1.23.1 for Mac has 644 lines, compared to 23 in the repo.

It's 644 lines long because a lot of your post-install configuration is stored in there.

You'd want to compare a fresh install VSCode vs fresh install self build.

Hmm. I haven't really thought about it before since I use Gentoo, and don't use VS Code very much, but I guess my version of VS Code is "free" in this sense, since my package manager builds it from source by default.
Are you sure about that? I just googled "gentoo vs code" and the ebuilds I saw appear to download the precompiled binaries.
Huh, you're right. It appears there is no visual-studio-code in the base Gentoo portage tree. The version I have is from the jorgicio overlay. I wonder if the licensing is why it's not in the base Gentoo tree.
Should change to MIT license. Microsoft stands to lose nothing by changing the license, but will face considerable developer ire by not changing it.

Edit: should change binaries to MIT license as well

I believe the Microsoft wording is correct. The software is free, in that it requires no payment for its use. It is free of cost. It is also clearly open sourced.
(comment deleted)
This is so stupid. It doesn't say "free software" the page say "free" like zero cost.

This person obviously just want something to be angry at, which is typical for free software advocates. Instead of complaining that other people do not adhere to what you believe, go create it yourself. You do not own the word and if you're so for freedom, why are you so against others not making the same priorities?

It makes so little sense to me.

Because if Microsoft is going to finally "play nice" with the open source community, we are going to have to nitpick every single interaction to nip any bad behaviors in the bud, lest we see a repeat of "linux is cancer".

Now that they are toying with open source, it's been fun seeing how little power Microsoft has to deal with public outcries on open platforms like GitHub. Alas, we will see if it stays that way now that they have bought the damn platform. Still, it is our responsibility to steer Microsoft in the right direction, and not tolerate anything even slightly bad if we have the power to complain about it now that they care about developer PR (to the tune of $5 billion).

> it's been fun seeing how little power Microsoft has to deal with public outcries on open platforms like GitHub

I'm curious what "dealing with it" would entail. From Microsoft's perspective, I might imagine that there doesn't seem to be anything to deal with. There certainly was a notable internet-wide spit take when the news broke. But it's all but died out, and I wouldn't be surprised if there wasn't a measurable effect on numbers.

we are going to have to nitpick every single interaction to nip any bad behaviors in the bud, lest we see a repeat of "linux is cancer".

How does one distinguish that from revenge?

Sure you may do that, but you don't have to be arrogant and unfriendly while you are nitpicking or questioning stuff.
This issue seems a bit confusing, so here's my best attempt at grokking it.

If you download VS Code from https://code.visualstudio.com/, you'll be presented with this license: https://code.visualstudio.com/License/, which reads more like a somewhat permissive license to proprietary software than it does as an open-source license.

If you, instead, clone the git repo at https://github.com/Microsoft/vscode, you'll find that the repo is under an MIT license (https://github.com/Microsoft/vscode/blob/master/LICENSE.txt)

Hence the title: It feels off (I can see why people would call it "deceptive") that code.visualstudio.com offers something for download that is described as Open Source but is not licensed under a standard Open Source license, and it's definitely bewildering that they would do that while simultaneously making the source code available under the MIT license.

Open Source is for source code. Binaries aren't under OSS licenses, their source is. This is only misleading if you don't know what Open Source is.

Imagine how ridiculous it would be to say RHEL was not Open Source because you can't distribute your binaries how you want - despite all the source being available under OSD licenses. It's the same claim the bug reporter is making.

We also couldnt get redistribution rights for chocolatey package because of such license.That is the reason current package downloads from MS instead being embedded to provide stability and network independence.
IIRC if you build it from the source, you have no access to the package repo that's offered by MS... What you can do is to manually install any packages that you may need.
Compare with how Google does it: "Chromium" versus "Chrome".

That would be cleaner, but I'm not sure how much users really care about this in the end. If this were clarified, would they do anything different?

After building from source, how do I install extensions?