back to article Come on, Amazon: If you're going to copy open-source code for a new product, at least credit the creator

On Thursday, Amazon Web Services launched CloudWatch Synthetics Recorder, a Chrome browser extension for recording browser interactions that it copied from the Headless Recorder project created by developer Tim Nolet. It broke no law in doing so – the software is published under the permissive Apache License v2 – and …

  1. james_smith Silver badge

    If it's really an issue, then choose your open source license wisely. If you choose one of the more permissive licenses then you have to accept that your code will be used with only as much attribution as the those using it see fit to give. Otherwise license it under something a bit more, or in the case of the GPL much more, restrictive.

    As an aside, the upcoming Sony PS5 features an operating system that seems to based on FreeBSD as did the previous couple of Sony consoles. The FreeBSD folks don't make a fuss about this since it's understood that this can happen with BSD licensed code.

    1. Anonymous Coward
      Anonymous Coward

      Rock and a Hard Place

      Expectations as to what "the norm" is outside of the terms stated in the license are certainly subjective, and it is inappropriate to make assumptions. It's not beyond the realms of possibility that a large company giving unasked for credit to an open source developer might not be doing them a favour. They might not want the notoriety, if the software is somehow contentious, or buggy, etc.

      Sony / PS / FreeBSD is an excellent example. I can remember years ago many commentators criticising Sony for having silently "stolen our code" when Sony first started using FreeBSD, missing the point that it was in fact the FreeBSD folks' code, not the commentators'.

      The license is the one and only expression of what the copyright holders wants to happen.

    2. oiseau Silver badge
      WTF?

      But there's an expectation among open source developers that biz as big as AWS should will screw you over and over, everytime.

      There you go.

      I think it reads better now.

      ie: according to what usually goes on in cases such as this one.

      Or ...

      Just why do you think Jeff Bezos is the richest man in the world?

      O.

      1. Anonymous Coward
        Anonymous Coward

        @oiseau - To answer your question, here's a quote:

        Oh, I didn't get rich by writing a lot of checks. -- The Simpsons

    3. LDS Silver badge

      And how GPL would have changed the situation? GPL too is pathetically powerless in a cloud world. It was written for a different time, against companies selling some software like Microsoft, not selling 'services' like Amazon or Google.

      1. BHetrick

        The GPL would not change the situation, but the AGPL would; that's what it's for.

      2. Martyn Welch

        > And how GPL would have changed the situation?

        As the article states, the code in question is a browser extension. As a result the extension needs to be downloaded to the users PC. That would constitute distribution and thus the terms of the GPL would come into play.

        If you really want recognition for the things you write, then you should use a license which stipulates that.

        1. LDS Silver badge

          Is Amazon requiring payments and not distributing the code? If it forked the code as per GPL it could have still buried any reference in an obscure readme - and how many user downloading it would build it from source code?

          Still, Molochs like Amazon do money selling "services" - so whatever they give away to be installed on user PCs is not their main business so they can give it away for free while keeping all the important stuff more close than it was with software than needed to be deployed on premises.

          And they're taking great advantages of that. No surprise many companies had to scramble to change licenses.

    4. Joe_Blogg$

      Agreed

      There are licenses that require attribution, if you are going to get butt hurt by someone using your contribution by the terms of the license, choose one that will keep you happy.

      By using such a permissible license you increase the chance that a large corporation is going to use it, which is a great thing to add to the resume, but bitching about it after the fact just makes you look whiney.

    5. Anonymous Coward
      Anonymous Coward

      "As an aside, the upcoming Sony PS5 features an operating system that seems to based on FreeBSD as did the previous couple of Sony consoles. The FreeBSD folks don't make a fuss about this since it's understood that this can happen with BSD licensed code."

      Yes, and this is only one example amongst thousands ! MacOS, any console on the market, IOS very likely, any appliance I've come across, all use Linux or freeBSD without any mention of the contributors, and no-one seem to make a fuss about it ....

      So, why now ?

    6. Alan Brown Silver badge

      "Otherwise license it under something a bit more, or in the case of the GPL much more, restrictive."

      Believe me, that doesn't stop most of these large scale pirates. BTDT

    7. Mark 65

      OP: Absolutely. Anyone releasing code under a FOSS license who thinks the next user will be just as altruistic is plainly delusional. Choose the license that gives what you seek, as that's all you can expect to be adhered to.

  2. Anonymous Coward
    Anonymous Coward

    Matt Asay is FOS

    The whole "oops, we are sorry" bit from AWS and Matt Asay is pretty old and weak.

    1. Charlie Clark Silver badge

      Re: Matt Asay is FOS

      Is that where that particular media whore is now? Lost track of the number of companies he's been the mouthpiece for but still have a note to skip any "articles" (puff pieces) he writes.

      1. Anonymous Coward
        Anonymous Coward

        Re: Matt Asay is FOS

        FOS? Free and Open Software, right?

        "Is that where [Matt] is now? "

        Looks like it. And here's a selection of other places where else he's been in recent years:

        https://www.linkedin.com/in/mjasay

        Doesn't currently seem to fully enforce the usual LinkedIn membership requirement (I'm not "in") if you get there via Google. Going direct may be blocked.

        For Matt's past work for El Reg, see e.g.

        https://www.theregister.com/Author/Matt-Asay/

        1. CRConrad

          Re: Matt Asay is FOS

          Thanks for the heads-up!

  3. bpfh Silver badge
    WTF?

    Not following the spirit of the licence?

    That’s a new one. So if I get this correctly: Amazon fulfilled all its contractual obligations as per the writers chosen licence and the writer is now complaining that they should have done something else not defined in the contract and is taking it to the court of public opinion and crying for a waaaaaambulance?

    1. Piro

      Re: Not following the spirit of the licence?

      Well, yes.

      If it was some small (read: penniless) project that took the code, I imagine he wouldn't have made such a fuss.

      1. bpfh Silver badge

        Re: Not following the spirit of the licence?

        Then write it in the licence if you want that recognition! Don’t expect any firm to follow anything that you have not explicitly written down - verbal contracts aren’t worth the paper they’re written on and all that.

        1. Doctor Syntax Silver badge

          Re: Not following the spirit of the licence?

          I wonder how many commentards have read the Apache licence. As far as I can make out from it, unlike the early BSD permissive licences, there's no requirement to to credit the author(s) but there is a term against applying their trademarks. That might be seen as an inhibiting crediting authors.

          I might have misread it, of course, so I'm open to correction.

          1. Doctor Syntax Silver badge

            Re: Not following the spirit of the licence?

            My own correction. There's the option of the licensor including a NOTICE which must be copied if it exists.

      2. nematoad Silver badge
        Unhappy

        Re: Not following the spirit of the licence?

        I disagree.

        I don't know Tim Nolet and neither, I suspect, do you. It may be that it is the principle of the thing and not the size of company that irritates him. After all he is not asking for money just an acknowledgement of the work he has done that Amazon has appropriated.

        1. bpfh Silver badge

          Re: Not following the spirit of the licence?

          No I don’t know him, and IANAL (although playing devils advocate). I appreciate appreciation as much as the next man, and if they snaffled the whole project to a complete Amazon product with only crediting him in the readme.txt it’s a dick move - but if that’s all the licence calls for, megacorp lawyers are going to uphold the letter of the licence and nothing more. Realistically I would have expected Amazon to make him an offer he couldn’t refuse on moral principle...... but again, if he licenced it in a way that allows what they did.... the letter of the law was respected and legally no comebacks possible and The online (less tat) store legal beagles know this and played it strictly by the rules.

          Now, do the rules need changing? Very possibly yes, but it’s too late for this one. May it be a warning for others ?

        2. veti Silver badge

          Re: Not following the spirit of the licence?

          Anyone who's ever worked for a large company knows how this goes. There'll be a policy in place about checking the legality of the code you "fork", but nothing more than that. And the person who did it will be under strict standing orders not, ever, under any circumstances whatsoever up to and including a zombie apocalypse, to make anything that can be interpreted as a "public statement" on behalf of the company, because that's PR's/marketing's job.

          Ergo, to publish a statement on behalf of the company beyond what's strictly required to satisfy a legal requirement? - would be a huge personal risk for them. They'd have to clear the wording with PR, and the legal team, and you just know what sort of priority those people would put on a request like this.

          Seriously, would you do it?

        3. I am the liquor Bronze badge

          Re: Not following the spirit of the licence?

          To say that Amazon has appropriated it is an emotive choice of words. You could equally say that he gave it to Amazon (and everyone else) by publishing it under such a permissive license.

    2. Anonymous Coward
      Anonymous Coward

      Re: Not following the spirit of the licence?

      Simple should have stuck a non commercial use license on it, there is no spirit of a license, sure you may have intent when it was drafted, there may be a convention of crediting but there is no obligation to publicise sources in marketing speil if a credit lurks in a readme file.

      Sounds like people not able to handle freedom and all that entails, just like js* devs who have a bitch fit when there wrapper around tolower() gets popular on npm yet there virtual busking jars remain empty... Still what you expect when you do the digital equivalent of playing the back catalog of Coldplay on kazoo and spoons?

      *totally different to redis's arguments they have a point...

      1. MrBanana

        Re: Not following the spirit of the licence?

        "...playing the back catalog of Coldplay on kazoo and spoons?"

        I think this may be an improvement. Looking forward to the 180 gram release on dark charcoal vinyl.

        1. chuBb. Bronze badge

          Re: Not following the spirit of the licence?

          Depends on your definition of improve, if a turd is improved by rolling it in glitter then you are right ;-)

    3. swm Silver badge

      Re: Not following the spirit of the licence?

      Remember J. R. R. Tolkien? He didn't copyright his trilogy and Ace books ripped it off. They did nothing illegal - just unethical.

      1. Doctor Syntax Silver badge

        Re: Not following the spirit of the licence?

        Copyright exists automatically. You don't have to do anything.

        That's something that's caught out the unwary by posting something on github or wherever without a licence. They think they're making it public domain by doing that. In fact they're making it unusable because there's no legal way to copy it.

        A very quick search reveals that Ace Books used a loophole in US copyright law.

    4. Anonymous Coward
      Anonymous Coward

      Re: Not following the spirit of the licence?

      "Amazon fulfilled all its contractual obligations as per the writers chosen licence and the writer is now complaining that they should have done something else not defined in the contract"

      Just bear in mind that author's moral rights (including the right to be recognised as the author) can and do exist in addition to and outside of any contractual agreements in some jurisdictions.

  4. six_tymes

    yep, that is a dick move... I am a seller on amazon, not that anyone cares, but from a sellers point of view, it's an awful experience. most support does nothing to help in times of need, more than a few times it took two years to get issues handled. the point, its a dick company with dick workers, on every level in every department, and so I wouldn't expect aws to be any different.

    1. Anonymous Coward
      Anonymous Coward

      Amazon is a dick

      The lack of response etc over problems you have encountered might be that the employees simply don't care about the company they work for. Given Amazon's well documented history over antagonism towards workers, health and safety etc etc etc, is it surprising?

      We should all take note and simply stop using them as much as possible.

      I've used them once in 2020 and am actively trying to avoid Bezos's store if at all possible. I just get a bad taste in my mouth everytime an Amazon page appears in my search results.

      1. nematoad Silver badge

        Re: Amazon is a dick

        Yes, me too.

        The trouble is my sister has a bank card that does not allow here to order on line so she uses me to buy stuff for her.

        I have documented the terrible struggle I had getting free of that "Prime" nonsense and that is apart from having to deal with an unethical company that treats both its employees and customers with contempt.

        Avoid.

      2. Andy Non Silver badge

        Re: Amazon is a dick

        Amazon is becoming increasingly greedy and annoying so I've started buying more stuff directly from manufacturers and alternative suppliers.

        1. MachDiamond Silver badge

          Re: Amazon is a dick

          "Amazon is becoming increasingly greedy and annoying so I've started buying more stuff directly from manufacturers and alternative suppliers."

          Try local shops so they're around when you really need something right away. Many small shops are more than happy to special order things that their suppliers can provide but they don't have on their shelves. You can often get a deal since they don't have to price mark the items and have somebody put them on the shelves. If you buy case quantities of common items, a local shop might give you a pretty good discount and you get to know the owner/manager. They are often a great way to hear about deals they can pass along. The owner of my local corner shop often gets deep discounts on snacks whose best by date just passed. The product has always been fine. He also knows I like chocolate, so after holidays, he sets aside a case of them for me and a few other favored customers. Hardware stores are another place with lots of resources. The big name shops aren't as accommodating.

          1. Anonymous Coward
            Anonymous Coward

            Re: Amazon is a dick

            "Try local shops so they're around when you really need something right away."

            Indeed. If I can't get something locally, I usually try to find a specialist shop selling it online (e.g. if it's a model kit I'm after, I'll look for a bricks-and-mortar model shop selling models online) - at least that way I'm supporting *someone's* local shop

  5. nematoad Silver badge

    Old times.

    It's nice to see that the spirit of Leona Helmsley lives on.

    You know "Taxes are for little people."

    Amazon pulls this kind of stunt because it can and given its size feel immune to any criticism.

    I think the phrase "Too big for its boots." is about right.

  6. Danny 2 Silver badge

    Amazon is a dick slap

    It's not like they are struggling financially, they can afford to be magnanimous. The fact that they just steamroller over everyone, including their own employees, is a boast that that they don't care about their public image, they think they have us all beaten.

    Bill Gates was a dick for years but now he does nice things for poor people. You have to divorce Bezos to get a cent from him.

    1. Bitsminer

      Re: Amazon is a dick slap

      You have to divorce Bezos to get a cent from him.

      And the number of people who will successfully do that is limited o just one! The other 7.8 billion of us won't get anything.

  7. Sin2x

    "There is a mention buried in the NOTICE.txt file bundled with the CloudWatch extension that credits Headless Recorder, under its previous name "puppeteer-recorder," as required by the license. But there's an expectation among open source developers that biz as big as AWS should show more courtesy."

    'Nuff said. And no, Amazon has no obligation to promote the open-source software they use. Clickbait article pure and simple. You can do better, El Reg.

    1. Steve Davies 3 Silver badge

      re: You can do better, El Reg

      Isn't the motto of this site 'Biting the hand that feeds it'?

      That's what makes this site different.

      Amazon could do the right thing and told the world that 'we basically stole this from xxxx. We did that because it was good shit and the licence allowed us to'. Everyone would have known clear and upfront and they'd be getting a lot less flak here for that.

      Instead, they did the minimum. I guess the word 'magnamous' has been erased from thw Amazon list of permitted words and behaviours.

      1. Anonymous Coward
        Anonymous Coward

        Re: magnanimous coward

        "I guess the word 'magnamous' has been erased from thw Amazon list of permitted words and behaviours."

        And probably "magnanymous" as well (yes I know that one's not quite right either but it seemed to fit nicely with "anonymous" on this sunny afternoon).

        I used to have a BT Voyager 2100 ADSL modem/router. It was nice; it had the DSL Line MIB accessible via SNMP and stuff like that. It was based around open source and acknowledged it, but the source wasn't readily available. I reported this to someone in BT without particularly expecting anything to happen (I'm just Joe Public as far as they're concerned). Some considereable number of months later, I got an acknowledgement and an apology for the oversight from someone reasonably senior in BT, and the source became available.

        UK boutique ISP AAISP (subsequently?) produced their own variant of the Voyager 2100 software. Which is how it's supposed to work, isn't it?

        [I can't believe I'm defending BT. At least it's not TalkTalk]

  8. Ozan

    GPL now and GPL tomorrrow. Things like this put me off any pessimitive license.

    1. GrumpenKraut Silver badge
      Thumb Up

      Upvoted for "pessimitive".

  9. msobkow

    Sorry, but Bezos is famous for taking without paying, crediting, or acknowledging that he took anything.

    I would NEVER support AWS unless a *client* wanted it as a result. I don't support those who refuse to give back to the community, especially FUNDING for the OSS projects you're using. Not when you're talking all the BILLIONS Bezos rakes in off the backs of OSS projects. :(

    1. Anonymous Coward
      Anonymous Coward

      Can't really complain if the OSS licenses failed to add commercial exploitation clauses.

      May not be fair but it's legal, i may not agree with the ethics of the situation but its permitted under the freedoms of that license grants.

      If any thing I think the OSS community has to take a long hard look at its inertia to changing terms and keeping licenses relevant to how usage evolves. I mean we have had 20 years of cloud all but, yet still the most popular/cargo cult/me2 licenses have no protection against the hyperscalers creating PaaS implementations raking in millions giving nothing back. Is it so hard to draft a clause saying if company income is in the billions, then a dividend of 1% of profits derived from PaaS services built with licensed application is to be paid to the project??

      But then dirty money so stallmanites will make a fuss, and keep being the religious nut jobs of the FOSS world.

      AC as the nut jobs always get butthurt when I point out they are a problem and would better off buggering off and bothering a parrot

      1. Alan Brown Silver badge

        ".... raking in millions giving nothing back."

        This in spades.

        I had one US company tell me that my work saved them $80million in 6 months

        A suggestion that they toss something my way to help pay for development costs was "too hard". The problem was that the project had turned into a tail-wags-the dog thing (as they do) and when push came to shove, it got turned off

  10. Rilik

    A megacorp doing only what's legally required and ignoring ethics and good behavior? I'm shocked.

  11. MachDiamond Silver badge

    Big companies only worry about legal

    Unless a big company is doing a big PR push after getting caught (again) for doing something naughty, they are only worried about legalities. The legal department isn't PR and isn't worried about going out of their way to look good.

    If you are going to contribute your work to the open source community, the best thing you can do is make sure your license requires that you get credit. Since that's all you are likely getting out of it, at least require that much. I drop electronic designs into the public domain all of the time. I also extract stuff to help on projects. I don't worry about it as my clients can't do what I do so they pay me and the sun circles the Earth for another day. Bread cast upon the waters........

  12. martinusher Silver badge

    Its not "Amazon"

    This code wasn't written by "Amazon", it was written by someone who works at Amazon (or is at least paid by them). Most of us are developers and so are aware of the mechanics of coding -- you write a bit but most of the code is recycled and/or borrowed. The issue here appears to be "borrowing without attribution", an oversight that should be corrected. (The GPL makes such oversights a lot more diffciutl.) Once the oversight is made the code invariably ends up in the coporate respository with the boilerplate corporate copyright notice on it so as far as corporate legal is concerned its company property.

    There's a strong case for requiring an understanding of copyright as a fundamental programmer skill -- it belongs with language syntax, source layout and version control.

    1. Anonymous Coward
      Anonymous Coward

      @martinusher - Re: Its not "Amazon"

      No, no, no! If you read and understand the copyright you will be then sued for willful infringement. You will not be able to use ignorance as an excuse which in court can be (and usually is) very costly. See Oracle vs. Google.

  13. Sparkus

    Say no more.....

    Pretty much the core of the article here:

    "It's the fact that no one inside of AWS cared enough to stop and think 'is this a dick move?"

    1. Anonymous Coward
      Anonymous Coward

      @Sparkus - Re: Say no more.....

      No time for that, they're busy making money.

  14. Jonathon Desmond

    Mongo vs DocumentDB

    No mention that pretty much the whole reason for the MongoDB license change at 4.0 was AWS?

  15. StrangerHereMyself

    I disagree

    The license does not require attribution so I find it ridiculous of the author to seek publicity and act like a crybaby.

    If you want attribution, choose another license.

  16. Anonymous Coward
    Anonymous Coward

    If this was Slashdot...

    ...back when I still read it, this discussion would already have descended into the millionth identical rehash of the GPL vs. BSD or Apache holy war, with the exact same points everyone's aware of but hasn't agreed to disagree on (despite the fact that the arguments were well understood and the choice is a matter of personal opinion or philosophy).

    Regardless, yeah... while Amazon's behaviour is a bit dickish, the software was released under a license that doesn't require attribution. Maybe if that's an issue they might want to go for a different one next time?

  17. MonsieurTM

    What should one expects when lawyers get involved: Amazon must obey the law. Thus they legally followed it. The original author may not like this, perhaps they should have applied a license that was more in fitting with their hopes and desires.

    Sadly I have heard of companies that appeared to have a far less legal behaviour... Apparently is not hard for them to just take a copy, remove all the copyright notices and use the subsequent code as they saw fit. Clearly this should be totally unacceptable behaviour if it were to occur. Sadly it is not *companies* that might do this (a company is incorporeal after all) - it would be the employees - nice *people*, caring partners, good & thoughtful parents, who I have heard of that would do this. Apparently in some circumstances some feel no such moral nor legal restraint in their behaviour, sadly.

    Forgive my cynicism: authors of open source code need to be very careful about their license choice, much more careful. Moreover they need to decide carefully about what they want from releasing their open source code....

    1. Alan Brown Silver badge

      "Apparently is not hard for them to just take a copy, remove all the copyright notices and use the subsequent code as they saw fit."

      FWIW, at least one UK freeview PVR vendor did exactly that - and when called out on it, released a software update which attempted to run homebrew crypto on the ext3 filesystem that had given the game away as to what they were up to

      It had busybox, etc all sitting in there. Luckily for them the gpl-violations project was only interested in going after German offenders at the time

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020