What if your open source code is used for something evil?
It happened to Andrew Tanenbaum.
Andrew Tanenbaum released the third version of the MINIX operating system under the permissive Berkeley license.
When employees from Intel started asking Tanenbaum technical questions about the MINIX 3 operating system, he was happy to engage them. Eventually, Intel secretly modified the MINIX 3 operating system for use in Intel CPUs.
On the fifth of May in 2017, Intel released a patch for the Intel CPUs running MINIX 3. Before this security patch, it was possible for hackers to remotely access computers that had an Intel CPU running MINIX 3 without a password.
Although Intel’s CTO Steve Grobman has denied it, Intel’s Management Engine is a backdoor by definition. Hackers can bypass normal authentication and access a user’s computer by entering their computer through the Intel Management Engine.
The sheer number of exploits affecting the Intel Management Engine - six to date - can be used to make the argument that the Intel Management Engine was designed to be exploited, that is, that the Intel Management Engine is a backdoor.
Even in 2017, the creator of MINIX had regrets working with Intel on the Intel Management Engine, saying he would not have worked with them on the Intel Management Engine if he knew they were building a “spy engine”.
Andrew Tanenbaum seems to regret his decision working with Intel, but most people who permissively license their code find it rewarding. The question remains: to license permissively or not?
I wrote this post, originally, when I was really into operating systems. I was watching a lot of YouTube videos by Linux fans who were very particular about the meaning of free open source software - what open source should mean - so I used the license I thought was cool at the time (GPL).
I've been enamored, recently, by Nicky Case's dedication to putting all their work in the public domain.
Should you use a copyleft license or not? Being completely honest, my opinion changes depending on who I find cool at the time of being asked.