199 comments

[ 5.3 ms ] story [ 237 ms ] thread
This is a classy response from the Ghost folks to a clear license violation.
What does such a violation usually entail?
Hey, Substack CTO here. We don't distribute Ghost's code at all and the only piece of code included is a client-side search library used by the third party theme. But that library is actually hotlinked and hosted on jsdelivr (via npm) with no modifications made to it what-so-ever. This includes the line at the top with the license link as Ghost originally built it
Thanks for the correction! All the better that the original tweet kept it classy, then. :)
I've always found open source projects to build superior libraries that commercial entities always end up adopting.

I've always found commercial entities to build superior products that open source projects always end up adopting.

One makes the tools, the other assembles them and sells it.

Must be the focus on profits that helps push companies to build products users want, while the love of the craft pushes developers to make the best foundations.

> Must be the focus on profits that helps push companies to build products users want, while the love of the craft pushes developers to make the best foundations.

Shamelessly stealing this line of thinking to use in the future.

under perfect capitalism (using my ill-defined opinion of what capitalism is)

be prepared to pay royalties, or possibly face criminal copyright infringement, for using that line of thinking in the future.

(this comment is supposed to be some sort of "joke". but the yoke is on most of us)

I love this line and I personally think there's nothing wrong with it (not that I'm suggesting anyone implied there is).

And this is also how I separate my work from my hobby. I'm proud of those who can make money from a hobby, but I simply do not try. The motivations are fundamentally different and it changes how much I enjoy my hobby. I wish I learned this in my early 20s. I spent years thinking, "if it can't make money or someone's done it better, it's not worth doing."

Or it's capital preying on basic research funded by the public.
> Or it's capital preying on basic research funded by the public.

How, exactly, is open source "basic research funded by the public"?

If anything private capital funds OSS as much or more than anything else. OSS is primarily driven by time donation by the coders anyway. If they don't want companies using it there is a well established system to prevent that... it's called licensing.
It could be preying, but it doesn't have to be. In recent decades we've seen a rise of IGMFY capitalism. But there are varieties of capitalist thinking that see companies as situated in a society that they are part of in a way that gives them duties as well as rights. That's not popular today, of course, but it's not impossible that we'd return to it.
If someone published code as MIT then use by commercial entities is hardly preying on it.
> Must be the focus on profits that helps push companies to build products users want, while the love of the craft pushes developers to make the best foundations.

Ghost is a non-profit organization that publishes it code as MIT.

You don't structure your company as such because you're wanting to generate a lot of profits nor prevent others from profiting from your work.

It seems like Substack is just embarrassing what Ghost set its charter as: a non-profit that allows others to benefit from its work.

https://ghost.org/about/

> It seems like Substack is just *embarrassing* what Ghost set its charter as: a non-profit that allows others to benefit from its work.

(emphasis mine). Nice Freudian Slip there, buddy :-)

I think you understood this backwards: Ghost is the developer creating the foundations that other companies use to make money.
I mean look at desktop Linux. If anything’s ever been “by coders, for coders”, it’s that
I quite O'Nolan's tone here. It's obviously not a collaboration as you might first expect from the top tweet (and title on HN), but he's quite gracious about it at the same time. It would be quite easy to get frustrated and outraged at Substack, we've seen it happen before. However despite the two, fairly substantial, issues he's pretty gracious about it while poking a bit of fun.

Hopefully Substack do the right thing here and correct those two problems openly. It would only be a good thing for blogging/publishing if they actually contributed back as well.

Hey, Substack CTO here. The Ghost-written code in question here is the client-side search library that the third-party theme uses. We link directly to the files hosted on jsdelivr (via npm) which in-turn uses the files Ghost built for distribution. Those files include the license link at the top, as Ghost intended, and are not modified or minified by us at all
Thanks for the response, I appreciate the correction!
Based on Ghost's MIT license, seems Substack using it is fine, but damn would have been nice to have at least some kind of attribution... leaves a sour taste to take without acknowledging.
Ish. Pointing clients at Ghost’s CDN instead of substack isn’t great. Nor is stripping the copyright header.
It doesn't seem that Substack is actually doing either of those things here, contrary to the claims in the original tweet.
It's not a "would be nice", it's a license violation to not be using it with copyright attribution. https://twitter.com/JohnONolan/status/1602330414269472769
That’s not obviously clear - after all MIT software can be used to produce output that doesn’t need to include a “made by X” - and arguably that’s what ghost provides.

And they didn’t even copy the JavaScript to their own CDN …

> Based on Ghost's MIT license, seems Substack using it is fine,

As long as they provide appropriate attribution, which apparently¹ they are not so it isn't fine.

> but damn would have been nice to have at least some kind of attribution...

Not just nice, but required. From the licence: “The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.”

Many projects, commercial and other OSS ones, get conformance with MIT and similar licences wrong in this way.

----

[1] Caveat: Going by the Twitter thread. I've not verified this. Maybe they have it somewhere hidden away, so are compliant but minimally so².

[2] Which would be a dick move³, but compliant.

[3] Which I wouldn't put past them as they are using Ghost's CDN to include some of the stuff instead of covering the hosting for that themselves, which is hard to think is accidental. If this is accidental then I'd never trust them from either a code quality PoV or an infrastructure security PoV.

The copyright notice and license is referenced in the JS library, that's enough.

This is literally no different from any reason person using bootstrap on their site in terms of license. Does every site powered by bootstrap have a link or attribution to Twitter?

I'd not checked personally, but the original Twitter thread suggested more than "a library" had been used.

[knee jerks back]

Though I'm assuming here, as I reply without having yet revisited the full thread, you have checked or otherwise have been furnished with new information, and are right!

Quick everyone, to the research-o-tron!

----

Update: it looks like the library was being drawn in by a 3rd party theme/add-in that isn't included in the main distribution at all. More detail elsewhere in this thread (above, unless voting has for some reason reversed).

> Caveat: Going by the Twitter thread. I've not verified this.

That's the problem. The Twitter thread is wrong.

If someone makes a fact claim that doesn't hold up under scrutiny, then consider what effect comments have when they uncritically take those claims at face value. They end up demanding/diverting attention towards what is just noise.

We have enough experience by now that we shouldn't have to relearn where hot takes go wrong, and yet here we are: in the comments on what was a #1 story on HN with dozens of people getting a false impression after swallowing unsubstantiated (and ultimately untrue) alleged facts.

> leaves a sour taste

An honour system with no enforcement against bad actors will usually do that.

Hey, Substack CTO here. We don't distribute Ghost's code at all and the only piece of code included is a client-side search library used by the third party theme. But that library is actually hotlinked and hosted on jsdelivr (via npm) with no modifications made to it what-so-ever. This includes the line at the top with the license link as Ghost originally built it
Thanks for the clarification. After this and Chris's Tweets, sour taste is gone. I've updated my understanding of how MIT licenses work.
> One thing that’s a little disappointing: Ghost uses the MIT license, one of the most permissive OSS licenses there is. Essentially, anyone can do anything they want with our code, with ONE basic requirement: You must include copyright attribution. Which they have not.

For a SaaS app, wouldn't that copyright attribution be on the server side, where the code is (hidden from the end user)?

Is John stating he expects that copyright attribution to be in the "view source" of the HTML or some other user accessible location? What happens if that HTML/JS is minified/stripped/"compiled"?

IANAL: but I'm genuinely curious how this situation is handled.

https://twitter.com/JohnONolan/status/1602330414269472769

As far as I understand it, MIT only requires you to include the attribution next to the binary so ias you guessed next to the source code on the server.

However, the js shipped to clients is usually minified and transformed which means it may count as "compiled" and thus the same rules as for binaries would apply.

Cases like these are the reason why the AGPL exists.

I highly doubt you can count minified as "compiled" Minification is a form of compression. Compilation is a form of conversion from a high level to a lower level interpretation and that is fundamentally different.

But then again I'm not a lawyer :)

The intent is for attribution to be kept with the code. If your minifier removes the attribution you’re likely in violation.
And the minifier’s job is to remove things like comments which is right where the attribution is likely to be.

Now if a third party thing like a cloudflare CDN were minifyer for you and removed it then who violated the license?

If the CDN is just a part of your architecture that you voluntarily setup then you’re likely the one violating. Even if not the CDN very likely has an indemnification clause in their contract which would shift that liability back to you.
I figure compilation is a big tent and this counts, but imagine

--rename-properties WARNING: renaming properties requires deeper analysis, considered compilation in the US

Hey, Substack CTO here. We actually don't minify or modify the files in question at all and simply link to the versions hosted on the public jsdelivr CDN (which includes a link to the license right at the top of the file)
First off: weird take, and one that would be unlikely to hold up. But secondly: what is that supposed to matter, anyway? That is, why are you litigating the definition of the word "compiled"? No finding, whether for or against your argument, would have any bearing on questions about compliance with the terms of the MIT license, so the word's definition and its significance is null. It's a total red herring and a distraction to bring up in any discussion on the topic.
> Cases like these are the reason why the AGPL exists

Exactly. Not sure why they Ghost doesn't use AGPL. Still, it would have been kind of fair from Substack to approach this more open and collaboratively...

Because AGPL probably would have made it a no-go for substack to use. They seem to genuinely want to collaborate: https://twitter.com/JohnONolan/status/1602330416643702784
Why would AGPL have made it a no-go for Substack? Also, it looks like Ghost wants to collab but there's nothing from Substack in the Twitter thread you linekd?
> Ghost wants to collab but there's nothing from Substack

Substack doesn't have to "collaborate" do they?

Because AGPL infects their entire service. You'll be hard pressed to find any commercial service adopting AGPL projects. Even the GPLv3 is often immiscible with commercial services. At least GPLv3 can be contained to only part of your stack.
IANAL but I think integrating AGPL code would affect the license of the rest of the codebase too: Substack would be forced to release the rest of their codebase as AGPL too. This is why AGPL is considered a "viral" license.
If I use some MIT licensed dependency to power a service at work, I don't beg permission from the maintainers first
While agree that it would be nice from the Substack to give credit to Ghost, they are not required to do.

It's unfair to complain about Substack doing exactly what they are explicitly allowed to do by the company that released Ghost under that specific licence that they choose to.

Yes I agree it's unfair to complain, and I don't think Ghost is complaining (at least I don't see complaints from what John tweeted). It's more about "giving credit where credit's due" I think...
Minified versions of most JS libraries include a copyright notice as a top or bottom comment. How hard is it to respect this basic requirement?
Quite hard. Isn't the whole point of the minification to remove non functional parts to make the size smaller?
Not really hard... for one there's a convention of putting an exclamation point at the start of comments that should survive the minification/compilation process, for this very purpose.
Hey, Substack CTO here. We actually link directly to the jsdeliver CDN to use the files that get built for distribution in the sodo-search npm library. We make no modifications to the files (including not minifying them anymore than they are). The files actually do have a link at the top to the license file, which is hosted in the same directory on jsdeliver.
> The files actually do have a link at the top to the license file

That's not actually the license for the file; it's the license for the resources it includes. The license for the file is available elsewhere but is not directly linked. See my comment at https://news.ycombinator.com/item?id=33959622

The way I do it in my SaaS app is there is an "attributions" page. On it I have a list of all OSS software I've used in both frontend and backend.
I like it - though it'd be hard to resist aliasing /attributions.txt to /lawyers.txt ...
Unfortunately a mention in the "attributions" page won't pay the OSS developers' rent.
It's more acknowledgement than is required to use most OSS.

If the OSS developers want to generate revenue, there are plenty of paths they can follow.

If you want people who use the software you develop to pay you to use it, you should not release your software under an open source license.

You probably already knew this, I don't mean to point out the obvious. I am just confused by your comment, and others like it that frequently come up on HN these days. People saying or implying that there is something unfair about using open source software under the license terms that its developers have chosen to release it.

> For a SaaS app, wouldn't that copyright attribution be on the server side (hidden to the end user)?

I agree and my take on this is based on the way compilers generate binaries. I would not expect a compiler to inject random copyright notices in sdtout, for example. Ghost, in this case, is acting like "compiler" and the HTML can be thought of as the "output" akin to a binary generated by a traditional compiler. The MIT license (and similarly permissive ones) do not dictate software usage and thus it's output is not required to have any attribution, only source code.

Ah you may find it interesting, the GPL3 license actually does prescribe showing copyright notices in stdout [1].

> If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode ...

> The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an “about box”.

This is to say it is not entire unusual to have copyright notices in output.

[1] https://www.gnu.org/licenses/gpl-3.0.en.html

This feels silly. Not a single one of my userland tools does this, but they are clearly all GNU...
Note the “interactive mode” - this means like starting an editor or nslookup kind of thing.
Less is interactive, and does no such thing.

I mean, I get it. This will be nigh impossible to codify, such that there will be reasons things can and cannot work in certain situations. This line of attack here, though, is feeling overly forced and would actually sway me to never use such licensed stuff. And I'm pretty heavy on the open source support.

Yeah it's clearly a "recommendation" and people seem to use it pretty sanely.

bash doesn't do it even if you start a subshell. I know I've seen the NO WARRANTY message flash on my screen but darned if I can find a gnu program that does it by default.

Bear in mind these are suggestions, not part of the terms and conditions of the license itself.
Hey, Substack CTO here. We're actually not using Ghost's platform and have instead built a theming API that is compatible with third-party themes that are built for Ghost. The one piece of code that the theme uses that's developed by Ghost is the open source search library used on the frontend. In this case the theme links directly to the files that Ghost has distributed on jsdelivr via npm
Would be nice if upstream Ghost made this easier for users. I just checked my blog and it has a default footer with a link "powered by ghost", they could just as easily have a link to the license.
> For a SaaS app, wouldn't that copyright attribution be on the server side, where the code is (hidden from the end user)?

I'm curious about this because the end user's browser is where the (copied) code is run, not on the server. That's why they need to hot-load additional code from Ghost's CDN, rather than doing so on build servers.

They are shipping Ghost client side javascript. That should have the mentioned notice on it.
Hey Substack CTO here. We actually don't host, modify, or minify the client side library in question. We link directly to the jsdelivr CDN for it and the distributed files from there have a license link at the top
I think I'm safe just having a .txt file you can somehow discover and read from the same server that hosts the website. But in order to do what feels right, I always put it into an "About" section somewhere.
Have any writers migrated from Substack to Ghost?

Substack support has been nonexistent for the past 6 months. I've reached out about a handful of broken features and get no response, except in one case months ago where they dismissed it in the weirdest way. Archive search does not work; ex. I have a post about monkeys, it has "monkey" in the title and the body, and when I search "monkey" it doesn't come up in results. The support response said "this is normal, just because a post has a keyword in the title or body doesn't mean it's always included in search results"...what? I asked for clarification and they never replied.

It feels like Substack has strayed from the promise of being focused on writing and email. They added "Save" and "Listen" buttons to the top of emails, which are visually prominent; and those buttons make no sense in an email. They're a trick to take people to the iOS app.

They endlessly promote new features to writers and readers and it all feels like their trying to lock you into something that's harder to migrate out of.

Hmm I had the opposite experience. I emailed them 3 or 4 bugs and they fixed it. This was several months ago though. I am a paid user to several substacks in case that matters.
That's interesting. Prior to July I did get replies, but they never fixed anything. "Thanks we'll pass this on to the dev team" but then nothing. I think that's normal but not great.

Since July I've sent emails about 3 issues and the only response I got was the one I mentioned above.

I'm a writer with a few paid subscribers.

I've put in a couple of support requests and gotten reasonably prompt, helpful responses.

Possibly you're not a writer? They make it possible for writers to earn a decent amount of money (not that I am) and keep their copyright. Can you tell us another platform that does that better?

Exponential View Substack -> Ghost -> Substack

The Browser Substack -> Ghost

and seemed quite happy with the move last time I checked.

Whoa!

Hotlinking Ghost CDN URLs in Substack production HTML.

Yes this is a bad look for Substack. And it puts them - and their users - at Ghost's mercy.

Totally. I feel like Ghost has integrity and wouldn't resort to shenanigans, but this is a wildly poor security posture and really a faux pas to be forcing ghost to incur CDN costs on this.
It's also incredibly easy for Ghost to prevent hot linking.

It just 2-3 lines in your nginx/apache config file that blocks hot linking, and many people consider this a standard practice to do regardless.

They are not hotlinking ghost urls... JSdelivr is a giant JS CDN. Ghost is in the url because they developed the library so it's the GitHub path. You could use this library on your website right now... They open sourced it!
Hey, Substack CTO. That's exactly right. Thank you for this
There's more to it than that. There are two resources involved. One is using Ghost's (jsdelivr-backed) CDN. The other is just using jsdelivr's CDN for any and every NPM package that gets published in the clear.

The asset that thefp.com is using is the one that gets loaded from the latter (the one served from the public CDN), and you can see that this was true even at the time that O'Nolan's screenshots were taken. For some reason, he mixed them up; the only evidence that we have of anyone here using the CDN that Ghost is (presumably) paying for is Ghost's own use of it themselves.

(comment deleted)
Hey, Substack CTO here. We don't hotlink to Ghost at all and instead use jsdelivr to link to client-side open-source libraries. jsdelivr is awesome btw, works with any npm module, and is fast and reliable https://www.jsdelivr.com

    The way they used our search library is kind of interesting. They could've
    copied the code locally and modified it to work with the Substack API, but I
    guess Substack doesn’t have an API?
Substack doesn't have an API. Their editor is laughably primitive compared with other solutions. Their visual look hasn't changed at all since their inception. They don't have discoverability. Can anyone tell me what Substack is doing with all the millions of dollars of funding they've taken? We joke about Twitter being massively overstaffed, but Substack, to me, looks just as bloated, organizationally.
Maybe you have something else in mind when you say "discoverability", but.. https://substack.com/discover Seems they do have it.

As for the bloat, I can't really comment, but would note that Substack did substantial layoffs like everyone else.

As for what they're doing: they built mobile apps, adding podcasting and video, etc, better discoverability.

I can't say whether they've done "enough" to satisfy you, but I also don't think we should pretend Substack hasn't done any new product development work since inception.

Those are all fair responses. I guess I just haven't seen much uptake of those new features among the Substack writers that I follow. When they do podcasts, they're hosted by ACast, SimpleCast, or one of the other podcast hosting platforms out there. Videos are hosted on YouTube (like everyone else's).

I would prefer if Substack spent more resources on improving its "core" newsletter/blog experience, but I can understand, given their status as a home for controversial writers, their desire to be a self-contained service.

My understanding is that these days most technical people are wary of being locked into a single platform, so even though substack is making a pretty compelling walled garden anyone with knowledge of recent SV history is hesitant to dive head first into it. As once they get big enough they’re pretty much guaranteed to do something anti-competitive that is against the interests of their customers/users who now have no choice as the cost of leaving has grown too large.
They added comments, chat, an app for reading, sections. There is a lot happening in Substack core product.

Edit: this looks like a good list for my standards: https://on.substack.com/p/product-news-dispatch-nov-22

And Substack discoverability is becoming a big thing for writers. I know the impact from a lot of anedoctes.

I help with podcasts at Substack. Substack is a podcast-hosting platform like the others you describe (although in my biased opinion we have a number of other great features that set us apart). Most of the podcasts on Substack are hosted and distributed by Substack. A few Substack podcasts do point back at other platforms, but this isn't the norm.

Writers can embed youtube videos in their posts. When they do, those are hosted on youtube.

However, Substack also has our own hosted videos (see https://on.substack.com/p/video-on-substack).

> Can anyone tell me what Substack is doing with all the millions of dollars of funding they've taken?

Padding the paycheques of America's biggest contrarian writers apparently. Greenwald, Taibbi, Andrew Sullivan all have paid gigs there.

They don't have "paid gigs" there. They bring in tons of subscription revenue, and Substack gave them advances against that subscription revenue. In each case, they quickly earned out the advance.
Are you sure that any of those three got an advance from Substack? They don’t appear in any of the articles listing authors with paid advances except in providing commentary about the existence of such a system. They might have all even joined before Substack had its advance program.

You are otherwise correct about them not having a “paid gig”. They each built their own large paid subscriber base from which Substack takes a 10% cut. They pay Substack for the service, not the other way around.

In addition to advances they will sometimes just pay a writer to move to Substack.

> But the advances also had limitations. On a per-deal basis, we could never really do better than break-even. A Substack advance was effectively an interest-free loan that would never be paid back if a publication failed.

> With Substack Pro, we pay a writer an upfront sum to cover their first year on the platform. The idea is that the payment can be more attractive to a writer than a salary, so they don’t have to stay in a job (or take one) that’s less interesting to them than being independent. In return for that financial security, a Pro writer agrees to let Substack keep 85% of the subscription revenue in that first year. After that year, the deal flips, so that the writer no longer gets a minimum guarantee but from then on keeps 90% of the subscription revenue

- https://on.substack.com/p/why-we-pay-writers

Depending on the payment it's possible that a writer could lose money on this, because they would have made more from subscriptions than they did from Substack, but I'm guessing for very big names Substack is paying quite a bit more than they would have made from their first year of subscriptions.

Also, this wasn't public for a while and there's probably more that is still not public.

> We haven’t said anything about Substack Pro in public until now because we have been in a “figuring it out” phase, seeing what resonates with writers and how the deals perform over time.

On the surface that’s a better deal than many publishing houses give actual book authors - some major percentage of books never “pay back” the advance and it rarely gets to be heavily author-favoring.
Yeah I don't think there's anything wrong with this kind of arrangement, writers getting paid is good. I do think it's possible that Substack is spending more than a sustainable amount on acquiring big name writers because they want to show results and growth to their investors.
> On a per-deal basis, we could never really do better than break-even. A Substack advance was effectively an interest-free loan that would never be paid back if a publication failed.

They made a ton of money on Matt Yglesias's advance. His advance was ~$250k, and he brought in two or three times that in revenue (the terms of his deal were: he gets 250k upfront, they get his first year's revenue). I'm not aware of any other writers who've published their numbers, but Greenwald, Sullivan and Taibbi all have a TON of subscribers.

> Padding the paycheques of America's biggest contrarian writers

You say that like it's a bad thing.

Being a contrarian means that the mainstream media doesn't like them, but apparently enough readers do that they can make bank.

"Mainstream Media" especially in contexts like these is meaningless. You seem to mean many PEOPLE don't like them. There's an argument to be made that for the average person, being attacked by a number of Substack's writers would make that average person less likely to explore their other writers offerings. Fewer readers means less revenue.
What?

"Mainstream media" is certainly not meaningless. A good proxy would be any organ considered an "authoritative source" by Facebook: NYT, WaPo, CNN, Politico, AP, etc.

As for "fewer readers" I don't know what you mean. The "readers" are paying their money, aren't they?

Meaningless in that the phrase is used almost exclusively in the way you use it, and yet you (and others) aren't able to construct a coherent definition. Regarding your examples, Facebook was a weird choice of authority when viewership/readership are easily researched numbers. I bring this up partially because the only thing that you believe is "media" is news sources but the most popular news sources aren't "mainstream media"? There is clearly something specific you're filtering for but are unwilling to say. Until you do the term means nothing.
Wow, you're really going to elaborate lengths of pedantry here, aren't you?

"Please define 'mainstream media' and no, I'm not satisfied with your definition."

Why is this important? You could make a list of 100 news sources and ask a random sample of 1,000 people to check Yes/No on "is this mainstream media?" You would get a very high level of agreement. It's not my responsibility to give you a definition you're happy with. This isn't a scientific debate.

I pointed out that you've yet to make any attempt to define it and still haven't.
If there's anyone besides you who's confused, we haven't heard from them yet.

I searched "mainstream media" on DDG and got a number of definitions. Maybe you could try that.

Your definition differs from the results offered as evidenced by your examples differing from other examples: i.e. of The Big Five[1] you picked on only the smallest, not even focusing on journalisitic enterprises because one of the larger organizations literally called "News Corp" didn't have a single of its publications make your list of news outlets. Curious.

[1]: https://en.wikipedia.org/wiki/Mainstream_media#The_%22Big_fi...

Yeah that still doesn’t seem like a good thing.

No one is worth reading solely because the “mainstream media” doesn’t like them. People who jabber complete fiction are disliked in that way. Doesn’t mean they’re worth the time.

Glenn Greenwald in particular depresses me. The days of his blockbuster stories feel like distant memories, now he just posts poorly edited (or more likely not edited at all) opinion pieces powered by nothing but rage. I genuinely don’t get why people would pay for it.

I don't subscribe to him either. Some people do, apparently.

Ted Gioia is totally worth it. I haven't looked at Greil Marcus' stuff yet.

> You say that like it's a bad thing.

It can be, yes.

Exhibit A: Alex Jones. Whacky conspiracy theory and snake oil peddler. It's literally in nobody's interest he be published anywhere, apart his own personal financial one.

In most cases there's probably a good reason for someone to be shunned by everyone "mainstream".

It would be sad if these, who are very tame, and not long ago would have been considered doing a mighty fine job to the side they're now rejected by, were the "biggest contrarians". Would imply a total lack of actual contrarians, and an overencompassing uniformity and party line-ism...

Then again that's what you get when you build two bipartisan monocultures of echo chambers...

They paid writers. The quality of the content is ultimately a lot more important than the technology used to deliver it.
But how else are they going to advertise that horribly full of themselves writers with subjects as interesting as How The Silicob Valley Accepted Me As Its Child And How I Made My First Million (contents: a load of self serving crap oh and also my dad is a millionaire and used his connections for me) are now writing on Substack?

It's just another Medium, except for some reason the writers there are _even more_ pompous and full of themselves.

>Their visual look hasn't changed at all since their inception.

I don't like that you are suggesting that the visual look must change. Nothing is wrong with leaving things the way they are.

>They don't have discoverability.

What does this mean? Suggested posts and authors, which are nothing but thinly-veiled ads so you stay in the page? Good that they don't have those.

On the one hand, it does seem like it'd be nice if Substack had signed a support/integration deal with the Ghost team. That way Ghost could have gotten paid something for their hard work, and Substack could have avoided critical mistakes like the CDN security issue.

On the other hand, this seems like what success looks like for an MIT licensed project. A big company using the code to power their product without even having to contact, let alone ask permission of, anyone.

It seems to feel different for end-user applications like Ghost. But it's not actually any different than if they had powered Substack with SQLite or Postgres.

> But it's not actually any different than if they had powered Substack with SQLite or Postgres.

I disagree. It's more comprable to if they used WordPress instead of Ghost. The database is a few layers further down, whereas Ghost is basically 90% of the end product (not sure how much they've adapted, but looks like a lot from John's Tweet)

Well, it's a bit more complicated than that.

Substack is positioning themselves to their customers, which are journalists/authors, as a comprehensive alternative to having a normal job working at a newspaper or magazine. That seems to include high-touch customer support, an integrated business model with payments, a mailing list system, a distribution method, etc. It's more of a service than a piece of software.

Ghost actually seems to have jumped on Substack's bandwagon by trying to skew their blog software toward being a direct Substack alternative.

So Ghost seems to have adopted Substack's business model and Substack seems to have adopted some of their blog technology.

I don't think you understood the linked thread. The problem is not that they are using Ghost. The problem is they are not including the attribution required by the license.
I understood that criticism but don't think it's correct, as many others have pointed out. This is MIT licensed software running on a server. Substack is not redistributing software to end users, by any common definition.
As shown in the thread they are shipping Ghost's client side code to the browser. The attribution needs to be there.
Hey, Substack CTO here. We don't distribute Ghost's code at all and the only piece of code included is a client-side search library used by the third party theme. But that library is actually hotlinked and hosted on jsdelivr (via npm) with no modifications made to it what-so-ever. This includes the line at the top with the license link as Ghost originally built it
So at what point does Substack cut the man and his team a check because from the looks of his observations Substack will likely need consultation and support.
Sounds like you're describing the SQLite model.

Completely permissive license but companies pay for support (or custom features).

Genuinely curious (I don't know all that much about these things): To what extent does the SQLite model incentivize poor documentation since that would drive use of paid support services?
If the documentation is poor, the implementers won't even be able to get it to a point where they would consider paying for consulting.
I mean poor enough that its easy to get set up but more complex usage ends up requiring support services, by which lock in has started occuring.
For what it's worth, SQLite's documentation is one of the best among all software I've ever used. It's clear, detailed, well-organized, and everything is documented.
Huh, so it's a ghost in the machine?
(comment deleted)
This is why you should use the AGPL.

Otherwise, corporations can and will make immense profits from your unpaid work without contributing anything in return.

The goal of FOSS should be to create a new ecosystem that puts users in control, not to provide free labor to private enterprises.

OP did not seem to be complaining about it though. In fact he seemed happy about it. Only the lack of attribution was a problem.
Maybe not outright complaining, but the whole thread does come off as a little passive aggressive/ salty to me.
It's written in a very passive aggressive way. He's not congratulating substack, he's calling them out.

The attribution aspect of it seems intentionally misleading in my view. Are the MSM, who'll be chomping at the bit to attack their competitor, Substack, going to delve into the finer points of software licenses or rather just quote the tweet?

I'm not saying that Ghost should use the AGPL, I'm saying that this is a warning to other projects that use the MIT license and wouldn't want to see their work commercialized this way.
You have no right to dictate what the goal of FOSS is about. It's also patronizing to claim Ghost made some kind of mistake here. They obviously picked MIT for a reason, which means they are fine with companies making profits from their unpaid work.
Sleazy and disrespectful behavior by substack. Just like medium, all these publishing/newsletter platforms go to $%@& real quick. The first time I saw the "sign up to continue reading" banner I knew substack was done, this just confirms it.
Funny side-note: @substack is the wrong handle, I assume John meant to tag @SubstackInc.

AFAIK there's no formal mechanism for bidding on naming rights, but Twitter could easily set up an auction platform, take a small cut off the top, and do quite nicely.

You can request an already registered name if you own the brand. Owning the domain substack.com might be enough to prove ownership. People have been successful with this in the past.

They may not do anything about it, though, if @substack is being used. Logging into Twitter is enough to keep the account active. I don't know if that is changing with the new owner. I know that Musk said they will be making names for inactive accounts available soon.

That makes sense. It would also make sense to have auctions for high-value handles.

Or, to take a page from 'Radical Markets', twitter accounts could be associated with a reservation price (a price at which a person would definitely sell), and 'taxed' (re: charged) a proportion of that reservation price. I believe it was Patio11 who observed that his upper limit on willingness to pay for twitter would be very high. Right now, Twitter doesn't capture any of that.

That might only work for bluecheck accounts, not sure. I don't want to lose my random 10 follower account for $100, but neither do I want to pay to be a lurker

If Substack uses Ghost, why not just use Ghost itself? I'm thinking about doing that instead of Substack for my newsletter.
When John says "product engineers" does that mean "the engineers who specifically work on the code that gets used by customers"? Ie. excluding the engineers who do all the support stuff: CI/CD/testing/etc. ?
Chris Best of Substack replied: https://twitter.com/cjgbest/status/1602370307884318720

Substack is not "powered by Ghost". Rather, we built our own theming API that’s compatible with themes built for Ghost, including those built by third parties.

The Free Press is using a modified Tripoli theme, built by Ahmad Ajmi, under a paid license. This is how this is supposed to work. It's good for the theme developer if we support this – you should check them out here.

Great set of replies and a wonderful example of why hearing both sides is important. You should definitely click and read through Chris' thread, but the final note "We’re definitely up to chat" is a great olive branch.
Thanks. Happy to answer questions here too.
Response from Chris Best Substack's CEO: https://twitter.com/cjgbest/status/1602370307884318720
Seems like minimal overlap potentially if they were just using it for a theme, but the tone is a bit defensive, and I don't think that John was rude in his original tweets and more of like tongue in cheek sort of fun and offering to collaborate.

A more direct, yes we use some code, oops we will add attribution, thanks again, much appreciated, would have sufficed.

If this had been private communication, sure.

By putting this on Twitter, it immediately gets turned into something that could spawn clickbait headlines and could tarnish the company's reputation long term. Maybe John didn't mean for any of that, but his tweets don't mention the MIT licence initially and seem like they're building up an allegation.

I think Chris responded exactly like a for-profit company's CEO should, pre-emptively countering tech journalist headlines, clearly and concisely describing the situation, and still reaching out for the potential of collaboration.

You're not following/understanding what the linked Twitter threads are actually saying.

There is no mention of O'Nolan being rude (although he did make a number of untrue claims, which at least pretty negligent—but that's not a charge that the linked tweets say, either...)

There was no code use, and there was no copyright violation/failure of attribution, so there is no "yes we use some code, oops we will add attribution" called for, nor would it even be logical to do so.