Hi all! I'm David, CEO @ Retool. I'm looking in to this right now and will update my comment here with a response in the next two hours.
Edit: just did a bit of digging.
It looks like we have a Retool template that has some fake data in it (https://retool.com/api-generator/). This is an app built in Retool, and has a few thousand rows of hard-coded data.
I just spoke to the engineers who worked on this project, and we are sorry for including links to fakercloud. This wasn’t intentional, and we just pushed a commit removing all avatars from the template. This is already deployed. I hope you all can understand why we trusted the data generated by the MIT licensed project, and didn’t think it would link to anything proprietary.
I myself am an engineer (and avid HN reader, as evinced by how I found this while reading HN on a Sat night), understand Marak’s frustration, and agree that monetizing OSS is hard. While we’ve already contributed around $10k to various libraries we use (https://opencollective.com/retool), including faker.js, Babel, ESLint, and JSON Schema, I’m going to see if there is more we can do. We’ll be writing a blog post about it this week and I will follow up with more next steps. I wonder whether there is a better way of sponsoring OSS, other than just donating dollars every month? (Maybe we could commit one engineering-day per month for contributing back to OSS libraries we use heavily?) In the meantime, we'll certainly continue sponsoring all the libraries we’re sponsoring already, including faker.js.
Put another way, he forgot to get back to the guy whose project/hosting space his company was using, for a whole month, and he came back with a classy response and decent amount of detail. Everybody wins. Except the people who think there's a court in session here and are worried us plebians are putting _CEOs of companies_ on trial
Atleast put some effort into reading all the material if you want to shame somebody.
1) Initial email was sales pitch that did not touch the problem at all. Which retool responded to by the way.
2) CDN is hardcoded into the JS library. Why would you even do that and then shame people? If it’s against the ToS then you need people point to the ToS first. It’s the author’s fault here.
3) MIT license. How many times do we have to go through this. Retool could just fuck off but even before this witch hunt began, they were already donating.
4) Some human communication explaining the problem wouldn’t hurt. Personally I’m more likely to turn down using faker.js now.
> CDN is hardcoded into the JS library. Why would you even do that and then shame people?
It’s worth noting that before the fakercloud.com URLs were hard-coded into the library, the library was hard-coding a different service’s S3 URLs (uifaces.co) and only stopped when they became inaccessible:
So it seems a little unfair to complain that Retool are embedding URLs to your CDN when this library was doing the same thing to UI Faces a few months ago.
This is a very good overview of the situation. It's sad how Retool's name was dragged through the mud for daring to use an MIT licensed open source project.
They still need to be dragged a bit for copying someone's project. There is nothing against it in the license, but it is still pretty crappy to copy someone's offering and offer it up for free. Especially when you built your free offering on the back of the product you are killing.
I disagree. If you don't want anyone just come by, copy your product and offer it for free, don't release it under MIT. There is no "bro code" when it comes to software licenses.
By its very nature, the "bro code" refers to a "code" that doesn't actually exist, which makes your comment quite ironic. On measures of aptness, that makes it a comparison that's not apposite at all, but instead opposite.
It's generally considered bad form to privatize OSS for your own gain, whether there's a price tag on it on day 1 or not. Ex. VLCs issues over the years
Is there some reason that, at least 13 hours later, the blog post hasn’t been replaced with a mea culpa for accusing these folks of something that ended up being a problem in your own library?
Oh, damn. I thought I’d read further down the thread that they were one and the same but I see he specifically says otherwise. I guess it’s me that owes the mea culpa.
My understanding is they used faker.js to generate urls, and those urls referenced fakercloud. So the open source project faker.js ends up pointing you at fakercloud without realizing it.
David you're probably just getting nonstop flak for this and as the CEO of the "big bad" here just let me say that I feel genuinely bad for you. Whatever conversation you have to have behind the scenes is a truly stupid thing to have to do in this situation. The CDN thing is dumb and maybe arguably not how this should have been done but your team and their work doesn't deserve to be villified for doing basically nothing wrong other than a very simple email miscommunication.
“Maybe we could commit one engineering-day per month for contributing back to OSS libraries we use heavily”
This could be more disruptive than helpful as very few engineers would contribute much one day a month. Would you hire a developer for 1 day per month? They would more likely burden the experienced developers with questions and poor code submissions that need to be reviewed and then forget what they learned a month before.
They voluntarily donated $2000 to faker.js as I can see from opencollective link. It definitely looks like they love supporting open-source and not trying to rip-off small devs.
It's a bit odd that if they hadn't done that, faker.js wouldn't have found out that they were using it that much, and couldn't have sent them the sales pitch in the first place.
In an a bit odd way, this time, donating to OSS, resulted in "bad press" at least for a while.
I hope things will end in a good way, somehow, for everyone
I don't think your company did anything wrong. The CDN is hard codes into the library as far as I can tell.
Ultimately there are two separate issues.
1. The CDN thing, of course.
2. The open source monetization never ending problem.
The first can be fixed with a simple change to the library. The second your company is already trying to help in part. Ultimately open source is not easily monetizable...
Hey David, I really feel for you. These PR-esque situations are never fun, but I think you’ve done an excellent job of handling this.
I believe there is a bias people have of viewing (somewhat ironically) things in terms of a “David vs. Goliath” lens. Everyone loves rooting for the little guy, even when the little guy is objectively incorrect.
Hope your weekend goes better than it has been so far! Retool is an excellent product by the way :)
If it’s rectified upon the CEO finding out about it and he makes a true apology, and implements policy to prevent it from happening again, that’s better than just not saying anything and not doing anything to rectify the situation; however, most people here would agree that doing so doesn’t excuse the fact that he let it happen in the first place.
When Marak sent me the email, I read it as a "Hi, I built Faker, might you be interested in acquiring it?". I responded with a "yes, that could be interesting, give me a day to work on this". In the end, we decided that acquiring Faker didn't make sense, and I'm sorry to Marak for not sending a follow-up email telling him we weren't interested. In this case, the content is different (i.e. we are potentially abusing OSS), which is why I’m responding to this.
(FWIW, I typically receive 50 - 100 sales emails every day. I do try and reply to the ones that look interesting, but I do forget to follow-up sometimes if we're not interested! This does not excuse my behavior in this particular case, and I’m sorry to Marak for not following up.)
I wasn't convinced by this reply either, then I went back and read the actual email. It doesn't mention the problem at all, it's a straightforward sales pitch. Even I ignore tons of those regularly, it's kind of dishonest on the part of the developer to say "oh they caused me a problem, I emailed them and they didn't reply" without mentioning that he didn't mention the problem in the email at all!
Frankly the author of Faker seems like he went into this project with the clear intention of profit, but by releasing it for free, and then pressuring people into giving him money. It's almost predatory.
Especially since Faker.js doesn't do anything that much useful which can't be replicated in trivial time. You use it because it's available, like we all do with MIT licensed libraries.
He promised to look into the possibility of buying faker. The initial email said nothing about the gripes in this article. In fact, the author of the article did absolutely nothing to resolve this problem before writing the article itself.
Edit: just did a bit of digging.
It looks like we have a Retool template that has some fake data in it (https://retool.com/api-generator/). This is an app built in Retool, and has a few thousand rows of hard-coded data.
Most of this fake data is self-generated, but we used the faker.js library (https://github.com/marak/Faker.js/) to generate three datatypes: IP address, avatar, and industry. This MIT licensed library, when used, creates data that links directly to fakercloud (https://cdn.fakercloud.com/avatars/). Here is the code itself: https://github.com/Marak/faker.js/blob/master/lib/internet.j..., and here is a demo that shows the library generating those links: https://rawgit.com/Marak/faker.js/master/examples/browser/in....
I just spoke to the engineers who worked on this project, and we are sorry for including links to fakercloud. This wasn’t intentional, and we just pushed a commit removing all avatars from the template. This is already deployed. I hope you all can understand why we trusted the data generated by the MIT licensed project, and didn’t think it would link to anything proprietary.
I myself am an engineer (and avid HN reader, as evinced by how I found this while reading HN on a Sat night), understand Marak’s frustration, and agree that monetizing OSS is hard. While we’ve already contributed around $10k to various libraries we use (https://opencollective.com/retool), including faker.js, Babel, ESLint, and JSON Schema, I’m going to see if there is more we can do. We’ll be writing a blog post about it this week and I will follow up with more next steps. I wonder whether there is a better way of sponsoring OSS, other than just donating dollars every month? (Maybe we could commit one engineering-day per month for contributing back to OSS libraries we use heavily?) In the meantime, we'll certainly continue sponsoring all the libraries we’re sponsoring already, including faker.js.
(Also: I’m sorry to Marak for not responding to his email re. acquiring Faker. More in this child thread: https://news.ycombinator.com/item?id=27252420)