> A majority of the value created by modern software ultimately comes from free and open source software.
> From this perspective most VC investments aren’t about creating value but about strip-mining FLOSS projects and communities. The scale is for extraction.
As with so many things, I find this analysis suffers for using metaphors about the physical world with software. Strip-mining is a loaded term because it uses destructive means to acquire exclusive access to physical resources, in a way which leaves literally less than there was before, and which can be literally lethal to a literal biological ecosystem and literally toxic to physically proximal human communities. "Extraction" in the literal sense of pulling something out, when dealing with physical material means that others cannot have what you've pulled out; it's gone.
A company (VC-backed or otherwise) that starts from OSS tools (operating system, languages, build tools, application frameworks, etc) to build their own offering doesn't (need to) remove that value in a way which excludes anyone else from enjoying it. To the contrary, building off the OSS ecosystem can make it healthier, if for no other reason than they are cultivating more engineers that know how to use these tools. "Extraction" is not the right metaphor.
The issue of adding proprietary features to OSS projects I think we should acknowledge as diluting value, not subtracting it. If the choice is between project development being discontinued at time T with core feature set F, vs continued through time T+K with extended feature set F + G + H where H is proprietary, but G is not, users who won't use the proprietary features may still benefit from G, and are still better off with continued development -- but we must acknowledge that it's at a slower rate than if H had not been added. Communities should evaluate whether diluted support is worthwhile, or at what point it should be considered abusive, or at least separated into distinct companion projects.
I work on one of those FLOSS projects that has several ostensibly-open-but-only-works-on-the-proprietary-instance sort of features baked into the core codebase. Some of them are dilutive, but some of them are actively subtractive, especially when they impact performance, become a blocking point during library upgrades, confuse our users, and generally make the codebase harder to reason about. This code is essentially dead code in the community offering, and we all know that dead code is not neutral, it's a liability.
Fortunately, our project is moving in the opposite direction than the one that the article describes: we have an independent steering committee & well-funded core team now, and lately have been actively trying to boot proprietary features out of the core offering. But it's a lot of work, both technically and socially, and we'd have much more time to spend on new features if it weren't for the dead weight we have to deal with.
More than one FLOSS developer has written of huge companies with thousands of programmers working for them practically crying and begging to have a feature added to software that serves only the company's interest.
Or even replying that they are busy with other things but if the company wants to pay for the change they can work on it, and company replying that that seems like "extortion", as if the developer is under moral obligation to fix Initrode's problems for free by the end of the week.
Yeah, our situation isn't quite that bad. The big company is happy to write the feature usually, but that doesn't mean the feature should be bolted into the main repo with its special dependencies dropped right into setup.py install_requires.
> "...huge companies with thousands of programmers working for them practically crying and begging to have a feature added to software..."
One clueless employee, almost certainly without the knowledge of his cow-orkers or managers let alone any kind of authorization to represent their employer when communicating externally, writes a dumb email to a FOSS project and suddenly the tech commentariat is all abuzz about "$BIGCORP (the whole thing) is 'practically crying and begging' to $FOSS_PROJECT for a feature"? Surely there must be a name for this fallacy and, if not, there should be. The organizational hivemind fallacy perhaps?
Yeah but the point is that megacorps have dedicated teams of specialists to do that kind of bullying and they do it with organizational consensus and coordination between relevant departments. No random individual engineer is ever going to be authorized to do that.
What I meant was that when an engineering group needs a fix from a FOSS developer, the natural thing to do is to bully and beg.
One reason beside bad culture is another aspect of bad culture. If they want a fix to a piece of FOSS, probably a library, they might have to beg their management for weeks or months, instead of just specifying that their project requires lib-from-overworked-dev-in-Nebraska-who-is-thinking-of-taking-up-alpaca-ranching-instead version 2.44 or later, which is what they can get if they beg, cry, and/or bully said alpaca contemplating developer.
I would be very interested in learning how to go about getting a well funded core team for an open source project (libreqos.io). We are increasingly popular, but still lack a business model. I too tend to reject most friction-creating and value-subtracting processes, but the top ramen is running low.
When you find out, please share. There's dozens of us.
I've been slow walking my FOSS releases because I have no idea how to squeeze some ramen out of it. Though my (dare I suggest) paradigm/category busting project was really hard (for me) to figure out, the end result is simplicity itself. And so therefore trivial to clone, fork, run away.
Possessing the business acumen of plankton, I've been swindled, plagiarized, and mooted a few times before. I don't need much more than ramen money. But not getting anything while others profit from my work, again, would really suck.
Happy to share, although I don't know how applicable the journey is to most.
The project started as nonprofit with both a business goal (sustain itself by selling online courses) and a philanthropic vision (essentially: increase education access by disrupting the degree market & also open sourcing the code).
A decade later, the nonprofit sold the entire online course business, its brand, and most of its staffing to a for-profit company. It kept the copyright to the open source code, and the remaining staff now use the proceeds of the deal as an endowment to pusue the original philanthropic mission, which includes being a sort of core team for that open source code.
Some details [0]. The online course business is edx.org, the buyer was 2U, the source code is Open edX [1] and the nonprofit started as edX Inc and was renamed to Axim [2] after the sale.
TL;DR: Start off as a nonprofit, build a valuable product, sell the product, and then use the money to continue the nonprofit. YMMV ;)
EDIT: Probably obvious, but I should note that this didn't all just "happen"--there were (and are) extremely passionate people on both sides of the sale and in the project's open source community who worked hard & advocated loudly for years, ensuring that both the nonprofit built a compelling product and the open source project thrived. Both of those were critical ingredients in the project getting to its current well-funded state.
I think strip mining is a good analogy. Like google has strip mined the internet and left a toxic pit behind, if companies have their way they'll do the same to any captive open source project, turing any public parts into nothing but minimum viable bait to try and get people to pay for something.
> Like google has strip mines the internet and left a toxic pit behind
Can you clarify what you mean? I think there's a sense in which sometimes people say that google ruined the internet b/c (a) their prominence and their algorithm induced the creation of awful content farms, and (b) they pulled ad revenue away from some businesses that create content leaving us with a more impoverished web experience.
If you're making a different kind of assertion, please elaborate on it.
Wrt (a), I think site owners that had useful content weren't for the most part pushed to remove it, but were often pushed to pad it to the point that it feels less valuable to users (like recipe sites where every recipe is 12 paragraphs of prose before the actual recipe, IIUC), so I think this still fits in with the "dilution" framing, rather than removing valuable material in a way that excludes others from its use.
Wrt (b) I do think that when google displays content on the search page in a way that stops most users from continuing on to the page from which the information was sourced, that does seem effectively extractive. But I think that's distinct from the OSS project-capture problem.
> if companies have their way they'll do the same to any captive open source project, turing any public parts into nothing but minimum viable bait to try and get people to pay for something.
I actually think google is a good illustration of the full spectrum of OSS projects. They're definitely "getting their way" but:
- gson, guice, protobuf, snappy, the go language are all examples of projects that are very useful and pretty separate from any revenue-generating google product
- kubernetes, istio, etc are projects that can easily be used without touching any google revenue-generating project, but if you're using some of their revenue-generating projects, you may likely want something like this. Perhaps this is OSS but writing for your paying customer-base as a target audience?
- android, chrome, tensorflow are all about building little googleverse of customers in their orbit
I'm not GP and I personally think the strip-mining analogy is bad. But attempting to steelman GP's position based on other things I've read that I've pieced together:
I think an example is LLMs like ChatGPT. Basically consider a website that has good info on it. The LLM scrapes the site and regurgitates it's content to their user, and the original site never get a visit or recognition. The end result is the death of the site (much like strip mining results in).
I don't know if "killed" is the good word, but simply block google.com in your /etc/host and you will see how broken surfing on the web now is. Google is now technically owning the internet and is clearly using this position to its advantage, not to the advantage of its users.
Google didn’t break the internet. They failed to execute on social and rewarded shitty players with traffic.
Since the 80s or earlier, companies always sought to exert control over their audience. Things like Compuserv were early entrants, followed by Prodigy and eventually AOL and Microsoft’s entry - MSN.
Google made the network aspect of the internet better and ended up being a sort of gatekeeper. Facebook reinvented AOL, and a thousand copycats did variants of the same… Discord, Instagram, Twitter, Reddit.
Social wounded the internet. If anything “killed the internet”, it was Reddit and Twitter, cancer-like services both of which metastasized to destroy small-time internet properties, only to consolidate them into poorly managed, unprofitable companies.
I think strip mining is a decent analogy as well, so long as you include the fate of the participants. Take diamond mining as an example. The miners themselves tend to be dirt poor, and searched for stuff of value on exiting the mine, yet the outcome is big money for the corp controlling the mine.
By becoming the de facto entry point into the internet, Google's existence has spawned a horde of SEO spam sites that dilute and push down real content on the internet.
> Google's existence has spawned a horde of SEO spam sites that dilute and push down real content on the internet
They don't push real content "down the internet" they push it down the google rankings.
And while Google search is not as great as it was, it remains a strong contender for the best way to find stuff on the internet.
I don't think the internet would be better off without it.
You can however make good arguments for Google News, "Instant Answers" in Search, and other products, taking (impressions) from the internet.(And Chrome, Chrome worries me.)
I disagree, the analogy is weak. Strip mining is about harvesting naturally occurring resources in the most invasive way. The internet is not a natural resource. It was created by and for humans, from zero to unfathomable scale in thirty quick years. It is a reflection of ourselves, our systems, and our social and financial incentives. Google definitely deserves some blame as they certainly have helped shape those incentives, but it's not like they came in and started dynamiting some pristine wilderness, do you remember what search was like before Google came along?
For a certain use-case, I'd say I agree. I would argue that the basic web browsing experience for the less technically minded is worse than it was in the past.
For example, I am still working with my partner to get her to recognize and ignore the top level garbage: sponsored links and obvious SEO bait* when she blasts off a "Best <kitchen widget> 2023" search.
*You know, those listicles offered up from a handful of different sites that tend to be a 'top ten' list of a selection of 15 or so different products that are mostly just 7 actual different products white labeled by some brand and sold on amazon through a referral link in the listicle.
Web is not limited like physical real estate and SEO spam does not take away some virtual land from useful content. If you think Google is useless and full of spam the best way to deal with it is to simply not use Google
Yeah, but back then we were all just cramming "Britney Spears" into our Meta Keywords tags; we weren't actually eroding the quality of our entire web properties to court a live-or-die relationship with a single traffic vendor.
The toxic pit in this case is the transformation that occurred "ecologically" to the way contributors and agents on the web interact with eachother. This was strongly affected by the major centers of gravity in the 2010s like google and facebook. Unfortunately, their stewardship was focused around leveraging centralization towards profit rather than towards making the web a better place for users. And so here we are today.
FTR, I think youtube is one (among a few) exceptions to this overall trend from google.
The way ContentID is put to use may be the best interpretation of copyright. You get to reuse someone's work and the original author gets paid. There are some false flags reported with it but it's hard to say how many are due to actual violations (when you legally license a song from me but you didn't know I illegally sampled Taylor Swift and so you go complain about YouTube when your video is demonitized). I heard the bigger issue is false DMCA takedowns by shady companies who don't participate in Content ID...
Then it's that country that starts legal pursuits against them ? The average person only has to complain to the authorities, they don't need to sue the company, don't they ?
> To the contrary, building off the OSS ecosystem can make it healthier, if for no other reason than they are cultivating more engineers that know how to use these tools. "Extraction" is not the right metaphor.
It can, but it often does the opposite. "Extraction" may not be a metaphor that's quite true to the material. But it's very true to the attitude with which many companies operate, and that's because a lot of business culture was developed in extractive contexts and then applied elsewhere.
The strip mining imagery landed for me when focusing on the trend of open source communities adjacent to cloud platforms. Citus, ElasticSearch, Kubernetes, etc all feel like corporate goliaths forked and outcompeted David. No analogy is perfect, but I can see facets of why one might liken this to strip mining.
How does David vs. Goliath apply to any of these projects?
Kubernetes was developed, paid for and released by Google and loosely inspired by Borg.
ElasticSearch meanwhile wouldn't exist without Lucene which was again paid for and released by Excite in 1999, and who were very much not a David at the time.
PostgreSQL came out of Berkeley.. is the idea that David is the PostgreSQL Global Development Group (which includes Microsoft, Google and Amazon employees)? Or maybe it's EDB (https://www.enterprisedb.com/)?
I actually like the metaphor, although I agree it's flawed.
> "Extraction" in the literal sense of pulling something out, when dealing with physical material means that others cannot have what you've pulled out; it's gone.
For instance, look at the amount of brainpower wasted on using tech to steal our attention via adtech (and its supporting industries), large companies using OSS to increase their monopolies instead of giving back, small companies trying to build nothing of immediate value, but rather blitz-scale so they can get sold at valuations not reflecting their value.
Potential value extraction of OSS really depends on the license; the (A)GPL vs. MIT-style license debate has been going for decades now. There’s a reason none of the big corporations touch anything GPL, aside from Linux distro subdivisions that are never their direct money makers. And when you compare what actually reaches consumers, like Qt vs. GTK for an ancient but ongoing example, or basically every Android distro pre installed on a consumer phone, and the various modern MIT-licensed FE tools (React, Flutter, etc.)… the apparent levels of nefariousness/data mining/anti-competitiveness/price-gouging generally seem higher for the MIT-licensed (and especially corporate-controlled) products than (A)GPL products. (Yes, there is also definitely a trade off in terms of easy UX between these!)
Often these open-source projects have their own commercial offerings to support development, e.g. Elasticstack, MongoDB. And then AWS destroys that, without offering any contributions themselves. So it's no longer commercially viable for the original organization, and development suffers.
I think open source users need to get more serious about using a more pro consumer license like the gnu gpl. If you're using less restricting licensing you're working for Amazon for free.
>A company (VC-backed or otherwise) that starts from OSS tools (operating system, languages, build tools, application frameworks, etc) to build their own offering doesn't (need to) remove that value in a way which excludes anyone else from enjoying it
They don't need to, until they realize people aren't upgrading to the added layers of offerings and then start removing that value. This is required because the base value tends to be substantial enough to swiftly encourage people to use it, and VC loves the growth this comes with.
Most company use of OSS isn't a freemium model, but instead them using it for their infrastructure in complements to their ultimate product. Think Google's use of Linux on their servers, or their use of gcc/clang to compile their search application.
Disagree on that. It is the freemium model that's used. Specifically enterprise tiers for the vast majority of OSS.
There is a crucial subsection of OSS used within companies but those often come with support contracts and branding which is what you're referring to with Google, but a far cry from "most".
No, like, how many companies are paying support contracts for Nginx, anything you npm install, anything their engineers 'brew install'. Some of these might have support contracts that you can buy, but that's not used in the vast majority of cases.
I really do think you're not seeing the forest through the trees here.
I’m launching something soon to try to reverse this and give back power to open source creators, around their earnings and, to bring a bit of order to an informal marketplace that really needs it. If you’re interested, join the wait list / launch email list and you’ll get to be among the first to use it: https://ash6wpkw.paperform.co/
Which FLOSS projects did pyTorch and Tensorflow -- the libraries behind the hottest companies today -- strip mine? Both come from venture-backed companies.
Here's my $0.02 (again. Apologies to those who've heard it already.)
First, let me proclaim by bias: I'm a Free software fanatic. I do not ever want to run software that I can't read and, if I want to, modify. I just won't do it.
Open Source doesn't make sense to me and never has, becasuse you have always been able to give away your code.
The entire point of Free software is to avoid or even prevent closed proprietary software. That's why the GPL is "viral", eh? That's the whole point. Free software started when RMS wanted to fix his printer and Xerox said, "No."
Now we have companies like John Deere that use computers to lock out their own customers from fixing their own tractors. We have car companies charging to unlock heated seats and extra acceleration. Printers that lie to you about how much ink they have left, and brick themselves if you try to use cheaper unofficial ink. Etc.
You can be in charge of your computer, or you can be a peasant in someone else's fief.
I'd say this is the critical distinction that communities focused on "open source" are missing. We've had a whole crop of developers raised to focus on "open source", thinking it implies some be-all end-all, when it was really more of a corporate marketing term that emphasizes the mechanic rather than the goal of end-user computing freedom.
Just because a piece of software has some trappings of libre software does not mean that it is a fully fledged libre software. If most of the development energy comes from a single company, then that company can change its policies overnight and introduce terrible non-libre anti-features to that "open source" code base (see: the ongoing Chromium fiasco). Or in the case of most "web" software, when the main use of that software is from load-every-time distribution via centrally-controlled HTTP(s)/DNS, most of its use is decidedly non-free.
Yes, it is certainly a step up that such projects can be used as libre software - patched to remove the anti-features, or even hard forked and rebranded if the centralized maintainer gets too heavy handed etc. And this should not be taken for granted! However, we have to stop seeing the "open source" label as a synonym for libre software where user freedoms are first and foremost, when it's more like one bullet point in a "pros" column.
(also just a nit. When you say "I do not ever want to run software that I can't read and, if I want to, modify. I just won't do it", I doubt this hardline assertion is true! Even RMS rationalizes running proprietary software as long as someone else has written it to flash and doesn't talk about it too much. I use a more strict-but-pragmatic approach based around an assumption of a Libre/Secure core and then analyzing how specific proprietary bits actually compromise my freedom)
(I'll cop to having an iPhone, but only because my sister got it as part of a package deal last time she renewed her phone contract. I only use it to communicate with her, and only because we have to coordinate closely on the care of our elderly mother. I have installed no apps, and I removed most of the ones that came with it. Other than that, yeah, I run all Libre/Open software. I rarely actually read it, of course, but in theory I could.)
(⌐■-■) (Sardonic-"I'm so cool" self-deprecatory shades.)
Got you! No seriously, I wasn't trying to call you out as some sort of purity inquisition. Rather my point is this binary "only Libre software" is the wrong way of looking at things, even for free software zealots (myself included).
I was really just betting on you using at least one of the following - proprietary BIOS, non-free network switch/router, wifi, a run of the mill keyboard or mouse, a switching AC adapter, any modern appliance, or a webpage that runs javascript from a remote server you don't control. My point is that it's basically impossible to avoid proprietary software these days. So we're better off analyzing the use of proprietary software in terms of how it can specifically work against you within the context it's being used, rather than as some binary go/nogo thing.
Like my main desktop is a KGPE-D16 running almost blobless coreboot (⌐■-■), apart from the CPU microcode, which I don't have much choice on besides to trust AMD at some point in time. Yet there are numerous domains of proprietary software that support it, without which it could not run. However those domains don't impinge upon my freedom within the CPU domain, as they are appropriately isolated. For example if I focus on my keyboard, its software's lack of freedom seriously destroys my ability to modify it. This is terrible, within that narrow context of modifying my keyboard. However it's not relevant to the larger scope, as the keyboard isn't really able to affect the freedom of the CPU domain.
> I was really just betting on you using at least one of the following - proprietary BIOS, non-free network switch/router, wifi, a run of the mill keyboard or mouse, a switching AC adapter, any modern appliance, or a webpage that runs javascript from a remote server you don't control.
Heck, you don't even have to go that far, I'm running Ubuntu on this laptop right now. It has no ethernet port and only Ubuntu could configure the Wi-Fi (without hand-holding): something to do with proprietary drivers for the chipset or something like that.
> My point is that it's basically impossible to avoid proprietary software these days.
Yeah, but that's the problem, that's the very circumstance with which we should not compromise (in my opinion. And yeah, I'm compromising right now, but I don't like it. It's a long story, but in a nutshell I'm moving and stuck using a cheap laptop at the moment. One day soon...)
I'm almost at the point where I'm going to make my own chips! Quoting myself from the other day on the Zenbleed thread: "Every time I think it's insane to contemplate making one's own chips something like this comes up, and I realize it's insane to let so much of our lives depend on these insanely complicated devices. It feels like walking on a tightrope above an unbounded fractal chasm."
>First, let me proclaim by bias: I'm a Free software fanatic. I do not ever want to run software that I can't read and, if I want to, modify. I just won't do it.
I can relate to that. I guess you're are also having problems developing AI, because it is next to impossible to set up a full FLOSS AI stack [then I have to use proprietary stuff - conflicts of conscience ensue]
>Free software started when RMS wanted to fix his printer and Xerox said, "No."
cf. James Mickens' USENIX Security '18-Q keynote speech: "Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?" https://www.youtube.com/watch?v=ajGX7odA87k
Anyway, they're just a pile of linear algebra and a massive pile of Other People's Data, eh? (And piles and piles of hype, my god, so much hype. Even in the "academic" papers!)
The difficulty would lie in amassing that data, not in developing software. You would have to solve that "conflict of conscience" first, no?
But more to the point: none of my goals can be advanced by talking computers.
- - - -
> Is there an AI stack that RMS would approve/use?
I have no idea. You could ask him if you're really interested.
I mostly agree... I'm not necessarily dogmatic about closed source software or services, but definitely in favor of always having an exit strategy, even if more painful.
> Now we have companies like John Deere that use computers to lock out their own customers from fixing their own tractors. We have car companies charging to unlock heated seats and extra acceleration. Printers that lie to you about how much ink they have left, and brick themselves if you try to use cheaper unofficial ink. Etc.
Exactly! I believe this issue is becoming a very political one because some companies even lock people out of developer tools with a paywall. And when we are forbidding people from learning that they are being suppressed, very bad things happen.
I learnt programming by rooting my phone and then installing a compiler. Android 12 almost killed it alongwith Termux. Are you telling me that if I was born today, I'll simply give up? (Edit: To answer this quesiton myself, No. Today's kids are probably installing customized apk/ipa instead of rooting. Frida is also interesting. But if history repeats itself, even these tools will be banned (self signing dev packages, and using ptrace as a modding tool). And that affects more than just kids..)
Honestly companies have too much control through DRM and copyright. The public needs a way to fight back. If the laws were to be changed, I hope that companies are not immune from lawsuits through TOS, and I hope to see a few class-action lawsuits causing a company to lose some of its copyrights to the public domain.
I saw an interesting comment a few weeks ago, but can't remember where now, so I am unable to properly credit the original author. There's probably an irony there somewhere. Anyway, the gist of it was:
In the '90s, FOSS devs mostly volunteered their labour to build things for each other - for other FOSS devs.
In the '00s, FOSS devs mostly volunteered their labour to build things for users.
In the '10s, FOSS devs mostly volunteered their labour to build things out of habit, which kinda ended up unintentionally being for the benefit of FAANG/Microsoft/VCs. No-one's quite sure how that happened, or where we go from here.
I think it comes down to first and foremost scratching one's own itch in things. Most are just creating/updating things they need. This can be a company's contribution (AMD/Intel) to support their products, or it can be an individual fixing a bug or implementing a needed feature. It can also be company devs contributing to something that is adjacent to their own needs.
Where the FAANGs/Clouds leach a bit is when they offer a service monetizing what the creator of that service/software is using to monetize themselves. Can they do it, sure... should they, maybe not. I think, for example AWS could have made an offer for a more limited licensing agreement to Elastic, offered direct funding, or developer support, or buying them outright. Instead they forked, offer their own SaaS for the product, and carry on. Leaving Elastic to develop/support the core product.
That answer seems to lack self awareness. A lot of people saw how a few VC-back companies using open source software could get them rich, and then they executed.
Why else would we be on this particular website?
Why else are do many folks find it absolutely necessary to post their product announcements on places like this?
The latter really only applies to a handful of huge FOSS projects; there's a long tail of open source which is irrelevant to large-scale web infrastructure companies.
I would hope that very few people are actually volunteering to contribute more than minor fixes to those huge projects. They're largely full-time employees, or at least supported by corporate sponsorships.
I was thinking about the essence of open source recently, and I came to the following conclusion: open source is when you treat people as developers, not as users. Which means: it should be trivial to build and run from source, debug, add extra logs and apply patches. Moreover, creating and applying your own patches should be encouraged, anything that can be easily patched shouldn't be a configuration option.
Most corporate "open source" fails this test, they treat people as users, create marketing websites while publishing zero developer documentation.
What's interesting, JS ecosystem accidentally has this property, thanks to packages being distributed as source, standard logging system (console.log) and widespread use of `patch-package` tool.
Not everyone can code in a way that is useful for development, but one way of looking at it could be: actually treating people like a community, rather than users.
Unfortunately the phrase “community” has been degraded a bit by companies who want a more in-group-feeling-inducing way of describing their users. But, in a real community, people support each other and try to push projects forward, contributing in the fashion that best suits their skills, and toward goals that best fit their interests.
Most uses of LLMs for development that I've seen are for writing code, when the majority of dev time is spent reading code. What offerings exist to read through an existing codebase and ask questions of it? Do contemporary LLMs have enough lookbehind for that?
We are years from way from the average user being able to replace X SaaS tool with available open source software they run themselves.
Even now, the average person could have GPT walk them through replacing WIX with their own self hosted website. When I say "dev," I probably misspoke. I meant more in the sense that the average person will be able to implement existing software in a way that was previously unreachable.
Pretty good overview from Baldur — I don't always agree with everything he writes but this seems relatively correct.
One question I'd ask him (and anyone else reading) is: what are some other options for monetization?
Over the last few weeks I had three different VCs reach out to me about some of the open source projects I've been releasing, and ask me if I'd thought about making a business out of them. I told them that no, based on the problem the software was solving, I didn't see how I could adopt open-core or companion-saas business models, and I wasn't sure how else it could be done while keeping the code open source.
Can anyone suggest a viable business model that would allow:
* Code remains at least source available, ideally open source for non-commercial use.
* I can charge for commercial use.
* Actually doing the licensing is reasonable, ie no spyware or phoning home from the tool.
Wouldn't need to be perfect, I understand that if the code is open source a company could easily fork and use it without paying me. The idea would be to make it zero-headache to pay me for a license if the code is being used by a funded team.
I don't think "source available" is really that viable of a model. MS tried that with a lot of their developer offerings before more became truly FLOSS, specifically in the .Net space.
In the end, I'm less likely to trust/use ANY non-floss software/services that doesn't have a clear and clean exit path. I can use CockroachLabs (CockroachDB cloud) as I can exit pretty cleanly to self-hosted PostgreSQL with other models. I can abstract the usage of say DynamoDB to target other options relatively easily as well.
That said, tethering deeply into rented services, or commercial+floss providers can only hook you in the end if things get too dicey. And you only need to look at Oracle and IBM/RedHat as examples of the hook you and reel you in approach. A lot of businesses are also pretty deeply tied into a given cloud platform. They all have nice to have, relatively easy to use features/services. If you don't have an exit strategy, you better have a fat wallet. It's not that it won't still be painful to exit, but without at least a strategy, you're trapped.
I think an alternative is to fund _individuals' maintenance of the projects_, as opposed to the project itself. Filippo Valsorda has written about this recently: https://words.filippo.io/full-time-maintainer
That's an interesting idea, thank you, I'll read through the post.
EDIT: I found the post interesting but unfortunately these projects are in no way load-bearing. I'm happy to hear Filippo has made it work for himself but as he points out, the projects he works on are simply much better suited to sponsorship and retainer/consulting agreements. I wonder what he would recommend for newer or less-load-bearing projects.
What ChibiOS does is release under GPL3 and then sell a commercial dual license. This is definitely open source and also means most non-open-source commercial use would need to pay for a license. It’s probably also one reason why FreeRTOS is much more popular in business than ChibiOS.
I asked this question in a discord for this kind of stuff and the answer I got was "not possible." I also spoke with the developer of OrbStack, and they suggested just not being open source and charging for it, which is what they're going to do. When it comes to dev tools (particularly those that are involved in operations/sre flows like pgmigrate) I consider open source a huge benefit, and I'm sad to think that there is no way to get paid for an open source project without shoehorning in a bad experience or unnecessary features (like Baldur points out)
If the software takes the form of a library, that approach might work as intended, but AGPL does not forbid commercial use in general. To copy from [0]:
The basic obligations of the AGPL which set it apart from other licenses
are as follows:
• Any derivative works of AGPL-licensed software must also use the AGPL.
• Any users of such software are entitled to the source code under the
terms of the AGPL, including users accessing it over the network such as
with their web browser or via an API or internet protocol.
If you’re using AGPL-licensed software like a database engine or my own
AGPL-licensed works, and you haven’t made any changes to the source code,
all you have to do is provide a link to the upstream source code somewhere,
and if users ask for it, direct them there. If you have modified the
software, you simply have to publish your modifications.
A licence which specifically forbids commercial use is by definition not an Open Source licence. This topic turns up a lot, here's a good bit of writing on it. [0] (Such a licence would also fail to qualify as a Free Software licence.)
The interesting thing about the OS.Cash license, is that Nestor can optionally handle all of the negotiations, sales, billing, litigation, etc for a revenue share for developers that don't want to deal with running a software licensing business.
Yes, I was inspired by djrobstep's work and many of the analysis queries that pgmigrate uses to generate a schema dump come directly from schemainspect (the library that migra uses underneath the hood). Migra targets a different kind of development flow but it is also in the migration space. My tool, pgmigrate, would be a good way to apply migrations created by Migra.
It is unfortunate that the Migra project is abandoned, I believe djrobstep has gotten into political advocacy and spends most of his efforts on things other than programming at this point. I say unfortunate because he is extremely talented and I have learned a lot reading and working with his code. Hopefully he comes back at some point to help transition Migra to some other maintainers and fix the website and such :)
There's an "open core" VC fund I've seen blog posts from on here, I'd be interested to hear their take. I agree that open source is in trouble as it's basically shifted to branding, as a way, like the author says to extract maximal value from the "community" while giving nothing back. It's like moving into one of the sub-optimal prisoners dilemma quadrants where somebody rats.
That said, I don't agree with the dig at LLMs, it seems tacked on and more just an ideological complain, which is odd in the context of open source.
I assume you mean my VC fund, Open Core Ventures https://opencoreventures.com/ that starts new companies around existing open source projects.
We believe that open core companies need to give back and the open source code base should be better off because the open core company exists. Features that appeal most to individual contributors should be open source https://opencoreventures.com/blog/2023-01-open-core-standard...
Thanks for replying. I hope you and others can find a way to make open source more sustainable without compromising the projects. Like I alluded to with my prisoners dilemma comment above, I think there is an optimum for everyone where companies try and make the open source project itself as valuable as possible instead of extracting value from it, and I'm happy hear about businesses that are legitimately trying to get us there.
Thanks for your response, I appreciate it. One thing that is a big risk to the optimum is open core companies relicensing the open source code after the project becomes popular, to prevent this some of our companies are set up as public benefit companies https://opencoreventures.com/blog/2022-11-introducing-authen...
I lean towards a public benefit company for libreqos.io. I do wish more of the folk's business models we were actually helping (videoconferencing, gaming) would recognize their common interests with us, and chip in.
In many cases these open core companies are not “giving nothing back”, but are funding engineer salaries on the order of millions of dollars per year to invest in the OSS project that they use as customer acquisition for a commercial cloud and enterprise offering on top. Companies like Vercel and Ionic both employ this model. I think people often forget how much these companies invest and “give back” to the community in terms of raw dollar investment
The fact is that I can go use, fork, derive from and contribute to Stencil or Capacitor - with are very valuable projects, and cost millions to develop - without paying Ionic a cent. How is that bullshit?
> That said, I don't agree with the dig at LLMs, ... [it] is odd in the context of open source.
I don't see it that way, if talking about the stricter end of OSS licensing. There is an argument for training a model with AGPL code meaning that the resulting model should be released in full to its users as a derivative work, for instance. Being an ideological complaint doesn't make it an invalid one, even if you consider that ideology to be rather dogmatic.
As usual when it comes to computing freedom, RMS was right[1]. "Open Source" was conceived as a way to market to corporate executives. It's unsurprising then that corporate executives took it for exactly what they were sold it as, a way to get developers' work without paying for it.
Rather, it's unsurprising that corporate executives took Open Source for exactly what it was designed as.
It's left the anti-copyleft guys babbling about plunder and The Spirit of Open Source™. I'm honestly shocked that I don't hear them calling companies that get rich off OSS "settler colonialists."
I largely do agree with it, but agree that it's somewhat secondary to the specifics of the pice. In context of reading his stuff more generally, it makes sense: he's been writing extensively on that subject (including a self-published book on the subject) for many months, so if you are a regular reader, it fits. The challenge of writing for your existing audience vs. the inherent context collapse of an individual post online!
I work on a relatively large OSS project. There are parties that are successfully putting a lot of complexity in that provides minimal or zero OSS gain to enable monetization on their side.
I think this is destructive. It makes things more fragile and increases the barrier to entry for new contributors.
In the LAMP + jQuery days, it was harder to build very sophisticated apps but the big advantage is the stack was very simple. Not only simple to build with but also to maintain. We basically lived in the AK47 era.
These days the stack is super complex with lots of moving parts which means it requires exponentially more effort to maintain. Eg: What will happen to React and Svelte if Vercel crashes and burns?
It amuses me that a thread or two above we've got complaints that 'strip-mining' and 'extraction' are forced metaphors, taking it too far, and here we are - afaict pretty seriously - talking about software as AK47s & F-35s.
Analogies are useful, even when they're not serious. Yeah I didn't mine that strip mining one too much. This one's fun because it targets complexity and power, both of which have shot through the roof since the early days.
The Thunderbird project is a good example of community-supported software.
By that, I mean that the project figured out how to raise funds directly from the community using it. This includes reporting on what they intend to do with the community as a whole, and where the money is being spent. The incentives between users and developers are aligned, and the project can be stewarded for the benefit of the community as a whole.
It is also a project large enough, visible enough, and used enough to pull that off.
no shade on Thunderbird, can't argue with success, but I feel like I should be in the target market for Thunderbird, but they went wobbly on me a long time ago. So long now I can't even remember what made them so distasteful but it definitely sums up as "eliminated too much UI, added too much UX"
for a good old fashioned MUA that's web aware without being overkill: Seamonkey all the way! and it's also got a nice little (yes, very old school) HTML editor (that I use for deconstructing pages, not building them)
"The incestuous startup ecosystem that largely consisted of over-funded bullshit companies buying services from each other is done."
Bravo. Rarely do I see this mentioned. Much of the B2B sales by so-called "tech" companies are to other so-called "tech" companies.
It's also possible that many but certainly not all of computer users that spend significant amounts of money on goofy intangibles like subscriptions and "cryptocurrency" are in fact people working for so-called "tech" companies. Not representative of the general public.
"From this perspective most VC investments aren't about creating value but about strip-mining FLOSS projects and communities. The scale is for extraction."
Even a small rise in interest rates sent these VC into panic mode. Without free money (zero interest debt), the strip mining operation comes to a screeching halt.
The US economy has been recovering nicely now that the brake has been put on this nonsense.
The big change of the last decade has really been the cloud explosion and with it a serious bias towards valuing deployment and operations over development, to the degree that if you're doing development which is not about deployment and operations then you're a sucker.
The emergence of the LLMs etc makes the classic open source business model of relying on incomprehensible documentation to drive people to pay you as a consultant fall apart as they will get answers on demand. You just have to look at things like Docker to see how hard it is to turn even wildly successful projects into viable companies even before all this.
When I learnt programming as a hobby, before I went to college, before my jobs,
I was hoping the future is that we build highly specialized, and customizable tools through open source code, not too small that they are just another programming language, and not too large that they cannot be connected to each other to create more values.
And I was hoping we'd stop joining big companies, and instead open up local consulting firms to help people configure existing open source components for their specific needs. And the work (the configurations) should be done once per project and never reused.
I think it's natural for new tools to be Propietary, while Free alternatives of the basics work their way up the chain:
Most of the cost of software development isn't in writing software — it's in the exploration of the solution space. Once you have settled on a good design, re-implementation is vastly cheaper and more streamlined than the original fumbling around in the dark. And sometimes it's better because you can jettison the legacy that comes from all that exploration.
So IBM employed Ted Codd and an army of engineers and salespeople, but now we all get to use Postgres.
What is being built today commercially that will be distilled into architectural principles and re-implemented as Free in the future? It's hard to know, but in hindsight it may seem obvious.
The article points out categories that were once proprietary — OSes, compilers, runtimes, clients, data stores. For example: DB2, System V, PCC, Internet Explorer. They were built at great cost — and remember they all had proprietary siblings that have since been abandoned, that also had to be paid for: OS/2, Itanium, Hypercard, DBase, various compilers, IDEs.
And then the few survivors were copied by open equivalents. System V gave way to Linux, DB2 to Postgres, IE to Chrome. A few never had proprietary equivalents AFAIK — I don't think there is a closed ancestor of Redis.
And sometimes the Free version hasn't fully arrived yet (x86), or it's just free (Google Docs), or it's doomed to remain not nearly as good as the proprietary tools (GIMP, desktop Linux). Or it's rocky (Linux vs SCO) or chaotic (BitKeeper to git).
(And it's no surprise that tools used mainly by programmers are more likely to have high quality Free equivalents than tools with a wider audience — after all, their users are capable of improving them directly.)
This is true - proprietary tends to lead - albeit it doesn't address the societal concern here: Are these really the only roles a software developer can have?
On one end, acting as a mercenary for platform monopolies doing the new stuff, and on the other, reproducing those designs without the same kind of paycheck?
I guess there is the third option of bilking investors by saying you'll definitely be a monopoly any day now and then open sourcing the whole thing.
My sense of it is that this particular phenomenon - the entire "hacker" arc from Unix in 1970 through the formation of the FSF to the present - was of an era, and the era is finishing up. Before that, there wasn't a software business to speak of, and after, the era of individual programs and proprietors is likely superseded by the needs of specific communication networks, which, like the Internet generally, everyone ends up standardized on, but no-one owns.
Part of why software is in a cynical state now is because the convergent network goal is ethically desirable, but the only way in which we seem to be capable of framing it societally is "someone owns this", so we have proceeded down a path of toxic corporate ownership, while everything else is a weird thing deserving of mockery.
I want to purchase a license (take my money!) to self host Posthog. The core is OSS and also has Enterprise features (that is also open source). However, they insist I should move to their cloud solution.
More fundamentally opensource software essentially demolishes capturable value on the OS/stack/browser layers and prevents new challengers to the space from challenging the incumbents, who rose to the top in the age of proprietary software.
On the flip side the basic software stack is now absurdly cheap and available for startups to play ontop of. This is where the feeling of "looting" came from, the capturable value is not in the OSS layer, but on the addons.
A similar dynamic is happening now on the AI side with LLMs.
We are back to the public domain and shareware days, because it turns out one needs to make a living somehow, and doing software development for free/gratis only works out when there is another source of income.
Meanwhile legions of developers using such tools, are quite happy earning money while using such tools.
Yes big corporations also have a role to play, yet this quite tragic in the computing industry versus other professions.
So no wonder that SaaS and fremium models got born, building paywals.
Bjarnason's call for the FLOSS community to embrace "openness with boundaries" is a thought-provoking notion. Striking the right balance between openness and practicality can help preserve the core values of FLOSS while addressing the challenges posed by today's rapidly evolving tech landscape.
> From this perspective most VC investments aren’t about creating value but about strip-mining FLOSS projects and communities. The scale is for extraction.
As with so many things, I find this analysis suffers for using metaphors about the physical world with software. Strip-mining is a loaded term because it uses destructive means to acquire exclusive access to physical resources, in a way which leaves literally less than there was before, and which can be literally lethal to a literal biological ecosystem and literally toxic to physically proximal human communities. "Extraction" in the literal sense of pulling something out, when dealing with physical material means that others cannot have what you've pulled out; it's gone.
A company (VC-backed or otherwise) that starts from OSS tools (operating system, languages, build tools, application frameworks, etc) to build their own offering doesn't (need to) remove that value in a way which excludes anyone else from enjoying it. To the contrary, building off the OSS ecosystem can make it healthier, if for no other reason than they are cultivating more engineers that know how to use these tools. "Extraction" is not the right metaphor.
The issue of adding proprietary features to OSS projects I think we should acknowledge as diluting value, not subtracting it. If the choice is between project development being discontinued at time T with core feature set F, vs continued through time T+K with extended feature set F + G + H where H is proprietary, but G is not, users who won't use the proprietary features may still benefit from G, and are still better off with continued development -- but we must acknowledge that it's at a slower rate than if H had not been added. Communities should evaluate whether diluted support is worthwhile, or at what point it should be considered abusive, or at least separated into distinct companion projects.