this post was submitted on 15 Jul 2023
68 points (91.5% liked)

Rust Programming

8197 readers
2 users here now

founded 5 years ago
MODERATORS
 

I posted this over /r/StallmanWasRight and I am not sure it would be taken well at /r/Rust so here we are.


I have been getting into Rust in the last year but the licensing ecosystem of Rust crates makes me perplexed.

Today I came along this project https://github.com/uutils/coreutils that is trying to rewrite GNU coreutils in Rust and it is likely over the years projects like this one will overshadow many of the legacy GNU projects.

They are almost all made on "permissive" licenses that will give so much more power to corporations, in fact I am absolutely sure all these (big) rewrites are sponsored by corporations to escape the GNU safeguards that were built to protect users and society.

Does anyone else see this or am I just too paranoid ?

EDIT: It is not my intention to single out any specific project/team. Instead, I aim to initiate a meaningful discussion regarding the licensing choice. Rust is likely the first language since C that holds the capability to effectively replace the decades old, legacy libraries.

top 31 comments
sorted by: hot top controversial new old
[–] [email protected] 24 points 1 year ago (1 children)

I am absolutely sure all these (big) rewrites are sponsored by corporations to escape the GNU safeguards

Interesting idea, never thought of that and I don't think it is impossible.

But I don't see it, there are 400+ contributors and uutils group are students and someone working from home.

As I see it, we are finally getting new tools and all because we got new fancy fast and memory safe language. Community is growing, learning and making new apps.

One problem I have seen (thou I don't know about this project) is low code quality, but that's expected until we find best practices with rust.

But I never thought about licenses.

One thing I can imagine is even something like unconscious "self censorship", choosing more permissive license to attract more people and even corporations which will hire developers...

But I also understand that people want more permissive license than gnu.

Thank you for idea, I will keep an eye on it.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago)

One thing I can imagine is even something like unconscious “self censorship”, choosing more permissive license to attract more people and even corporations which will hire developers…

This is the result of years of anti-copyleft propaganda which started to pay off. Now, all that corps need to do is wait for new projects and libraries to pop up and subtly (more than often openly) allocate resources to whichever project they need, or simply EEE. A much easier exercise than it was during the early years of copyleft where we could literally have a free alternate operating system to Microsoft, Apple and IBM while they were openly fighting it. Read on the Education and Government Incentives program for a reminder of what corporations are capable of.

[–] [email protected] 19 points 1 year ago (1 children)

Does anyone else see this or am I just too paranoid ?

IMO you are being paranoid. Corporations don't care about these utilities. They can build stuff using coreutils under the GPL without major issue. Unless they modify the source of the coreutils its self they don't have to share anything. So it does not really matter what license it is under. And really these tools are extremely basic - not exactly hard to rewrite any of them from scratch if required (as prof of all the different implementations out there, like this and busybox to name two).

I highly doubt these are sponsored by any big corp, just hobbyists/students that think it is interesting project to undertake that don't care as much about the GPL as much as they care about doing something interesting to them.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

I highly doubt these are sponsored by any big corp, just hobbyists/students that think it is interesting project to undertake that don’t care as much about the GPL as much as they care about doing something interesting to them.

I wanted to test this theory, quickly looking at the commit history you can see that although the project might have started as a hobby/student weekend project, it is currently maintained by someone with an official affiliation of director at Mozilla corp.

PS: I am not pointing the finger to any entity here, I picked this project as an example to have a discussion on this topic.

[–] [email protected] 9 points 1 year ago

it is currently maintained by someone with an official affiliation of director at Mozilla corp.

So, the person that started it as a hobby got hired at a relevant field? That in of its self does not mean much. Most people that work on OSS technology are funded in some form by a company. Very very few people are funded by purely by the community or have an unrelated job and everyone needs to earn a living to eat. And it is not uncommon to get hired for the work you have done in your spare time, even if that work never gets used by the company.

This is not an uncommon story overall.

[–] [email protected] 12 points 1 year ago (1 children)

The Rust community has usually favoured more permissive licenses for some reason

[–] [email protected] 8 points 1 year ago (1 children)

That is because GPL libraries are a pain for corporations. And popular languages like rust are built by corporations and a lot of the libraries for them are built by corporations. Rust would not be the same language as it is today without their contributions. If it were all GPL far few companies would want to use it so far fewer developers would be able to use it which would stunt its popularity. This is also true of python libraries and npm libraries which are mostly under permissive licences.

[–] [email protected] 0 points 1 year ago (1 children)

The GPL is also incompatible with modern appstores, which makes them less valuable. I personally don’t touch anything GPL for work, only for hobby projects.

[–] [email protected] 4 points 1 year ago (1 children)

@anlumo @nous how is the GPL incompatible with App stores?
Also, libraries should use the LGPL, not the GPL.

[–] [email protected] 2 points 1 year ago (1 children)
[–] [email protected] 6 points 1 year ago (1 children)

That only talks about the Apple app store licence. Not App stores in general. All depends on the licence they impose on the apps. Flatpak, snap, flathub for instance are all app stores that distrabute lots of opensource code, some of which if GPL.

[–] [email protected] -1 points 1 year ago* (last edited 1 year ago) (1 children)

Yeah, I didn't refer to those. Google's and Microsoft's store have the same issue probably, though.

[–] [email protected] 2 points 1 year ago (1 children)

You should be specific then, you only said modern appstores which does include those I mentioned. So while some appstores are incompatible with the GPL that does not include all modern appstores. Fairly sure googles appstore has some GPL stuff on it? Not sure about microsofts. All depends on their license. IMO best not to assume everyone is as restrictive as Apple is.

[–] [email protected] 0 points 1 year ago (1 children)

I'm fairly hesitant to call something that doesn't sell anything a "store".

[–] [email protected] 2 points 1 year ago

A store, as in a place to store or accumulate things. Not as in shop, a place to buy things. Seems like it is still applicable here.

[–] [email protected] 12 points 1 year ago

While this is indeed paranoid and not well informed, I'm kind of appreciating... the GNU appreciation.

Makes a good change from all the hypernormalized Twitter/Mastadon non-coders, or self-proclaimed coders (the kind that uses terms like "imposter syndrome" every day), always bitching about how GNU was a mistake, and all it did was provide free labor for corporations, and how the FSF and Stallman are all kinds of bad and wrong.

[–] [email protected] 7 points 1 year ago

I don't like it personally, I don't contribute to projects that are designed to easily feed non-free systems. There is a lot of corporate influence both direct, but even more in people catering to companies potential of exploitation in order to maximize there and the projects value to corporate interests.

It's common for these people to just not see these as tools that "normal" people need, but as tools for companies that admins, and devs use. This is in stark contrast as to when gnu utils were deved

[–] Anders429 6 points 1 year ago (2 children)

The community tends to favor more permissive licenses in general. I think a lot of it is due to a large amount of core libraries (often owned by members of the core team, in Rust nursery, or otherwise central to the ecosystem) using MIT or Apache 2.0, which means users who begin publishing their own libraries and know next to nothing about licenses will just follow suit.

I do wonder how it would hold up on court to basically clone something by rewriting it in a different programming language and then relicense it. I'm no lawyer though, I have little understanding of how these things work.

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago)

I do wonder how it would hold up on court to basically clone something by rewriting it in a different programming language and then relicense it.

I believe that the US court has already rules that programming APIs are not copyrightable - only the implementation is. So a rewrite of something does not infringe on the original. Though proving you have not copied source from the original is harder - a clean room rewrite is generally preferred for such things (where the authors have not seen the original implementation ever before). I believe the google vs oracle lawsuits over java/openjdk was where the precedence was set. Though I am not a lawyer and could have gotten this wrong.

[–] CrabLangEnjoyer 4 points 1 year ago (1 children)

If cloning something by rewriting it would be an issue the GNU utils would have the same problem since they're also just clones of proprietary Unix commands that the GNU project doesn't own

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

But they (GNU) used the original Unix code to rewrite it or they did a clean implementation just cloning the behavior?

Edit: Cloning*

[–] [email protected] 4 points 1 year ago

projects like this one -- aren't a novel thing, though. BSD userlands, clang, alpine linux, etc. have existed for a while; & corps have sponsored them to some degree. What makes this rust initiative different?

[–] [email protected] 2 points 1 year ago

across all languages, most new projects are published under MIT or similar.

[–] mint_tamas 2 points 1 year ago

I don’t think coreutils are particularly a choke-point for corporations. They can and do freely use them in their infra like everyone else. For your fears to hold any water you would have to find examples of popular libraries getting drop-in rewrites (but keep in mind that such rewrites are much more complicated due to having to provide a C or C++ interface to make it an actual replacement). Personally, I think the rewrites can be interesting not because they are rewritten in Rust particularly, but because decades-old code contains assumptions and maintains compatibility that might not be relevant today. So a rewritten program can be cleaner and even faster. Same deal with neovim (partially; but it also pushed vim proper to finally implement async plugins which they heavily pushed back against)

[–] 640K 1 points 1 year ago

There is also the problem of how the linking is done in most Rust projects. Rust projects tend compile dependencies statically. If you wanted to use a library that is LGPL, your own project would need to be LGPL as GPL and LGPL require to release the source if you use their libraries by linking statically (as far my understanding goes).

[–] [email protected] -1 points 1 year ago (2 children)

I don't think there's a hidden conspiracy behind projects such as this one; it may be just that it's simply much easier for projects with permissive licenses to take off as corporations and private entities are willing to sometimes submit patches and contribute to these projects on the side while sponsoring the developers with money. However, it's still definitely not proportionate to the value that the community contributes back and basically gives to the corporations for free with most of them packaging these libraries and binaries and selling their software for much higher profit without ever contributing anything back. There is a reason why these permissive licenses are called the cuck licenses and I wish that more people would start caring about the license they publish their code under, but the sad reality is that, especially in the rust community, the MIT and Apache 2.0 licenses became the de facto standard, and that was without much pressure from the big corporations, though rust has its origins under the umbrella of Mozilla so it's not that surprising given this context.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

I am aware that permissive licenses became the defacto form of licensing for new projects thanks to years of propaganda from big corps and especually Microsoft, who bought Github mainly for this. I never paid too much attention until I realized the potential for Rust projects to be widely adopted for replacing a big portion of copyleft libraries. This coreutils project was just an example to make the point, it seems very convenient and it is easy to dismiss the licencing choice as a coincidence. On the long term this might have huge implications a few generations ahead when big corps don't have to contribute nothing anymore to society. Look at what is happening with ~~Open~~CloseAI, open source models are lagging behind because there nothing equivalent to GNU/Copyleft in this field, thus we end up with a big corp mostly owned by Microsoft holding a life changing technology in its hands and hindering the progress of all society.

[–] [email protected] 3 points 1 year ago (1 children)

However, it’s still definitely not proportionate to the value that the community contributes back and basically gives to the corporations for free with most of them packaging these libraries and binaries and selling their software for much higher profit without ever contributing anything back.

I think you massively underestimate how much corporations contribute to OSS technology. Even the linux kernel has over 80% of contributions being from people paid to do so:

The number of paid developers is on the rise, as companies aggressively recruit top Linux talent. More than 80 percent of kernel development is done by developers who are being paid for their work. Volunteer developers tend not to stay that way for long.

https://www.linuxfoundation.org/press/press-release/the-linux-foundation-releases-linux-development-report

If you removed all that support, and everything RedHat, Canonical etc have done then the Linux land scape would be baron today. Hell even Debian is basically backed by corporate sponsors to fund their work.

And after all of that, if corporations did not use Linux or any OSS projects at all then there would be far fewer people getting introduced to it at work, then wanting to contribute back in their spare time.

So even if companies take far more then they give back, they also give back far more than people doing it for the love of the software. And while some companies might be much more of a leach off what OSS provides, overall corporations give a lot back to the OSS movement.

the MIT and Apache 2.0 licenses became the de facto standard, and that was without much pressure from the big corporations, though rust has its origins under the umbrella of Mozilla so it’s not that surprising given this context.

There is actually a big pressure here, libraries under the GPL are very toxic to companies (binaries, like the kernel, much less so). If you base an entire core of a languages library under the GPL then no major company would ever touch that language. This would basically doom the language to a forever niche language. All major languages have a huge amount contributed to them via companies - most having been created by companies to begin with. Most of the popular libraries are written by people who are hired to write in that language and write these things if not while they are being paid to do so then because they might want to use the libraries during their jobs.

The LGPL might have mitigated this a bit, but companies are still wary of it. And every barrier put up would stunt the languages growth.

We live in a world dominated by corporations and what they do - volunteer effort (while still valuable) is just a drop in the ocean. A software license wont change this, but can have dramatic consequences on your product depending on what it is you are developing. And the GPL is not always the right choice for a project, especially a library.

[–] [email protected] 3 points 1 year ago (1 children)

To be honest I expected nothing else from the Linux kernel as by now it's so widespread and essential to so many companies' operations that they need to have their dedicated developers to make patches and push new features into the kernel. The notable fact though is that Linux is licensed under GPL and somehow the companies still embraced it, so it's not as "toxic" to them as expected. I am aware of the fact that Linux and most other popular GPL projects are mostly contained to binaries and there's even one notable example with the ogg vorbis audio format where Richard Stallman himself decided that relincensing it under BSD license instead of the LGPL would improve its adoption over the patented MP3 so clearly GPL isn't always the right choice, but if people don't actively push for copyleft licenses then we'll forever be stuck in a world of companies actively blocking the spread of knowledge, selling us software filled with DRM and proprietary software, making insane profits, but graciously letting a few developers to contribute some of their company time back to these open source projects. I don't think it's fair and GPL may not be solution for all the problems, but what else it to be done?

[–] [email protected] 4 points 1 year ago

And that is what it comes down to - binaries vs libraries. For a binary GPL is not that much of a problem for corporations, they can still work with it without giving up their propriety code they ship with it. But for a library, that would force them to give up everything which is a step too far for most corporations. If a language used GPL licences for the majority of their library code then it would basically discourage corporations from using those libraries - and without libraries how much use is a general purpose language?

then we’ll forever be stuck in a world of companies actively blocking the spread of knowledge, selling us software filled with DRM and proprietary software, making insane profits

I don't think we would. Remember, rust and go are both languages written by corporations, with a large number of libraries written by people working for those corporations with most of the libraries still being open source under permissive licences. If the GPL did not exist would that change anything here? And the same goes for NPM, and python packages and a lot of other popular languages. Corporations do give back to these projects, quite a lot, much more than pure volunteers at any rate. Yet they don't need to given the MIT/BSD licences, they still do.

Now, some companies do leach far more then they give back. But that does not diminish the amount that companies overall have given to the OSS world.

I don’t think it’s fair and GPL may not be solution for all the problems, but what else it to be done?

There are instances where it is unfair. And those instances the GPL does not actually help as much as you think. Like the amazon profiting off offering elastic search as a service without giving much back to the project. If they have not made any major changes to the code base they are well within their rights to sell it as a service under the GPL. Hell, they don't even need to share changes they do make unless they start distributing the binaries - which does not happen when offering it as a hosted service.

And you wont stop behaviour like this from the greedy corporations with some copyleft licence IMO - if what you make is popular and has a licence that stops them from using it then they have the resources and reach to create a competitor that out classes your solution. Licences wont solve that problem at all, that is just an inherit flaw with the capitalistic world we live in. Copyleft licences are just a band aid over that real problem so there is only so much they can really do, and which is further weakened by the cost of trying to enforce the license. Without the FSF which is another corporation fighting on the behalf of individuals, the GPL would not be worth anything, a licence is only as valuable as your ability to enforce it.

So really, the whole system is just broken. But even in this broken system, permissive licences don't get abused nearly as much as they could be. Corporations have realised there is some value in having multiple others maintain common tools and libraries they use to build things. And so they continue to invest in OSS projects (more and more in recent years compared to the earlier days).

load more comments
view more: next ›