fsebugoutzone.org:9999

       Post AZgMPJoZMOSvyKntB2 by nonlinear@mastodon.nz
 (DIR) More posts by nonlinear@mastodon.nz
 (DIR) Post #AZgMPIpwzlyawKRTgu by nonlinear@mastodon.nz
       2023-09-12T02:13:17Z
       
       0 likes, 0 repeats
       
       I cut my teeth on open source, and it&#39;s a major reason why I&#39;ve made it to where it have so far. But as I&#39;ve been working in 100+ employee companies, so much effort is often focused on transferring risk. Using open source projects for operations requires internal maintainers, so the orgs I&#39;ve worked for want to instead buy a SaaS from a vendor. It used to bother me, but now I&#39;m of the opinion that it&#39;s a necessary part of the ecosystem purely for risk transfer needs. Feeling conflicted.
       
 (DIR) Post #AZgMPJoZMOSvyKntB2 by nonlinear@mastodon.nz
       2023-09-12T03:31:25Z
       
       0 likes, 0 repeats
       
       One case I have in mind is dependency-track. The cost of the commercial solutions (Snyk, BlackDuck, etc) seems nuts for what the tools are. And more competitors are coming up if you lock into Azure DevOps or GitHub. So dependency-track could be a great tool, but it&#39;s on the fringes and maintaining the install really doesn&#39;t make sense for a lot of orgs. So you need to be an evangelist to force its use instead of buying something.
       
 (DIR) Post #AZgMPKeKFxrkYr1Dqi by nonlinear@mastodon.nz
       2023-09-12T04:49:52Z
       
       0 likes, 0 repeats
       
       This bothers me because dependency management really is a problem that we should be able to solve in most cases, so is ideal for an open source project and open protocols. But, instead, it has become a paid tool where each company is competing to build the exact same thing (or use open source behind the scenes without contributing to the project). I feel like there&#39;s an opportunity here.
       
 (DIR) Post #AZgMPLLvdqkCk5Q2oS by strypey@mastodon.nzoss.nz
       2023-09-12T06:15:09Z
       
       0 likes, 0 repeats
       
       @nonlinear&gt; I feel like there&#39;s an opportunity hereSomeone needs to do what @snikket_im and masto.host do. Host the Free Code option for a subscription, and make the lack of lock-in a selling point (respects your software freedom; &quot;like-in not lock-in&quot;). That way companies who can&#39;t or don&#39;t want to self-host get the benefits of a Free Code option, and people can make a living supporting it.Ideally they contribute to the upstream too. I know Snikket does.
       
 (DIR) Post #AZgMU0bsBsDVrE6MHw by strypey@mastodon.nzoss.nz
       2023-09-12T06:15:54Z
       
       0 likes, 0 repeats
       
       @nonlinear(full disclosure; I&#39;ve done a little bit of paid contracting for @snikket_im)