kicking the bukkit: anatomy of an open source meltdown
DESCRIPTION
On September 3rd, 2014, a disgruntled ex-developer erased from the internet the work of over 150 developers over four years. This is the story of the Bukkit Minecraft server project's demise, and how you protect your project from its fate. Presented at Silicon Valley Code Camp 2014: http://www.siliconvalley-codecamp.com/Session/2014/kicking-the-bukkit-anatomy-of-an-open-source-meltdownTRANSCRIPT
Kicking the BukkitAnatomy of an open source meltdown
A little about me
● Ryan Michela (@ryanmichela)
● Plugin author● Contributor to the Bukkit project
Overview
● A brief history of Minecraft
● The rise and fall of Bukkit
● How you can protect your project
Brief history of Minecraft
● Minecraft is a sandbox style video game started by Markus “Notch” Presson in 2009 for Mojang Software
● 3rd best selling video game of all time● >54 million copies
http://www.eurogamer.net/articles/2014-06-26-minecrafts-console-versions-have-now-outsold-minecraft-on-pc-mac
Brief history of Minecraft
● Beloved by children● The defining video game of the middle-
school generation● The Super Mario Brothers of the 21st
century
The genesis of the Bukkit project
● Bukkit - an open-source Minecraft server platform
● Plugin platform for Minecraft
● Started in December 2010 by Dinnerbone, Evilseph, Grum, and Tahg
https://github.com/Bukkit/Bukkit/commit/4e8311a6551e8d7794cff73c57a481251b47459c
Licensing questions plague infant project
● By January, 2011, the core team started worrying about licensing issues
● Bukkit licensed LGPL, but built on decompiled Minecraft source
● Decompiled Mojang code blended into Bukkit repository
http://forums.bukkit.org/threads/where-is-my-bukkit-preview.543/
Mixed signals from MojangNov 2010: “First of all, most “mods” that add new features to the game are in a very gray area legally, and I frown upon them. Most of them add really cool new features, though. It’s highly likely that something like the bridge mod will make it into the game.” - Notch
http://notch.tumblr.com/post/1525944516/an-update-is-coming-tomorrow
Mixed signals from MojangAugust 2012: “Personally, I used to feel threatened by it as I felt it challenged my “vision,” but on the other hand, I also know how wonderful mods are for games. We decided to just let it happen, and I’m very happy we did. Mods are a huge reason of what Minecraft is.” - Notch
http://www.vg247.com/2012/08/01/notch-minecraft-mod-used-to-threaten-my-vision-minecraft-creator-speaks/
Mojang hires Bukkit team● Feb 28, 2012 - Mojang hires core Bukkit team to work
on official modding API● Mojang offers to help with Bukkit
○ “We will, however, help bukkit to be compatible with 1.2, to avoid having a long gap while you wait for the official Minecraft server to catch up.”
● Licensing fears mostly alleviatedhttp://mojang.com/2012/02/minecraft-team-strengthened/
But darkness was brewing in the community● Opportunistic server owners started charging for in-
game perks, calling them “donations”● Angry parents complain to Mojang
● "I don’t even know how many emails we’ve gotten from parents, asking for their hundred dollars back their kid spent on an item pack on a server we have no control over." - Notch
http://notch.net/2014/06/literally-worse-than-ea/
Pay-to-win becomes commonplace
● Big servers start selling off in-game functionality
● $10k for “rank” in a game targeted at children
Mojang updates its EULA (and fails at public relations)● June, 2014 - Mojang awkwardly chastises for-profit server
owners on IRC○ “doesn't matter at all, based on plugins or not, you
cannot make money with Minecraft without our permission :)”
○ “running servers is *NOT* A BUSINESS*”○ “We'll ask nicely and then send really mean lawyers :)”
http://blog.tian.io/mojang-threatens-lawyers-against-pay-to-win-minecraft-server-operators
https://twitter.com/notch/status/474869769301409792
EULA changes drop bombshell on Bukkit
● “The one major rule is that you must not distribute anything we‘ve made.”
● “so that we are crystal clear, what we have made includes, but is not limited to, the client or the server software for our Game. It also includes modified versions of a Game, part of it or anything else we‘ve made.”
https://account.mojang.com/documents/minecraft_eula
Evilseph shutters Bukkit project
● August 21, 2014● Development team burnt out● No support from Mojang● EULA re-raises specter of infringement
“At this point in time, I think it's safe to say that it's no longer worth it for us to put up a fight when it comes to keeping Bukkit and modding alive. With large and significant changes coming in Minecraft 1.8 that we'll be hard pressed to provide support for and the lack of support from Mojang with updates since acquiring our original core team (Mojang used to provide us with mappings to speed up the update process), there is little motivation for us to continue limping on across various aspects of the project.”- Evilseph
http://forums.bukkit.org/threads/bukkit-its-time-to-say.305106/
Mojang owns bukkit?!
● Mojang secretly bought Bukkit when they hired the core development team
https://storify.com/lukegb/the-tale-of-bukkit-for-minecraft-1-8
Mojang will finish Bukkit
Then the DMCA gets involvedSeptember 3, 2014 - Wolvereness, a long-time Bukkit developer, files a DMCA takedown notice against all versions of Bukkit hosted on the main Bukkit download servers at Multiplay
The provided license requires the use of included or linking code toprovide the original source under the GNU GPL license version 3, or anylater version. An official notice has been sent to Mojang AB, whereas theChief Operating Officer, Vu Bui, responded with the clear text:
Mojang has not authorized the inclusion of any of its proprietaryMinecraft software (including its Minecraft Server software) within theBukkit project to be included in or made subject to any GPL or LGPLlicense, or indeed any other open source license
As the Minecraft Server software is included in CraftBukkit, and theoriginal code has not been provided or its use authorized, this is aviolation of my copyright. I have a good faith belief the distribution ofCraftBukkit includes content of which the distribution is not authorized bythe copyright owner, it's agent, or the law.
http://dl.bukkit.org/dmca/notification.txt
Wolvereness’ Claim
Gone from the internet
● September 5, 2014 - Wolvereness shuts down Bukkit repo on GitHub
● September 6, 2014 - Wolvereness shuts down SpigotMC and Cauldron, forks of Bukkt
https://github.com/github/dmca/blob/master/2014-09-05-CraftBukkit.mdhttp://www.spigotmc.org/threads/our-dmca-response.28772/
Great new things in the future
● Sponge Project steps up
● Microsoft buys Mojang - $2.5B
http://abc13.com/news/software-writer-in-la-marque-latest-swatting-victim/305170/https://mojang.com/2014/09/yes-were-being-bought-by-microsoft
Five Reasons
Reason 1: Questionable inclusion of decompiled code in an open source project● Bukkit built on top of partially decompiled
Mojang code● Mojang code blended with Bukkit code in
Github
Reason 2: Questionable application of (L)GPL3● GPL3 chosen without proper consideration
of consequences● Unmodified Mojang .class files distributed as
part of Bukkit .jar using Maven shade
● LGPL3 explicitly bans linking and distributing non-free code
Reason 3: Questionable relationship with Mojang Software● What exactly did Mojang buy? Bukkit code?
Logos? Domains? - Nobody knows● Mojang success was built on the backs of
volunteers○ Reverse engineering is torturous work○ Some developers feel they were taken advantage of
Reason 4: No contributor license agreement● 125+ developers each own their own piece
of Bukkit● Project couldn’t re-license with more
permissive license
Reason 5: Unhappy developer community● EULA changes● Terrible Mojang PR● Secretly selling the project
It only takes one unhappy developer to kill an unprotected project
Thoroughly consider your license before your first commit● Which license do you choose?
○ MIT?○ Apache?○ GPL?○ Other?
● Changing your license after accepting contributions is not trivial
www.choosealicense.com
● Node● Bootstrap● JQuery● Rails
● Apache.*● Docker● NuGet● Android
● Linux● Git● Mongo (AGPL)● Discourse
MIT vs. Apache
Permissive licensing● MIT - Do whatever you want● Apache - Patent protection
GPL vs. LGPL vs. AGPL
Restrictive licensing● GPL - products● LGPL - libraries● AGPL - network services
http://oss-watch.ac.uk/apps/licdiff/
Thoroughly vet the licenses of all components you modify or link against● If your dependencies licenses are
incompatible with your license, your license may be invalid
● http://www.gnu.org/licenses/license-list.html
● Unlicensed code is a landmine
Common license compatibility
David A. Wheeler, The Free-Libre / Open Source Software (FLOSS) License Slidehttp://www.dwheeler.com/essays/floss-license-slide.html
Avoid uncommon or “off brand” licenses● Legal ramifications less understood● License compatibility less understood
● Don’t “roll your own”
Consider a Contributor License Agreement● Typically grants or transfers copyright to the
project
● http://www.clahub.com - for Github projects
Avoid pinning the survival of your open-source project on
the good graces of a for-profit company
Avoid directly linking to closed source code in an
open source project
Avoid alienating your entire developer community
simultaneously
Avoid operating your project in another company’s legal
gray area
Don’t secretly sell your open source project to a for-profit company while continuing to
accept contributions
And especially: