Android 16 QPR1 rolled out in binary-only form to phones that are blessed by Google over two months ago, and it's only just now that they bothered to actually release the source of their open-source operating system.
And it is very important to remember: being able to do this is the reason why companies have brainwashed the Internet into choosing the MIT license for everything.
With GPL-only code, the world would be much nicer for all of us.
Nobody needed to "brainwash" me into choosing the MIT license for my projects. I choose it because I disagree with the philosophy of the GPL, and think that true freedom requires the freedom for others to make their own licensing choices. You are quite welcome to disagree with that stance, but please cut out the inflammatory language. It's not charitable towards others and it isn't healthy for good discussion.
This is probably the biggest and most successful example of utilizing non-permissive open source licensing for the public good - I’m curious why so many places I’ve worked have insisted on avoiding using libraries with GPL licenses in favor of MIT licensed projects, while at the same time hosting all of their services on different flavors of Linux.
It definitely seems like MIT is favored by big corps but at the end of the day, they’ll use GPL licensed code if it’s the best option. Which makes me wonder why it’s so demonized.
Compatibility with proprietary dependencies that the company cannot control. If I'm not mistaken, GPL requires the release of the dependencies' source code too if there are no other implementations around.
I would be happy to hear from anyone who knows about this subject if what I'm saying is correct.
It depended on whether the programs were distributed together. So it wasn't okay to link against OpenSSL for GNU/Linux distributions (although interpretations varied). For a time, this was used to push GNUTLS as an alternative to OpenSSL. But it was generally agreed upon that it was okay to link against CryptoAPI on Windows because you would not distribute Windows code along with your GPL binaries.
> I’m curious why so many places I’ve worked have insisted on avoiding using libraries with GPL licenses in favor of MIT licensed projects
Because failing to manage their GPL obligations led to a lawsuit for D-Link followed by a compulsion to release a lot more code than they ever planned to share online, to the company's detriment.
You can pretty much look at the stock value before and after they lost the lawsuit. There was, notably, a big value spike immediately after, but the value then settled down to an average of around 15 a share, markedly below their previous 30 a share.
For some companies, the value is in the proprietary content and using GPL would be shooting themselves in the foot.
I think that a lot of companies stepped back from the GPL when GPLv3 was announced, because it puts some pretty severe restrictions on how you can productize.
The tl;dr is that for any GPLv3 software that you ship, you have to also give your users a way to install a modified copy. If you're trying to ship a secured product, that basically means that you have to give code/rootfs signing keys to your customers. This is a non-starter for many kinds of products that need tamper protection (whether for product, legal, or safety reasons).
The Linux kernel remains on GPLv2, and is still used quite heavily. Most GNU software (coreutils, gcc, etc) moved to GPLv3 and then commercial companies abandoned them in favor of permissively-licensed replacements.
> If you're trying to ship a secured product, that basically means that you have to give code/rootfs signing keys to your customers. This is a non-starter for many kinds of products that need tamper protection (whether for product, legal, or safety reasons).
Fuck that. If it's my device then I want to have control. If I want to violate part 15 of the FCC rules then I'm going to do it and nobody is going to stop me. This paternalistic rubbish has to stop, I'm sure your company would love to retain ultimate control of the thing you've sold me, but that's not compatible with a free society.
"remote"? No. I want my driver-assistance ECU to be air-gapped but fully reprogrammable locally. After all, even with a totally tivoized ECU, a physically present attacker could still make my car kill me by cutting my brake lines.
> while at the same time hosting all of their services on different flavors of Linux.
That linux uses GPL is entirely irrelevant to the vast majority of uses of it. What hosting services are customizing their kernels with proprietary code?
See also, FreeBSD: Plenty of commercial offerings around it, no source for most of them, because the license doesn't require it. For example, there's no source for the Playstation kernels/userlands released by Sony. They only upstream some bug fixes that would be too onerous to keep in their private fork.
In order to build a custom Rom, you need three things: the kernel tree, the device tree, and the binary blobs.
The binary blobs can be extracted from a running phone.
The kernel tree is GPL-licensed, so almost all phones have kernel trees releases, and if they don't you can ask the manufacturer for it.
The device tree on the other hand, is created from scratch for each phone. As such, there is no pre-existing license, and therefore no legal obligation to release device tree sources, so almost no manufacturer does. The only notable exception is Google with their Nexus and Pixel phones. (But this has stopped since with the Android 16 release)
We can safely assume that the manufacturers that don't release the device trees, wouldn't have released kernel trees if they weren't obliged to.
But adding support for a device to the Linux Kernel requires _huge_ reverse-engineering efforts. This is why there's still no fully functional Android build for iPhones.
Some have "interoperability exceptions" - so if you have been granted a license to something, you can reuse it in different context (so for instance you could run Microsoft Office on WINE even if Microsoft's license forbids it).
Some have restrictions on redistribution (but the builds just using the blobs from the old filesystem are fine).
A lot of that is in the gray area, and for that very reason many builds don't actually redistribute blobs - they extract and reuse them live.
Not at all. We have a lot of experience with this with such licenses and other software. BSD as just one example. Not only do we have a pile of emperical evidence, it's also a priori obvious: they're not going to expend any effort or take any risk if its not neccessary. They can just benefit without paying.
Easy see the upstream contributions from any commercial vendor that has integrated BSD into their UNIX flavours, or the alternatives that exist nowadays for embedded FOSS operating systems, none of them GPL.
> I can get the source of the kernel, including all drivers, running on my android phone with a few clicks and build a custom ROM.
No, most drivers are closed source and you can just extract binary blobs for them. They run as daemons that communicate through the binder ipc - Android basically turned the Linux kernel into a microkernel.
It's the tolerance against intolerance paradox, basically. The freedom to take away freedom. I'm leaning towards not giving that freedom, but it's complicated.
A good example of that is Apple moving from bash to zsh, because bash moved to GPL 3 which prevents locking down devives. It was very specifically because they wanted the freedom to take away their users' freedom.
I will say here something I have said and has proved unpopular before. The complexity is mainly something of scale. I would propose more permissive MIT style licensing for small companies, and something stricter for larger companies. It is hard to enforce (which was the main complaint I got), but it's not impossible and I think it is better than the current state of affairs.
Large companies will self-enforce, as they already do with GPL and "open" LLMs that are dual licensed by company size. Small companies don't care either way and are hard to enforce, so that works.
Any pointers to open/closed vendors and projects which use this kind of honor system?
EU CRA has "commercial use" definitions to differentiate OSS contributors and OSS consumers.
Not that I know of, but there are many subscription services that are based on institutional size / income, and they are more often than not self-certifying.
Despite anyone's personal views, it's undeniable that corps favour a Free they can use as they wish. It's also fairly evident that they make this favour known through their culture. Brainwashing may be a bit far, but only just.
All for naught, I fear, while LLMs consume all and regurgitate license-free to vibe-coders everywhere.
Then you care about a different kind of freedom than GPL proponents: licensing freedom, rather than user freedom, basically. There is no 'true freedom', as it comes down to the point of view; no licence will give you both at the same time.
User freedom isn't really that though. It's corporate goodwill. If a company uses GPL code and doesn't release it what is the enforcement mechanism? A lengthy court proceeding that can go either way and will likely bankrupt the less wealthy party. Or if they are in another country they can tell you to piss off and you have no way of getting the code. We see this all the time with China. In essence, they are the same but one allows you ask nicely and hope that the corporation is feeling generous.
This is an example of a "When did you stop beating your wife" question. It assumes only "true freedom" can stem from a license other than the MIT one without any attempt to arrive at the conclusion that the MIT license doesn't reflect "true freedom."
You may disagree with the overly-derogatory term "brainwash", but I think it is true that corporations have been spreading FUD around coopyleft licenses for a while now, and the balance has tilted toward permissive licenses for new projects.
> You are quite welcome to disagree with that stance, but please cut out the inflammatory language. It's not charitable towards others and it isn't healthy for good discussion.
It is no more inflammatory than the coordinated war that was waged against copyleft licenses on tech fora and social media for more than a decade before hackers started to realize en masse that it was all a ploy to extract free labor from them. There are legitimate uses for permissive licenses and I still use them for those. But the big players certainly pushed them well beyond those cases where they made any sense. More than enough evidence has since emerged that prove this to be the case.
It does no one any favors to deny the presence of bad actors and their malintent behind the utter mess we find ourselves in right now. I find it disturbing that whenever people express their frustration regarding this, there are attempts to shoot them down with accusations of inflammatory language, political correctness, etc. But the truth is that the big players have caused far far more damage than any inflammatory citicism they face for it now. What's actually unhealthy for good discussion is the dystopian censorship of criticisms because the truth make some people uncomfortable. Every bit of harsh criticism they receive here is something they willfully and rightfully earned.
> hackers started to realize en masse that it was all a ploy to extract free labor from them.
There are at least three different groups of people here:
1. Those paid to write permissively licensed software - not free labour.
2. Those who are happy to be free labour. I read a comment by a BSD developer about being very proud and happy to be able to buy a games console that ran on a BSD derived OS.
3. Naive people who are are shocked when someone creates a proprietary fork of their code. It is something that they explicitly gave everyone permission to do, and it is something that has been happening for decades - I can think of Windows using BSD network code in the early 90s, but there are probably much earlier examples. Apple's OSes are very high profile examples since 2001, and Nextstep before that.
The last group have themselves to blame. Did they not take the trouble to understand a legal document? Do they know nothing about the history of their industry? Do they takes steps to stop it - for example by doing releasing updates under a copyleft license?
I agree with you that big players do push licenses that suite themselves, but it relies on either deliberate choice or foolishness by contributors for it to work. I also think copyleft is usually of greater benefit to society.
People being naive doesn't give the bad actors the right to exploit them. That's victim blaming. The responsibility falls squarely on the actors who actively made the unethical/immoral choice.
> What's actually unhealthy for good discussion is the dystopian censorship of criticisms because the truth make some people uncomfortable
I think you're missing the point.
There are developers who prefer MIT not because they're a "big player" or "because truth make people uncomfortable", people simply have different preference for what the ideal license is for their project.
If you cannot deal with that, that sounds like a you problem, but judging by your comments, you're not exactly gonna re-evaluate with a different perspective, since you seem unable to understand others have different ideas and opinions than you.
Others having different ideas and opinions doesn't mean that those ideas and opinions are correct, or that they are beneficial. They might be detrimental to the FOSS movement or to society in general.
So "to each their own" only goes so far.
One can very well accept that other devs/teams have different ideas and opinions && that they can (by law) have such ideas and opinions, but also think that they have them for the wrong reasons, and that they shouldn't have them, and that we'd all be better off if they didn't.
> There are legitimate uses for permissive licenses and I still use them for those.
The parent didn't talk about forcing developers to choose copyleft.
And you ignored the stated legitimate reasons for choosing copyleft in most cases if you care about the society.
> There are developers who prefer MIT not because they're a "big player" or "because truth make people uncomfortable", people simply have different preference for what the ideal license is for their project.
Did you miss this part in my comment?:
> There are legitimate uses for permissive licenses and I still use them for those.
Or this part from GP's comment?:
> being able to do this is the reason why companies have brainwashed the Internet into ...
Or this part?:
> ... choosing the MIT license for everything
(emphasis mine) All of these imply that the companies did a mass campaign and not individual brainwashing. They also imply that the MIT license is not suitable for everything and by corollary that there are instances where they do apply. All of it are aimed at the companies that resorted to these underhanded tactics. Where does any of these imply that every single use of the MIT license is due to brainwashing? I can't understand how anyone concludes instead that it's all a personal attack on MIT license users (that includes me too).
> If you cannot deal with that, that sounds like a you problem, but judging by your comments, you're not exactly gonna re-evaluate with a different perspective, since you seem unable to understand others have different ideas and opinions than you.
Not only does one have to deal with people reinterpreting others' comments according to their convenience, they also have to withstand guilt tripping based on it. And the irony is that you cite my complaint about the same issue for it!
Agree 100%. I gave up on the GPL before I even knew what exactly it was about because of the zealotry of many of its proponents. I would even go as far as saying that without the FSF, GPL-like licenses would be much more common.
Any half-decent person is going to keep on breathing. It's one of the basic prerequisites of bringing some value to society. Not breathing is selfish and completely misses the point of life. If you're going to exist, then breathe; it's really as simple as that.
ideally -- without a legal system using force to stop people using knowledge (IP laws), -- i would be on your position. in fact, i used to agree with you.
but in the current reality around us, i believe it's a more nuanced issue.
Some of the reason why the MIT license etc. is more popular surely has to do with the license text itself. I can understand the MIT license, and my corp lawyer can easily understand all the consequences of using something under MIT license. With the GPL, not so much. It's verbose and complex and has different versions.
Would it really be impossible to have a license with similar brevity as MIT but similar consequences as GPL?
Brevity maybe, but ease of understanding no. Copyleft licenses interact with copyright law in ways that permissive licences just don't need to. The closest you can get is probably MPL-2.0.
The GPL is particularly bad here as it pretends to define what is or isn't a derivative work, which is outside the scope of a licence but within the scope of a court. The EUPL was created partly because EU directives bound the viral clause in ways the FSF won't admit to, although that one isn't simple either (I'm not a fan of its compatibility clause).
No, the MIT license is short exactly because it has so little restrictions. You simply can't encode the desired result of GPL into 160 words like MIT can.
> I can understand the MIT license, and my corp lawyer can easily understand all the consequences of using something under MIT license.
Sounds like you need a better lawyer.
The consequences of the GPL are not all that complicated. In most cases it boils down to offering the source if you distribute the code outside your organisation.
Therein lies the problem. When dealing with the law, you don't want to be relatively sure that you won't go to prison or won't get sued for $1M, you want to be completely sure.
Something like the GPL is complex and non-standard as far as its interactions with the legal system go, because it is essentially a sort of hack of copyright law. If it goes before a court, you have no idea what might potentially happen. So rather than deal with that kind of complexity and uncertainty, you'd use something under MIT or Apache License that is just much better understood.
> Therein lies the problem. When dealing with the law, you don't want to be relatively sure that you won't go to prison or won't get sued for $1M, you want to be completely sure.
Not really. Unless you are redistributing it does not affect you at all.
> Something like the GPL is complex and non-standard as far as its interactions with the legal system go
it is widely used, and most people are running some copyleft software anyway, most commonly GPL or a variant such as LGPL. Linux servers, Android phones, routers, web browsers....
Say you have linked against a GPL'd dependency which you have not modified but for which there is no API-compatible substitute. Are you now bound by the terms of the GPL? FSF says "yes", which tends to surprise people. But if there is an API-compatible, non-GPL'd substitute, the answer arguably becomes "no". Note that this has nothing to do either with your work or with your direct dependency, but on the existence of some random artifact out in the ecosystem which may come into existence at any point in the timeline.
API is not a random artifact but a dedicated feature designed to separate one program from another. It also implies much more stability for the external connections to the code.
It's like saying that display is a "random artifact" of a computer not making any difference in its design or usage.
There are whole industries built around the notion that “License: MIT” is everything that is required to meet the notification requirements in the license. So I wouldn't say that the MIT license is easy to understand.
> I can understand the MIT license, and my corp lawyer can easily understand all the consequences of using something under MIT license. With the GPL, not so much.
Any IP lawyer who hasn't come across the GPL yet is probably not worth listening to.
I mean, would you listen to a bridge engineer who hasn't yet heard of a calculator? Sure, they may understand their shit, but if they haven't heard of calculators yet they are clearly not in the industry.
Any IP lawyer who hasn't yet read the GPL and formed a professional opinion on it isn't equipped to handle IP matters at all.
Right, I think people misunderstand "free" when they are dominating versus "free" when they are the smaller player. One is a tool for domination and capture, the other is a tool for freedom ESPECIALLY against a bigger player.
Never attribute to malice that which can be explained by laziness.
Personally, I MIT/BSD my stuff because, well... it means I don't have to think about it ever again. If I do GPL, I have to make sure that I'm following the rules set out in that license and making sure others who have based their code on my project have done the same.
And that's, like, work, man, especially if you don't have a foundation and legal eagles on your side to double-check that everything's kosher.
Linux is an exception, not a rule, in how GPL is usually handled in FLOSS projects.
>If I do GPL, I have to make sure that I'm following the rules set out in that license
If its all your own stuff you don't really have to care about the license. Otherwise the rules are pretty simple, include a GPL license and if requested by a user supply the source code (which you can even charge some money for).
>and making sure others who have based their code on my project have done the same.
If you don't care what others do with it, you don't have to enforce it.
As the sole copyright holder (A)GPL only gives you more options.
There's no difference for you. It's your code. Choosing a particular license can't restrict how you yourself use it. An absurdly common business model is for you to relicense to BSD/MIT/proprietary for a particular customer who pays you to; it's the same code, you're just not obligating that customer to share their changes if they redistribute it.
The GPL is a statement you're making about the rights that other people are granted when it comes to your code. It's not a personal pledge. Exactly like every other license btw; they aren't oaths. You're also not required to police or sue people who break your license. It's your code.
That's just it, though. If it doesn't carry any sort of possibility of being enforced, well... why bother? I could just go with the easier-to-understand license, like someone upthread mentioned.
If we're going to see the promised tech ecosystem that GPL's authors aimed to provide, we're going to need more people to take it seriously. Most people don't want to take it seriously, and if that's the case, we're better off if they just went with MIT/BSD.
I mostly agree, unless the new release modifies GPL code submitted by other entities than Google - their licensing of that code under GPL would force Google to release the rest too.
Open-source projects maintained by individual developers working for free absolutely deserve more respect than that, but ones maintained by the most profitable company in the world [1] do not, especially when they go out of their way to change from doing the right thing to doing the wrong thing [2].
> ..., especially when they go out of their way to change from doing the right thing to doing the wrong thing.
And let's not forget this part. Android is a member of the mobile platform duopoly. Another similar project - Chrome - is almost a monopoly among web platforms. Both these projects exploit the open source label and most people's false belief that open source somehow equates to respect and protection of user rights. (Philosophically, it's only free software that cares about user rights. Both projects are textbook examples of non-free open source software.) This actually protects these projects to some extend from criticisms and penalties against the dark patterns that they employ to corrupt and exploit both the mobile and the web ecosystems. They absolutely don't deserve the same considerations as the passionate and underpaid small teams or individual maintainers.
Being more constructive, the future isn't looking bright for freedom of choice in mobile OSes, as governments and banks enforce use of approved apps on approved devices for identification and banking. Without one of either an Android or an iPhone, things get difficult. My government for example can consider a phone running something like GrapheneOS a Criminal Device.
Android is the most open of the two, being open source, so it would be nice if it stayed that way.
Applying your argument more broadly, we shouldn't critique any product or changes made to it, and I don't see any reason why that should be true.
Caring about the products you use is pretty standard behaviour, and when the product changes under the user's hands, it's normal to complain. It can resolve the issue faster and less painfully than switching products would.
The fact of the matter is that Android is fully funded and developed by Google and you kinda don't have much standing to control what they do with their project and how - especially if all you can say is that their work is bad.
You can be unhappy about it, but it doesn't change that its their work and their money on the line here with very little relationship to you or your wishes. You're not even a paying customer.
This doesn't apply to "any product or changes" at large.
You said we can be unhappy, which is what the grandparent was being, but you took issue with that anyway. I imagine people in deep enough to care about the downstream release cycle of android are well aware of the power structures at play. Being under the thumb of a massive corporate is not an enviable position but here we are, and here we complain.
It's not the same lol
I become a paying customer of Samsung and Google because Samsung paid for it (you have to pay for your device to be verified and access Google Play Services) and some of the cost is absorbed by me
I don't become a PAYING customer of Linus because Thinkpad didn't pay for Ubuntu (and if anything was paid I would become a customer of Canonical)
