top | item 29893933

Ask HN: Is it malicious to start charging $ for your previously free project?

12 points| 5ESS | 4 years ago | reply

It has been in news recently that the colors.js developer was suspended from Github for breaking his own project(adding an infinite loop in his program that halts it). Github staff hijacked his repo and reverted the change. It is being widely acclaimed that introduction of this update is "Malware". It is being criticized as a "malicious" act.

Now, say, instead of making the new version of his program cease to function for everybody entirely, he decided that the new version of his program was no longer going to be free, and if users wanted to utilize the newest version they must pay a fee. Say he introduced code instead that checked if a license was purchased for the software, and if so the program works, and if not the program halts. Would this have been considered a "malicious" act as well?

19 comments

[+] jka|4 years ago|reply

> Would this have been considered a "malicious" act as well?

Price increases can cause a loss of customers; that's fairly well understood, I think.

I don't think it would be seen as malicious, because:

- People could fork from the previously-free edition

- People should generally be understanding of (even if not in agreement with) the desire to make money from their labour

For a FOSS project to attempt to engage with existing investment/company/private equity structures could be fraught thought, I'd expect (one route to enabling a revenue model).

Are those groups wise to -- and aligned with -- the mindsets and opportunity envisioned by FOSS contributors?

[+] Const-me|4 years ago|reply

I think that behavior is totally fine, but only if the change is communicated to the people using the program or library.

I had an interesting issue with Nuget package manager. Authors of some open-source package we’re using changed their license from permissive MSPL into another one which only allows non-commercial use and also says “reserves the right to modify this Agreement at all times without notice”, LOL.

At some point, I pressed a button in visual studio to upgrade dependent packages if our software. The project it relatively large. It’s developed by a team of people over years, and has dozens of dependencies. The project builds a desktop software which doesn’t listen on any sockets or installs any services, security is not an issue, so I only pressing that button couple times a year. A few of these third-party libraries were automatically updated. I have built and tested the software, and called it a day.

It was mere luck I noticed the change of the license of that library before we built new public release of our software.

Not sure everyone agrees, but I think the responsibility is largely on Microsoft, not the package authors. When a package author changes their license to be more restrictive, I would expect Visual Studio should stop upgrading the dependency, and show the developer doing the upgrade some message box with human-readable error text, and links to old and new licenses. That didn’t happen, it was no popups, no messages, nothing I could possibly notice and react.

[+] byoung2|4 years ago|reply

In the case of colors.js, since it was MIT licensed, anyone who has a copy of it is able to use it for free, and provide it to others for free, even if the author decides to charge for it. Maybe this is a wakeup call for developers not to blindly include dependencies in their projects, in case this happens again. Maybe you should always fork a repo and include your fork, and only selectively merge in upstream changes.

[+] 5ESS|4 years ago|reply

Good point however developer could still have decided to remove the MIT license and licensed code and re-write or remove those licensed bits entirely, and then start charging money for it. I wonder if Github would have still considered that malicious and suspended him for it? I guess it's some sort of new unwritten rule on Github: thou shall not remove features from one's own project that others depend on.

[+] speedgoose|4 years ago|reply

I think it’s more realistic to keep the current system where you download packages and updates from npm. The issue is rare, not every package is that popular and destroyed by their author, and it has been fixed quickly. Forking is easy but maintaining a fork, including security updates in a short time, is a lot of work and I doubt many developers would actually do it.

[+] alin23|4 years ago|reply

I've done that with Lunar (https://lunar.fyi)

Lunar 3 was free and open source, then a very high effort upgrade had to happen because the M1 CPU needed different low level logic for controlling monitors, so I made Lunar 4 paid.

I still keep Lunar 3 as a free download right on the front page, and its source code is untouched in the lunar3 branch (https://github.com/alin23/Lunar/tree/lunar3)

Most people were happy to pay and support me for the new app, but inevitably there were some very rude messages because some users felt entitled to getting the upgrades free forever.

I think it's a perfectly reasonable thing to do, it's your work and your time and you should ask to be compensated for it if you need the money.

[+] captainbland|4 years ago|reply

Not really, considering the alternative is almost certainly that you stop supporting it all together at some point.

[+] jimmyvalmer|4 years ago|reply

No more "malicious" than raising a price.

[+] 5ESS|4 years ago|reply

Seems a bit paradoxical how making your program cease to function for users who don't pay a fee (say $10,000) is considered fine, yet making your program cease to function entirely is widely considered a malicious act of malware distribution that results in your github account being banned.

[+] tlhunter|4 years ago|reply

If it were released as a major semver change then that would be borderline acceptable. Anything less is malicious.

[+] pedoh|4 years ago|reply

Is it malicious because it is (I am guessing) in wide use? Would it be malicious if there were nobody using it? 10 people? If there is a line established based on usage, where is that line? I don't know.

Also, would it be malicious if the author had simply deleted the project altogether, as opposed to putting in an infinite loop? From the author's perspective, if you want to use my code, fork it, and have at it, but I don't want it in my space any more. Is that not a reasonable stance to take? It may not be the "right thing to do", but it is his code, and he is the associated "owner" of the code. I don't know.

Going to an extreme, the implication _could_ be that I should never delete any open source project that I create, because it would be "malicious". The reality is that I could delete most of my open source work, and nobody would bat an eye. I'd be pretty shocked to my doing that being labeled a malicious act.

[+] barbarbar|4 years ago|reply

It would be completely fine in my opinion. I don't think carpenters or automechanics do much free work.

[+] softwarefounder|4 years ago|reply

Do you value money more, or "kudos" from the internet more?

Somewhere there lies your answer.