Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Programming Businesses Open Source The Almighty Buck

How a VC-Funded Company Is Undermining the Open-Source Community (theoutline.com) 84

Adrianne Jeffries, reporting for The Outline: Is a $4 million venture capital-funded startup stealthily taking over popular coding tools and injecting ads and spyware into them? That's what some programmers fear may be happening. It is one of the most troubling scandals to hit the open-source community -- a robust network of programmers who work on shared tools for free -- in recent memory. It started back in April, when a programmer noticed a strange change to an open-source tool called Minimap. Minimap has had more than 3.5 million downloads, but like many open-source tools, it was maintained by a single person who no one knew much about other than their username: @abe33. At some point, @abe33, whose real name is Cedric Nehemie, was hired by Kite. Kite was started by Adam Smith, a successful tech entrepreneur who raised funding from a slew of big names including the CEO of Dropbox and the creator of WordPress. It is unclear what Kite's business model is, but it says it uses machine-learning techniques to make coding tools. Its tools are not open source. After being hired by Kite, @abe33 made an update to Minimap. The update was titled "Implement Kite promotion," and it appeared to look at a user's code and insert links to related pages on Kite's website. Kite called this a useful feature. Programmers said it was not useful and was therefore just an ad for an unrelated service, something many programmers would consider a violation of the open-source spirit. "It's not a feature, it's advertising -- and people don't want it, you want it," wrote user @p-e-w. "The least you can do is own up to that." "I have to wonder if your goal was to upset enough people that you'd generate real attention on various news sites and get Kite a ton of free publicity before your next funding round," @DevOpsJohn wrote. "That's the only sane explanation I can find for suddenly dropping ads into the core of one of the oldest and most useful Atom plugins." [...] Although Kite has no business model yet, it's widely thought in Silicon Valley that having users is the first step toward profitability. Adding users potentially benefits the company in another way, by giving it access to precious data. Kite says it uses machine learning tactics to make the best coding helper tools possible. In order to do that, it needs tons of data to learn from. The more code it can look at, the better its autocomplete suggestions will get, for example.
This discussion has been archived. No new comments can be posted.

How a VC-Funded Company Is Undermining the Open-Source Community

Comments Filter:
  • So? (Score:5, Insightful)

    by apoc.famine ( 621563 ) <apoc,famine&gmail,com> on Monday July 24, 2017 @09:47AM (#54866815) Journal

    Developer shits on own code. Fork it before the ad insert, and keep using it. If you really need it to do your job, either take over the fork, or hire someone else to do it. Is this really rocket-science? And how does this undermine open source? Clickbait headline.

    • Re:So? (Score:5, Insightful)

      by KiloByte ( 825081 ) on Monday July 24, 2017 @09:55AM (#54866881)

      In this case, it's a shit little package that requires no real maintenance, so forking is an option.

      But what would you say about Firefox dropping sound support (PulseAudio might work on some machines, but not on any I own), degrading the UI to TabsOnTop then Australis, dropping most useful extensions (in FF 57), and so on? Do you, or any small team, have the resources to keep maintaining Firefox? PaleMoon is a proof it's not as easy as it sounds.

      Likewise, when OpenOffice went apeshit, it was saved only by a bunch of companies funding LibreOffice.

      Or, despite MATE being so much better than GNOME, it's the latter that's the default in most distributions.

      "Just fork it" isn't that easy.

      • But what would you say about Firefox dropping sound support (PulseAudio might work on some machines, but not on any I own),

        I'd wonder if it works with apulse [github.com], which seems like software well worth improving.

      • Re:So? (Score:5, Funny)

        by DontBeAMoran ( 4843879 ) on Monday July 24, 2017 @10:04AM (#54866965)

        Have you tried spooning it?

      • Re:So? (Score:5, Insightful)

        by kurkosdr ( 2378710 ) on Monday July 24, 2017 @10:13AM (#54867025)
        If your objections run deep into the code or the UI layer, then indeed forking is not an option. The only real option is either finding a new software package or compromising. But if we are talking about a superficial adware addition, then fork, remove adware, push and you are done. At least open source now has a business model that doesn't involve "selling support" (which is something home users don't buy): Sell the open-source project to some greedy company, fork it, use the money to fund further development.
      • by Anonymous Coward

        We should never forget that Firefox included commercial advertisements [mozilla.org] at one point, although they called them "sponsored tiles" instead of what they were: advertisements.

        • You're saying "instead of" like it was some kind of malware or other nefarious product. Sponsored clearly means it's an advertisement. Just like free (to use) web pages have ads, free apps have ads, I don't see why another piece of free software couldn't have ads, and as others have pointed out, if you really wanted to remove them, you could.

          (My favorite device to avoid ads is one that is hated by many open source advocates -- tivo. I rarely see TV ads, since I can skip them, even with features added in

      • [...] "Just fork it" isn't that easy.

        That's the very reason we, in the end, need open hardware to be truly free.

        • Re: So? (Score:5, Informative)

          by Moof123 ( 1292134 ) on Monday July 24, 2017 @11:59AM (#54867853)

          You sir do not understand what it takes to make a modern IC.

          If intel hypothetically open sourced a recent i7 layout, HDL code, and synthesized netlist it would not help almost anyone except a direct competitor. Mask sets alone for the current nodes are many millions of dollars (ho-hum 28 nm for example STILL costs well over $1M for masksets alone, 7-10 nm are obscenely more). But it gets worse, intel's masks are only compatible with intel's own fab, so you would have to go re-layout the chip, which is many $M's of man hours of effort. After layout of each block you have to spend many more $M's for the tools to properly extract and simulate each piece to assure it functions at a decent clock rate, as often the testing and verification of digital chip IP exceeds the actual design effort.

          Open source software sort works in large part due to the very low barriers to entry. You can get a cheap PC and a free compiler for well under $1k and get started coding and compiling pretty quick. Getting any hardware running near state of the art takes large teams and deep pockets, and each botched fab run can cost many $M's.

      • So what you are saying is that there is a long history of this kind of thing not working for large / important projects as well, and it isn't actually possible to undermine FOSS, which is why the proprietary and anti-FOSS idiots keep trying to come up with bogey man style "avoid Open Source, it could be undermined any time now" non-stories.
      • by Sebby ( 238625 )

        "Just fork it" isn't that easy.

        At which point you say "Just fuck it".

      • Re:So? (Score:5, Insightful)

        by Kjella ( 173770 ) on Monday July 24, 2017 @11:39AM (#54867697) Homepage

        "Just fork it" isn't that easy.

        Nobody said it was. But to steal an expression from 4chan of all places, the open source community is not your personal army. It's got lots of activists and wannabe generals who wants to tell "the community" what to do and by that they mean the rank and file developers because they're too busy leading. To which the developers generally reply that they're doing their own thing for their own reasons and if you're not happy with it, you can fork it and do your own thing for your own reasons. Sure most take input from users and other developers, but only as advice - it's not a democracy.

        The result is that 99.9% of the time it's just a lot of huffing and puffing but nobody willing to actually do the job or try organizing an effort to do the job or it fizzles almost immediately as said person loses interest. The company level is essentially the same, Red Hat, Mozilla and Sun/Oracle/Apache does what they want. They don't owe you a version of Linux/Firefox/OpenOffice that works the way you want. The code is free, but the labor is not so if you want it done differently it's up to you. It's the open source way of saying no. Not proprietary software-no, but as in "you're on your own there buddy".

      • From what I can tell, after FF 57 - so long as you are running Nightly or what passes for Aurora now (Firefox Developer Edition, one version behind Nightly proper), you will be "allowed" to continue to use *Legacy Extensions for now.

        * Every single known Firefox extensions, not written by Mozilla for Test Pilot.

        Beyond that, Fuck Mozilla.

    • by Anonymous Coward

      And how does this undermine open source? Clickbait headline.

      Undermines the idea that one can make money with open source.

    • Fork it after the ad insert, figure out the code that's phoning home, pass it garbage data. It sounds like the analysis is being done non-locally ("in the cloud"), so it sounds like it should be possible to undermine it. If what they're trying to do is build a corpus of data to operate on, poisoned data is going to cost them time and money to filter out.

      I'm sure over time they'll evolve more sophisticated ways to make sure the data is clean, or maybe they'll figure out a way to ask developers first whether

  • and show the moptherforkers!
  • by xxxJonBoyxxx ( 565205 ) on Monday July 24, 2017 @09:48AM (#54866829)
    Injecting ads into the free tools doesn't seem any worse to me than "open source" project companies that ship a free but hobbled "trialware" open source edition and then sell a commercial closed-source solution of the same tool. (This is pretty common with companies/projects that reserve "enterprise" features behind a paid model.)
    • by Anonymous Coward on Monday July 24, 2017 @09:58AM (#54866899)

      Injecting ads into the free tools doesn't seem any worse to me than "open source" project companies that ship a free but hobbled "trialware" open source edition and then sell a commercial closed-source solution of the same tool. (This is pretty common with companies/projects that reserve "enterprise" features behind a paid model.)

      It's actually much worse, for a couple of reasons.

      1) a fully functional, free tool can become very widely used and relied upon, then ruined by this sort of thing, causing real disruption to a lot of people and/or projects.
      2) it's a bait and switch scheme, promising one thing, then pulling the rug out from under everyone's feet and delivering something suddenly very different
      3) if forced to fork, that eats up a bunch of other folk's cycles and energy for something that should have been totally unnecessary. That's thought and energy that is now unavailable for other projects they would have perhaps preferred to work on, so the knockon effects of this sort of thing can become quite multiplicative (in a negative way)

      At least with crippleware, you know it's crippleware the moment you download it and can remove it (or buy the commercial version if for some reason you're impressed). It may be annoying, but it's a far more honest business model than what these clowns are doing.

      I would consider doing business with an honest company, even if I'm not fond of their marketing approach. Only a fool would knowingly choose to do business with people who engage in these kinds of dishonest bait and switch programs.

      • Even worse, it sounds like the software was inserting ads into the Atom feeds it produced. You publish three new stories on your blog, but the feed has a fourth which is an ad for the software. It would be like gcc inserting display ads into your compiled application.

      • by hey! ( 33014 ) on Monday July 24, 2017 @11:34AM (#54867663) Homepage Journal

        Well, things are somewhat different for developer tools than they would be for end-user tools. As a developer you can always pull the code for the latest release and comment out annoying bit. Unless the annoying bits are part of some extensive rearchitecting, it should be straightforward.

        Contrary to being "contrary to the open source spirit", this is exactly the open source spirit. I do what the hell I want with my code, and if you don't like it you can change it. For ordinary users the freedom mantra can sometimes ring hollow, but it shouldn't for a developer.

    • I thought the same thing till they started talking about a python autocomplete tool. They changed it so it defaults to use their "cloud" based engine instead of local. Supposedly there is no notification when you do an update either. Also, I have ad blocker on just because of all the hijacks out there. I can't imaging what someone could do with a built in tool that you "trusted"

  • Recent Trend?? (Score:3, Insightful)

    by Luthair ( 847766 ) on Monday July 24, 2017 @09:58AM (#54866905)
    Open source hasn't been a few giant projects in the 25 years I've been programming, its always been tens of thousands of projects often written by one person and very few were vetted.
  • For some reason this company with no business model reminds me of the CueCat.

    https://en.wikipedia.org/wiki/CueCat [wikipedia.org]

  • Doing anything even partially-censorable in an open-source code isn't precisely a good idea. People would know about it! Mainly in popular repositories with a relevant number of contributors. This is the theory, at least. I have been seeing more and more people mostly interested in talking generally, copy-pasting, relying on a few absolute truths + attacking any idea even slightly different, mainly caring about what their friends say or the number of stars/upvotes, etc.; but not too willing, not looking lik
  • by bigdady92 ( 635263 ) on Monday July 24, 2017 @10:31AM (#54867171) Homepage
    Slashdot's ex parent company did that EN MASSE. People think this is a new issue and it's not. Old and dead projects are rewoken with adware built in and sent off to those who mistakenly download it.
  • FOSS licenses need an update for this type of shit. Preferably with fines attached for polluting FOSS with adware/ad functions. As soon as AI start coding, this sort of thing is going to get worse by orders of magnitude and we need measures in place to prevent the corps from f*cking things up big time.

    Meanwhile, could someone please hack this guy's/companies accounts and mess up their life big time in a spectacular way as to teach a lesson to the public? I'm usually on the edge when it comes to vigilant hac

    • Re: (Score:2, Flamebait)

      by Dog-Cow ( 21281 )

      You are an idiot. This was done by the original author of the software. You could write whatever you want in your little license and he could take that and inject ads into it. I mean, he could remove that bit and release his software.

      Seriously, man. Turn your brain (back) on.

      • by HiThere ( 15173 )

        While your point is valid, so is the GP's. It's possible that some kind of license could be written that would address this problem, so that certain activities would be promised to never be engaged in by the software. It would need to be originally chosen by the original author, but even so.... I'm not sure how this would work, or how it could be done. I suppose that a "new version has a new license" would be a tip-off that could be used. Even so, it reminds me of the licenses that restrict fields of

        • If it restricts the copyright-holder's rights, it's not a license -- it's a contract. I suppose the author could sign and notarize a contract with a specific client, but I can't imagine that ever happening without significant payment.

  • by adamfranco ( 600246 ) <adam@nosPAM.adamfranco.com> on Monday July 24, 2017 @10:48AM (#54867299) Homepage

    For those who use Atom & the minimap plugin, @mehcode is maintaining a clean fork with additional improvements and no Kite garbage: https://atom.io/packages/minim... [atom.io]

  • This is almost definitely going to be a new plot device on Silicon Valley next year.

  • We have great lives. Undermining would be things like intentionally injecting subtle bugs. Or surreptitiously inserting encumbered code. This is pretty much nothing. If the package is the least bit interesting, somebody will create a distribution free of the ads. Or rebrand the package. SourceForge basically tried this when they had no reputation left to lose.
  • by mr_mischief ( 456295 ) on Monday July 24, 2017 @11:56AM (#54867821) Journal

    The summary is a bit unclear. The phrasing of "it appeared to look at a user's code and insert links to related pages on Kite's website." reads as if the tool is inserting adware into the projects on which it's used. Indeed, this phrasing is straight from the article. But upon closer reading, it seems the ads are in Minimap's interface as used by the developer. This is a bad thing, but it's not nearly as bad as inserting adware into the projects your users are shipping.

  • it's widely thought in Silicon Valley that having users is the first step toward profitability

    [user@home]$ dig site
    [user@home]$ "Goood Morning, I see your using bash, can I help you with that? - oh and you look hungry, did you eat breakfast? IHOP has breakfast specials this week!"
    [user@home]$

  • by hackel ( 10452 ) on Monday July 24, 2017 @02:26PM (#54869055) Journal

    This is the great thing about Software Freedom and why it is so important. They can put whatever ads they want into it. If the company is the sole contributor, they can completely change the license to fully proprietary any time they want. And we have the freedom to say, no, we don't like what you've done, revert those changes, and distribute our own modifications.

    I don't see this as a problem at all, but rather a good learning opportunity for people. Just because open source doesn't mean you should blindly trust it. You actually have to *look* at that source and make sure it's something you want to put onto your machine. Especially if you are downloading a binary from some random source, you're taking a huge risk. You have no more expectation of privacy just because software is open source, it's just that detecting issues is trivial compared with proprietary software.

Moneyliness is next to Godliness. -- Andries van Dam

Working...