>If FOSS was broken, the internet as we know it today wouldn’t exist; the countless marvels of technology that we take for granted and techno-economies that thrive on them wouldn’t exist;
I guess I just vehemently disagree. Nearly all of the early open-source software that made the internet possible was produced in universities. The only reason it was sustainable was because it was professors being paid by the university, or students doing it for free. Implying that means it's viable for all these other projects that were created and maintained outside of a university setting is just not accurate. There's also this fallacy of: it worked this long so it will continue working forever.
For me the long and short of it is: the only way I can foresee open source working in the way the purists want is if there is a universal basic income. SOMEONE has to pay the bills, and as we've seen time and again, hoping to feed your family on donations is a fool's errand. With UBI, artists of all kinds (including developers) can pursue things that would otherwise be impossible. Without it, we're left with the constant push and pull of people either burning out maintaining stuff in their spare time, or hoping a given corporate maintainer wants the same features and functionality as the community.
In rebuttal I'll paraphrase a little from Paul Ramsey (maintainer of 20-year open source project PostGIS)[0]
His basic view is that Open Source is the dominant model today, but tension comes as very little of the value produced comes back to the community that creates this value. He argues this will always be 'the bare minimum' by virtue of economics, but that if something important slows down too much someone will put some money in it. But this is a model that operates and works. It is borne out by his history in postgis, which is maintained by a small number of people mostly in moderately-profitable service companies, in the red-hat mould. He's concerned about value being captured by cloud companies though who frequently don't employ open-source maintainers however. Some of this is further expounded in another talk by him here [1] (slides at [2]) on the future of open-source where he is very bullish.
This personally rings true for me. My company is getting literally billions of dollars worth of value from a couple of applications (one of which I created and maintain) built upon the foundation of Postgres and PostGIS. And we benefit immensely from active development of it: PostGIS version 3.1 released a new more efficient overlay algorithm which probably saves us $5k a year in compute costs alone, and untold thousands with the ability to deprecate a hacked house of cards that was ready to crumble.
And yet every time I have mentioned to my management that it would be great if we could take 1% of our consulting budget and funnel it towards PostGIS, they respond almost bewildered...why willingly pay for something that we already get for free? It's frustrating and I have no idea how to remedy it.
I can’t speak to this directly, as I haven’t had to deal with this at the management level.
My thought though is that this is preventative care. This is going to the Doctor regularly so you don’t get surprised when something goes awry. Likewise, making sure the OSS project you’re totally dependent on doesn’t suffer a catastrophic failure or abandonment is a worthy investment.
> why willingly pay for something that we already get for free?
That pretty much sums it up.
It's why money is unlikely to flow from businesses into open source projects unless the developers are employed by those businesses, in which case the question often becomes "why are we paying to develop software that will be given away free to our competitors?"
Too true. If you are a dev, ask yourself how large your budget is to distribute for projects that are among your business critical core dependencies, but are developed externally under free software licences. I am not blaming you if you don't even know the word budget.
Of course the best business strategy under current rules would be to let other companies pay here. That would net you a competitive advantage. Perhaps GPL was right in the end and companies need to be forced to either contribute or pay for commercial alternatives. Maybe some would learn how expensive software really is and that it requires constant investment of maintenance as most other products do as well.
universities are going to continue to exist and students will be attending them. what exactly suggests that this will not continue forever?
of course FOSS has always depended on people who had the resources to work on it. in the beginning this was only universities and as FOSS got more popular more funding sources appeared.
the problem that we are facing is not one of funding. there is plenty of funding available. the problem is a generational shift of that funding.
people who used to be able to afford working on FOSS no longer can because their life changed. they are no longer students, they have a family and so on.
FOSS development will continue. the fallacy is to believe that an individual contributor will always be able to keep contributing for the rest of their life. we need to acknowledge that unpaid FOSS contributions are limited to a few years of an individuals life. and after that they need to move on. and most do. those that didn't move on but continued contributing were those who managed to find additional funding sources.
the problem and the difficulty is that we get more and more software that is not new but needs to be maintained. most of those using their own funds will want to work on their own new software and not maintain someone elses.
so the questions is not how do we fund FOSS development, but rather how do we fund FOSS maintenance. that is the new thing that we didn't have to deal with a few decades ago
There are a lot of people who are very good at coding who don't care for high salaries. Despite mainstream pop being the most profitable, many musicians pursue niche genres.
This still doesn't make UBI relevant to this discussion. It's already fairly trivial for a talented SWE to make UBI-level income working 10 hours a week by picking up software contracts here and there. Eng already have access to the levels of income that UBI would provide, with plenty of time left over to dedicate to open source, and yet this path is relatively untrodden.
Plenty of engineers (myself included) already leverage the flexibility and surplus pay of the industry to opt out of the "40 years of 40 hours" ratrace. But they do so to varying degrees, and evidently aren't spending enough of that surplus on OSS to fix the problem we're discussing.
I don't see what UBI would materially contribute to this dynamic.
If picking up software contracts here and there is consistent enough for you to count on then it's either already a full time job or the end result of years of networking and experience.
UBI would let people devoted to a subject pursue only that.
Sure, I'm not suggesting that it's as easy or as comprehensive as UBI, of which I'm a strong and longtime supporter.
I'm saying that the existence of this weaker alternative is illuminating: there's a non-trivial subset of the population for whom this is an option, including many OSS maintainers, and they don't seem especially jazzed about the idea of making an income that's 10% of what their skills could bring in.
Personally speaking I wouldn't see that as an alternative. Just doing a little above-the-table consulting work comes with periodic obligations. Why make a fraction of your income to still deal with the distractions?
I think you could just ask retired people who volunteer about the subject and get a good take on it.
> It's already fairly trivial for a talented SWE to make UBI-level income working 10 hours a week by picking up software contracts here and there.
What about less talented ones that can still contribute, but need to work 20 hours a week? Or 30 hours a week? Or gasp 40 hours a week?
> Eng already have access to the levels of income that UBI would provide, with plenty of time left over
No. There isn't plenty of time left over. Moreover, why wouldn't I want to work on something full time, and not in my "left over time"?
> Plenty of engineers
Which means: not even the majority of engineers.
> I don't see what UBI would materially contribute to this dynamic.
"I don't see how giving all engineers, and not some percent of engineers, the option to pursue projects they like would materially contribute to this dynamic".
This is a textbook Gish gallop, so I'll avoid the trap of responding point-by-point and address all the irrelevance and inaccuracy of your comment simultaneously.
The premise I responded to was that UBI was the only way to free up OSS maintainers, and that they wouldn't care about the lost hundreds of thousands of income if their basic needs were met. My point was that if this was the case, you would already see the low-hours-per-week strategy in place as a non-trivial factor in OSS funding. And yet you don't, because the foundational assumption is incorrect.
Also note that 10 hours a week is hyper-conservative. The population of people maintaining OSS projects are more than capable of pulling eg $70/hr for contracts[1], especially at the low volumes we're talking about. To reach UBI levels of income at this rate would require _1.5 hrs/wk_ of work, or 6 hrs per MONTH. This allows you to drop the required talent level pretty low, despite already pulling from a population that's selected for "ability to maintain a useful OSS project".
[1] also very conservative: I wouldn't be surprised if a median estimate came closer to $150/hr for your average OSS maintainer
> This is a textbook Gish gallop, so I'll avoid the trap of responding point-by-point
And this is textbook avoiding an answer
> My point was that if this was the case, you would already see the low-hours-per-week strategy in place as a non-trivial factor in OSS funding.
Yes, and your point is based on the flawed premise that there are many engineers who can do that.
> The population of people maintaining OSS projects are more than capable of pulling eg $70/hr for contracts[1], especially at the low volumes we're talking about.
And you pulled this estimation out of which crevice?
> To reach UBI levels of income at this rate would require _1.5 hrs/wk_ of work, or 6 hrs per MONTH.
Ah yes. Because there are plenty of jobs which will gladly pay you for 6 hours of work a month.
I'm not sure if we have misaligned expectations of how much income a reasonable UBI is likely to provide, or of how much income you can make contracting.
The range of incomes I've seen from UBI proposals range from 10-20k/yr, with the high end generally applying to people with 2+ children. This is partially constrained by political reality, but politics aren't the only thing putting an implicit ceiling on the amount of UBI (as a reductio ad absurdum, consider why we wouldn't just give everyone $500k a year and all just retire onto our yachts).
Taking the midpoint, $15k pa means $1250/month, which means you'd need to make _$30/hr_ on software contracts to match UBI. You don't think it's plausible to fill the pipe with a 10-hr week of contracts over $30? Bear in mind that this means you'd need 3 hours a week or _12 hours a month_ with a more realistic (yet still quite conservative) income estimate of $100/hr, and that the type of person who's currently maintaining an OSS project is already increasing the quality of the talent/income potential distribution.
Sure it's _plausible_. I even used to think that kind of thing was _possible_, long ago.
But I've come to the conclusion since that it's virtually impossible to "scale down" your income like that. And that you can't actually choose to accept lower pay to obtain more options (in software anyway), contrary to highly plausible economic theories.
Do you have any real world evidence other than that it sounds plausible?
I don't think I currently do, but that's sort of my point: people don't want to do this, for reasons ranging from the income left on the table to the type of work not being fulfilling.
Note that both of these are handled by the premise, which was that OSS maintainers would be materially unblocked to focus on OSS by a UBI-level income. This assumes that there are a non-trivial amount of OSS maintainers that don't care about the couple hundred thousand dollars they're forgoing, and that they have at least 30 hours of their week filled with fulfilling work.
Tangentially, I match the motivations you're asking about, but not the exact implementation. I spent the early half of my 20s with a far higher income than I wanted, and definitely didn't (and don't) enjoy working 40 hours a week. Given how motivated I am by intellectual challenge, I came to the realization that it was damnably hard to find a job that would give me a suitable intellectual challenge but not require me to be full-time. I "solved" this by interleaving 2-3 years of working with 1-2 years of travel/personal development a couple of times during my 20s.
That’s probably how most people do that. I have to admit that programming less than full-time was hard for me, because I tended to go flat out. And then burn out, LOL.
Only if you're incapable of making basic inferences and uncomfortable with thinking about distributions and error bars instead of forcing everything into artificial certainty.
If, like many people, you need things shoved into an imaginary concrete, low-dimensional, binary box: "the type of person maintaining an OSS project can trivially make >$30/hr[1] on 10 hrs of contract work a week". If you still think this is too subjective to infer anything from, enjoy your onanistic "nobody can ever really know anything maaaan" perspective, but it's not really relevant to this conversation.
[1] See another comment of mine in this thread for back-of-the-envelope math
> …the only way I can foresee open source working in the way the purists want…
Well the point of open source is it works however the person opening the work wants. There’s a license compatible with every philosophy out there. Take your pick.
Open source isn’t broken because it can’t really break at all. For something to break it would have to have a concrete form to begin with.
Agreed. It's only broken if there were some ideal Utopian open source world that we were falling short of, where if only everyone can work out some issues, then that world will come into existence.
When people are growing up it's easy to get swept up in ideas like, "if only everyone saw things the way I did, everything would be perfect and so much better than it is right now".
There will always be lots of conflicting ideas about how software should be developed and distributed and so far none of them have proven so effective that all of the others have fallen by the wayside. IMO the best anyone can do is advocate for whatever makes the most sense to them, but not make the mistake of thinking that anyone has all the answers.
Even if the licenses are abused, there will still be free and open source software. It's a beautiful idea that won't die as long as there are tinkerers in the world.
> Nearly all of the early open-source software that made the internet possible was produced in universities. The only reason it was sustainable was because it was professors being paid by the university, or students doing it for free.
I'm surprised no one mentioned that there was no personal computer. Where else would you get a computer to develop free software back then?
> For me the long and short of it is: the only way I can foresee open source working in the way the purists want is if there is a universal basic income.
I suspect I'm a "purist" by your measure, and I disagree completely. University professors, students and volunteer contributors/maintainers will continue to exist going forward. Nothing has to change.
The problem is that this doesn't "scale" at the rate demanded by corporations, and corporate engineers[1]. The problem is not with FOSS - it is on the voracious consumption side. I suspect the volunteer vs corp usage will follow the Predator-Prey cycle, with volunteers being the prey. When the predator population grows too large, it will set off events that will lead to its population collapsing to a sustainable level. The onus is on startups/medium & large corps to help scale FOSS - not UBI or the like where the corps continue to freeride (which is fine, to a point)
1. Disclosure: I'm also one, in addition to being a volunteer contributor. I volunteer as a way to give back to an amazing project, and I earn a salary that meets all my needs.
In my opinion, corporations and govt entities should switch to a model in which they don't purchase software but instead have internal staff work on the FOSS that's used in the group.
This could help the FOSS ecosystem while removing the profit incentives that people have to make shitty pointless web apps. Although I'm sure some shitty pointless web apps will still get made, I think this could shift the dynamic of the software production ecosystem for the better.
> Nearly all of the early open-source software that made the internet possible was produced in universities.
Well... BSD unix was. Unix itself was Bell Labs, the original TCP/IP spec was done by DARPA contractors (mostly BBN). HTTP was CERN but the breakthrough "browser" product was venture funded. GNU was a private organization, though RMS's office was provided by MIT for years and years. Linux obviously was an established community effort long before anyone with deep pockets showed up. Post-90's "corporate" open source has emerged basically everywhere, with Google and Intel being big early players (Facebook and Microsoft have been late to the game but done very well for themselves too).
I think if anything what this proves is that "Open Source" is going to pop up basically anywhere it's allowed to, and that any pronouncements about where it "really" came from are probably not informative.
UNIX was only free beer because AT&T wasn't allowed to sell it initially, the lawsuit against BSD and forbidding the Lion's commentary came rather fast as soon as they were allowed to take commercial advantage of their research work.
Sure sure, but my point was really that all nitpicking aside, Open Source is everywhere. Given the opportunity, engineers everywhere will share their work with others and build on that shared work to do more stuff, then share it.
An argument from a frame of "Open Source only succeeded because ..." just seems obviously wrong to me. If not ITS then Unix. If not BSD then Linux. If not Mosaic then Chrome. If not gcc then clang. On and on. Opportunities for success are everywhere, nowhere is a critical path. Take any hero out of equation and there's someone else standing behind her to repeat the work.
Linux only evolved beyond a hobby project, because IBM, Oracle, Compaq, Sun decided to cut down costs on their own UNIX (thus we are back again into corporations and their relation with FOSS), and yet many still have to reverse engineer hardware capabilities despite the big names involved in it.
clang is the more recent example, it is becoming visible how it is lagging behind other compilers in C++20 support, not everything is landing upstream as it used to.
Again, though, Linux needing that stuff[1] doesn't explain why BSD happened, which needed different stuff. clang needed other stuff still. But... they all got their stuff!
It's a Jurassic Park point, really: life will find a way. Free software beat the world already, and it really strains logic to argue that that only happened because of a giant phonebook filled with special advantages for every individual piece. The much simpler theory is that it was clearly going to happen regardless.
[1] In fact that's really not the way it happened anyway. Linux on whitebox PCs was dominant in the early internet world for pure cost reasons, long before any corporate names got behind it, and that leveraged it into datacenter environments where it became clear people were willing to pay real money. Red Hat's IPO was well in the past and Google had launched on custom Linux motherboards long, long before Oracle or IBM got serious about the OS.
Dominat where? We were all using Solaris, HP-UX and Aix boxes when real money was at play.
In fact, after university during the 1990's (where we initially were on DG/UX), it was only in 2003 that I first used GNU/Linux in production as CERN was moving away from Solaris into Linux and the first alpha releases of Scientific Linux started to become available on the institut.
And even there, most researchers were moving into Windows or OS X on their local workstations.
All of the commercial Unix vendors had as their fundamental technical goal user lock-in, while Linus had technical goal of performance + stability and maybe popularity.
For some types of software, we really do not want students doing it, for free or otherwise. There are whole classes of software, like database engines, that are non-obvious and require many years of real-world domain experience before it is plausible that someone will design a competent, scalable architecture and implementation. If open source is going to run critical infrastructure, we don't want naive and inefficient software design but that is frequently what we get; this isn't a criticism of the people that create many of these projects, more the process in practice and our expectations of it.
UBI is not a solution because it would, at best, pay poverty wages. People with the skills to be effective core contributors also have the skills to be paid much, much more for their time. Few people, and definitely not enough, are going to sacrifice the living standards of themselves or their family for some ideal of OSS.
There are strong adverse incentives that make it improbable that the people designing and building OSS are who we as users of OSS would want to be in that role in an ideal world. This has been getting worse with time. The risk for OSS is that those adverse incentives are never addressed.
> For some types of software, we really do not want students doing it, for free or otherwise. There are whole classes of software, like database engines, that are non-obvious and require many years of real-world domain experience before it is plausible that someone will design a competent, scalable architecture and implementation.
Of course as with all things the situation is more nuanced than this. Since you mention database engines we should keep in mind that without Stonebraker and 39 of his students[1] there would be no Postgres. Yet without incentives and many years of contributions from professionals (and students who would become professionals) we would not have PostgreSQL. A healthy system has a place for contributors of all levels of experience.
Database development has changed quite a lot since then. When I first started working on databases in the 1990s, two things were true that made it much easier for relatively inexperienced developers (like myself at the time) to produce a reasonably good result. First, the state-of-the-art implementations at the time were incredibly well-documented in an accessible way and the academic literature also reflected those designs. Second, the implementations were relatively simple and straightforward; you did not need esoteric systems knowledge and design theory to write code that was competitive with other implementations. The most complicated thing you had to worry about was lock structures and concurrency control. Not only were there relatively simple examples to copy and study, the gap between those examples and the state-of-the-art was pretty small.
Neither of these is true today. The design of state-of-the-art implementations are often poorly documented; the computer science has evolved radically since the 1990s with significant gaps in the literature; competitive implementations require real expertise in silicon architecture and Linux kernel internals, you can't just write something obvious in C and expect a good result. And that's without even getting into difficult topics like distributed execution, parallel orchestration, scheduler design, etc that we didn't have to worry about back then.
I'm not sure I'd be able to bootstrap the necessary expertise to build database engines today like I did back then.
* First, state-of-the-art was accessible and well-documented with designs reflected in academic literature.
* Second, implementations were relatively simple and straightforward.
* Neither of these is true today.
Again the situation is more nuanced than this. Before the web systems were expensive, resources were scarce and connections to research were critical. Now anyone with time and a laptop can watch youtube lectures, read recent research, clone a repo and join the party. Different things are hard now. Such is the way of competition. Hardware and economic trends move the state-of-the-art quickly. Ideas offering competitive advantage are rarely documented to the degree one may like. But they do find their way to entrepreneurial practitioners and students. Their time, energy, attention and motivation builds new and better systems and we should welcome their efforts when they advance open-source projects.
> I'm not sure I'd be able to bootstrap the necessary expertise to build database engines today like I did back then.
Far more private money went into open source than the military put it via professors. Almost of the big successful projects would be viable without significant private investment into them.
You're simply wrong in a way I can't succinctly summarize historically; you really have to get to know the spirit of the people who made this stuff. But FOSS is the difference between the VERY free and open (at least optionally, if not in practice, but like, basically anyone can put up a website and do anything on it) internet we have vs. what would have happened, which probably would have been slight incremental improvements in phone and TV. More" on demand," but damn sure no Youtube.
Having worked with people in industry who understand the point and value of giving back this is a little naive I would argue.
A fraction of some talented persons time from say HP is probably worth 100x first year developers who aren't paid to understand the tools the company is using.
To turn your argument on its head how much would every company have to invest to build a modern website from complete scratch in isolation? Then think why do that when you can effectively spread the cost?
Both approaches have ups and downs but I'm not sure the "someone always picks up the cost" isn't anything other than a statement of realism. It is a good reason to explain why nobody just works on a project in their basement for free and do nothing else, but doesn't role out being able to do this if responsible companies pick up a fraction of the tab they should be paying via donations.
As others have said a huge amount of the value comes from support, community and the contributions from many people, be they working on the same tools for a product they sell, to make a product or service they plan to sell or to scratch that itch on that project in their spare time they're playing with.
I dont understand how exactly is open source supposed to be broken. It is accepted and respected these days. There is tons of it too.
If does not produces flawless miracles, but commercial software is not flawless either. The log4j bug has impact it has literally because open source was successful.
OSS or Free software is not broken. To claim that it's broken, there must be some outspoken intent that has been violated. For example that said software should be used by big mega corps for free and that there should never be any bugs in it. That is not the case, thus it's not broken. Most free software is made to scratch an itch. Some projects grow big and serious. Some is abandoned when the original author grows tired of it. A responsible organization would be expected to take the support responsibility for any free software that it uses as none is included in the price ($0). Or pay another company to offer that support if the task is too big. If you don't agree to these terms, refrain from using such software in your product.
Can’t speak for the GP, but from my perspective: misaligned incentives (financial and technical), poor documentation, buggy important edge cases, toxic attitudes, egos, and so on. In short: it’s broken the same way any other development is, except it also includes the extreme end of economic exploitation.
I (obviously) can't speak for everyone, but in my own case "toxic attitudes" tend to be a symptom of abuse at the hands of a variety of far more "actually toxic" people. People who wrongfully expect people like me to be their free whipping-boy and tech-support "guru" despite them being a total stranger who's never done anything to benefit me. Then when I refuse to help an abusive and entitled piece of shit, I'm labeled as "toxic" and "gate-keeping" and any number of other (often outright hateful) things that I've never been, but am learning to be because I'm sick to death of unjustified and unjustifiable abuse. Want "toxic"? Keep abusing people who are literally only trying to do and share a little good in the world (for themselves, and others). See how things go when there's nobody left on the planet who even wants to do good anymore, because it's literally more trouble than it's worth to do anything positive or beneficial in this life. People love to bandy that "toxic" label around when speaking of the Linux community, but almost nobody ever considers that toxicity (in the rare cases that it's even actually real, and not totally made up in some Win-Troll's head) might have some actual cause behind it, such as y'know… bein' sick and tired of abuse at the hands of actually and truly toxic people.
That all sounds like project specific issues. A lot of FOSS projects are exceptionally well documented. The same with the attitude, some are wrose, some better. It doesn't seem like this is specific to FOSS licensing.
I work with a company that contributes to some open source but most of the code is closed-source.
I feel that the reason many enterprises pay for the software is that when there's an exotic bug that only happens with LDAP with a certain cypher being used, they know it will get fixed (because it's funded by support/maintenance fees).
While there may be exceptions, I just don't see OSS contributors going out of their way to fix such edge cases.
So perhaps the solution for some open source project issues might be to not-opensource it.
Point of FOSS is that you can fix exotic issues yourself, at your timeline and perhaps share your fixes with the original project, if you also want other people to distrute the fix for you via some standard Linux distro.
That's the main freedom you get from FOSS. FOSS != free support. It's empowering.
I just feel like we can do something better than a this model. If there’s UBI than the next steps is also owning the production. That is a slippery slope. Consolidated power is not very Open Source.
But each according to their needs in the end devolves into each according to their abilities. There was never a need for computers, there was never a need for the internet. I would say that it is tough to say whether there is any need for a person to live. On the other hand if you let people define their own needs, you end up with the scenario where one needs 1 billion dollars.
That citation appears as irrelevant completely to the topic.
If you want more relevant citation then this: "A journey of a thousand miles begins with a single step" (C) Lao Tzu
For that matter I would say that first major step to real FOSS was made in 1917. But it was too early and shouldn't that brutally enforced. Evolution is the only reasonable way to get anywhere in such complex systems.
Relevant fact: all hardware and software in USSR was Open Source. Any non-trivial product must be and was accompanied by full schematics. Software sources must be printed out, etc. By law.
"That citation appears as irrelevant completely to the topic."
The point was, that marxism as a theory is only a plan - and that plan did not really worked out in reality so far.
And if you want to paint the USSR in a golden FOSS picture, well I would suggest talking with people who actually lived there and were not in a privileged party position. And it would be news to me, that the USSR published their tank, aircraft or rockets schematics.
"Marx specifically avoided any such planning and explained why."
Where did he say so?
Because marxism as I know it, surely is and has a plan. A plan to completely reshape society and economy. Dictatorship of the proletariat ... until the state of real communism is achieved.
Can it be, you only heard of the capital, but not the communist Manifest?
Marx did use the phrase commonly translated "dictatorship of the proletariat." But he certainly did not publish a plan for how to achieve it.
He did the exact opposite, he explained why he thought such a plan should not be published.
> Can it be, you only heard of the capital, but not the communist Manifest?
The Communist Manifesto -- which is a statement of the Communist Party rather than Marx, though he wrote it -- includes a political platform, but read the platform and you see, it is mostly just social democratic reforms. At most, it approaches "revolutionary reform" (i.e., reforms meant to make revolution possible). It certainly isn't a description of the "dictatorship of the proletariat." You won't ever find that and cite it.
It feels like we moved from a world where open source software was develop by a community, to one where most of us are just consumers of the code. I don't know if where actually more contributors 20 years ago, relatively speaking, but much of the code was also less complex.
Open source is still remarkably successful and the only reason why the whole Log4J RCE is such a big deal, is because the library is hugely successful. The failing isn't in the work of the author(s), but those of us who been consuming the code. We don't need to fund the main developers, what we need is for the project, and projects like it, to be true communities. That mean that all the companies who have been relying on open source need to allocate time to community work.
We pay for open source software by helping build it and that goes beyond creating an issue on Github or complaining about missing features and poor documentation. We all part of the open source community, but we seem to have forgotten how it works. Now we believe that we can throw money at the problem, but that still leaves a single developer with the responsibility for a massive code base. OpenBSD was right: "Show us the code or shut up".
> It feels like we moved from a world where open source software was develop by a community, to one where most of us are just consumers of the code.
Are you sure that's even a contradiction? I mean, if you start with a developer community, and add a lot of people who simply had not been exposed to / using the software, you get to the situation of "most of us being just consumers of the code".
Now, you could argue that communities have been fraying/weakening over the past few decades, but that would be almost an orthogonal argument.
> That mean that all the companies who have been relying on open source need to allocate time to community work.
We need to funnel some social resources into building and maintaining such communities. If companies were to do that, then great, or rather, not great but sort-of-ok. The thing is, they aren't doing it, as they are fundamentally motivated not to: It hurts their profitability (except perhaps for vague extra-long-term concerns). So, it's not useful to say that "companies should do it".
> So, it's not useful to say that "companies should do it".
Valid point, but so far NO useful solutions have appeared. I don't need log4j, my employer does. So why should I pay the developers? Because that's the only other solution I've seen presented.
I didn't get that the original article was bashing the concept of open source; more like it was bashing the "on the ground reality" of today's open source.
I think that there's a great deal of "brokenness" in the way that the software development community works, in general. Because OS is so ubiquitous, and because, as the author mentions, so many people make money on it, we think of OS as the problem.
I think the general quality level of software is catastrophically bad, in many instances. This is because people rush to do "big things," and they aren't actually ready to manage these "big things."
One example is overengineered design. This is something that we're all guilty of. Indeed, today, I am in the process of completely rewriting a view controller that I designed, that has that whole "Lucy and the Chocolate Factory"[0] thing going for it. The only solution was to take off, and nuke it from orbit.
When I create an overengineered design, it becomes brittle, and difficult to maintain or extend. What triggered my rewriting this, was because I needed to modify the way that the layout was done, and found it to be a complete bitch to figure out.
Fortunately, I am very experienced, and also wrote the original (messy) code. It would be another matter, entirely, if it was a "black box" dependency. I probably would have avoided modifying the layout, which would have resulted in a much lower quality of UX for my app.
I recently looked into open sourcing Homechart (https://homechart.app). It's free to use already (for self hosting), but some users wanted it to be open source (almost entirely for auditing purposes, but I doubt they'd even read the code). I don't want anyone using it for commercial purposes, and I found a few licenses that would prevent this-- namely Commons Clause, but at the end of the day I didn't see a benefit to having it OSS aside from appeasing some OSS purists. The app is already free, and I don't need the added burden of responding to issues and pull requests (and supporting the code they add).
EDIT: I also don't want folks redistributing custom builds or effectively reselling it somehow. I'm a solo dev, I don't have the resources to litigate and enforce any kind of restrictive license.
> I don't need the added burden of responding to issues and pull requests
You don't have to. open sourcing does not mean putting it on Github with an open bug tracker, you could simply offer tarball downloads, mention you don't support it, and ignore any email about it.
This is actually how Apple does some of their open-source projects.
For example, the XNU kernel at the heart of macOS is open source, along with some of its kernel extensions. Apple isn’t interested in having other people work on it though or having their commit history unveil vulnerabilities, so they just squash all the commits into one and release the tarball for every new macOS version.
You can always clone the repo, change the git remote to a newly created one and upload there. You get a perfect copy, just that it isn't recognized as a fork, thus you can't make pull requests (you can still merge changes via the Git cli as always)
Yeah I think the developer of the Apollo Reddit app open sourced the app in the beginning so people could audit it and it led to some people immediately cloning it and trying to sell it for money.
So firstly, the people asking you to open source so they can "Audit" are dumb. Your app is android, android is EXTREMELY easy to audit and decompile. Especially with no obfuscation during compiletime. Things like Android and .Net you can almost literally dump the sourcecode for the app automatically, to the point is basically compiles out of the box. Especially .Net.
What I would recommend if you release an executable using native code. You should look into distributing debugging symbols. The private symbols contain function names, sometimes variable names, and all library calls, but not the source code. This means auditing is extremely easy, but stealing it is a bit hard. It also lets them run your stuff under a debugger extremely easy or make patches through instrumentation.
> I don't need the added burden of responding to issues and pull requests (and supporting the code they add).
I just state clearly in README that certain projects of mine are open source but not open contribution. This way people can follow development and modify things to their liking if they want to, but I don’t need to hear from them.
Of course don’t do it if you don’t want to see others repackage your stuff.
On Android, the potential downside (companies stealing your app under alternate names, bundling adware/malware, and even issuing fraudulent takedowns) outweigh the upsides.
Consider allowing some trusted users in your community audit/demo access? The developer of the AetherSX2 emulator for Android worked with the PCSX2 team (Open Source parent software) and YouTubers/other established media in the emulation community to verify their claimed improvements and reputation. https://pcsx2.net/301-aethersx2-pcsx2-mobile.html
Somewhat of a hot take here, but why is this even a problem? Why would shitty clones with malware existing somehow damage the original app? Every open source app on Android has these problems, but they don't seem to affect the app's existance or reputation. And in the case of AetherSX2, the benefits of a transparent, community-driven mobile emulator certainly outweight any risks it may have.
The point is not to prevent these things from happening, the point is to have enough people sbowing support and contributions for your software that the clones with malware become something just not worth it to even care about.
> Why would shitty clones with malware existing somehow damage the original app?
Best case, you get angry emails. Hell, Daniel Stenberg of curl fame got “I will slaughter you” because someone bundled libcurl and included a copyright notice.[1]
Worst case, certain scammers are very good at pretending to the the real thing.
That seems like a good compromise. I thought about looking for third party attestation services, but it would be a point in time snapshot and probably prohibitively expensive.
At the end of the day, the code is written in Go (highly reduced attack surface), doesn't need to be exposed to the internet (works fine locally or over a VPN), and functions perfectly fine with outbound internet access blocked (no phoning home or tracking). I built it the way I want self hosted software to work.
> On Android, the potential downside (companies stealing your app under alternate names, bundling adware/malware, and even issuing fraudulent takedowns) outweigh the upsides.
I don't have/use Android, so no dog in this fight, but I can say these things happen in pretty much every other non-niche platform: iOS, Windows, Mac. I've even had people cloning a VS Code extension I did.
When you say "Audit" do you mean in terms of security?
I was a penetration tester for a while and it was quite common for my clients to have customers who requested a security audit of their product. We would conduct the assessment and provide them with a letter that basically says we did an audit and we found x number of crit/high/med/low issues and then did a retest to verify that client fixed x number of crit/high/med/low issues. Might be worth a shot!
There are always going to be some people asking for more. Your app is not open-source and you already have that. Don't open-source it if you don't want to, or don't allow issues/requests for the open-source version if you don't want to.
Understand that some people will avoid your app and look for something that is open-source, for various reasons. So they can be confident they'll never have to pay, so they can theoretically fix bugs and port to newer platforms if they need to, so they can be confident there is no underhanded reporting or remote-control in the software, whatever. When looking for something, I value and prefer open-source alternatives, myself.
But that's not everyone, and that's fine. You don't have to open-source your app.
How would you feel about an "open source contingency", i.e. this will never be abandoned, it will be open sourced instead etc? I think I could add it to the ToS, but it would be nice to have some kind of trust/foundation or something setup as "proof" etc.
Sure, but then I can't prevent forks or folks distributing custom builds unless I start doing DRM notices and litigation. It's infinitely easier to keep it closed source.
Legally you can, and practically do you really think people can't reverse engineer your stuff if they want? Alternatively: it sounded like you just didn't want to support it or deal with pull requests; do you care about unofficial unsupported builds?
Edit: And yes, just distributing binaries and not worrying is the least work; I just wanted to point out that you can have it both ways if you ignore "Open Source".
Sure, up until the point where you run into people in countries like China ripping off your products and get stonewalled in any attempts at IP enforcement. Alternatively, are you sure that you can really afford the legal expenses of pursuing such enforcement?
I've seen enough stories of indie game developers having their games be stolen an re-uploaded under a different name to know that this is a problem that shouldn't be overlooked, though obviously it's worse in some industries than others.
> ...and practically do you really think people can't reverse engineer your stuff if they want?
No, most people cannot, and that's the extent to which it remains a good point.
You don't lock your door because you're worried about the one person who knows how to pick it out of a thousand, you lock your door to deter the rest 999 people who would go through it if it were not locked.
People talk a lot about obscurity not being security and so on, but to a certain degree it is, just like how changing your SSH port will prevent a number of automated attacks, even if port scanning is trivial otherwise.
Okay, so it's not "I didn't see a benefit to having it OSS aside from appeasing some OSS purists. The app is already free, and I don't need the added burden of responding to issues and pull requests (and supporting the code they add)." It's "I don't want to open source it at all". Which is fine, just say that instead of bringing up support burden.
It seems like both sides of this supposed debate are saying precisely the same thing, with one side ("how dare we suggest anything is wrong wth open source") taking umbrage for no apparent reason. The premise of "both" arguments is that open source maintainers are being exploited.
I don't think anyone is being exploited. The work you do for free, and publish online with a permissive license, was meant to be "exploited" by anyone, that's what OSS means. Everyone knows that. We still spend time doing it because of, as the author of the blog post correctly mentions, several different, personal reasons.
I publish all my hobby projects on GitHub. I have zero expectation to ever get paid for it, even though I know some big companies have used libraries I've written. I am not sure I even want to get paid, as that would increase my accountability a lot!
Do I feel exploited?? Not at all. No one asked me to do it. I do it because I like contributing my knowledge and I hope it will benefit someone doing good work some time... even if most beneficiaries are indeed greed, for-profit organizations. I also use heaps of "free" products by these same greedy companies... my website is hosted entirely free (with HTTPS and everything) by Netlify... I also have several project websites on GitHub Pages (free), run my CI on GitHub , TravisCI and, AppVeyor and CircleCI (all completely free), write some code on IntelliJ (Jetbrains), emacs (ok, this one is not from big co.) and VSCode (big bad MSFT) which are all totally free to use.
My browser is also completely free, thanks to Mozilla!
Sure, they use lots and lots of OSS, but without those, these products might never have existed as the cost to create them from scratch or by paying every single OSS library for use would have been prohibitive.
There aren't merely two sides of a "supposed" debate. There are at least two sides of a bona fide debate. And you could not possibly have missed one of the sides because its argument was copy-pasted dozens of times on the other post.
The dozens of copy-pasted comments left by mbrodersen on the other post can only be interpreted to be against the claim that companies are exploiting open source maintainers here. Under this argument that was copy-pasted dozens of times, companies paying exactly $0 for software set at $0 are behaving in a natural and predictable manner within "the marketplace." It's an unambiguous argument. It's impossible to miss because it was copy-pasted dozens of times.
Now, I didn't notice the dozens of copy-pasted mbroderson comments being flagged or downvoted. Nor did I notice dang explaining to mbroderson that copy-pasting a low-effort "market mechanics" retort throughout a long thread is against the rules of HN.
And now that argument-- which again, was copy-pasted dozens of times on the other thread-- is in the ether. You cannot merely ignore it and claim that "both sides" are somehow saying the same thing. One side clearly isn't, at least a dozen times, copy-pasted.
So I'm curious what you think about the claim that nobody is exploiting anybody here, because if open source devs want greater than $0 from companies that use their software they should charge greater than $0 to companies that use their software.
I think I stated the claim correctly-- if not perhaps mbroderson can copy-paste the argument here.
Except they're mostly not. While it's not hard to find exceptions most of the maintainers and other coder associated with major open source projects are being paid by companies to do so.
This really depends on the project. Many people just do it in their spare time and have a normal software engineer or similar role working on proprietary software using open source. Some are still at university and studying. Some are contracting and probably also get some new customers thorough their open source work.
I do not have real data, but I assume that more than 50% of the effort invested in open source is not directly paid by a company. For the Linux kernel 20% to 30% of the commits come from people doing it as a hobby, the Linux kernel is supported very well by big cooperations.
I assume that projects like Kubernetes and OpenStack are similar.
Obviously many smaller projects are largely developed by people on their own time. I expect this also applies languages and things like that which aren't largely corporate efforts like Go and Rust are.
Majority of people responding to FOSS studies is paid by companies. It is biased toward Linux related open source projects a bit.
The thing is, while there are maintenaners of important projects working for free, the idea that most of major open source development is for free is mostly mythology. Large projects are backed by companies.
> The premise of "both" arguments is that open source maintainers are being exploited.
A lot of the business models that are exploiting OSS and OSS maintainers are very much parasitic. I think industry needs to be reminded that the first rule of being a parasite is "don't kill the host." That is what is happening as companies monetize open source and then don't support the team creating and maintaining the software they are exploiting.
I don't feel particularly exploited - but then my OS library is not particularly popular (or widely used). I suppose if the library did become popular and some $MegaCorp built a cash printing product on top of it I could add some code to the library to print disparaging remarks about $MegaCorp practices in the CLI (or whatever).
Then again, I also give my poetry and my (2 completed) novels away for free. I'm not the greatest Poster Child for the Capitalist cause.
Oh my goodness.. if open source had not existed in the world, the world must
not be as good as today. The world w/o OSS must fall behind the world w/ OSS.
If open source is broken, it must be repaired.
I have contributed to OSS for over 2 years and it makes me feel fun and feel a
sense of achievement. And I feel so grateful towards who had contributed to
open source and had cultivated open source culture. I received help a lot from
OSS and lots of open knowledge from the internet. And now I want to give it
back to open source culture and I think I am making the world better a little
bit.
Did this guy really just write a rebuttal to an article that he didn't bother to read well enough to understand?
They are literally arguing the same things. The article he is arguing against is not trying to shit on open source. It's trying to explain how insane it is that so much open source development is so critical but so massively underfunded.
The original article isn't saying that the idea of open source is fundamentally broken. It's the consumers of open source software whose morals are fundamentally broken.
Please, for the love of all that is holy, just spend like 5 extra minutes reading what you are arguing against next time. This is so embarrassing that I'm feeling the second-hand embarrassment.
Open source is most certainly broken, and not just due to the various financial, freedom and security issues these two articles focus on. My biggest peeve: documentation is often minimal (e.g. API docs only) or filled with useless toy examples that are effectively just rephrasing of API docs.
The entire underpinning of free and open source software is silly: software in this context isn't an academic pursuit producing knowledge that should be freely shared to our collective advancement as a civilization. It's a hammer, a wrench, a table: in short, a product. That fundamental category error made by our community is the source of all the problems with F/OSS, financial and otherwise.
You know, one of those terrible aspects of open source is that if you see a lack of documentation, you can just contribute it yourself. Good luck contributing new docs to literally any proprietary product.
This implies that the issue is due to being open source. The majority of closed source software, especially in house software, has minimal or nonexistent documentation. If there is any, it was likely done once at the start of the project and never updated since.
I've been a consultant for over 10 years. I always make sure to ask for access to any documentation for systems I'll be working on. I think I've gotten significant (out of date) documentation maybe once. This isn't an issue stemming from being open source.
I agree with what you say, but FYI docs is one of the easiest yet most valuable thing a person can contribute. As a maintainer, I wish I had more feedback and contributions to the docs!
As someone who wrote large parts of the docs for a project: The reason that I imagine few people do it is because if you get involved with the documentation, you will be on the hook for tracking the library closely and keeping the documentation up to date; there will be an implicit, external pressure that the documentation continues working.
That becomes a lot of work very quickly, so I tend to only get involved in libraries that will quickly hit some kind of stable maintenance mode or in which I have personal stake and thus just need to polish up my own notes for how to get off the ground.
You're describing two legitimate worlds, the Ivory Tower and the Marketplace, let's call them for short, but I don't think the error is conflating them. I think the error(s) arise in the intersection between the two realms. The Internet was a-commercial or even anti-commercial at first (having gestated in the Ivory Tower) and retrofitting it for commerce and industry has been, um, a wild ride. Kind of a gold rush.
Copying and running code is (effectively) free, developing, maintaining, and auditing code is still expensive. Folks who want to use software without paying the costs get what they pay for, eh?
I feel that if there's anything the community is doing wrong, it's in the emphasis on new and shiny rather than mature and stable. I feel we should be entering a "contractile" stage of (global IT) development, with consolidation and convergence of software and hardware replacing the wild burgeoning and rampant growth of complexity.
"Like, complexity is an existential threat, man..."
Why on earth would I labor for free on someone’s vanity project, no matter what utility it provides otherwise? And why would a company pay a person who has already shown he or she does not value their own labor in that way?
You want good documentation from an (ostensibly hypothetical) piece of open source software that you use. But you will neither pay for nor contribute better documentation.
You see where the problem is, right? I'll give you a hint, it's not the developer...
No, it absolutely is the fault of the developer, both for poor practice of the craft and for contributing to a toxic, exploitative labor environment by giving away his work for free.
Is someone release code because he liked to code but don't write any docs because that's boring, that's perfectly fine. No abuse there.
The abuse is when you requests docs for free.
The legal and fiance constructs of many open source projects are pretty badly organized. This makes it hard for accounts at big cooperation to handle them. Many open source projects are also pretty bad at marketing to non developers and do not have an aggressive founding campaign.
Some “social” organizations are much better at this and have very good people taking care of marketing and accounting to people who control money.
Most members of open source projects just want to code and not take care of tax exception for donations and filing out the correct tax forms in time.
Re the author of "open source is broken": The irony of bashing open source on a websiate using systems/code/infra containing thousands of open source lines of code which I am sure he hasn't paid for... has probably escaped his attention.
Honestly, I am not sure why there is an argument anymore. Let people write or use free or proprietary software as they see fit. You all know the pros, you all know the cons, make a decision and god's speed, live your life. I side with the free software. You do you.
As the author of that article, I am starting to prefer they/them pronouns. It would be nice if you could update your comment to refer to me correctly, however this is not a demand.
There is a lot more happening behind the scenes than you know of, I make a tiny fraction of my donations public knowledge.
Edit: another person pointed out that the actual comment sounds like an ad hominem, which i do not condone. However, some of the phrasing made me think, hence the question (more clarification below).
> The irony of bashing open source on a website using systems/code/infra containing thousands of open source lines of code which I am sure they haven't paid for... has probably escaped their attention.
Hey, what are your thoughts on the OP's argument, though?
Personally, i use a lot of open source software and i definitely won't pay for most of it, many people out there won't pay for any of it. I don't find that ironic, i find it sad. There is no obligation or anything to encourage anyone to donate to the authors, most people don't care.
If i went to work on Monday and suggested that we as a company throw money at open source, i'd probably be looked at funny. In the company, near the holidays we have an initiative where employees vote for charities and each vote gets 100 EUR donated towards them... but curiously, no one even considers something like that for open source projects, despite there being hundreds if not thousands of those in their dependencies.
I think it's probably a cultural issue to some degree, simple psychology otherwise.
> Hey, what are your thoughts on the OP's argument, though?
An ad-hom insult doesn't make an argument. OP isn't bashing open source, OP is bashing for-profit companies using it without contributing as an overall system, and OP's website isn't a for-profit company, so even the "OP is a dumb hypocrite" isn't only an insult, it's also wrong.
> "There is no obligation or anything to encourage anyone to donate to the authors, most people don't care."
My long term simple answer to American's "tipping problem"[1] is that if you want money, charge money. This emotional manipulation guilt tripping "you don't have to pay, it's free" "my children, think of my dying starving family, I need money" "oh but it's free honestly I do it to contribute to others" "but listen to the crying of my wife as she scrapes together the last of our posessions to take to the pawn shop" "no really, I encourage everyone to make and use free software (but you should FEEL BAD if you do what I encourage)" "but it's free, check out that license" "I'm only saying I was hoping you would behave like a decent person and not take advantage of me while I lie about my motives to your face and emotionally manipulate you" "btw don't even think of holding me responsible for any problems in the code, I disclaim all responsibility to the maximum amount permitted by law and offer no support for any problems" is just not a good or honest way to go about things.
You want money, charge money. Code as an employee, be a consultant, be indipendent and sell your thing. You need money, charge money, there's multiple ways to do it, people have been doing it for years. Why aren't you able to charge money? At least partly because of all the people giving away the equivalent for free. Why would someone pay for your library when they could get a free one? If guilt tripping is the only answer, you need a better answer.
If I plant a tree for everyone to have a bit more oxygen in the atmosphee, will you pay me for the oxygen you're using from my efforts? Of course not.
[1] that's not to say I don't tip, it's to say I hate the design of the system and think it leaves the majority worse off and far more stressed, so the minority of attractive people in rich areas come out far ahead.
> no really, I encourage everyone to make and use free software (but you should FEEL BAD if you do what I encourage
100% this. I remember how open source advocates were literally pushing everyone who would listen to use and trust open source. Literally arguing by free too. Now, the people want to twist it into "and if you got convinced and use it you are asshole freeloader".
Well then, maybe it should have been private licensed software of that is what you want. Which I'd actually fine by me.
> An ad-hom insult doesn't make an argument. OP isn't bashing open source, OP is bashing for-profit companies using it without contributing as an overall system, and OP's website isn't a for-profit company, so even the "OP is a dumb hypocrite" isn't only an insult, it's also wrong.
I do agree that ad hominems are bad and that OP is maybe conflating bringing attention to problems with open source with actually being opposed to open source, which is definitely not the same thing! Lots of criticism may come from a position of wanting to improve everything. However, my more charitable interpretation of the original message would be along the lines of: "Open source seems to work, since you can post this criticism while utilizing a lot of open source technologies."
And that's why i felt like creating my response/question above (apologies if that wasn't clear enough), since i'm surprised myself that we have as much working open source software in the first place, given how underfunded and underappreciated many of the oftentimes critical projects are. :(
The bit about tipping is an interesting one - somehow many of the waiters in the USA aren't paid a living wage but instead have to rely on the patrons of the establishment to tip them. On one hand, that seems incredibly wrong to me (and unthinkable of in certain countries), however at the same time that implies that surely it's possible to somehow ingrain tipping or similar monetary actions into a culture to the point where it's not viewed as something outrageous by the denizens of said culture. How did tipping even become a thing? Why isn't tipping a thing in more industries (hopefully sans the abusive wage practices)?
Why did "npm fund" become a thing just a number of years ago but was never really successful? https://dev.to/ruyadorno/npm-6-13-0-7f3 Why do most corporations stop at extracting lists of dependencies in their projects so they don't get sued and don't have to release their codebases to the public, as opposed to actually funding the people on whose work they depend on?
> You want money, charge money. Code as an employee, be a consultant, be indipendent and sell your thing. You need money, charge money, there's multiple ways to do it, people have been doing it for years. Why aren't you able to charge money? At least partly because of all the people giving away the equivalent for free. Why would someone pay for your library when they could get a free one? If guilt tripping is the only answer, you need a better answer.
Are we incapable as humanity on a large scale to give money willingly to others, when we benefit from their work?
> If I plant a tree for everyone to have a bit more oxygen in the atmosphere, will you pay me for the oxygen you're using from my efforts? Of course not.
Why not? If i wasn't under constant stress about my financial future, scraping by to survive in an economy that doesn't feel viable long term (especially given how i receive cents on the dollar for my work in the grand scheme of things) and aggressively saving of what little i earn, while knowing that i have slim chances of ever having real estate of my own (given that currently that's only viable after decades of work, even if that), i'd be more than happy to pay someone for a tree or a well planted forest, if it'd be presented to me as something i can do easily.
If there is not a viable solution to the open source funding problem, i don't think open source has a future that's all that bright, at least outside of corporate backed projects or privileged people (e.g. those not under constant financial stress) who can afford the time and effort to put into it.
> "However, my more charitable interpretation of the original message would be along the lines of: "Open source seems to work, since you can post this criticism while utilizing a lot of open source technologies.""
The blog title is ""Open Source" is not broken" [edit I think the title changed since first reading];
> "however at the same time that implies that surely it's possible to somehow ingrain tipping or similar monetary actions into a culture to the point where it's not viewed as something outrageous by the denizens of said culture."
I don't find tipping outrageous, rather annoying in that it turns a simple transaction (food for money) into a one-way unclear social negotiation. There's no fixed amount of tip which means it varies in different places, which means it's possible to be rude without meaning to be rude - in a way that has a knock on effect on the waiter's lifestyle - and a decision weighing up how much is fair, without being so much it's uncomfortable to pay or so little it risks insult. (See also the Monty Python Life of Brian scene "won't haggle").
> "Are we incapable as humanity on a large scale to give money willingly to others, when we benefit from their work?"
Isn't that what "buying" is? A huge part of the world is devoted to this, paying money to others to benefit from their work. The question here is, if those others give their work for free, why then do they expect money and try to guilt people into giving them money, when there is a system whereby they could have asked for money in the first place?
> "Why not? If i wasn't ... X, Y, Z..."
Because if you aren't compelled to, you have plenty of other things to spend money on instead, apparently.
> "In short: It feels like open source developers should be paid, regardless of everything else. [...] i don't think open source has a future that's all that bright"
If nobody willingly wants to pay for a thing, then the author deserves to get paid for it? Why?
No, buying is a financial transaction, without which you will not acquire the goods that you're after. With open source, you'll just take the code, benefit from it (like large corpos that make millions through it), but aren't obligated to give any of that money to the authors.
While also not stealing, to me that sounds like exploitation on some level - the authors oftentimes seeing that as the status quo and being okay with it doesn't make it any less exploitative in my eyes.
> If nobody willingly wants to pay for a thing, then the author deserves to get paid for it? Why?
Because they're making the world a better place with the code that they create. If nobody wants to acknowledge that or willingly give them money for it (recognition also would be nice, but you can't eat recognition), then in my eyes the problem lies with society.
In a better society, people who do the work would be taken care of.
That's why I default to they/them unless I have some indication otherwise. One time a dude went off on me for it, and I broke his brain by suggesting pronouns in his bio would have saved him a public freakout. I always found the prescription to default to masculine terms as a default gender neutral awfully suspicious even before I knew I was nonbinary.
I usually do they/them nowadays, but habbit is hard one to break and i cant edit the comment atm. I hope the author understands that my pronouns don't bare any judgemental meaning
The author would be accused of having no standing to criticize open source if they didn't use it. There is no viable move with the mindset you display here.
I replied to the same argument in a different comment. There is literally a thousand ways to do it.
Eg
- Post on twitter/facebook
- pay for a proprietary stack
- pay for an open source stack (donate)
- print stuff and hand them out in person (half joking, but you get the point i hope)
no, the author could have used open source and then moved off for principled reasons that people weren't paying their OSS contributors, made predictions about what would come to be, and then be pot shooting at the FOSS community from a distance. Or the author could aggressively pay every single OSS contributor they are using, with receipts... Etc, etc.
No, this is a falacy. As a living being you don't really stand any chance of not participating in society in some way or another.
However the author has the following options:
- pay for proprietary stack of technology to publish their website
- pay for the open source software they are using (donate)
- not do any websites and publish their opinion on other social media or even physical print. Write a papper, print flyers
- do literally nothing
All of these are actual viable options. Not participating in society kinda isn't an option if you wanna live
Is it even possible to completely avoid open source software nowadays though? Windows itself might not be completely open source but it has a bunch of open source components and/or is based on open source components (even the TCP/IP stack has its roots on BSD :-P). Even your CPU (especially Intel with its IME using Minix) and UEFI might have some open source code.
Perhaps if you find some 20 year old PC with an obscure proprietary operating system that has its own network stack you could do it. Though that "proprietary purity" will break down as soon as you step out of that PC box and connect it to a router or whatever since chances are it will run open source software and your purely proprietary signal will be contaminated way before reaching some end user's browser :-P
You're most likely right, but my argument has been misinterpreted in a classic fashion. I never implied that they should have used open source at all. I said that they used a bunch of open source software that I doubt they had ever paid for (even donating).
Sure, you don't have the option of not using open source software for some of the cisco and arista switches and routers on nexthops over the internet, but you certainly CAN use paid-for closed-source software (from operating system up to webserver) on a server that you set up, in a colo that you pay for, to run your blog.
Would it be possible to create an insurance policy against these major FOSS vulnerabilities?
The insurance company would then require audits of your tech stack, and fund security research. This is analogous to what car insurance companies already do. And then companies who are not insured are viewed as suspect, etc etc.
There's apparently a misalignment of incentives because there's a break in the chain of responsibility. The idea here is to close that loop.
That would create an even more parasitic security industry than we already have.
As many have said that the only defense against data extraction of personal information is to not collect them. I think this collection has to become more expensive than the benefits to marketing and advertising. Insurance might help here, but I expect premiums to be high if risk is adequately and realistically assessed.
Against exploits like the log4j thing... the library is popular and was used for years. In open source and commercial software alike. I doubt any audit would have found the problem. Most probably didn't expect it in such a library in the first place and would have started review with the more arcane dependencies. The only benefit of other components is probably security through obscurity. But what would you insure against here? Against exploits in software in general? I don't think that would improve software security in the long run.
The key is establishing a market for this kind of insurance policy. That can only happen if companies are made liable. That needs to happen at some point, though it's not clear how to do it without getting unpleasant unintended side effects.
Companies already don't like to deal with this stuff right? However much liability already exists, they're already having a bad day trying to patch all this stuff. So maybe they'd want to know they'll get compensated for the resources spent on that.
Yes to everything you're saying. I'd highlight your points in a different priority order. The fact that our society lacks effective concepts for supporting and sustaining anything abundant is the KEY issue. Your "doesnt fit our existing ideas around paying for things" point.
Our whole capitalist system has no means to encourage us to leave nature alone where it happens to provide us immense value. Our system just destroys it (and eventually itself in the process). That we even allow monopolies on products that are basically just ideas is a grotesque aberration.
Although we need to fund development, a lot of it could happen without funding if we simply supported healthy natural systems and didn't have legally-supported monopolies. The challenge that open-source projects have basically amount whether the developers can live okay enough and not have to deal with competition and exploitation from large-capitalized monopolists.
Replace 'rent' with 'support. If a commercial company builds on top of software with a license that says 'use at your own risk' then the buck stops with them.
That's why companies buy libraries from other companies that are supported - as in the liability can be passed down the line.
Not really. Redhat sells support, Microsoft charges rent. This is made even more explicit with SaaS - Software as a Service. Nobody is providing service, they're simply providing access to the capabilities of the software for a fee. That's rent.
Development teams are usually classified as cost center, not any kind of customer service.
> While I believe that it is unethical for large for-profit corporations to not support FOSS projects from which they derive (extract?) immense amounts of value, it is not illegal, thanks to the system.
While I very much agree with the article on it's core topic, this is incorrect. It is not illegal thanks to the license. The FOSS world created the licenses, it is made legal by choice, it isn't due to the system. "The system" very much allows for this problem to be entirely avoided.
If you're happy making free software but you don't want anyone to profit from your work without cutting you in on the success you contribute to, consider a dual license. Maybe the free software world should consider addressing this problem in some license scheme, a couple of options being royalties paid if the software is used in profit generating endeavors, or even something more restrictive, like requiring all derivative works and works being supported by licensed software to release their source as well. Imagine if Android were licensed in this way, google would not get to marry proprietary crap to it, as just one example.
The thing is, the answers for this are all here and old. I'm just kind of waiting for people to figure it out.
If you're creating cool stuff and giving it away, great! No obligation.
If, however, you're creating a paid product or service -- there already exists a ton of law and precedent and ideas about obligations. We just need to remember these and start using them again.
These ideas and law generally point to: If you put a product out there, and make claims about what it can and cannot do (either explicitly or implicitly) then you must be held responsible for the harm if people reasonably rely on it and you screw up. That's it. That's the entirety of it.
FOSS is one of your inputs, could be seen as something like gasoline or trucks or whatever. It's your job as a company to handle those safely and make sure they don't goop out and cause harm, and if you don't get this right, you should be sued.
Edit -- and of course, sometimes the companies are too slow to make this happen and so we need regulation. We perhaps need an EPA or FDA for software.
The problem is Free as in Beer and Free as in Speech are related.
The issue is not $1 downloads so much at is the overhead, pain and issues that come along with it.
It's hard to manage and control downloads, usage, and the legal issue might be that any hint of licensing problem makes it 'no go' from a corporate perspective.
So the gap between 'Free Beer and Speech' and 50-cent Beer and Speech is enormous.
Yeah, the Blink ssh/mosh client for iOS is GPL3 but costs $19.99 in the App Store. I'm about to pay someone with a developer account a few hundred bucks just to publish a free renamed build of it to the App Store, because that's ridiculous.
People's time is valuable, especially expert developers.
The 'Code' only part of the issue with respect to input cost. Someone has to maintain that dev. account, maintain their skills, stay on top of distribution policies, probably take on some legal risk, keep the build kind of up to day.
That takes skill. We mostly want it that way so that distribution is clean and clear and reasonable for those involved.
If it's a niche product, then $20 is not going to add up to a lot of money.
If it's a professional product, then $20 is basically $0 for all intents and purposes, it's the cost of a stapler on which case cost should not be a problem.
The AppStore is generally an open market, if $20 price is too high and someone is raking in big profits, someone can publish the same thing.
In the end, what we want to achieve is a price point that matches the material value creation involved in the 'maintenance of the build and distribution aspects'.
That's actually efficient, and what we want.
There's no such thing as 'free' - it's all time and labour and there are number of issues involved.
FOSS should be considered 'volunteer labour' which makes the underlying costs more apparent, the code and licensing is a distraction from that.
That $20 doesn't go to the dev. It goes to Apple, and, in the USA, requires doxxing yourself to the vendor to get a copy of free-as-in-freedom software.
That's unacceptable and repugnant, and it doesn't have any bearing on the volunteer labor.
There is such a thing that's free: free software. It was produced with volunteer labor (but doesn't have to be - look at golang!), but the end result/product is free-as-in-freedom and free-as-in-beer.
> what we want to achieve is a price point that matches the material value creation involved in the 'maintenance of the build and distribution aspects'.
No, what I want to achieve with this free software is that anyone be able to access it without barriers whatsoever, including payment.
You're not grasping the part where there is material work and labour in most parts of the value chain including maintenance, inspection, and distribution of builds.
Only 15% of that $20 goes to Apple - while that may be a few points to high, it's not egregious.
The rest of that money goes to the person responsible for maintaining the build, which is 'work'.
"That's unacceptable and repugnant, "
This is a completely naive view, tantamount to saying 'People should work for me, for free, because I said so, and it's repugnant for them not to!'.
"what I want to achieve with this free software is that anyone be able to access it without barriers whatsoever, including payment. "
For 'source code' - this is already possible, because 'source code' can fairly easily be provided 'for free'.
But a maintained and up-to-date build, for specific platforms, with all of the unavoidable regulatory overhead - has cost.
If you want that to be 'free' - again you're expecting someone to labour for you.
There's an easy answer to this -> it's $20 on the App Store.
If you want to do free labour and make it free, you can do that.
But otherwise this 'moral indignation' and 'repugnance' at people who are unwilling to labour for you, for free, is a problem.
In general, society has problems with monetization of valuable things. It's not only the case with FOSS, it's also holds true with science and a long term not quarterly counted products development. Sadly vile entertainment and advertising is perfectly monetized.
If you choose to monetize then you probably will end up accepting liability for it as well if it goes wrong. For a lot of open source developers putting a 'use at your own risk' license on the software is easier. Let another company sell/support it if they want. Or build a company around it yourself to offer support.
I don't think that's the case at all. Most commercial software comes with a 'use at your own risk' license, or if you're really lucky, will cap liability at the amount you paid.
If you're a company buying software from a vendor for network management, security, business operations, etc.. and it goes wrong, yes they are very very liable. It's the whole reason why many companies avoid building anything on unsupported technology in the first place.
You zing, but there's a grain of truth there, isn't it?
"Free" software began when RMS wanted to fix his printer and got locked out by Xerox. "Open" software was an attempt to woo business to use free software but (arguably) threw the baby out with the bathwater by eliminating the "virality" of the GPL et. al., which was kind of the whole point (of "Free" ethos.)
The whole Free vs. Open issue is effectively moot anyway since everybody uses proprietary closed systems. Even the FOSS folks use GitHub.
"Free Software" generally refers specifically to GPL-licensed software, which one of many popular "open source" licenses. (GNU claims that their use of the word "Free" refers to freedom, not price.)
This (IMO, weird) debate seems to be around all kinds of open source projects.
I feel like we should at least reference some companies who "do FOSS right" by releasing internal projects to the ecosystem. in the data science realm, for example, I've made heavy use of Superset and Airflow from Airbnb as well as the Plotly tools (Dash, etc) and numerous others.
In many ways FOSS is thriving and on the cutting edge, and in others (especially project maintenance) it seems to be struggling.
But let's at least recognize some of the good actors in that space.
Author describes a classic tragedy of the commons situation - many reap the benefits but there's little incentive to invest in OSS.
Analysis from there is weak. The incentives I think fairly clearly lead to major underinvestment in open source relative to the ideal level because of the incentive problems Even if there is some investment and some significant success if there was investment of time and money order proportional to usage of major OSS components.
As an anecdote, all of my work on open source (and I've been working on and with open source software for the better part of 30 years) has been because I had something that needed to be done and writing, adapting, or fixing open source packages was the fastest, easiest, and cheapest way of doing that.
My employers paid me to get things done, not to write software. Writing, adapting, or fixing software is the means, not the end.
Solutions involving companies paying directly to the people whose code they use miss the point.
The reason is that software shared with the world is often shared out of passion and idealism. If only code that's useful to some companies is paid for, the world of free (as in beer or otherwise) software as we know and love is still unsustainable, and not just because fledgling projects tend to be inferior in many ways to everything that came before.
Some software is written simply for the fun of it. Future Crew were kids writing demos and putting them out (by the way, an executable for a program that's written in assembly is not so far removed from its source code; so whether they put out the source code or not is immaterial, here the point is "free as in beer"). These demos were unlikely to be directly useful to companies, but we were still amazed by them and some of us got into programming because of them. Do you want to live in a world where only people who produce software that's useful to some company can sustain themselves?
Their parents provided them with food and shelter, so they didn't have to think too hard about writing and releasing it. People in this thread claim that they don't feel exploited, probably for similar reasons. They probably have an income or enough money to make them feel comfortable giving something away. What happens when circumstances don't go your way, though? Then, while you live off your savings, see them shrink day by day, you realize that society doesn't give you the basic stuff that's needed for living, so why the hell should you give anything away? If you already gave stuff away while you were fat and healthy, and this stuff is being used profitably by others, the resentment can only grow.
No one accepts liability for software problems. Not free software developers, not Microsoft, not Google, not Oracle.
Mostly only OEMs of non-computer equipment, such as Boeing, warranty physical products that include software. For code that doesn't run in planes or cars or other machines -- there is no warranty.
I learned from the actix-web debacle that I don't want to ever do libre or open source software. If people want to complain to me about my code and call me a lousy programmer, then they have to pay me for the right.
> Then why is it that millions of FOSS developers, despite knowing that their work may be consumed by for-profit corporations for nothing in return
Well, that in itself is already some kind of return. Widespread use - even in a commercial setting - means widespread interest in your work and possibly in you. That might not directly translate into $$$ in the bank, but it is quite useful psychologically, technologically (think: issue reports and triage, testing of new functionality, input on future design) and even financially, in a roundabout way.
Still, the main reason - for many of us anyway - is that we wrote, and write, based on _need_: We needed the software, or our friends/coworkers needed it, or maybe we perceived a public need; we wanted to satisfy this need, and there you have it.
----
Nitpick:
> A world without Wikipedia.
Wikipedia could have functioned just fine on some commercial equivalent of a Wiki. Wikipedia editing does not involve working on MediaWiki source code. So, not a good example IMHO.
FOSS is the victim in a way, but that means it must defend itself. OSI needs to get off their asses and acknowledge the problem and work with the community to develop licenses that limit SaaSification and other forms of appropriation in a way that is compatible with the principles of open source and lacks the optics (FUD) problems of the GPL approach.
I’m not holding my breath since the OSI is funded almost entirely by huge companies that are quite happy with all the free labor they are exploiting. So far the OSI has plugged it’s ears and pretended everything is fine, and OSS zealots attack the character of any lowly developer who isn’t happy providing uncompensated labor to surveillance capitalist behemoths.
I don’t see FOSS surviving another generation if this doesn’t happen, or at least not in a form that isn’t weaponized to herd everyone into proprietary cloud environments.
I feel highly unsettled at work anytime anyone trys to explain how to do something, which should be a simple local command, with a multitude of tangled services, each of which I need to request access to. My manager is obviously more than happy to help, but this friction is killing my motivation and atonomy.
The fact this is how we're starting to develop software also helps me understnad why, as a user, all my shit's jenky as hell.
OSS (to me) was supposed to allow us to bridge the gap between developers and users, making code easy enough to tweak that when a problem or unwanted behaviour comes up you can just fix it yourself. But it's getting harder and harder to see this dream anymore. There are a lot of nooks and crannies in OSS though, and I know there are still plenty of places where this dream is still very much alive. It's just become less and less mainstream, sadly.
There's another option -- those seeking to SaaSify F/OSS can support/partner the software they use. Sustainable hosting isn't something that larger corporations are into, but the right companies can do it, and as companies that have this mindset/condition built in (best if in writing, of course) grow, F/OSS becomes more sustainable by default. All it takes is a reasonable % of revenue contribution to the F/OSS powering your stack. I think the range should be 20% to 50%[0], but even if it was 10%, imagine if open source projects that power even small to mid size tech companies in the world received 10% (or even 3%) of the revenue being collected?
The problem of getting the money down to F/OSS that powers inner machinery (libraries, frameworks, etc) is a bit tougher, but I think that could work out easily by doing a general % of revenue and deciding allocation. For example even if you do a 1% allocation to libraries in particular, as libraries are reused much more easily, at scale library authors will do quite well.
Maybe a license that asks for a % of revenue is an easier static goal but I'm optimistic enough to think that the partnership approach could work.
It becomes far too tempting for them to break the abstraction barrier though. Just look at the AWS offerings divergence from the originals. Some companies are big enough to fund multiple competitors at the same time, which is about the best thing I can think to do here.
I'm not sure what there is to solve. The problem of giving stuff away is obvious; it's the first thing people ask when they hear about Free Software. The free software philosophy is that people do it anyway, for reasons of their own. Of course they are taken advantage of.
I don't think there is a solution, short of radically restructuring the entire world economy. The fundamental problem is people being people.
I don't know what software will look like in a generation. I suspect it will be radically different, but that's just my guess. But I suspect open source will trundle along as the rickety, half-assed philosophy that has worked (more or less) so far.
> OSI needs to get off their asses and acknowledge the problem and work with the community to develop licenses that limit SaaSification and other forms of appropriation in a way that is compatible with the principles of open source and lacks the optics (FUD) problems of the GPL approach.
I'm confused about what you want here. The GPL does not deal with SaaSification; for that you need the AGPL. But what problem do you have with the AGPL?
AGPL doesn't prevent running unmodified software and offering it as a service by large vendors. See the controversy around SSPL and the recent ElasticSearch fork by AWS - I suggest reading Kyle Mitchell's take on this: https://writing.kemitchell.com/2021/01/20/Righteous-Expedien...
That said, I believe SSPL is an overkill, and what's needed for a less known SaaS product is a legally enforceable revenue-sharing mechanism - so it can benefit from being listed on popular platforms.
I still don't see why this means FOSS is a "victim in a way". If you don't want people to take what you put online for free, don't post it online with a notice saying "you can take this for free".
Developers perfectly understand the available licenses. And for many they just want to put software out there and don't care how it is used so they put a BSD/MIT license on it.
My philosophy (albeit it might not be shared by many) is that if you are going to do a job, either do it well and all the way through or don't do it. I see many half-assed (for the lack of a better term) open source jobs where the developers do not respond to criticism and feedback in other words than "you should be grateful we did X and Y after all", with an air of arrogance and saintliness for even doing anything. I would analogize it with me going to a charity and giving them my food leftovers and getting mad when they do not like it.
The corresponding analogy to your comment is going to the charity that gives out food and getting mad at them because you don't like the food. If you don't like it, just leave or don't go there in the first place. Certainly don't harass the volunteers.
The great thing about open source is that anyone can participate for free and for whatever reason: some for the feeling of giving back, some for creating something useful for others, some like it as challenge, some for the street cred., etc. and most people don't expect to be paid. The idea of paying for OS cannot exist in such environment until everyone is on board with that idea. If you create something and demand to be paid, someone will most definitely create something similar and release it for free.
I see two sides arguing past each other. One side says "FOSS isn't broken, because X", the other side says "FOSS IS broken, because Y!". Neither side tries to refute X or Y. We all have our personal goalposts. Why argue over a headline? Why not argue with the other side on common terms?
It's like if I say "fruitcake is terrible" and someone says "I like fruitcake, I use it as a paperweight and a doorstopper" as a rebuttal.
Developer Ecosystem wouldn’t be same without them. I truly appreciate their efforts to make amazing software in there free time and it means a lot to me.
As a developer I owe a lot to open source thats why If I can’t contribute to their software I always try to personally thank them when using their software.
I don't think OSS is broken either, but I don't get the complaint here. People and companies use things because it's advantageous to them to do so. When you release software that's free (as in beer), people and companies are going to use it for free. It doesn't matter whether it's "hypercapitalism" or not. You simply can't eschew all of the systems available for extracting value from your labor and then complain that you're unable to extract value from your labor.
In particular, this doesn't make any sense:
> While I believe that it is unethical for large for-profit corporations to not support FOSS projects from which they derive (extract?) immense amounts of value, it is not illegal, thanks to the system.
It's been made specifically, intensionally legal by the people creating it. So of course it's legal, and it's weird to say, "I went out of my way to make this free, but it's unethical for you to actually use it for free".
In capitalism, you have the right to set your own price for your labor and property, and there are lots of mechanisms for charging people for stuff. That's what all these software vendors are doing! In contrast, the MIT and Apache licenses say "I made this but do whatever you want". We choose this license when making things because we want everyone to do what they want. We can't be angry when they do.
Blaming "society" is a nothingburger. It doesn't point towards any solution. Ditto "capitalism" (although the OP doesn't go there) --- people pursue desires and respond to incentives; you can call those effects "capitalism" if you like but you'll struggle with them under any kind of economic arrangements.
My self-diagnosis as an unpaid open source maintainer (rr) is that we like to share, the marginal cost of sharing with potentially everyone is close to zero (at least early in a project), so throwing code on Github with a liberal license feels good. It also benefits the project to some extent because some improvements may come back. But then we see rr creating huge value for people, some of whom are very well paid for their work, and none of that is coming back to us, and that seems unfair even though we did technically agree to it --- sure, you don't have to give back, but it would be the nice thing to do. But in software it's very easy to extract a ton of value from dependencies without really noticing, and very hard to give back systematically. So it's the same old story --- perfectly good human instincts aren't a 100% fit for our modern environment.
What if we made it easier to identify the value we're all extracting and contribute back systematically? If we did, maybe we could build social norms around that. E.g. imagine we had tools that monitor your software development workflow, identify the tools and libraries you use, and quantify your usage via some heuristics. Then imagine you integrate something like Github Sponsors so you can allocate $X to support all your dependencies and make that happen at the press of a button. Then imagine we advocate for professional software developers to allocate 1% of their income that way, and agitate for Big Tech companies to make that a policy.
> If there was a paywall, even for $1, how many people would install a library?
I would LOVE this solution. I use open source professionally, and I continually advocate for ways to pay open source projects and developer. And if there's a way to pay extra to fund a feature, or hire a developer as a consultant, so much the better. In my experience, companies are highly willing and able to pay for software and services that accelerate the companies' goals.
If you want to pay for open source, then I can suggest Open Collective, Patreon, and GitHub Sponsors as ways that are working well IME. Or consider donating to nonprofit open source advocacy organizations including Electronic Frontier Foundation (EFF), Free Software Foundation (FSF), Apache Foundation, Linux Foundation, and similar groups.
You certainly can. You can charge for the software, and release its source under a free license. The user can choose to download the source and build it themselves, or pay for the built software (or the service).
is it not possible to have a licence that says if you want to use this code to sell a service for a profit you must contact the owner and negociate a deal? this way if you are developing in the open source bubble you get to use software for free. if you want to build a service you get to test the software for free and if your company takes off then you must pay for your foundation.
The problem is not in Open Source itself but in the environment it lives in.
So many big corporations benefit from FOSS without giving anything in return?
Well, then tax them. I mean lightly, say take .01% of the biggest 100 annual profit, then distribute part of it to the 100 more important FOSS projects and part to other FOSS projects whose developers are either unemployed or in financial difficulties, important projects with too few or no maintainers, that is, where it is necessary. It doesn't seem that hard to me, but I'm sure neither FAANG nor any other giants would take this step if it doesn't become law somehow.
To become law, however, it may need some changes in our definition of healthy capitalism, which to me is the hardest part.
Of course "open source" is not broken. It works exactly how it was intended to work and it perfectly models our economic system where a lot of people do essential work but are underpaid or not paid at all.
tl;dr: "open source" means free labor for corporations.
Its probably time for the next generation of open source licensing to make the code not usable for profit making purposes, thus ensuring open source is either funded by the companies that use it or forms its own separate community away from corporations.
“Source available” licenses that don’t allow profit do exist. See all the anti-cloud licenses that came out when AWS started selling open source databases as a service. It’s just that hardly anyone touches code licensed like that. Hell, even Linux used to have a “can’t have money change hands” clause until Linus realized that was stupid. See his debconf talk where he talks about it.
The license should require the entire system to be open source, with exceptions for secrets and small integration pieces under 1000 LOC.
If AWS wants to use it, the entirety of their platform would have to be open. Billing system, machine provisioning, networking, database failover -- everything.
They won't do it. But someone with ambition will, and they'll start to grow a platform that is less risky and increasingly more attractive. As it gains steam, it could become not only a refuge from cloud lock in, but a huge threat to existing players.
How do you practically inforce these licenses? At aquision time in a big code audit? Independent review with mandatory certificates for businesses over a certain gross profit? What are the current ways we catch lisence breach? So many questions...
I know that I hate, HATE, thinking about lisences, to the point I typically don't include one, or use some nebulous beer-ware hack. How does a new set of licenses help me?
This would be UNLICENSED or NONE then. Unlicensed software can’t be used for too many things, since it’s encumbered by copyright restrictions. (The author’s right to create copies is, in the U.S. at least, implicit, meaning that the simple act of creating a work is enough to have the “copyright” for it.)
There is The Unlicense [1] that explicitly transfers copyright to the Public Domain.
With “Copyleft” licenses the license terms automatically apply to derivative works. So if you fix a bug in some GPL licensed code, that bug fix is also licensed under the GPL terms. The “deal” is essentially “everyone benefits from everyone’s work.”
The difficult part is enforcement: How can we even know if a user has made a modification?
The older licenses assume that a user can’t really get more than personal benefit from a modification unless they “distribute” a copy of the modified software to someone else. Clearly the recipient of a copy of commercial software can look and see if any Copyleft code was included.
With the rise of software-as-a-service, however, the modified copy never leaves the user’s computers. This seems like it violates the spirit of “everyone benefits from everyone’s work”. This is one of the issues new Open Source licenses are trying to address.
How does it work now with GPL and AGPL? As I understand it muck rackers dig into distributions of software and services then report any violations they find. Then the copyright holders can choose whether or not to take them to court.
It becomes murky when you don’t actually ship software and use it as a service in the backend. GPL is from the olden days when you actually distributed your software. Now it’s only the front end and that ships as source still because wasm and the rest haven’t taken over yet.
AGPL is super scary for corporations, as it's not clear where the boundaries are and no one wants to go to court to find out. GPL is relatively straight forward: as long as you don't link to it, make sources including any changes available to your users.
AGPL is like, okay maybe everything needs to be released. And when you are also using proprietary third party software it becomes a real hairy mess.
I think GPL with it's focus on 'can't be used in commercial' is deeply limiting.
I think the 'You have to make public variations of this module but it can be used for anything and linked to closed source statically or dynamically' ... is more ideal for those kinds of things, which is kind of pragmatically the case. But still.
It would also be nice if courts could make rulings on verbiage or licences instead of waiting for trials because that legal cloud is a big overhang for the entire world.
Note to author you're arguing with a bronie, so not exactly a cognitively unbiased crowd...
But seriously, this is that businesses are broken and grab a free thing and use it. If businesses were gassing employees because they got free ammonia to clean their buildings we wouldn't be blaming the ammonia producers.
Please, stop blaming tools for the axe wielding by morons users. I'd say educate the users, but we all know thats not gonna change any time soon...
I guess I just vehemently disagree. Nearly all of the early open-source software that made the internet possible was produced in universities. The only reason it was sustainable was because it was professors being paid by the university, or students doing it for free. Implying that means it's viable for all these other projects that were created and maintained outside of a university setting is just not accurate. There's also this fallacy of: it worked this long so it will continue working forever.
For me the long and short of it is: the only way I can foresee open source working in the way the purists want is if there is a universal basic income. SOMEONE has to pay the bills, and as we've seen time and again, hoping to feed your family on donations is a fool's errand. With UBI, artists of all kinds (including developers) can pursue things that would otherwise be impossible. Without it, we're left with the constant push and pull of people either burning out maintaining stuff in their spare time, or hoping a given corporate maintainer wants the same features and functionality as the community.