Grayjay Desktop App

I love the right to repair work Louis Rossmann does, and this project goal as a whole, but this license is a major step backwards for software distribution with high assurances of security, freedom and privacy.

Debian, Arch, Guix, F-droid or any other independent signed reproducible build channels require a true Open Source license to function legally.

The license thus forces users to download unsigned non-reproducible binaries off grayjay servers and trust blindly that their build server is creating binaries from exactly the published code and not compromised to inject tracking or malware not in the public repo (an increasingly common attack they may not even know about for years!). Or say the grayjay domain is hijacked or even a BGP attack or a LAN MITM. All sorts of ways they could be helping distribute malware and not know it with no signatures or reproducible build proofs.

Thing is, your team would not have to solve these problems if you licensed it so the community could solve them for you, as we do for thousands of open source software projects.

I really want to see a project like this take off and would gladly donate, but only if it can be opened up for accountability via third party compilation and distribution channels so it can never be backdoored or co-opted for surveillance if your leadership or release engineers are ever compromised.

Said license: https://github.com/futo-org/Grayjay.Desktop?tab=License-1-ov...

There are other licenses like AGPL that would kill any attempt for someone to rip your code off to make their own proprietary offering, without locking yourself out of established freedom, security, and privacy preserving software distribution channels.

If anyone from the team is reading this, I would be happy to detail and discuss my concerns further as a software supply chain security specialist. Hit me up.

FUTO develops, for the most part, proprietary software that they plan to monetize. The license choice isn't some mistake that you can get them to recant by explaining the virtues of the AGPL and third party distributors. (They're already aware of these things; one of the products under their umbrella is Immich, which was relicensed to AGPL after they started employing the original developer, as a compromise between his goals and FUTO's.) They're deliberately going for the same model as Unreal: source access is only provided a courtesy to users, and/or as part of a marketing strategy, and they have zero interest in allowing you to fork their software.

I read the license and of course IANAL but it seems clear that Debian, Arch, Guix, F-droid or any other independent signed reproducible build channels can package and distribute their own reproducible builds of this software, as long as it is "free of charge for non-commercial purposes", isn't it?

(a FOSS license would also work, but if I have learned something in HN before, is that don't FOSS if you ever want to make money from something while preventing others from making money off of it)

while that is technically mostly correct, that does not properly reflect their intentions. they most certainly are interested in allowing you to fork their software as a user. but what they are also interested in is to prevent a fork to take revenue from the original developers.

so you can most likely (i don't know the details) fork and change and redistribute the code. what you can not do is exploit that commercially.

this goes in the directions of the discussions started by bruce perens that we need to rethink FOSS, because funded companies are taking advantage and making a profit from FOSS without paying the developers.

it is not obvious that FUTO's approach is the right one. it is an attempt at addressing the problem, and i expect that it will take more such experiments to shake out what the best approach to this problem really is.

> You may distribute the software or provide it to others only if you do so free of charge for non-commercial purposes.

>Notwithstanding the above, you may not remove or obscure any functionality in the software related to payment to the Licensor in any copy you distribute to others.

>You may not alter, remove, or obscure any licensing, copyright, or other notices of the Licensor in the software. Any use of the Licensor’s trademarks is subject to applicable law.

To me that says that if FUTO decide to paywall the entire app, nobody is allowed to fork it to remove that.

You can take a copy of Debian and resell it or put it in a product and sell that. That’s a pretty important freedom of free software.

As I understand it, GrayJay is not free (as in they want to be paid, which is I think is reasonable). How does this work with something like AGPL?

I'm curious to hear more, because I'm in the process of evaluating licenses for a software I'm planning to build and sell. For me it's important that users can feel safe with running my code and build it themselves - and keep using the software if I'm no longer around to maintain it. Looking forward to hearing your thoughts.

And Debian is OK with that, because Debian is not a for-profit company that paid it's developers money to make a product, thus they don't care that others get it and resell it.

For a company, the product itself, what makes money, cannot be OSS, as it makes its resell value effectively zero. If the software was OSS, then the software is _not_ the product, but added values are (support, consulting, etc... the classic trope)

But if the software itself wants to be the product, and is created by devs who require their monthly salary, typically the question is between a non-FOSS license or it not existing at all to begin with. Not between a non-FOSS and a FOSS license.

That's not a fork in the sense normally used by the free software community. It's better than nothing, to be sure, and if Xerox had adopted this license back in 1980 maybe we wouldn't even be talking about free software today. But FUTO still maintains some control over what your fork can and cannot do, which violates freedom 1.

I don't have a strong opinion on whether this licensing approach is right or wrong, I just doubt "anyone from the team" would find lrvick's post a compelling argument for switching to a free software license considering their stated goals.

Can’t you say this about virtually every single closed source binary only release software? Steam, 1Password, etc? Why is Grayjay special here. Just curious.

> as in they want to be paid, which is I think is reasonable

Considering the whole point of this app is to remove monetisation from YouTubers, I think this is completely unreasonable.

There’s literally nothing in any open source software license that stops the author from getting paid.

It is literally one of the fundamental freedoms mentioned by Richard Stallman. Freedom to sell the software.

AGPL just closes the cloud service loop where someone can take your code, modify it and deploy it and offer it as a cloud service. As they’re not technically “distributing” the modifications they wouldn’t be required to release their changes by regular GPL but they would by AGPL.

IANAL

Well that's not actually the point. It's heavily focused on preventing deplatforming creators.

There is much more to monetization than AdSense, which is adblocked away very frequently already. If it wasn't already removed by YouTube for saying something pg-14 or falsely copywright striked.

The license lets you do whatever you want except rip off FUTO. What does the license prevent you from doing?

i was unaware that there was a free software definition of fork. for me fork is a technical term that is used to indicate that the forked codebase is going to be developed with a different goal than the original. which license the code has, and what the limitations of that license are, is not relevant for it to be a fork. i can make a fork of a closed source application if i have the code and the legal right to it (which i might have because i paid the owner for that right)

FUTO is not xerox. and i disagree that xerox is responsible for allowing free software to be developed. furthermore, the right to commercial exploitation is not what drove the idea of free software. commercial exploitation was necessary because otherwise selling tapes and other media with free software on them would not have been possible. today where distribution of software can be done pretty much without any cost at all, this right is no longer needed in just to be able to fork and distribute an application.

it is only needed if i want to be able to commercially exploit the changes i make to the application. this is where free software and these new source available licenses diverge. and this divergence is the entire point of these new licenses.

also historically there used to be an active community of the development of non-commercial software. many MUDs for example had a non-commercial license and each one of them was forked many times over.

> For a company, the product itself, what makes money, cannot be OSS

It can. I work for XWiki SAS, and we sell some extensions under LGPL at store.xwiki.com. And it works, people and especially companies, choose convenience over installing the tools to compile and install the extensions themselves. It works because it's usual and easy to understand for companies to pay for software, and way easier to justify than donations to sponsor free software.

There are also several open source Android or iOS apps that you can buy. OSMAnd+, Conversations, DAVx⁵, Amaze Tools, Fair apps and are/were examples of this

This comes up occasionally and while it’s 100% true FOSS doesn’t mean you can’t get paid, any sufficiently big project is going to get folks repackaging it without the payment component.

A good example is for-sale Wordpress plugins. There are entire sites/communities for using the FOSS license to take those for-sale plugins and redistributing them for free. The RedHat debacle is another example although with some more nuance. Standard Notes had a similar situation.

It looks like the FUTO license is trying to prevent someone from stripping the payment features and redistributing. Personally I prefer when folks use a FOSS license but I think the “you can get paid for FOSS” argument is overly optimistic.

Thanks for your perspective! It is interesting. How does the business plan deal with the chance that it's perfectly in my hands (read: on anyone with whatever motivation, usually commercial) to grab the code and provide the same thing but cheaper or even free?

In this case I feel that the answer might ultimately be that it works because it is mostly a niche market and there are other value adds such as support from the makers themselves, which is always a good thing but already is not the software itself per se.

I don't think many companies would be confortable with such a brittle grasp on their sales. Basically it relies on nobody else wanting to do the same (and maybe risk that they execute better).

Imagine if Photoshop was OSS... well, it is good food for thought.

(EDIT re. the apps you mention: also interesting cases; not sure how much that model is actively hurting them or otherwise helping them, would love to see writeups from the companies or creators)

> Immich, which was relicensed to AGPL after they started employing the original developer

To make a small correction, the AGPL relicensing happened _before_ joining FUTO, and was not a compromise.

(I'm part of the Immich team)

> How does the business plan deal with the chance that it's perfectly in my hands (read: on anyone with whatever motivation, usually commercial) to grab the code and provide the same thing but cheaper or even free?

Here, it is just some extensions that are in a repository that is enabled by default in the main product (which is free and open source). Someone forking would not have their repository enabled by default. They could of course distribute their own version of XWiki itself with their repository enabled by default. The extensions we sell also come with some basic support, so there's also that. At some point, if someone forks and sells for cheaper, they'll also need to provide the fixes and the features asked by their customers, at which point they'll not be able to keep up with cheap prices.

I suspect a former colleague who now works as a freelance might be distributing some of these apps to their customers (they contribute some fixes from time to time through pull requests).

I guess if it happens more largely we'd figure something out. Now, it's also not our main income. You might be right that it's niche enough to fly under the radar. Forking and maintaining a cheaper copy might also not be lucrative enough: the apps we sell answer needs of existing customers anyway, so we need to write this code anyway, but someone external would probably find something more lucrative to do with their time. I don't know :-)

Another good example I didn't think about in my first comment is WordPress extensions with their premium plans. Because of the WordPress license, you are forced to distribute your WordPress extension as open source. And this is probably less niche, for the biggest extensions.

Sorry, that's right, it looks like the license change was a couple of months before. I must have misremembered something in Louis' announcement video.

I was pointing out that Debian can't distribute software that is licensed "for non-commercial use only" because Debian doesn't have use restrictions, and so their users might be engaged in commercial use.

This is the point number one in their free software guideline,

https://www.debian.org/social_contract.html#guidelines