Ask HN: Is it malicious to start charging $ for your previously free project?
It has been in news recently that the colors.js developer was suspended from Github for breaking his own project(adding an infinite loop in his program that halts it). Github staff hijacked his repo and reverted the change. It is being widely acclaimed that introduction of this update is "Malware". It is being criticized as a "malicious" act.
Now, say, instead of making the new version of his program cease to function for everybody entirely, he decided that the new version of his program was no longer going to be free, and if users wanted to utilize the newest version they must pay a fee. Say he introduced code instead that checked if a license was purchased for the software, and if so the program works, and if not the program halts. Would this have been considered a "malicious" act as well?
19 comments
[ 2.9 ms ] story [ 58.4 ms ] threadFurthermore, by framing it that way, you're being disingenuous about what exactly is "the program" that ceases functioning. In the scenario where the program is on Github, you're making the new version of the program cease to function, but the old version still functions, and the user is still permitted to use it--that is, the real problem isn't that "the program" ceases to function, but that you're replacing a still functioning version by a nonfunctioning one automatically. In the scenario where you're charging $10000, there is, in actual practice, no old functioning version.
In a weird scenario which was closer (but which doesn't happen much in practice), charging $10000 would be objectionable too.
That's funny. I don't remember reading about a backdoor he installed. Do you have a link?
Or are you blaming him for the fact that people kept downloading his repo's package after he told them to stop?
I think his behavior was petty and amateurish, but it also only had a negative impact because people were still loading his package directly instead of forking it like he advised in November.
(Note: I don't blame GitHub at all. He burned his bridges with them quite intentionally, and in the process made their continued relationship with him a huge problem for their customers. I don't see what other option they had, to be honest.)
I had an interesting issue with Nuget package manager. Authors of some open-source package we’re using changed their license from permissive MSPL into another one which only allows non-commercial use and also says “reserves the right to modify this Agreement at all times without notice”, LOL.
At some point, I pressed a button in visual studio to upgrade dependent packages if our software. The project it relatively large. It’s developed by a team of people over years, and has dozens of dependencies. The project builds a desktop software which doesn’t listen on any sockets or installs any services, security is not an issue, so I only pressing that button couple times a year. A few of these third-party libraries were automatically updated. I have built and tested the software, and called it a day.
It was mere luck I noticed the change of the license of that library before we built new public release of our software.
Not sure everyone agrees, but I think the responsibility is largely on Microsoft, not the package authors. When a package author changes their license to be more restrictive, I would expect Visual Studio should stop upgrading the dependency, and show the developer doing the upgrade some message box with human-readable error text, and links to old and new licenses. That didn’t happen, it was no popups, no messages, nothing I could possibly notice and react.
Also, would it be malicious if the author had simply deleted the project altogether, as opposed to putting in an infinite loop? From the author's perspective, if you want to use my code, fork it, and have at it, but I don't want it in my space any more. Is that not a reasonable stance to take? It may not be the "right thing to do", but it is his code, and he is the associated "owner" of the code. I don't know.
Going to an extreme, the implication _could_ be that I should never delete any open source project that I create, because it would be "malicious". The reality is that I could delete most of my open source work, and nobody would bat an eye. I'd be pretty shocked to my doing that being labeled a malicious act.
Price increases can cause a loss of customers; that's fairly well understood, I think.
I don't think it would be seen as malicious, because:
- People could fork from the previously-free edition
- People should generally be understanding of (even if not in agreement with) the desire to make money from their labour
For a FOSS project to attempt to engage with existing investment/company/private equity structures could be fraught thought, I'd expect (one route to enabling a revenue model).
Are those groups wise to -- and aligned with -- the mindsets and opportunity envisioned by FOSS contributors?
Lunar 3 was free and open source, then a very high effort upgrade had to happen because the M1 CPU needed different low level logic for controlling monitors, so I made Lunar 4 paid.
I still keep Lunar 3 as a free download right on the front page, and its source code is untouched in the lunar3 branch (https://github.com/alin23/Lunar/tree/lunar3)
Most people were happy to pay and support me for the new app, but inevitably there were some very rude messages because some users felt entitled to getting the upgrades free forever.
I think it's a perfectly reasonable thing to do, it's your work and your time and you should ask to be compensated for it if you need the money.
Somewhere there lies your answer.