I like mayo but pretty much all shelf mayo is made with oils that are bad for you. Even some brands which claim to use olive oil primarily use another oil with olive oil further down the ingredient list.
I wonder how Facebook would feel if all the open source software they currently use incorporated the same license. I bet it would deter them from enjoying much of the code they built their business on. This stance seems pretty antithetical to the goal and spirit of open source software and I really hope it's not the beginning of other companies following suit and 'poisoning' the well of other open source projects.
I completely agree that the Facebook BSD+PATENTS license is antithetical to the goal and spirit of open source software. And that is why the Apache Foundation rejected it it. I'd like to see more statements by more groups like the FSF and OSI on that.
I wonder how Facebook would feel if all the open source software they currently use incorporated the same license. I bet it would deter them from enjoying much of the code they built their business on. This stance seems pretty antithetical to the goal and spirit of open source software and I really hope it's not the beginning of other companies following suit and 'poisoning' the well.
> how Facebook would feel if all the open source software they currently use incorporated the same license
That would work incredibly well to neutralize patents, actually, and would be a huge win for free/open source software.
It's surprising not to have seen anyone point out the logical conclusion of a world where every major license includes a React-like stance on patents: it's a world where no one is able to bring patent suits against anyone, because it means they are now violating the licenses of every piece of FOSS they're currently using. (I'm relying on the assumption that there's no entity that could perform an audit right now and conclude that there's not a single piece of FOSS underpinning their products/services/infrastructure.)
Licenses like Apache 2.0, MPL2, etc all have a "MAD" policy wrt patents, but they all have a gaping hole in their strategy. The React license patches this hole in a really clever way--probably the cleverest thing since the GPL's invention of copyleft to hack copyright law by using it against itself. It's really disappointing to see people's sense of disdain for Facebook overpower their ability to appreciate how clever the React license is.
Addendum from the last time [1] I commented: "FWIW, I don't use React, I don't want to, I'm not a Facebook employee, and in fact I think the world would be a lot better off with Facebook having less influence than they do today. But that doesn't change how weird it is to keep seeing comments like [those that frame the React terms in a negative light]".
So this opinion almost swayed me, but the problem is that companies aren't scared of open source writers suing them.
If you use project A that was written by one or two developers in their spare time (and they included a BSD+patents) clause, would Facebook fear being sued by them? Probably not -- but new companies that get anywhere close to what Facebook does (increasingly, that's everything these days) definitely live with the real possibility of facebook suing them.
In theory the "no one is able to bring patent suits against anyone because they're violating licenses" is a good outcome (mostly the no patent suits part), but it doesn't quite stand up in practice because patent suits cost money, and bigger companies can sue you longer than you can sue them. I don't want a world where MAD is the default, because the large companies carry nukes, and I carry a peashooter.
Yeah, and if Facebook DOES infringe on a patent you own, and it's a valid case? You then have to rewrite your frontend code base as fast as you can?
At it's best this is like some sort of warped "you infringe on my patents and I'll infringe on yours" kind of thing, assuming MAD means it doesn't become a very-uneven suing war. This case is also bad news, because larger companies are much more capable of infringing on your patents and competing with smaller companies in a conglomerate style.
Amazon is a conglomerate. Alphabet/Google is a conglomerate. Somehow, everyone in the government who manages anti-trust (whether that should be a thing is another debate), seems to be asleep at the wheel, literally everyday.
Also, guess who has lots of resources to rebuild a shitty copy of ingenuous software they found online? Big corporations do. All the starry eyed CS grads who want to go work for Big Conglomerate Co. are going to be rearing to re-implement Redis in 50K LOC, but it's harder for some small company (or just random open source project) to re-build the parts of their app that used react in some other framework.
If you are a small shop, you just don't have the money to file a patent claim against Facebook. That's exactly what the parent post told you: patent litigation is expensive.
The PATENTS file is red herring. If you're a small player and you launch a patent lawsuit against Facebook you stand no chance of winning. Facebook has thousands of patents in its portfolio, and software patents being broad as they are, you're invariably infringing one of them.
You know what, scrap that. Even if you were a somewhat large player with your own respectable patent portfolio, and Facebook had almost no patents you could never win. Why? Because this already happened, dear internet:
TLDR: Yahoo sued Facebook before their IPO with 10 infringed patents (not just 1), trying to scare Facebook into giving them money. Facebook only had 56 patents, but they had money, so they bought up 1400 more patents, and countersued with just 10 of them. Yahoo realized they don't have the money to win a lawsuit against Facebook, and meekly submitted and cross-licensed the patents to Facebook.
Now imagine trying to copy cat the Yahoo move with two guys in a garage who own just a single patent against a stronger and more prepared Facebook that has thousands.
> Yeah, and if Facebook DOES infringe on a patent you own, and it's a valid case? You then have to rewrite your frontend code base as fast as you can?
In that case, you have two other options:
* Quietly swap out your frontend before you file
* Continue using React and dare Facebook to produce a patent they can actually claim
This, of course, is based on the assumption that your frontend is a significant portion of your product. If your frontend is a trivial portion, then "rewrite your frontend code base as fast as you can" is also trivial.
This is something I have yet to understand. From all I read about the patent situation in America it looks like they are totally worthless unless you are a multi million company. Is there actually no way of pursuing a giant if they infringe on your IP?
For the most part, yes, unless you're a non-practicing entity (patent troll).
Large companies carry massive war chests of patents, such that anyone who makes software is most likely violating several of them without knowing it. They defend themselves from patent lawsuits with countersuits from their war chests. (Trolls are immune, though, because they don't make software and therefore aren't infringing in the first place.)
The patent situation is broken in a ton of ways. Just think about the concept for a few minutes and you'll imagine many of the points.
As for the problem you're focusing on, the particular problem is that to actually your patent defensively (the original purpose), you must litigate. To litigate, you must have lawyers, and quite a bit of money. If the other side is capable of buying better lawyers, or lawyers for a longer time, you lose.
I think most in the software community abhor patents for software, so it's probably a good thing that this "mutually assured destruction" environment exists.
> the problem is that companies aren't scared of open source writers suing them.
They should be. Many popular open source projects are supported by a 'community' of large companies, or are invested into a widely respected foundation like Apache.
Additionally, many projects that started off as simply a few developers, grow to the point that a company is founded to handle support and customization. An example of this would be Redis Labs---started by the originator of Redis.
If even tiny patent trolls can be 'dangerous' to multinationals, I expect most would steer clear of declaring a patent war on the community at large.
Also, you're right except for the fact that lots of very very useful projects are not backed by large companies or foundations like apache. What you describe a solution is precisely the world I don't want to live in. I don't want the MAD state of things to be held in check by large organizations -- humans kind of forget themselves in large organizations, far too easily.
Redis is a great success story, but again, that organization is way way weaker than facebook. They just have more money in the bank, and MAD only works if EVERYONE has nukes. It doesn't work if one side is carrying rifles and only one side has nukes.
Maybe we should fix the patent system instead -- I'm aware it's hugely nuanced, but for all the griping that tech does, surprisingly nothing has changed -- the tech companies that make it just don't seem to be trying to change the system once they're established (someone please correct me if I'm wrong).
"it's a world where no one is able to bring patent suits against anyone, because it means they are now violating the licenses of every piece of FOSS they're currently using."
It's also a world where entrenched companies can feel free to use whatever technology they want from smaller competitors without fear of lawsuit, and use it to further entrench themselves :)
I'd put a lot more money on that happening than "happy fun kumbaya singing".
This is among the many reasons that apache, et al chose not to use them when revving their licenses.
It's totally worth reading the discussions that happened around these issues back then.
As a friend said WRT to this issue: "Everything old is new again"
>It's also a world where entrenched companies can feel free to use whatever technology they want from smaller competitors without fear of lawsuit, and use it to further entrench themselves
I agree, but software patents are arguably bad enough that doing away with them entirely is worth the collateral.
A legislative solution might exist to have the best of both worlds, but, in the absence of that, suppose there's a copyleft-analogue hacky way to undermine software patents indiscriminately without requiring an Act of Congress. (and that's not a sure thing at all, but suppose.) Wouldn't you press the button?
> It would be a huge win for companies with large software patent portfolios
This is backwards. Those are exactly the companies that would be harmed, because their hopes to be able to wield those patents offensively have been nixed.
Companies like FB/AMZN/GOOG/MSFT have, effectively, unlimited engineering resources. And money. They simply smash any incoming problems into dust with brute force. Startups do not matter. Hell, few companies other than huge ones matter. "We might have to replace a 10,000 line piece of free software" is nothing to them. If they wage war against another MegaCo, nothing really changes with this license. That legal battle could be fought (and do damage) regardless, they can meaningfully litigate against each other. But the idea this changes anything when going against, say, smaller players? Because it "weakens" their ability to use their (massive) portfolio?
Because Facebook might be "afraid" of losing some software if they file suit? Not really.
So, here's how the real conversation will happen at MegaCo of your choice, should this play out:
---
Alice: We want to sue for patent violation against XYZ Co. But we use XYZ Co's software. If we file suit, we'll have to stop using it due to the license.
Some top-level guy with a three-letter title named "Joe": Okay. How big is their company and what software do we use?
Alice: <MegaCo has more money than God so the only meaningful comparison is "cockroach" at best, and the software is in no way something they cannot acquire elsewhere>
Joe: Okay. Assign 50 engineers to just recreate whatever stupid software of theirs we use, in-house. Or buy another version from someone more reliable. Then assign a billion dollars to legal to destroy them.
Alice: Okay.
---
And that's it. They're done. That strategy was all cleared up before lunch. Keep in mind of course Facebook will probably have enough money to litigate you into the ground so long that probably won't even be able to actually tell them to stop using your software, until they've already replaced it completely and also ruined you at the same time.
It turns out when you have effectively unlimited engineering resources and money (to wage legal battles), things like "Use a new virtual DOM library" or "Replace RocksDB" don't matter at all. They can just do it and crush you anyway.
So how the situation is better if both MegaCorp and small startup are using each other opensource code with just the BSD license (with no patent grants)? megacorp can still sue the startup for patent infringment and destroy it.
If you assume that MegaCorp is evil, the startup has no life whatsoever, whatever open source license is picked. If instead assume that MegaCorp is good, the patent grant has a positive effect on the ecosystem.
If the goal were to get rid of software patents, why don't all the large tech companies just band together and lobby against allowing patents for software? (more like Europe) This looks more like a sneaky trick by Facebook.
In fact, this is explicitly part of their reasoning, from the blog post linked to in the GitHub comment here:
> We believe that if this license were widely adopted, it could actually reduce meritless litigation for all adopters, and we want to work with others to explore this possibility.
This would only neutralize patents of actual companies that have something to create.
The only ones left to hold patents would be patent trolls. This would just massively empower patent trolls, and harm everyone. Because patent trolls don’t have to license patents there’s no risk for them.
See my remark about impossible audits. Patent trolls are almost definitely relying on FOSS whether they're in the business of creating software or not.
If I were a patent troll, I would get a Windows computer with a slightly old version of Microsoft Office and nothing else on it.
Even if the entire FOSS community decided to adopt a patent termination clause right now, it cannot retroactively apply to whatever fragments of FOSS code that has found its way into proprietary products so far. So I'm safe as long I don't install any new software until I'm done trollin'.
Your idea would make sense If all the FOSS that was ever written came with a patent termination clause. But that's not the world we live in.
I guess the point is in this hypothetical world patents are useless because suing would trigger the destruction and this is good because the community can freely share and use the best designs.
However, in such a world I don't think the courts would approve of this 'hack' and kill the enforceability of these clauses precisely because they render patents useless.
> However, in such a world I don't think the courts would approve of this 'hack' and kill the enforceability of these clauses precisely because they render patents useless.
I believe that contracts that terminate if you sue the other party are fairly standard, and in court these licenses would be considered fairly similar to those contracts.
I don't really know what a court would say, but if I sign a contract that says "I will not sue X for any patent infringement under the condition they don't sue me for patent infringement" I would be surprised if a court found that contract unenforceable. The right to file a patent suit is not a fundamental human right after all, why would signing it away not be possible?
I'm inclined to say you're mistaken. The FSF hasn't published an analysis of the React terms, but if they did, it seems pretty much assured that they'd deem it a "free software license, but incompatible with the GPL".
Recall that Apache 2.0, MPL2, and GPLv3—all free software licenses—have patent termination clauses as well, but they're comparatively weak. In fact, GPLv2 didn't have one, and this was the reason why Apache 2.0 is labeled as free but incompatible with GPLv2. The FSF's solution to this was to include it's own patent termination in the next update to the GPL, which is why Apache 2.0 and GPLv3 are compatible today.
> I'm inclined to say you're mistaken. The FSF hasn't published an analysis of the React terms, but if they did, it seems pretty much assured that they'd deem it a "free software license, but incompatible with the GPL".
Richard Stallman said it is non-free [1]:
> React.js is nonfree because of its patent license restriction.
Thanks! I also found the following one which gives a rationale [1]. The fine distinction is that the patent grant is completely separate from the copyright license and the termination of patent grant has no influence on the copyright license whatsoever. Unfortunately these messages are not in a single thread, so it is a bit hard to find them.
Richard Stallman and the FSF are literally the Inês behind the original de definition of "free software". What are you trying to say there?
Anyway, even if you dont line Mr. Stallman, the set of licenses he deems as free software is pretty much 99.9% compatible with the set of licenses deemed "open source" by the OSI or licenses acceptable by Debian (the other authorities you might Sant to look to when it comes to this)
Shortly after posting this, I came across IanKelling's link [1] to the GNU post on Software Patents. I've definitely been conflating copyright and patents in my mind. Thanks for the clarification.
For context in this discussion, the patent text in GPLv3 was original a copy of the Apache 2.0 patent text. This is why Apache 2.0 and GPLv3 are compatible, since the Apache 2.0 patent text is simply a subset of the GPLv3 patent text.
> It's surprising not to have seen anyone point out the logical conclusion of a world where every major license includes a React-like stance on patents
The thing is, I agree with your premise that we should always push for licenses that (in the long term) will result in a better free software world where threats such as software patents and draconian copyright are effectively neutralised. All three GPLs did this to copyright (as you noted), and Apache helped step forward on the patent front. I would love to say that the React license helped further this cause. Unfortunately I don't agree, and it's for several reasons.
* This may sound like a minor point, but the React patent license only applies to Facebook's patents, and relies on Facebook retaliating. Code contributed by anyone else may not be giving you the same protection, which means that if they sue someone other than Facebook the target has no real protection. Apache and GPLv3 both tackle this problem because the copyright license is terminated if anyone sues a copyright holder (and GPLv3 even more so because it's copyleft). By only terminating the patent license, you're relying on Facebook suing the offensive party.
* As with almost all patents, Facebook makes it exceptionally explicit that independent discoveries will not be protected. While this is to be expected because it's the default patent law position, it's not exactly what you want if you're going to try to sell me on this being "an ingenious, anti-patent license".
* The patent license clearly favours protecting Facebook over the wider software community. The fact that suits "(i) against Facebook or any of its subsidiaries or corporate affiliates," will result in termination means that the license is incredibly asymmetric in it's protection. The problem is that the "more free" stance of extending this protection to every user of the software would be too strong of a stance for companies to take (it would mean that no company could sue any other over patents in fear of being vulnerable to Facebook's patent portfolio). Not to mention that it still wouldn't solve the patent problem, you'd need to fix my first point and make it apply to all patents by all users. And then it would be seen as an incredibly risky business decision.
* By definition the patent grant cannot be used against Facebook, because of the above protections are not provided. If Facebook sues you over a patent unrelated to React, you cannot counter-sue them for any patents they may be infringing because then you'd be giving them more ammunition. This is where your comparison to the GPL falls flat for me. The GPL does protect users in this situation.
I understand that these might seem like "perfect being the enemy of good", but you have to consider that Facebook's dominant position is what makes these sorts of discussions critical. Sun made some mistakes in the CDDL, and we're still living with those mistakes to this day thanks to the whole Oracle OpenSolaris fiasco (though it went better than we could've hoped). We need to be far more careful in how we evaluate software licenses, and thinking about doomsday scenarios is crucial. If Facebook became a bad actor, would this patent license be better or worse for the community than Apache 2 or GPLv3?
> Apache and GPLv3 both tackle this problem because the copyright license is terminated if anyone sues a copyright holder (and GPLv3 even more so because it's copyleft).
This is not true of Apache 2.0. Filing a patent suit against someone over a piece of Apache licensed software means the plaintiff loses the grant to patents held by other contributors to that software, but that's the extent of it.
> If Facebook sues you over a patent unrelated to React, you cannot counter-sue them for any patents they may be infringing
This is also untrue. Your ability to file a countersuit for other patents is explicitly protected by the React grant. This has been the case ever since version 2 was published.
> If Facebook became a bad actor, would this patent license be better or worse for the community than Apache 2 or GPLv3
Either better or the same, depending on your values, but definitely not worse. The license termination clauses in Apache 2.0 and GPLv3 are so narrow they don't offer any greater protection against bad actors.
> Filing a patent suit against someone over a piece of Apache licensed software means the plaintiff loses the grant to patents held by other contributors to that software
Right, but the "right to use" permission is granted as part of the patent license not the copyright license. You're right that I misspoke and the copyright license is not touched, but the effect is similar AFAICS.
> This is also untrue. Your ability to file a countersuit for other patents is explicitly protected by the React grant.
Ah, you're right. I did read the latest version of the document, I guess that sentence must've just slipped by me. My point about asymmetry still stands though.
> Either better or the same, depending on your values, but definitely not worse.
I believe that the asymmetry does not make it better. You could argue it's the same, but I still am not sure I agree.
I don't understand the value of this over simply building a mini ITX system for cheaper and equal/greater performance? The only advantage this has is being able stay portable with the external GPU but $500 just for a dock is insane.
This reeks of forcing a parent's goals and ideals onto their children which in the situations I've seen tend to never end that well. Encouraging them to do what their genuinely interested in I think would probably lead to much happier lives.
A significant impediment is handling peak usage power. Maybe solar can provide most of our energy needs, but for those times where peak power is needed, it's probably more sensible to take a more balanced/mixed approach.
*edit looks like the article has a convenient link to another article talking about this exact problem:
Whether "millennial hipster game developers" are actually lazy or not seems to be besides the point. Hasn't it already been consistently proven that working more than 45 hours is much less productive than a steady 40-45 hour work week? What's the actual business justification for that besides massaging egos or trying to enforce some masochistic culture?
Swagger seems to have more awareness and adoption but we have fully embraced RAML due to its "composability" features which eliminate much of the boilerplate and copy/paste/tweak required by Swagger. Making the API spec easier to author & maintain is well worth the downsides of not being able to tap into the Swagger ecosystem. If we really needed something from the Swagger ecosystem, I don't think it would be difficult to create a RAML->Swagger converter. There is already a converter that goes the other direction.
But whichever one you choose, this stuff is awesome. We author API specs and then codegen mock services, client side wrappers (Angular services or Backbone models/collections), server side DTOs and controllers, and pretty documentation. Having that all done from a single authoritative text file under source control has drastically reduced the friction between frontend and backend developers.
PierOne is a Docker registry in Clojure with S3 backend and OAuth support. I wrote swagger1st[0] which is used there. Swagger supports authorization definitions via scopes. Besides that, you can only define required basic auth or API key usage for authentication but not for authorisation.
Swagger defines various places, where you can add own x-* attributes to fill in your own logic if swagger is not expressive enough.
