They want their engineers to join the open source community and create a good atmosphere in the field, so as to promote the progress of technology and get more support from developers.
But sometimes it’s hard to feel comfortable sharing the new technologies you rely on, they can be used in all sorts of unexpected ways, and sometimes others will even borrow your open source code and target you in turn.
If you are a person and the other party is a large company, this thing will make you become skeptical of life. In a recent blog post, Brendan Gregg, a developer from Australia, accused IT company Sun Microsystems of stealing code from his open source project “DTraceToolkit”.
DTrace, Dynamic Tracing, is a tool developed by Sun Microsystems to identify system bottlenecks on production and experimental production systems, allowing dynamic tracing of kernel and user applications without posing any risk to system operation.
This is a story from long ago, and Sun Microsystems is rarely seen today, having last appeared in the limelight as a result of the final decision in the decade-old copyright battle between Google and Oracle.
In 1995, Sun Microsystems launched Java, and in that year Google built the Android operating system using more than 10,000 lines of code from Sun Microsystems. 2009, Oracle acquired Sun Microsystems and the Java software for $7.4 billion. In 2010, Oracle filed a lawsuit for “patent and copyright infringement for Google’s unauthorized use of Java APIs as part of the Android operating system. After a decade, the U.S. Supreme Court ruled in Google’s favor in April 2021.
Once an innovative IT giant, Sun Microsystems is slowly being replaced by other competitors. Next, Brendan Gregg recalls the story in detail.
How a popular open source project was stolen
This is an incredible experience I’ve had in the open source world, and I’m definitely not making it up.
In 2005, I was caught in the center of a hurricane. I was an independent performance consultant at the time, and Sun Microsystems had just released DTrace, a tool that could detect all software. While I was busy writing and releasing high-performance tools using DTrace, I noticed a problem: I had previously open-sourced DTraceToolkit and other DTrace tools that were more comprehensive than the ones Sun had released – was it some internal project that was consuming their technical capabilities?
DTraceToolkit v0.96 tool (2006).
Not being an employee of Sun, I had no knowledge of their internal projects. I was living in Sydney, Australia at the time and was doing training and consulting work for Sun to help their customers improve their systems management and performance, and Sun would sometimes invite me to attend their customer meetings and other events that I might be interested in as a local expert.
On one occasion, I was told that a very important person was coming from the United States. I didn’t recognize the name, but I was told that he was a DTrace expert and developer at Sun and was on a world tour to demonstrate Sun’s new DTrace-based products.
I’ve seen some of the top technology from Sun, but I’ve never seen a developer on tour demonstrating it. This bigwig was stopping in Sydney for a few days before heading to the next Australian city, so I agreed to meet at Sun’s Sydney office.
Two Australian Sun employees introduced me to the big man: “Brendan teaches some classes for us and has been doing work on DTrace. Low key introductions are the norm in Australia (especially for Australians).
I tried to open the conversation by expressing that I had written DTraceToolkit, but he wasn’t impressed. He didn’t know my name and had never heard of DTraceToolkit, so to him I was just a random stranger.
Anyway, he was kind enough to do a quick demo. His DTrace product was an add-on to a larger Sun GUI that I was very familiar with. Once loaded, he showed how to run multiple DTrace tools by double-clicking on the icons. Raw output in a separate window or displaying the results as line graphs seemed rather banal. I wish there was a new GUI feature.
The only new thing is the tool itself. He made a sales pitch, one of those things that is said many times and expected to impress the customer. I had the feeling that he didn’t want me to properly appreciate them for what they were worth.
But I knew exactly what he was talking about with these tools, and I had written similar functionality for my own DTraceToolkit. So I said, “I’ve done these before, I’ve written my own tools to do these things!
“Of course you can. He didn’t say anything else, but there was a sense that he didn’t believe me. After all, this was a major innovation from Sun Microsystems, a multi-billion dollar multinational, and I was just a random Australian.
I then browsed some of the new GUI icons, including the tool for tracking socket I/O. I tried this (socketsnoop.d) in 2004 and released it as an open source project, but the tool I wrote then was incomplete: it didn’t have access to the kernel source code, so it had to use black-box analysis to solve all the problems; it worked for most TCP traffic types, but not for some, which I hinted at in the script comments; it is not included in the DTraceToolkit because I don’t think it is finished yet.
That’s why, of all the tools, I was most interested in seeing this. sun should be able to do a better job and actually apply this tool.
Can I see the socket I/O script? Then I started a terminal. He looked alarmed, as if I shouldn’t be looking at the backend, and then as if he realized another selling point: “Well sure, you can even add more tools to the GUI! After a moment’s pause, he added “if you have them”.
After some searching, I found a directory containing all the tools he had previously demonstrated.
The names of the tools were familiar, and one of them was even called “socketsnoop.d”. This made me think of a new possibility, could ……
So I exported socketsnoop.d and the screen was full of scripts I had written, from my incomplete attempt a year ago, and released as an open source project. It contained some strange code and was written in my early coding style. I exported other tools and saw the same results – the scripts were all written by me.
The new product that this Sun guy is showing off around the world is actually my own open source tool.
I wrote a comment with my name in all my tools, so I used grep to search for my name in their tools to prove that it was originally my project. But I didn’t find anything, my name was removed.
Some of the tools I wrote even included.
Now, in Sydney, Australia, they are trying to sell Brendan Gregg’s tools to Brendan Gregg.
Those people say the copyright is Sun Microsystems,” interrupted an Australian employee of Sun. Most of my tools are under my own copyright and GPLv2 or CDDL license. But those tools now only have Sun’s standard copyright information, and the open source license has been stripped.
You removed my name! And the copyrights and licenses!
Another Australian added to the big man, “You ‘can’t’ do that.
Based on the seriousness of what had happened, the room fell silent. While some people at Sun had encouraged open source contributions and built a community, others were stealing from that same community: taking their work, changing the licenses and copyrights, and selling it.
The big man was unprepared for this and looked puzzled. He didn’t say much, probably didn’t know what was going on, just got the tools from the others that had been copyrighted, meaning “it’s not his fault,” and he seemed to be half-hearted about what we were saying.
The meeting was soon over. I suggested to him that he get an updated copy of my tool directly from DTraceToolkit, since these older versions on my home page were out of date and had some bugs I had fixed. I also reminded him to keep my name, copyright and license.
I still can’t believe that out of all my open source projects, it is actually socketsnoop.d that is referenced. Because I didn’t think this project was the best, I went on to write better socket tools.
A few years later, Apple added dozens of my tools to OS X as well, but they kept my name, copyright, and full CDDL open source license, and even improved some of the code. Later, Oracle did the same for Oracle Solaris 11, and the BSD community did the same for FreeBSD. For these acts of copyright respect, I am sincerely grateful.
Some may argue that this was not Sun’s intent, but the work of careless individual staff members, but I think it may have been influenced by Sun’s corporate culture. I and some of my colleagues believe that Sun believes that only Sun can make the most of its technology, and that anything created outside of Sun is garbage. When Sun employees find great projects, they tend to assume that they are from Sun and therefore safe to reuse and rename (or even re-license) because they think they already own the copyright.
Sun does have some people who try to do the right thing through me and my work as well. My DTraceToolkit was built into the observability product at least four times and retained the license. The one time they wanted to re-license it under the GPL, they had a discussion with me about it, but that’s another story.
Nor was this the only time someone inadvertently tried to sell me a project I had developed myself. I have since learned not to tell sales people that I invented what they show me because they think I look like a crazy person and simply say, “I have a lot of experience with this technology” and leave it at that.
My BPF tool is now appearing in observability products and will grow to a much larger scale than my DTrace tool. But my direct advice to developers is: don’t rewrite my BPF tools and bcc libraries; build them as is (bcc Python or bcc libbpf-tool versions). Rewrites divide project resources and leave your customers with outdated versions.
I think it’s not uncommon for open source developers to find their own code being renamed. But it shouldn’t happen much: one American developer took software he didn’t write on a world tour that included an inadvertent sales pitch to the author in Australia. He didn’t even say ‘thank you’.
Sun is now history, and in any case, there is no denying that every developer in the open source community has made their own contribution to the computing business today, as the article’s hot take says.
When Apple was preparing to deliver a “smaller size update” for OS X, I was curious about the implementation details because my PhD research covered this topic, so I asked a member of the relevant Apple research team and a few months later I got a reply: “We are using a tool called bsdiff, are you familiar with it? I am indeed familiar with it, as I am the author of this tool.
In an era where computers are revolutionizing technology, every open source contributor should be respected.
HP booth at CVPR 2021 offline paper sharing session
The CVPR 2021 offline paper sharing session will have Keynote, paper sharing and Poster sessions at the Hyatt Regency Beijing Wangjing on June 12.
At this session, HP’s booth will showcase the powerful machine learning capabilities of the new Z8 G4 and many more workstation models.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/my-open-source-project-was-taken-by-a-tech-giant-to-make-a-product-only-my-name-was-removed-from-the-comments/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.