Beware of "Backspaceware"

SubLevel writes "Since conception in 2004, Paint.NET has been generously been offering the software community the taste of successful freeware, by allowing anyone to download and decipher the entire working of their extremely popular photo editing program. As posted in the Official Paint.NET blog by Rick Brewster, "Backspaceware" as he has so coined has become a tremendous issue. "Paint.NET's license is very generous, and I even release the source code. All free of charge. Unfortunately it gets taken advantage of every once in awhile by scum who are trying to profit from the work of others. I like to call this backspaceware*. They download the source code for something, load it up in to Visual Studio (or whatever), hit the backspace key over the software's name and credits, type in a new name and author, and re-release it. They send it to all the download mirror sites, and don't always do a good job covering up their tracks.""

Proofreading

I been have been good at proofreading.

Let me introduce you

to the solution [gnu.org] to your problems.

Not all GPL violations get handled as smoothly

to the solution [gnu.org] to your problems.

Years ago, I dealt with somebody who backspaced my freepuzzlearena [pineight.com] package, which was distributed under GNU GPL version 2 [fsf.org] or later. Specifically, he did not "includ[e] an appropriate copyright notice" on the title screen. We cleared it up amicably: he agreed to stop distributing the backspaced version. But not all GPL violations get handled as smoothly as this one was.

Re:Not all GPL violations get handled as smoothly

You can sign over your copyright to the EFF (correct me if I'm wrong) and they will defend your code vigorously.

I know the FSF provides this service. I did not know the EFF did.

Re:Let me introduce you

Regardless of the lisence, people still breach it by making backspacewar eof it. I've seen it happend to alot of my work, which is why i avoid making it opensource unless people ask for it, or when it's a project i don't really care about. I don't make much commercial software, although i like to keep my name on my work to receive credit where credit is due.

Re:Let me introduce you

If you RTFA, you'll see that this guy violated Paint.NET's current license, so putting a different license in there would solve absolutely nothing.

Re:Let me introduce you

If you RTFA, you'll see that this guy violated Paint.NET's current license, so putting a different license in there would solve absolutely nothing.

But the GPL has been "tested" in court, while Paint.NET's current license has, I assume, not been yet. Also there are organizations that will help you in court if it's a GPL violation. So in part it's a matter of practicality, not principle.

Also Paint.NET should consider exactly how they want legitimately derived works to happen. If the GPL prevents certain kinds of derived works that they might like to see others create, then it's not the right license on principle.

Hmm, currently they're using the MIT license [opensource.org], which is extremely permissive. I don't even see a prohibition against re-branding and re-crediting in the license. So it's not obvious to me that the current license is being violated. Perhaps it is and I'm just not seeing it because IANAL. Anyway, consider that the current license provides next to nothing in terms of protection, and that's what the authors chose. The GPL provides substantial protection against abuses, and if paint.net wants to whine, they should "sublicense" (which is explicitly permissible under the MIT license) first to demonstrate that they really don't want this stuff to happen. The MIT license looks to me like a big "kick me" sign.

Re:Let me introduce you

What, so stallman can take the credit and get the benefits?

In Stallmanland, Backspace brings up online help because that's the most intuitive thing it can do - everyone knows C-h should bring up help. Your keyboard is broken and you should throw it way and get a different one. The software in the article should have been called Deleteware or better still delete-backward-charware to avoid any ambiguity. Get your terms straight next time.

Operation as normal

Unfortunately it gets taken advantage of every once in awhile by scum who are trying to profit from the work of others

When there is profit involved, that is going to happen. If you can be scammed expect to be scammed. You just have to hope that users are informed and intelligent enough to realize who was really responsible for the software. Welcome to capitalism. If one can get away with it, one can make as much money as they want

Re:Operation as normal

Welcome to capitalism. If one can get away with it, one can make as much money as they want

That isn't a feature of capitalism, it's a feature of human nature. Yes, it does mean you can't blindly trust a capitalist system from sorting everything out, but it is the very same principles which causes communist countries to go corrupt, and it is also why extreme liberalism will be taken advantage of by those who have the power/influence/money whatever to game the system.

Corruption isn't a matter of how governance is organised or how you set prices in your economy, it is a matter of transparency, openness and people being held responsible for their actions. If that does not apply it matters fuck all what economic system you use, you will just get different people screwing you over.

Now before people start suggesting direct democracy or some far-fetched ideal about having every company democratically controlled by the workers, you need to take into consideration that for democracy to work you need a transparent electoral system you can trust. Thus it still boils down to government transparency and people being slapped when they break the rules. There is no way around that.

Re:Operation as normal

WRONG! The MARKET solves ALL problems! Communist!

Obfuscated C

This is a good reason to implement obfuscated C for things like the program name and author.

Source code defined

This is a good reason to implement obfuscated C for things like the program name and author.

But obfuscated code is arguably not "source code" as many common copyleft licenses define it. For example, the source code for a work under the GNU General Public License is "the preferred form of the work for making modifications to it". GNU manuals are distributed under the GNU Free Documentation License, which addresses obfuscation more directly: A "Transparent" copy of a document "is suitable for revising the document straightforwardly with generic" software, and "A copy made in an otherwise Transparent file format whose markup, or absence of markup, has been arranged to thwart or discourage subsequent modification by readers is not Transparent."

Creative Commons

The merging of Creative Commons Non-Commercial licenses for resource files with GPL or MIT style licenses for the code is going to get interesting. Basically, it says "yo can do anything you want with this code, except this part right here, and the whole thing will fail to work without this part right here." At least, that's what I get out of the text...

Closing the source?

His "solution" to this seems to be to close the source for parts of the program, which is a major overreaction to this joker.

I don't think he should be worried - as long as his (the "genuine") program appears higher up in Google for the name and the important search terms, people will ignore the plagiarist.

Rich.

Re:Closing the source?

OTOH, his behavior is consistent with having first decided to close the source, and then coming up with this as an acceptable excuse to lay out before his user base.

Perhaps the people at his day job, at Microsoft, have offered to buy his copyright. There would be a need to close the source in a way that would not offend potential purchasers of any Microsoft product that would be marketed as a follow-on to the users of his original work.

Either the author of TFA is incredibly naive about the software community, or he is attempting to do something clever in the way of marketdroid spin. I doubt very much that he could have gained sufficient experience to write a major piece of software without losing his naivety along the way. OTOH, he works in an environment that values cleverness in exploiting markets and marks above honesty, ethics, or legalities.

Just saying.

Re:Closing the source?

Yeah. I think this is an interesting example of how underdeveloped and pathetic the OSS scene on Windows is. It's like going back in a time machine to 1988, when nobody had ever heard of the Gnu Project, nobody had ever heard of copyleft, and "free" software meant a mixture of illegally copied closed-source software and legally downloaded closed-source nagware, tipware, and crippleware. I sympathize with the author of Paint.NET, but he's fighting against a culture where most people have no idea what OSS is, and where all the social mechanisms the Linux/BSD community has developed don't exist. It's as though some British banker showed up in the Trobriand Islands in 1880 and announced that he was going to build a stock exchange. This whole thing would be a nonissue if this was Linux rather than Windows. Paint.NET is apparently a very popular piece of software with an active user community, so if it was Linux software, it would certainly have been packaged for Debian by now. People would be getting the latest version by doing an "apt-get install paint-dot-net." Imagine if someone made a backspaceware version of The Gimp -- obviously it just wouldn't work.

I used to be interested in the idea of spreading the word about OSS by making cross-platform apps available on both Windows and Linux -- the kind of thing that theopencd.org used to do. I had a a GUI app I'd written for my own use on Linux, and while I was at it, I made sure it ran on Windows. On the one hand, it was surprisingly successful. Judging by the emails I was getting, the vast majority of my users were on Windows. On the other hand, it was a huge amount of work to support those Windows users, and I started to question whether I was really accomplishing anything useful. When you write OSS that runs on Linux, you get that warm fuzzy feeling of belonging to a community and building something big and exciting. When you write OSS that runs on Windows, the users are not a community that has the same philosophical goals and is working toward the same ends; the users are people who typically couldn't care less about OSS (that's why they run Windows) but who simply want something for free. I ended up putting a notice on the web site saying that I would no longer provide support for Windows users; the source is still open, and they're welcome to try running it, but if it doesn't work, I don't have any motivation anymore to put in time helping a community that doesn't care about the things I care about. I don't think I'm alone in having this kind of experience. For instance, theopencd.org's site now says they're no longer actively developing the CD, and just has links to ubuntu, etc.

What's sad about the Paint.NET story is that the author seems genuinely pained and bewildered by the situation he's in, and since he doesn't seem to care about free information per se, it's like he doesn't have a compass to guide him. He runs up against this issue, and his reaction is, "oh well, I'll take the software closed-source." That's what the whole Windows OSS scene is like -- a bunch of people wandering around without any common vision of what they're trying to accompish. It's like watching the Israelites wandering around in the desert without Moses.

Shady business practices

I've seen this a number of times, shady people who only want to make a quick buck or have entirely unrealistic expectations of what software development costs or how it's done. At the root of this problem are either the shady people trying to make a quick buck, or the shady freelancers trying to meet the requirements on a non-existant budget.

Lets take the average scenario:
- Shady person sees a piece of software and thinks they can make some money if they made their own.
- Shady person has no programming knowledge, so posts on rentacoder or similar.
- Because they have no idea of what software development entails, or in order to make money it must cost next to nothing.
- Shady freelancer or outsourcing business wins the bid.
- Shady freelancer re-brands an existing piece of software in a day and the job's complete.

Quite a few times this is down to freelancers knowing they can just re-brand an existing open-source project, or even the shady business knowing they can get it cheap if freelancers do that.

Some times they get lucky and their "product" gets more success than the original project, but it's origins are now hidden and will be forever because you can't just come clean 6-12 months down the line when it's making money.

I've long called this pump and dump software, companies or individuals trying to build up a large portfolio of software under a common brand covering the widest market possible in the remote hope that they'll profit from some.

WTF?

It's usually called copyright infringement, if this guy is too stupid to assert his authorship rights... that's his problem.

What an asshole!

Perception of copyright

This is of course no different than what can be done with a hex editor on a binary. Somehow, being able to see the source code gives a lot of people the sense that they can do whatever they want with it. There has always been that mistaken notion that source code is the keys to the kingdom; for example, companies take great pains from letting their source code leak out, especially to their competitors. There are rarely secrets contained in source code (except for Microsoft's NSA backdoors), and if a competitor got it, more power to them wasting their time trying to reverse engineer it.

But there's something new contributing to this perception, which is the general disdain for copyrights these days. It's the record companies' fault, of course, for withholding sales of digital audio during the entire dot-com boom. Now they're struggling to sell singles for a fourth the price they were selling for 25 years ago, adjusting for inflation.

People think they have an entitlement to commercial music, and they think catching a glimpse of the source code gives them full rights.

Re:Perception of copyright

There has always been that mistaken notion that source code is the keys to the kingdom; for example, companies take great pains from letting their source code leak out, especially to their competitors. There are rarely secrets contained in source code (except for Microsoft's NSA backdoors), and if a competitor got it, more power to them wasting their time trying to reverse engineer it.

It is orders of magnitude easier to reverse-engineer source code in a high-level language than it is to reverse-engineer machine code or even assembly code (especially when you have software at your disposal that can obfuscate the compiled machine code). That's why leaaking out source code is much more dangerous from the point of view of the proprietary software company.

Now why didn't I think of that?

Anyone know?

This comment sponsored by the RIAA

Do you still have all of your source files? Yes. Has anything been stolen? No. They're only 1s and 0s. None of those users were going to pay for support anyway. No harm, no foul.

Right?

Backspaced comments

Tell me about it. I post some really insightful comment in slashdot and somescum cut and paste it and post it as their own insight in other fora and blogs.

Certified that this comment is not a cut and paste of another poster's comment. Well, as far as I know. And I don't know much.

CentOS = backspaceware?

Better not give that prominent North American Enterprise Linux vendor any ideas. They might try to put CentOS out of business.

Re:CentOS = backspaceware?

Glad to see the moderators correctly marking your post as funny. On a serious note, though, this "prominent North American Enterprice Linux vendor" doesn't own the copyright on most of the software they distribute to begin with. Both they and CentOS properly attribute the copyright owners. And despite the removal of trademarks (done at this "prominent North American Enterprice Linux" vendor's request), they do still attribute copyright to RedHat on programs and scripts that RH created.

don't let the door hit you on the way out

If you feel someone hasn't complied with your license, then enforce your rights.

Going closed source because of a license abuse of a single individual just shows Brewster wasn't serious about open source in the first place.

What's the problem?

He's entitled to statutory damages of something like $150,000 per copy. He hit the jackpot.

And why do I care?

I am a Slashdot participant. Information wants to be free. I can download other people's music and movies, and share them with millions of my friends via the Internet. Why can't somebody else do the same with software?

Re:And why do I care?

I am a Slashdot participant. Information wants to be free. I can download other people's music and movies, and share them with millions of my friends via the Internet. Why can't somebody else do the same with software?

You're trolling, of course, but here's an answer anyway. The objection is not that the software is being shared -- Paint.NET is freeware anyway, it's supposed to be shared -- but that someone else is taking credit for the real author's work.

That's fraud: the "backspacer" is lying to every person who downloads the modified software from him (and probably infecting them with spyware too). Many Slashdot participants, like myself, believe that copying and redistribution should be legal with or without the author's permission, but that doesn't mean we approve of fraud. Sharing copies of Star Wars is not the same as telling everyone you're George Lucas.

this happened to me

I spend a lot of time writing a PHP script for myself and decided to release it to the public. I think I threw a GPL notice on it but the source was included either way due to it being PHP. Well I put it up on my website and a few months later go back to update it. I search online and find someone selling it for $50. He refused to take it down when I asked him to which really added insult to injury. (He claimed he downloaded it from limewire therefore its fair game? wtf?) Considering he was actively advertised "his program" (mine with my name and stuff backspaced) he got a lot more people to download it then I did even though mine was free. I eventually got him to take it down by sending a cease and desist notice. (Thanks for the template RIAA)

Re:this happened to me

well he completely got rid of any GPL notices. The fact that it was a PHP script meant that the source was there but he was trying to sell "licenses." I would have no problem with someone adding features to my script and releasing it as a derivative work. I'm obviously not trying to make money off of this seeing as I released it for free in the first place. Its the fact that he pretended it was his, gave me no credit, and tried to make money off of it without doing anything besides backspacing a few lines in the code.

One of the culprits

This person was one of the named examples:
Ultra Software backspaceware [ultra-software.com]
On the products page a number of applications have been "re-branded".
I would imagine Mr. Hardy is blissfully unaware whether anyone has noticed.

Free Open Source Software

If FOSS was crap then nobody would want to distribute it. Do you think Vista would get redistributed if it was any good let alone free.

How's the saying go?

A liberal is just a conservative who hasn't been mugged?

Moral rights

This discussion makes me wonder if there is such a thing as "moral rights" in the US law. Let me explain : in France, the law gives you two sets of rights to protect your works. One is the "author rights" (droits d'auteur) and is the equivalent to US copyright law, ie, it expires some time after your death. The other set of rights is the "moral rights" (droits moraux), which are _inalienable_, and state that YOU are the sole author of the work and should be credited for it. So basically if you put your work in the public domain, and if someone distributes it and claims it as his own, under French law you can sue him. Is there such a protection in the US ?

Not about "source code", it's a legal issue...

People have done the same thing with both free and commercial software that has been released without source code. In some cases it's easier to "rebrand" the product with a bitmap editor and debugger than by putting together the needed compiler toolchain and recompiling it.

The recourse is the same, whether it's released in source code or not: you use the legal system. The problem with that is the same either way, too... and that is that the law is designed to make it easy for big companies to destroy individuals, not to allow individuals to protect their rights. But even with that caveat, there are steps you can take... I am not a lawyer, so I won't go into them, hopefully someone who is will post more useful details.

I loved this exchange in the comments:

Someone named Mario wrote:

Once the genie is out of the bottle it's hard to put it back in. It took 5 minutes to hunt down an alternate source for the 3.10 source code release you decided to pull. If you opt to engage in crippleware source code releases, you will ultimately find yourself competing against your own work as others will take over where you left off.

Playing catch up to one's own efforts can become a daunting task when faced with a team of capable and motivated developers. It's far less damaging to let the slouches have their brief stay in the spotlight.

To which Rick Brewster replied:

Mario - Then I guess I'll have to keep on innovating while not releasing the source code for the stuff that I want to keep real ownership of.

Comparisons to the relative success of individual closed source and FOSS solutions are clearly dependent upon the talents of the programmers involved. Therefore, Rick probably figures that keeping up with one or two other programmers won't be all that tough. However, what Rick forgets is that if enough developers do get interested in a particular FOSS project, he'll never be able to keep up. Examples abound of successful forks, after all. So, why try?

On another note and as someone else noted in the comments of the original story, why isn't he just sending DMCA takedown notices to this guy's ISP and to places like download.com? He could choke this off so quick it'd make that guy's head spin. I would also be truly poetic justice. :)

ctrl + h

I somehow always knew ctrl + h would be the death of us.

Backspaceware?

I have a better term for this, "plagiarism".

who cares?

this is an obvious risk that's taken any time you give something freely to other people. what, it's free only as long as they do what you want them to do with it? that doesn't sound free at all. i'd suggest anybody who has an issue with opportunists taking advantage of an...opportunity to take a quick second to realize that nobody cares except the people who think like you, and if you want to force other people to act the same way the you and the group that supports you wants, you are simply bullying people into certain behavior. use your powers of 'communication' (foreign phrase, i know. i'm a sucker for obscure terms) to talk to the people who do things you don't want them to do. have an argument and see if anybody walks away with a change of opinion. these guys who are selling this software aren't going to be making critical updates to it. they won't be offering technical support or bug tracking, or anything else. if you concentrate on these issues you are taking away from time that could have been better spent on something else.

A little bit offtopic

I know I'm offtopic, I tried Paint.NET few times, it's pretty good for being opensource, but I still prefer Pixel image editor http://www.pixelimageeditor.com/ [pixelimageeditor.com] Well but now to reusing opensource code in some commercial packages. Isn't there license to protect their work? I there's anybody not following your license, you can sue him :)

it happens with whole sites as well

This happens with whole commercial sites as well. For example, a .com site may be illegally copied onto the .ru tld and every detail but the contact info be kept the same.

Oh, and of course it happens a lot in software companies as well... I would bet that 75-90% of all commercial closed-source software probably contains more than 500 lines of code that was copied from somewhere (FLOSS or otherwise) without a proper licence (GPL or other)... Perhaps that's why software companies don't easily open-source their stuff even though they know that the resulting popularity surge would bring in more profits (the fact that closed-source software is scientifically proven to contain orders of magnitude more bugs than open-source is probably also a reason).

Document Registrar

There is a need for some kind of Document Registrar system, similar to copyright application, but not as cumbersome. Basically, you submit a document, such as source code, to a service to be recorded and time-stamped. It does not do much other than verify that person X submitted document Y on a given date and time. But that is enough to at least prove that you were the earliest to posses it.
     

backspaceware is a lame name, try this:

Cutware.
Easier to say, phonetically sound, and more accurate. I mean really, who would backspace lines instead of just deleting them

So, I hereby trademark 'Cutware' and 'Deleteware'.

The College Term Papers Solution

Considering the solution to finding Internet plagiarism in college term papers, why can't the same type of check be made to uploaded source code. This problem has already been solved!

Obligatory...

1. Download source code 2. Change author/program name 3. ?????????? 4. Profit!

Linux Kernel

Isn't this was some BSD developers were claiming was being done to their code in the Linux kernel a while back?

We used to have this problem in the CP/M era

So we put a return instruction at the end of the
title string, zeroed the registers and called the
first byte of the string. If the resulting
register contents weren't right, we executed
a halt instruction.

--dave

Linspire

In 2004 my favourite backspacewares were Linspire IM Suite (a very old version of Gaim costing $30), Linspire Office Suite (an even older version of OOo1 costing $30), etc etc. I also loved the way they implied that all Linux distributions were primitive Gentoos where everyone was forced to compile everything with "/.configure, make, make install" and the scary command prompt spewing acres of gibberish. They seem to be distributing recent and correctly versions of these programs for free nowadays, but the casual slander of proper operating systems continues. (Names and numbers correct before being stored and retrieved by my memory...)

It's copyright infringement

The majority of copyright licenses used for popular free software applications require people who redistribute the software to preserve the original author's copyright notice. Failure to do so is plagiarism, and the license treats plagiarism as copyright infringement.

Re:Statutory damages

Here's the thing:

1. Various people in this thread cannot see the harm in distributing software without giving credit for it.

2. The Author of the software sees this practice as harmful, whether as a material loss, a potential to lose copyright by not defending it, The principle of the thing or any number of other reasons. The only thing that matters is the author believes he has been harmed by this copyright infringement.

3. These are contradictory viewpoints, and amount to little more than opinion when placed in a vacuum. The rational, logical discussion you think you're looking for is impossible. We are forced to look at how disputes like this have been settled in the past, an appeal to the majority in the form of looking at established laws.

Therefore, the law IS relevant, and is pretty clear cut in this circumstance. Society judges harm has occured.

If you want to make an arguement without considering established law, all you're doing is intellectual masturbation. If you want to make an arguement about how the law should be changed, by all means, make it.

Re:Statutory damages

I've had this happen to projects I lead. Adware/spyware is almost always bundled (it's distribution is the primary motivation for Backspaceware), and this definitely causes harm. Fortunately, sites like download.com have a review process and they found my email address buried in the 'about' dialog, I guess the backspacers missed one...

Re:Statutory damages

Sometimes there is a direct loss when work is plagiarised. Also, Google has odd algorithms for determining how high one should place in their rankings. I release all my data under the GPL and often legitimate copies and absolute ripoffs both rank higher than I do for most search terms I would expect people to find my site with. Monetary loss aside, the fact that someone is trying to pass off another's hard work as their own is simply despicable.

Re:It's copyright infringement

but the real question is, did you lose any money or users that would contribute and such

Fortunately, for most people, money is not everything, nor even that important. A big reason for working on free software is simply to get your name out there. To be recognized. This is exactly what the person robs you of, doing this.

Re:It's copyright infringement

It certainly didn't hurt Microsoft when they ripped off FreeBSD's TCP/IP networking stack and called it their own, no? /sigh

Here we go again.

Microsoft did not rip off the BSC TCP/IP stack. They, and every other OS vendor were *expected* (almost required I think) to use it, AND they left the copyright notices in, as required. The idea was that everyone would be on the same page, as it were. OK Microsoft buggered it a bit with their darn silly extensions, but even these did not stop network connections from other OS's from working properly.

Re:So, whats the big deal?

As a freeware author, reputation is all you can expect to get in return for your work. It's bad enough that so many ad-laden download sites exist which make users jump through hoops to get the actual file or find a link to the homepage, all the while bombarding them with banners and popups. Never mind that the file is usually available from the well-sorted homepage without a hitch. But now some people even rip you off for the attribution. Quite frankly, be thankful for every piece of freeware that is still out there, because most authors wouldn't take that kind of shit if they got paid for it.

Re:So, whats the big deal?

I think rather than the problem be "I am not getting my due recognition and payment (if applicable)" is that someone else is taking all the time an effort of someone else which allows them to get the recognition and potentially payments if they incorporate a program they got for free and simply slap a $5 price tag on it.

Re:If he doesn't like it

Uh, no. All code that isn't yours must attributed to the original author.