[HN Gopher] "Open source" is not broken
___________________________________________________________________
"Open source" is not broken
Author : BrainBuzzer
Score : 229 points
Date : 2021-12-12 14:42 UTC (8 hours ago)
(HTM) web link (nadh.in)
(TXT) w3m dump (nadh.in)
| squarefoot wrote:
| The problem is not in Open Source itself but in the environment
| it lives in.
|
| So many big corporations benefit from FOSS without giving
| anything in return? Well, then tax them. I mean lightly, say take
| .01% of the biggest 100 annual profit, then distribute part of it
| to the 100 more important FOSS projects and part to other FOSS
| projects whose developers are either unemployed or in financial
| difficulties, important projects with too few or no maintainers,
| that is, where it is necessary. It doesn't seem that hard to me,
| but I'm sure neither FAANG nor any other giants would take this
| step if it doesn't become law somehow. To become law, however, it
| may need some changes in our definition of healthy capitalism,
| which to me is the hardest part.
| jollybean wrote:
| The problem is Free as in Beer and Free as in Speech are related.
|
| The issue is not $1 downloads so much at is the overhead, pain
| and issues that come along with it.
|
| It's hard to manage and control downloads, usage, and the legal
| issue might be that any hint of licensing problem makes it 'no
| go' from a corporate perspective.
|
| So the gap between 'Free Beer and Speech' and 50-cent Beer and
| Speech is enormous.
| sneak wrote:
| If it's free as in freedom then the first downloader to pay $1
| can just mirror it and allow free downloads.
|
| Free as in freedom always necessarily denotes free as in beer
| as well. It's not an accident or side effect.
| progval wrote:
| But the mirror may be less convenient. This works for OsmAnd+
| for example: it's FOSS, free (as in beer) on FDroid, but
| costs 25$ on Google Play.
| sneak wrote:
| Yeah, the Blink ssh/mosh client for iOS is GPL3 but costs
| $19.99 in the App Store. I'm about to pay someone with a
| developer account a few hundred bucks just to publish a
| free renamed build of it to the App Store, because that's
| ridiculous.
|
| https://blink.sh/
|
| https://github.com/blinksh/blink
|
| https://apps.apple.com/app/id1156707581
| jollybean wrote:
| I think you're missing the point here.
|
| People's time is valuable, especially expert developers.
|
| The 'Code' only part of the issue with respect to input
| cost. Someone has to maintain that dev. account, maintain
| their skills, stay on top of distribution policies,
| probably take on some legal risk, keep the build kind of
| up to day.
|
| That takes skill. We mostly want it that way so that
| distribution is clean and clear and reasonable for those
| involved.
|
| If it's a niche product, then $20 is not going to add up
| to a lot of money.
|
| If it's a professional product, then $20 is basically $0
| for all intents and purposes, it's the cost of a stapler
| on which case cost should not be a problem.
|
| The AppStore is generally an open market, if $20 price is
| too high and someone is raking in big profits, someone
| can publish the same thing.
|
| In the end, what we want to achieve is a price point that
| matches the material value creation involved in the
| 'maintenance of the build and distribution aspects'.
|
| That's actually efficient, and what we want.
|
| There's no such thing as 'free' - it's all time and
| labour and there are number of issues involved.
|
| FOSS should be considered 'volunteer labour' which makes
| the underlying costs more apparent, the code and
| licensing is a distraction from that.
| sneak wrote:
| That $20 doesn't go to the dev. It goes to Apple, and, in
| the USA, requires doxxing yourself to the vendor to get a
| copy of free-as-in-freedom software.
|
| That's unacceptable and repugnant, and it doesn't have
| any bearing on the volunteer labor.
|
| There _is_ such a thing that 's free: free software. It
| was produced with volunteer labor (but doesn't have to be
| - look at golang!), but the end result/product is free-
| as-in-freedom and free-as-in-beer.
|
| > _what we want to achieve is a price point that matches
| the material value creation involved in the 'maintenance
| of the build and distribution aspects'._
|
| No, what I want to achieve with this free software is
| that anyone be able to access it without barriers
| whatsoever, including payment.
| jollybean wrote:
| You're not grasping the part where there is material work
| and labour in most parts of the value chain including
| maintenance, inspection, and distribution of builds.
|
| Only 15% of that $20 goes to Apple - while that may be a
| few points to high, it's not egregious.
|
| The rest of that money goes to the person responsible for
| maintaining the build, which is 'work'.
|
| "That's unacceptable and repugnant, "
|
| This is a completely naive view, tantamount to saying
| 'People should work for me, for free, because I said so,
| and it's repugnant for them not to!'.
|
| "what I want to achieve with this free software is that
| anyone be able to access it without barriers whatsoever,
| including payment. "
|
| For 'source code' - this is already possible, because
| 'source code' can fairly easily be provided 'for free'.
|
| But a maintained and up-to-date build, for specific
| platforms, with all of the unavoidable regulatory
| overhead - has cost.
|
| If you want that to be 'free' - again you're expecting
| someone to labour for you.
|
| There's an easy answer to this -> it's $20 on the App
| Store.
|
| If you want to do free labour and make it free, you can
| do that.
|
| But otherwise this 'moral indignation' and 'repugnance'
| at people who are unwilling to labour for you, for free,
| is a problem.
| throwaway984393 wrote:
| Nerd Sniping is HN's official sport at this point
| assbuttbuttass wrote:
| > Whose fault is it then? I believe that it is the society's
| fault, the system's fault, no matter how abstract or vague that
| sounds.
|
| I find it interesting that the author wasn't willing to call out
| Capitalism by name.
| [deleted]
| roca wrote:
| Blaming "society" is a nothingburger. It doesn't point towards
| any solution. Ditto "capitalism" (although the OP doesn't go
| there) --- people pursue desires and respond to incentives; you
| can call those effects "capitalism" if you like but you'll
| struggle with them under any kind of economic arrangements.
|
| My self-diagnosis as an unpaid open source maintainer (rr) is
| that we like to share, the marginal cost of sharing with
| potentially everyone is close to zero (at least early in a
| project), so throwing code on Github with a liberal license feels
| good. It also benefits the project to some extent because some
| improvements may come back. But then we see rr creating huge
| value for people, some of whom are very well paid for their work,
| and none of that is coming back to us, and that seems unfair even
| though we did technically agree to it --- sure, you don't have to
| give back, but it would be the _nice_ thing to do. But in
| software it 's very easy to extract a ton of value from
| dependencies without really noticing, and very hard to give back
| systematically. So it's the same old story --- perfectly good
| human instincts aren't a 100% fit for our modern environment.
|
| What if we made it easier to identify the value we're all
| extracting and contribute back systematically? If we did, maybe
| we could build social norms around that. E.g. imagine we had
| tools that monitor your software development workflow, identify
| the tools and libraries you use, and quantify your usage via some
| heuristics. Then imagine you integrate something like Github
| Sponsors so you can allocate $X to support all your dependencies
| and make that happen at the press of a button. Then imagine we
| advocate for professional software developers to allocate 1% of
| their income that way, and agitate for Big Tech companies to make
| that a policy.
| Starlevel001 wrote:
| The most obvious sign that "Open source" is broken is that
| everyone uses that term and not Free Software.
| bityard wrote:
| "Free Software" generally refers specifically to GPL-licensed
| software, which one of many popular "open source" licenses.
| (GNU claims that their use of the word "Free" refers to
| freedom, not price.)
|
| This (IMO, weird) debate seems to be around all kinds of open
| source projects.
| carapace wrote:
| You zing, but there's a grain of truth there, isn't it?
|
| "Free" software began when RMS wanted to fix his printer and
| got locked out by Xerox. "Open" software was an attempt to woo
| business to use free software but (arguably) threw the baby out
| with the bathwater by eliminating the "virality" of the GPL et.
| al., which was kind of the whole point (of "Free" ethos.)
|
| The whole Free vs. Open issue is effectively moot anyway since
| everybody uses proprietary closed systems. Even the FOSS folks
| use GitHub.
| mraza007 wrote:
| I have huge respect for Open Source Devs.
|
| Developer Ecosystem wouldn't be same without them. I truly
| appreciate their efforts to make amazing software in there free
| time and it means a lot to me.
|
| As a developer I owe a lot to open source thats why If I can't
| contribute to their software I always try to personally thank
| them when using their software.
| betwixthewires wrote:
| > While I believe that it is unethical for large for-profit
| corporations to not support FOSS projects from which they derive
| (extract?) immense amounts of value, it is not illegal, thanks to
| the system.
|
| While I very much agree with the article on it's core topic, this
| is incorrect. It is not illegal _thanks to the license._ The FOSS
| world created the licenses, it is made legal _by choice_ , it
| isn't due to the system. "The system" very much allows for this
| problem to be entirely avoided.
|
| If you're happy making free software but you don't want anyone to
| profit from your work without cutting you in on the success you
| contribute to, consider a dual license. Maybe the free software
| world should consider addressing this problem in some license
| scheme, a couple of options being royalties paid if the software
| is used in profit generating endeavors, or even something more
| restrictive, like requiring all derivative works and works being
| supported by licensed software to release their source as well.
| Imagine if Android were licensed in this way, google would not
| get to marry proprietary crap to it, as just one example.
| jbirer wrote:
| My philosophy (albeit it might not be shared by many) is that if
| you are going to do a job, either do it well and all the way
| through or don't do it. I see many half-assed (for the lack of a
| better term) open source jobs where the developers do not respond
| to criticism and feedback in other words than "you should be
| grateful we did X and Y after all", with an air of arrogance and
| saintliness for even doing anything. I would analogize it with me
| going to a charity and giving them my food leftovers and getting
| mad when they do not like it.
| [deleted]
| icambron wrote:
| I don't think OSS is broken either, but I don't get the complaint
| here. People and companies use things because it's advantageous
| to them to do so. When you release software that's free (as in
| beer), people and companies are going to use it for free. It
| doesn't matter whether it's "hypercapitalism" or not. You simply
| can't eschew all of the systems available for extracting value
| from your labor and then complain that you're unable to extract
| value from your labor.
|
| In particular, this doesn't make any sense:
|
| > While I believe that it is unethical for large for-profit
| corporations to not support FOSS projects from which they derive
| (extract?) immense amounts of value, it is not illegal, thanks to
| the system.
|
| It's been made specifically, intensionally legal by the people
| creating it. So of course it's legal, and it's weird to say, "I
| went out of my way to make this free, but it's unethical for you
| to actually use it for free".
|
| In capitalism, you have the right to set your own price for your
| labor and property, and there are lots of mechanisms for charging
| people for stuff. That's what all these software vendors are
| doing! In contrast, the MIT and Apache licenses say "I made this
| but do whatever you want". We choose this license when making
| things because we want everyone to do what they want. We can't be
| angry when they do.
| rob_c wrote:
| Note to author you're arguing with a bronie, so not exactly a
| cognitively unbiased crowd...
|
| But seriously, this is that businesses are broken and grab a free
| thing and use it. If businesses were gassing employees because
| they got free ammonia to clean their buildings we wouldn't be
| blaming the ammonia producers.
|
| Please, stop blaming tools for the axe wielding by morons users.
| I'd say educate the users, but we all know thats not gonna change
| any time soon...
| mcguire wrote:
| As an anecdote, all of my work on open source (and I've been
| working on and with open source software for the better part of
| 30 years) has been because I had something that needed to be done
| and writing, adapting, or fixing open source packages was the
| fastest, easiest, and cheapest way of doing that.
|
| My employers paid me to _get things done,_ not to write software.
| Writing, adapting, or fixing software is the means, not the end.
| IceDane wrote:
| Did this guy really just write a rebuttal to an article that he
| didn't bother to read well enough to understand?
|
| They are literally arguing the same things. The article he is
| arguing against is not trying to shit on open source. It's trying
| to explain how insane it is that so much open source development
| is so critical but so massively underfunded.
|
| The original article isn't saying that the idea of open source is
| fundamentally broken. It's the consumers of open source software
| whose morals are fundamentally broken.
|
| Please, for the love of all that is holy, just spend like 5 extra
| minutes reading what you are arguing against next time. This is
| so embarrassing that I'm feeling the second-hand embarrassment.
| api wrote:
| FOSS is the victim in a way, but that means it must defend
| itself. OSI needs to get off their asses and acknowledge the
| problem and work with the community to develop licenses that
| limit SaaSification and other forms of appropriation in a way
| that is compatible with the principles of open source and lacks
| the optics (FUD) problems of the GPL approach.
|
| I'm not holding my breath since the OSI is funded almost entirely
| by huge companies that are quite happy with all the free labor
| they are exploiting. So far the OSI has plugged it's ears and
| pretended everything is fine, and OSS zealots attack the
| character of any lowly developer who isn't happy providing
| uncompensated labor to surveillance capitalist behemoths.
|
| I don't see FOSS surviving another generation if this doesn't
| happen, or at least not in a form that isn't weaponized to herd
| everyone into proprietary cloud environments.
| jefftk wrote:
| _> OSI needs to get off their asses and acknowledge the problem
| and work with the community to develop licenses that limit
| SaaSification and other forms of appropriation in a way that is
| compatible with the principles of open source and lacks the
| optics (FUD) problems of the GPL approach._
|
| I'm confused about what you want here. The GPL does not deal
| with SaaSification; for that you need the AGPL. But what
| problem do you have with the AGPL?
| lomereiter wrote:
| AGPL doesn't prevent running unmodified software and offering
| it as a service by large vendors. See the controversy around
| SSPL and the recent ElasticSearch fork by AWS - I suggest
| reading Kyle Mitchell's take on this:
| https://writing.kemitchell.com/2021/01/20/Righteous-
| Expedien...
|
| That said, I believe SSPL is an overkill, and what's needed
| for a less known SaaS product is a legally enforceable
| revenue-sharing mechanism - so it can benefit from being
| listed on popular platforms.
| hardwaresofton wrote:
| There's another option -- those seeking to SaaSify F/OSS can
| support/partner the software they use. Sustainable hosting
| isn't something that larger corporations are into, but the
| right companies can do it, and as companies that have this
| mindset/condition built in (best if in writing, of course)
| grow, F/OSS becomes more sustainable by default. All it takes
| is a reasonable % of revenue contribution to the F/OSS powering
| your stack. I think the range should be 20% to 50%[0], but even
| if it was 10%, imagine if open source projects that power even
| small to mid size tech companies in the world received 10% (or
| even 3%) of the revenue being collected?
|
| The problem of getting the money down to F/OSS that powers
| inner machinery (libraries, frameworks, etc) is a bit tougher,
| but I think that could work out easily by doing a general % of
| revenue and deciding allocation. For example even if you do a
| 1% allocation to libraries in particular, as libraries are
| reused much more easily, at scale library authors will do quite
| well.
|
| Maybe a license that asks for a % of revenue is an easier
| static goal but I'm optimistic enough to think that the
| partnership approach could work.
|
| [0]: https://nimbusws.com/#sustainability
| nixpulvis wrote:
| It becomes far too tempting for them to break the abstraction
| barrier though. Just look at the AWS offerings divergence
| from the originals. Some companies are big enough to fund
| multiple competitors at the same time, which is about the
| best thing I can think to do here.
| WJW wrote:
| I still don't see why this means FOSS is a "victim in a way".
| If you don't want people to take what you put online for free,
| don't post it online with a notice saying "you can take this
| for free".
| judge2020 wrote:
| This would be solved if people were educated on dual-licensing
| - no new license needs to exist if you go GPL and have a paid
| commercial license.
| yjftsjthsd-h wrote:
| Probably AGPL if SaaS is a concern.
| nixpulvis wrote:
| I feel highly unsettled at work anytime anyone trys to explain
| how to do something, which should be a simple local command,
| with a multitude of tangled services, each of which I need to
| request access to. My manager is obviously more than happy to
| help, but this friction is killing my motivation and atonomy.
|
| The fact this is how we're starting to develop software also
| helps me understnad why, as a user, all my shit's jenky as
| hell.
|
| OSS (to me) was supposed to allow us to bridge the gap between
| developers and users, making code easy enough to tweak that
| when a problem or unwanted behaviour comes up you can just fix
| it yourself. But it's getting harder and harder to see this
| dream anymore. There are a lot of nooks and crannies in OSS
| though, and I know there are still plenty of places where this
| dream _is_ still very much alive. It 's just become less and
| less mainstream, sadly.
| jfengel wrote:
| I'm not sure what there is to solve. The problem of giving
| stuff away is obvious; it's the first thing people ask when
| they hear about Free Software. The free software philosophy is
| that people do it anyway, for reasons of their own. Of course
| they are taken advantage of.
|
| I don't think there is a solution, short of radically
| restructuring the entire world economy. The fundamental problem
| is people being people.
|
| I don't know what software will look like in a generation. I
| suspect it will be radically different, but that's just my
| guess. But I suspect open source will trundle along as the
| rickety, half-assed philosophy that has worked (more or less)
| so far.
| sidlls wrote:
| Open source is most certainly broken, and not just due to the
| various financial, freedom and security issues these two articles
| focus on. My biggest peeve: documentation is often minimal (e.g.
| API docs only) or filled with useless toy examples that are
| effectively just rephrasing of API docs.
|
| The entire underpinning of free and open source software is
| silly: software in this context isn't an academic pursuit
| producing knowledge that should be freely shared to our
| collective advancement as a civilization. It's a hammer, a
| wrench, a table: in short, a product. That fundamental category
| error made by our community is the source of all the problems
| with F/OSS, financial and otherwise.
| carapace wrote:
| You're describing two legitimate worlds, the Ivory Tower and
| the Marketplace, let's call them for short, but I don't think
| the error is conflating them. I think the error(s) arise in the
| _intersection_ between the two realms. The Internet was
| a-commercial or even anti-commercial at first (having gestated
| in the Ivory Tower) and retrofitting it for commerce and
| industry has been, um, a wild ride. Kind of a gold rush.
|
| Copying and running code is (effectively) free, developing,
| maintaining, and auditing code is still expensive. Folks who
| want to use software without paying the costs get what they pay
| for, eh?
|
| I feel that if there's anything the community is doing wrong,
| it's in the emphasis on new and shiny rather than mature and
| stable. I feel we should be entering a "contractile" stage of
| (global IT) development, with consolidation and convergence of
| software and hardware replacing the wild burgeoning and rampant
| growth of complexity.
|
| "Like, complexity is an existential threat, man..."
| throwaway984393 wrote:
| You know, one of those terrible aspects of open source is that
| if you see a lack of documentation, _you can just contribute it
| yourself_. Good luck contributing new docs to literally any
| proprietary product.
| watwut wrote:
| Wait till you read documentation commercial projects have. Our
| one is super quick to read, as we don't document at all.
| haukem wrote:
| Writing documentation is boring, adding new features is more
| fun to do.
|
| Someone working on open source to have fun is more likely to
| invest their time in more features instead of better
| documentation.
|
| Here companies or users like you could step in and contribute
| better documentation or pay the original authors to improve the
| documentation.
| sidlls wrote:
| Why on earth would I labor for free on someone's vanity
| project, no matter what utility it provides otherwise? And
| why would a company pay a person who has already shown he or
| she does not value their own labor in that way?
| bityard wrote:
| You want good documentation from an (ostensibly
| hypothetical) piece of open source software that you use.
| But you will neither pay for nor contribute better
| documentation.
|
| You see where the problem is, right? I'll give you a hint,
| it's not the developer...
| sidlls wrote:
| No, it absolutely is the fault of the developer, both for
| poor practice of the craft and for contributing to a
| toxic, exploitative labor environment by giving away his
| work for free.
| varajelle wrote:
| You don't have to use his project then.
|
| Is someone release code because he liked to code but
| don't write any docs because that's boring, that's
| perfectly fine. No abuse there. The abuse is when you
| requests docs for free.
| loic-sharma wrote:
| I agree with what you say, but FYI docs is one of the easiest
| yet most valuable thing a person can contribute. As a
| maintainer, I wish I had more feedback and contributions to the
| docs!
| rdpintqogeogsaa wrote:
| As someone who wrote large parts of the docs for a project:
| The reason that I imagine few people do it is because if you
| get involved with the documentation, you _will_ be on the
| hook for tracking the library closely and keeping the
| documentation up to date; there will be an implicit, external
| pressure that the documentation continues working.
|
| That becomes a lot of work very quickly, so I tend to only
| get involved in libraries that will quickly hit some kind of
| stable maintenance mode or in which I have personal stake and
| thus just need to polish up my own notes for how to get off
| the ground.
| danenania wrote:
| Updating docs should be part of the responsibility of
| adding a new feature, just like adding tests and making
| sure no existing tests are failing.
| cpitman wrote:
| This implies that the issue is due to being open source. The
| majority of closed source software, especially in house
| software, has minimal or nonexistent documentation. If there is
| any, it was likely done once at the start of the project and
| never updated since.
|
| I've been a consultant for over 10 years. I always make sure to
| ask for access to any documentation for systems I'll be working
| on. I think I've gotten significant (out of date) documentation
| maybe once. This isn't an issue stemming from being open
| source.
| candiddevmike wrote:
| I recently looked into open sourcing Homechart
| (https://homechart.app). It's free to use already (for self
| hosting), but some users wanted it to be open source (almost
| entirely for auditing purposes, but I doubt they'd even read the
| code). I don't want anyone using it for commercial purposes, and
| I found a few licenses that would prevent this-- namely Commons
| Clause, but at the end of the day I didn't see a benefit to
| having it OSS aside from appeasing some OSS purists. The app is
| already free, and I don't need the added burden of responding to
| issues and pull requests (and supporting the code they add).
|
| EDIT: I also don't want folks redistributing custom builds or
| effectively reselling it somehow. I'm a solo dev, I don't have
| the resources to litigate and enforce any kind of restrictive
| license.
| dharmab wrote:
| On Android, the potential downside (companies stealing your app
| under alternate names, bundling adware/malware, and even
| issuing fraudulent takedowns) outweigh the upsides.
|
| Consider allowing some trusted users in your community
| audit/demo access? The developer of the AetherSX2 emulator for
| Android worked with the PCSX2 team (Open Source parent
| software) and YouTubers/other established media in the
| emulation community to verify their claimed improvements and
| reputation. https://pcsx2.net/301-aethersx2-pcsx2-mobile.html
| ratww wrote:
| _> On Android, the potential downside (companies stealing
| your app under alternate names, bundling adware /malware, and
| even issuing fraudulent takedowns) outweigh the upsides._
|
| I don't have/use Android, so no dog in this fight, but I can
| say these things happen in pretty much every other non-niche
| platform: iOS, Windows, Mac. I've even had people cloning a
| VS Code extension I did.
| candiddevmike wrote:
| That seems like a good compromise. I thought about looking
| for third party attestation services, but it would be a point
| in time snapshot and probably prohibitively expensive.
|
| At the end of the day, the code is written in Go (highly
| reduced attack surface), doesn't need to be exposed to the
| internet (works fine locally or over a VPN), and functions
| perfectly fine with outbound internet access blocked (no
| phoning home or tracking). I built it the way I want self
| hosted software to work.
| EMIRELADERO wrote:
| Somewhat of a hot take here, but why is this even a problem?
| Why would shitty clones with malware existing somehow damage
| the original app? Every open source app on Android has these
| problems, but they don't seem to affect the app's existance
| or reputation. And in the case of AetherSX2, the benefits of
| a transparent, community-driven mobile emulator certainly
| outweight any risks it may have. The point is not to prevent
| these things from happening, the point is to have enough
| people sbowing support and contributions for your software
| that the clones with malware become something just _not worth
| it to even care about_.
| oefrha wrote:
| > Why would shitty clones with malware existing somehow
| damage the original app?
|
| Best case, you get angry emails. Hell, Daniel Stenberg of
| curl fame got "I will slaughter you" because someone
| bundled libcurl and included a copyright notice.[1]
|
| Worst case, certain scammers are very good at pretending to
| the the real thing.
|
| [1] https://daniel.haxx.se/blog/2021/02/19/i-will-
| slaughter-you/
| oefrha wrote:
| > I don't need the added burden of responding to issues and
| pull requests (and supporting the code they add).
|
| I just state clearly in README that certain projects of mine
| are open source but not open contribution. This way people can
| follow development and modify things to their liking if they
| want to, but I don't need to hear from them.
|
| Of course don't do it if you don't want to see others repackage
| your stuff.
| progval wrote:
| > I don't need the added burden of responding to issues and
| pull requests
|
| You don't have to. open sourcing does not mean putting it on
| Github with an open bug tracker, you could simply offer tarball
| downloads, mention you don't support it, and ignore any email
| about it.
| gjsman-1000 wrote:
| This is actually how Apple does some of their open-source
| projects.
|
| For example, the XNU kernel at the heart of macOS is open
| source, along with some of its kernel extensions. Apple isn't
| interested in having other people work on it though or having
| their commit history unveil vulnerabilities, so they just
| squash all the commits into one and release the tarball for
| every new macOS version.
|
| Open-source kernel? Check.
| eminence32 wrote:
| Or host it on gitlab, which lets you entirely disable
| forking, merge requests, and the issue tracker
| blondin wrote:
| why gitlab? host it on github, just don't make the repo
| public!
|
| but yeah this thread is correct about the burden of issue
| tracking and pull requests management.
| rightbyte wrote:
| > disable forking
|
| That seems mean?
| wongarsu wrote:
| You can always clone the repo, change the git remote to a
| newly created one and upload there. You get a perfect
| copy, just that it isn't recognized as a fork, thus you
| can't make pull requests (you can still merge changes via
| the Git cli as always)
| InitialBP wrote:
| When you say "Audit" do you mean in terms of security?
|
| I was a penetration tester for a while and it was quite common
| for my clients to have customers who requested a security audit
| of their product. We would conduct the assessment and provide
| them with a letter that basically says we did an audit and we
| found x number of crit/high/med/low issues and then did a
| retest to verify that client fixed x number of
| crit/high/med/low issues. Might be worth a shot!
|
| I know Mozilla has also done some similar stuff, but they
| normally release the entirety of the report.
| https://blog.mozilla.org/security/files/2021/08/FVP-02-repor...
| yjftsjthsd-h wrote:
| If you want to allow audits but don't care about Open Source,
| just do a source available / shared source license like
| tarsnap.
| candiddevmike wrote:
| Sure, but then I can't prevent forks or folks distributing
| custom builds unless I start doing DRM notices and
| litigation. It's infinitely easier to keep it closed source.
| yjftsjthsd-h wrote:
| Legally you can, and practically do you really think people
| can't reverse engineer your stuff if they want?
| Alternatively: it sounded like you just didn't want to
| support it or deal with pull requests; do you _care_ about
| unofficial unsupported builds?
|
| Edit: And yes, just distributing binaries and not worrying
| is the least work; I just wanted to point out that you
| _can_ have it both ways if you ignore "Open Source".
| KronisLV wrote:
| > Legally you can...
|
| Sure, up until the point where you run into people in
| countries like China ripping off your products and get
| stonewalled in any attempts at IP enforcement.
| Alternatively, are you sure that you can really afford
| the legal expenses of pursuing such enforcement?
|
| I've seen enough stories of indie game developers having
| their games be stolen an re-uploaded under a different
| name to know that this is a problem that shouldn't be
| overlooked, though obviously it's worse in some
| industries than others.
|
| > ...and practically do you really think people can't
| reverse engineer your stuff if they want?
|
| No, most people cannot, and that's the extent to which it
| remains a good point.
|
| You don't lock your door because you're worried about the
| one person who knows how to pick it out of a thousand,
| you lock your door to deter the rest 999 people who would
| go through it if it were not locked.
|
| People talk a lot about obscurity not being security and
| so on, but to a certain degree it is, just like how
| changing your SSH port will prevent a number of automated
| attacks, even if port scanning is trivial otherwise.
| candiddevmike wrote:
| Yes, I'm trying to build a brand and monetize the app via
| a SaaS offering for those who don't want to self host and
| "cloud features" for those who do.
| yjftsjthsd-h wrote:
| Okay, so it's not "I didn't see a benefit to having it
| OSS aside from appeasing some OSS purists. The app is
| already free, and I don't need the added burden of
| responding to issues and pull requests (and supporting
| the code they add)." It's "I don't want to open source it
| at all". Which is fine, just say that instead of bringing
| up support burden.
| [deleted]
| Pulcinella wrote:
| Yeah I think the developer of the Apollo Reddit app open
| sourced the app in the beginning so people could audit it and
| it led to some people immediately cloning it and trying to sell
| it for money.
| [deleted]
| NtGuy25 wrote:
| So firstly, the people asking you to open source so they can
| "Audit" are dumb. Your app is android, android is EXTREMELY
| easy to audit and decompile. Especially with no obfuscation
| during compiletime. Things like Android and .Net you can almost
| literally dump the sourcecode for the app automatically, to the
| point is basically compiles out of the box. Especially .Net.
|
| What I would recommend if you release an executable using
| native code. You should look into distributing debugging
| symbols. The private symbols contain function names, sometimes
| variable names, and all library calls, but not the source code.
| This means auditing is extremely easy, but stealing it is a bit
| hard. It also lets them run your stuff under a debugger
| extremely easy or make patches through instrumentation.
| ploxiln wrote:
| There are always going to be some people asking for more. Your
| app is not open-source and you already have that. Don't open-
| source it if you don't want to, or don't allow issues/requests
| for the open-source version if you don't want to.
|
| Understand that some people will avoid your app and look for
| something that is open-source, for various reasons. So they can
| be confident they'll never have to pay, so they can
| theoretically fix bugs and port to newer platforms if they need
| to, so they can be confident there is no underhanded reporting
| or remote-control in the software, whatever. When looking for
| something, I value and prefer open-source alternatives, myself.
|
| But that's not everyone, and that's fine. You don't have to
| open-source your app.
| candiddevmike wrote:
| How would you feel about an "open source contingency", i.e.
| this will never be abandoned, it will be open sourced instead
| etc? I think I could add it to the ToS, but it would be nice
| to have some kind of trust/foundation or something setup as
| "proof" etc.
| preommr wrote:
| I feel like this is more an issue of people talking past each
| other rather than having actual differences in opinion.
| rhdxmr wrote:
| Oh my goodness.. if open source had not existed in the world, the
| world must not be as good as today. The world w/o OSS must fall
| behind the world w/ OSS.
|
| If open source is broken, it must be repaired.
|
| I have contributed to OSS for over 2 years and it makes me feel
| fun and feel a sense of achievement. And I feel so grateful
| towards who had contributed to open source and had cultivated
| open source culture. I received help a lot from OSS and lots of
| open knowledge from the internet. And now I want to give it back
| to open source culture and I think I am making the world better a
| little bit.
| tptacek wrote:
| It seems like both sides of this supposed debate are saying
| precisely the same thing, with one side ("how dare we suggest
| anything is wrong wth open source") taking umbrage for no
| apparent reason. The premise of "both" arguments is that open
| source maintainers are being exploited.
| indymike wrote:
| > The premise of "both" arguments is that open source
| maintainers are being exploited.
|
| A lot of the business models that are exploiting OSS and OSS
| maintainers are very much parasitic. I think industry needs to
| be reminded that the first rule of being a parasite is "don't
| kill the host." That is what is happening as companies monetize
| open source and then don't support the team creating and
| maintaining the software they are exploiting.
| ghaff wrote:
| Except they're mostly not. While it's not hard to find
| exceptions most of the maintainers and other coder associated
| with major open source projects are being paid by companies to
| do so.
| haukem wrote:
| This really depends on the project. Many people just do it in
| their spare time and have a normal software engineer or
| similar role working on proprietary software using open
| source. Some are still at university and studying. Some are
| contracting and probably also get some new customers thorough
| their open source work.
|
| I do not have real data, but I assume that more than 50% of
| the effort invested in open source is not directly paid by a
| company. For the Linux kernel 20% to 30% of the commits come
| from people doing it as a hobby, the Linux kernel is
| supported very well by big cooperations.
| ghaff wrote:
| You're right. It really does vary.
|
| However, in the case of the Linux kernel just about 8% were
| unpaid as of five years ago.
| https://thenewstack.io/contributes-linux-kernel/
|
| I assume that projects like Kubernetes and OpenStack are
| similar.
|
| Obviously many smaller projects are largely developed by
| people on their own time. I expect this also applies
| languages and things like that which aren't largely
| corporate efforts like Go and Rust are.
| watwut wrote:
| Majority of people responding to FOSS studies is paid by
| companies. It is biased toward Linux related open source
| projects a bit.
|
| The thing is, while there are maintenaners of important
| projects working for free, the idea that most of major open
| source development is for free is mostly mythology. Large
| projects are backed by companies.
| rikroots wrote:
| I don't feel particularly exploited - but then my OS library is
| not particularly popular (or widely used). I suppose if the
| library did become popular and some $MegaCorp built a cash
| printing product on top of it I could add some code to the
| library to print disparaging remarks about $MegaCorp practices
| in the CLI (or whatever).
|
| Then again, I also give my poetry and my (2 completed) novels
| away for free. I'm not the greatest Poster Child for the
| Capitalist cause.
| brabel wrote:
| I don't think anyone is being exploited. The work you do for
| free, and publish online with a permissive license, was meant
| to be "exploited" by anyone, that's what OSS means. Everyone
| knows that. We still spend time doing it because of, as the
| author of the blog post correctly mentions, several different,
| personal reasons.
|
| I publish all my hobby projects on GitHub. I have zero
| expectation to ever get paid for it, even though I know some
| big companies have used libraries I've written. I am not sure I
| even want to get paid, as that would increase my accountability
| a lot!
|
| Do I feel exploited?? Not at all. No one asked me to do it. I
| do it because I like contributing my knowledge and I hope it
| will benefit someone doing good work some time... even if most
| beneficiaries are indeed greed, for-profit organizations. I
| also use heaps of "free" products by these same greedy
| companies... my website is hosted entirely free (with HTTPS and
| everything) by Netlify... I also have several project websites
| on GitHub Pages (free), run my CI on GitHub , TravisCI and,
| AppVeyor and CircleCI (all completely free), write some code on
| IntelliJ (Jetbrains), emacs (ok, this one is not from big co.)
| and VSCode (big bad MSFT) which are all totally free to use.
|
| My browser is also completely free, thanks to Mozilla!
|
| Sure, they use lots and lots of OSS, but without those, these
| products might never have existed as the cost to create them
| from scratch or by paying every single OSS library for use
| would have been prohibitive.
|
| So, I agree with OP, OSS is working just fine.
| jancsika wrote:
| There aren't merely two sides of a "supposed" debate. There are
| at least two sides of a bona fide debate. And you could not
| possibly have missed one of the sides because its argument was
| copy-pasted dozens of times on the other post.
|
| The dozens of copy-pasted comments left by mbrodersen on the
| other post can only be interpreted to be against the claim that
| companies are exploiting open source maintainers here. Under
| this argument that was copy-pasted dozens of times, companies
| paying exactly $0 for software set at $0 are behaving in a
| natural and predictable manner within "the marketplace." It's
| an unambiguous argument. It's impossible to miss because it was
| copy-pasted dozens of times.
|
| Now, I didn't notice the dozens of copy-pasted mbroderson
| comments being flagged or downvoted. Nor did I notice dang
| explaining to mbroderson that copy-pasting a low-effort "market
| mechanics" retort throughout a long thread is against the rules
| of HN.
|
| And now that argument-- which again, was copy-pasted dozens of
| times on the other thread-- is in the ether. You cannot merely
| ignore it and claim that "both sides" are somehow saying the
| same thing. One side clearly isn't, at least a dozen times,
| copy-pasted.
|
| So I'm curious what you think about the claim that nobody is
| exploiting anybody here, because if open source devs want
| greater than $0 from companies that use their software they
| should charge greater than $0 to companies that use their
| software.
|
| I think I stated the claim correctly-- if not perhaps
| mbroderson can copy-paste the argument here.
| 1970-01-01 wrote:
| >Whose fault is it then? I believe that it is the society's
| fault, the system's fault, no matter how abstract or vague that
| sounds.
|
| C'mon, man! Your argument is that its all society's fault, and
| FOSS isn't broken! That's the weakest argument I've ever heard
| for keeping it!
| kklisura wrote:
| The great thing about open source is that anyone can participate
| for free and for whatever reason: some for the feeling of giving
| back, some for creating something useful for others, some like it
| as challenge, some for the street cred., etc. and most people
| don't expect to be paid. The idea of paying for OS cannot exist
| in such environment until everyone is on board with that idea. If
| you create something and demand to be paid, someone will most
| definitely create something similar and release it for free.
| sneak wrote:
| > _FOSS is free as in freedom and not free as in beer (cost)._
|
| Actually, and critically, it is both!
|
| You can't have free as in freedom without being free as in beer
| first.
| icy wrote:
| You certainly can. You can charge for the software, _and_
| release its source under a free license. The user can choose to
| download the source and build it themselves, or pay for the
| built software (or the service).
| carapace wrote:
| You can give away the code (and the right to use it) but still
| charge for development, maintenance, and auditing.
| commandlinefan wrote:
| > boast of their "innovation" and "growth" without ...
| contributing
|
| ... from corporations that don't bat an eye at donating billions
| to (often dubious) "social" organizations - often ones that
| criticize them anyway.
| dgreensp wrote:
| That is pretty funny!
| haukem wrote:
| The legal and fiance constructs of many open source projects
| are pretty badly organized. This makes it hard for accounts at
| big cooperation to handle them. Many open source projects are
| also pretty bad at marketing to non developers and do not have
| an aggressive founding campaign.
|
| Some "social" organizations are much better at this and have
| very good people taking care of marketing and accounting to
| people who control money.
|
| Most members of open source projects just want to code and not
| take care of tax exception for donations and filing out the
| correct tax forms in time.
| mrweasel wrote:
| It feels like we moved from a world where open source software
| was develop by a community, to one where most of us are just
| consumers of the code. I don't know if where actually more
| contributors 20 years ago, relatively speaking, but much of the
| code was also less complex.
|
| Open source is still remarkably successful and the only reason
| why the whole Log4J RCE is such a big deal, is because the
| library is hugely successful. The failing isn't in the work of
| the author(s), but those of us who been consuming the code. We
| don't need to fund the main developers, what we need is for the
| project, and projects like it, to be true communities. That mean
| that all the companies who have been relying on open source need
| to allocate time to community work.
|
| We pay for open source software by helping build it and that goes
| beyond creating an issue on Github or complaining about missing
| features and poor documentation. We all part of the open source
| community, but we seem to have forgotten how it works. Now we
| believe that we can throw money at the problem, but that still
| leaves a single developer with the responsibility for a massive
| code base. OpenBSD was right: "Show us the code or shut up".
| einpoklum wrote:
| > It feels like we moved from a world where open source
| software was develop by a community, to one where most of us
| are just consumers of the code.
|
| Are you sure that's even a contradiction? I mean, if you start
| with a developer community, and add a lot of people who simply
| had not been exposed to / using the software, you get to the
| situation of "most of us being just consumers of the code".
|
| Now, you could argue that communities have been
| fraying/weakening over the past few decades, but that would be
| almost an orthogonal argument.
|
| > That mean that all the companies who have been relying on
| open source need to allocate time to community work.
|
| We need to funnel some social resources into building and
| maintaining such communities. If companies were to do that,
| then great, or rather, not great but sort-of-ok. The thing is,
| they aren't doing it, as they are fundamentally motivated not
| to: It hurts their profitability (except perhaps for vague
| extra-long-term concerns). So, it's not useful to say that
| "companies should do it".
| mrweasel wrote:
| > So, it's not useful to say that "companies should do it".
|
| Valid point, but so far NO useful solutions have appeared. I
| don't need log4j, my employer does. So why should I pay the
| developers? Because that's the only other solution I've seen
| presented.
| newaccount74 wrote:
| I think you are absolutely correct. The best way to contribute
| to Open Source software is to literally contribute to it.
|
| We don't need to turn OS maintainers into service providers
| that sell support contracts to enterprises.
|
| Enterprises could just contribute to projects in kind, eg. by
| auditing a library, by fixing a bug, or by writing some docs.
| bshipp wrote:
| I feel like we should at least reference some companies who "do
| FOSS right" by releasing internal projects to the ecosystem. in
| the data science realm, for example, I've made heavy use of
| Superset and Airflow from Airbnb as well as the Plotly tools
| (Dash, etc) and numerous others.
|
| In many ways FOSS is thriving and on the cutting edge, and in
| others (especially project maintenance) it seems to be
| struggling.
|
| But let's at least recognize some of the good actors in that
| space.
| jrm4 wrote:
| The thing is, the answers for this are all here and old. I'm just
| kind of waiting for people to figure it out.
|
| If you're creating cool stuff and giving it away, great! No
| obligation.
|
| If, however, you're creating a paid product or service -- there
| already exists a ton of law and precedent and ideas about
| obligations. We just need to _remember_ these and start using
| them again.
|
| These ideas and law generally point to: If you put a product out
| there, and make claims about what it can and cannot do (either
| explicitly or implicitly) then you must be held responsible for
| the harm if people reasonably rely on it and you screw up. That's
| it. That's the entirety of it.
|
| FOSS is one of your inputs, could be seen as something like
| gasoline or trucks or whatever. It's your job as a company to
| handle those safely and make sure they don't goop out and cause
| harm, and if you don't get this right, you should be sued.
|
| Edit -- and of course, sometimes the companies are too slow to
| make this happen and so we need regulation. We perhaps need an
| EPA or FDA for software.
| ChrisMarshallNY wrote:
| I didn't get that the original article was bashing the _concept_
| of open source; more like it was bashing the "on the ground
| reality" of today's open source.
|
| I think that there's a great deal of "brokenness" in the way that
| the software development community works, in general. Because OS
| is so ubiquitous, and because, as the author mentions, so many
| people make money on it, we think of OS as the problem.
|
| I think the general quality level of software is catastrophically
| bad, in many instances. This is because people rush to do "big
| things," and they aren't actually ready to manage these "big
| things."
|
| One example is overengineered design. This is something that
| we're all guilty of. Indeed, today, I am in the process of
| completely rewriting a view controller that I designed, that has
| that whole "Lucy and the Chocolate Factory"[0] thing going for
| it. The only solution was to take off, and nuke it from orbit.
|
| When I create an overengineered design, it becomes brittle, and
| difficult to maintain or extend. What triggered my rewriting
| this, was because I needed to modify the way that the layout was
| done, and found it to be a complete bitch to figure out.
|
| Fortunately, I am very experienced, and also wrote the original
| (messy) code. It would be another matter, entirely, if it was a
| "black box" dependency. I probably would have avoided modifying
| the layout, which would have resulted in a much lower quality of
| UX for my app.
|
| [0] https://www.youtube.com/watch?v=NkQ58I53mjk
| jack_pp wrote:
| is it not possible to have a licence that says if you want to use
| this code to sell a service for a profit you must contact the
| owner and negociate a deal? this way if you are developing in the
| open source bubble you get to use software for free. if you want
| to build a service you get to test the software for free and if
| your company takes off then you must pay for your foundation.
| gtsop wrote:
| Re the author of "open source is broken": The irony of bashing
| open source on a websiate using systems/code/infra containing
| thousands of open source lines of code which I am sure he hasn't
| paid for... has probably escaped his attention.
|
| Honestly, I am not sure why there is an argument anymore. Let
| people write or use free or proprietary software as they see fit.
| You all know the pros, you all know the cons, make a decision and
| god's speed, live your life. I side with the free software. You
| do you.
| Kye wrote:
| The author would be accused of having no standing to criticize
| open source if they didn't use it. There is no viable move with
| the mindset you display here.
| dnautics wrote:
| no, the author could _have_ used open source and then moved
| off for principled reasons that people weren 't paying their
| OSS contributors, made predictions about what would come to
| be, and then be pot shooting at the FOSS community from a
| distance. Or the author could aggressively pay every single
| OSS contributor they are using, with receipts... Etc, etc.
| gtsop wrote:
| I replied to the same argument in a different comment. There
| is literally a thousand ways to do it.
|
| Eg
|
| - Post on twitter/facebook - pay for a proprietary stack -
| pay for an open source stack (donate) - print stuff and hand
| them out in person (half joking, but you get the point i
| hope)
| bigbillheck wrote:
| > The irony of bashing open source...
|
| This is literally the 'yet you participate in society'
| argument.
| dnautics wrote:
| Sure, you don't have the option of not using open source
| software for some of the cisco and arista switches and
| routers on nexthops over the internet, but you certainly CAN
| use paid-for closed-source software (from operating system up
| to webserver) on a server that you set up, in a colo that you
| pay for, to run your blog.
| gtsop wrote:
| No, this is a falacy. As a living being you don't really
| stand any chance of not participating in society in some way
| or another.
|
| However the author has the following options: - pay for
| proprietary stack of technology to publish their website -
| pay for the open source software they are using (donate) -
| not do any websites and publish their opinion on other social
| media or even physical print. Write a papper, print flyers -
| do literally nothing
|
| All of these are actual viable options. Not participating in
| society kinda isn't an option if you wanna live
| badsectoracula wrote:
| Is it even possible to _completely_ avoid open source
| software nowadays though? Windows itself might not be
| completely open source but it has a bunch of open source
| components and /or is based on open source components (even
| the TCP/IP stack has its roots on BSD :-P). Even your CPU
| (especially Intel with its IME using Minix) and UEFI might
| have some open source code.
|
| Perhaps if you find some 20 year old PC with an obscure
| proprietary operating system that has its own network stack
| you could do it. Though that "proprietary purity" will
| break down as soon as you step out of that PC box and
| connect it to a router or whatever since chances are it
| will run open source software and your purely proprietary
| signal will be contaminated way before reaching some end
| user's browser :-P
| gtsop wrote:
| You're most likely right, but my argument has been
| misinterpreted in a classic fashion. I never implied that
| they should have used open source at all. I said that
| they used a bunch of open source software that I doubt
| they had ever paid for (even donating).
| xena wrote:
| As the author of that article, I am starting to prefer
| they/them pronouns. It would be nice if you could update your
| comment to refer to me correctly, however this is not a demand.
|
| There is a lot more happening behind the scenes than you know
| of, I make a tiny fraction of my donations public knowledge.
| gtsop wrote:
| Yes you are right, i apologise, will update.
|
| Edit: it seems like i cannot edit it anymore, but it was not
| meant to be disrespectful or on purpose.
| KronisLV wrote:
| Edit: another person pointed out that the actual comment
| sounds like an ad hominem, which i do not condone. However,
| some of the phrasing made me think, hence the question (more
| clarification below).
|
| > The irony of bashing open source on a website using
| systems/code/infra containing thousands of open source lines
| of code which I am sure they haven't paid for... has probably
| escaped their attention.
|
| Hey, what are your thoughts on the OP's argument, though?
|
| I read your article and it did seem to have plenty of truth
| to it, much like other articles that i've read in the past:
| https://staltz.com/software-below-the-poverty-line.html
|
| Personally, i use a lot of open source software and i
| definitely won't pay for _most_ of it, many people out there
| won 't pay for _any_ of it. I don 't find that ironic, i find
| it sad. There is no obligation or anything to encourage
| anyone to donate to the authors, most people don't care.
|
| If i went to work on Monday and suggested that we as a
| company throw money at open source, i'd probably be looked at
| funny. In the company, near the holidays we have an
| initiative where employees vote for charities and each vote
| gets 100 EUR donated towards them... but curiously, no one
| even considers something like that for open source projects,
| despite there being hundreds if not thousands of those in
| their dependencies.
|
| I think it's probably a cultural issue to some degree, simple
| psychology otherwise.
| jodrellblank wrote:
| > Hey, what are your thoughts on the OP's argument, though?
|
| An ad-hom insult doesn't make an argument. OP isn't bashing
| open source, OP is bashing for-profit companies using it
| without contributing as an overall system, and OP's website
| isn't a for-profit company, so even the "OP is a dumb
| hypocrite" isn't only an insult, it's also wrong.
|
| > " _There is no obligation or anything to encourage anyone
| to donate to the authors, most people don 't care._"
|
| My long term simple answer to American's "tipping
| problem"[1] is that if you want money, charge money. This
| emotional manipulation guilt tripping "you don't have to
| pay, it's free" "my children, think of my dying starving
| family, I need money" "oh but it's free honestly I do it to
| contribute to others" "but listen to the crying of my wife
| as she scrapes together the last of our posessions to take
| to the pawn shop" "no really, I encourage everyone to make
| and use free software (but you should FEEL BAD if you do
| what I encourage)" "but it's free, check out that license"
| "I'm only saying I was hoping you would behave like a
| decent person and not take advantage of me while I lie
| about my motives to your face and emotionally manipulate
| you" "btw don't even think of holding me responsible for
| any problems in the code, I disclaim all responsibility to
| the maximum amount permitted by law and offer no support
| for any problems" is just not a good or honest way to go
| about things.
|
| You want money, charge money. Code as an employee, be a
| consultant, be indipendent and sell your thing. You need
| money, charge money, there's multiple ways to do it, people
| have been doing it for years. Why aren't you able to charge
| money? At least partly because of all the people giving
| away the equivalent for free. Why would someone pay for
| your library when they could get a free one? If guilt
| tripping is the only answer, you need a better answer.
|
| If I plant a tree for everyone to have a bit more oxygen in
| the atmosphee, will you pay me for the oxygen you're using
| from my efforts? Of course not.
|
| [1] that's not to say I don't tip, it's to say I hate the
| design of the system and think it leaves the majority worse
| off and far more stressed, so the minority of attractive
| people in rich areas come out far ahead.
| KronisLV wrote:
| > An ad-hom insult doesn't make an argument. OP isn't
| bashing open source, OP is bashing for-profit companies
| using it without contributing as an overall system, and
| OP's website isn't a for-profit company, so even the "OP
| is a dumb hypocrite" isn't only an insult, it's also
| wrong.
|
| I do agree that ad hominems are bad and that OP is maybe
| conflating bringing attention to problems with open
| source with actually being opposed to open source, which
| is definitely not the same thing! Lots of criticism may
| come from a position of wanting to improve everything.
| However, my more charitable interpretation of the
| original message would be along the lines of: "Open
| source seems to work, since you can post this criticism
| while utilizing a lot of open source technologies."
|
| And that's why i felt like creating my response/question
| above (apologies if that wasn't clear enough), since i'm
| surprised myself that we have as much working open source
| software in the first place, given how underfunded and
| underappreciated many of the oftentimes critical projects
| are. :(
|
| The bit about tipping is an interesting one - somehow
| many of the waiters in the USA aren't paid a living wage
| but instead have to rely on the patrons of the
| establishment to tip them. On one hand, that seems
| incredibly wrong to me (and unthinkable of in certain
| countries), however at the same time that implies that
| surely it's possible to somehow ingrain tipping or
| similar monetary actions into a culture to the point
| where it's not viewed as something outrageous by the
| denizens of said culture. How did tipping even become a
| thing? Why isn't tipping a thing in more industries
| (hopefully sans the abusive wage practices)?
|
| Why did "npm fund" become a thing just a number of years
| ago but was never really successful?
| https://dev.to/ruyadorno/npm-6-13-0-7f3 Why do most
| corporations stop at extracting lists of dependencies in
| their projects so they don't get sued and don't have to
| release their codebases to the public, as opposed to
| actually funding the people on whose work they depend on?
|
| > You want money, charge money. Code as an employee, be a
| consultant, be indipendent and sell your thing. You need
| money, charge money, there's multiple ways to do it,
| people have been doing it for years. Why aren't you able
| to charge money? At least partly because of all the
| people giving away the equivalent for free. Why would
| someone pay for your library when they could get a free
| one? If guilt tripping is the only answer, you need a
| better answer.
|
| Are we incapable as humanity on a large scale to give
| money willingly to others, when we benefit from their
| work?
|
| > If I plant a tree for everyone to have a bit more
| oxygen in the atmosphere, will you pay me for the oxygen
| you're using from my efforts? Of course not.
|
| Why not? If i wasn't under constant stress about my
| financial future, scraping by to survive in an economy
| that doesn't feel viable long term (especially given how
| i receive cents on the dollar for my work in the grand
| scheme of things) and aggressively saving of what little
| i earn, while knowing that i have slim chances of ever
| having real estate of my own (given that currently that's
| only viable after decades of work, even if that), i'd be
| more than happy to pay someone for a tree or a well
| planted forest, if it'd be presented to me as something i
| can do easily.
|
| Just look at: https://teamtrees.org/
|
| If there is not a viable solution to the open source
| funding problem, i don't think open source has a future
| that's all that bright, at least outside of corporate
| backed projects or privileged people (e.g. those not
| under constant financial stress) who can afford the time
| and effort to put into it.
|
| Edit: apologies if that's an emotional reaction that's
| maybe not entirely rational, but another post here on HN
| also made me think:
| https://news.ycombinator.com/item?id=29525286
|
| In short: It feels like open source developers _should_
| be paid, regardless of everything else.
| watwut wrote:
| > no really, I encourage everyone to make and use free
| software (but you should FEEL BAD if you do what I
| encourage
|
| 100% this. I remember how open source advocates were
| literally pushing everyone who would listen to use and
| trust open source. Literally arguing by free too. Now,
| the people want to twist it into "and if you got
| convinced and use it you are asshole freeloader".
|
| Well then, maybe it should have been private licensed
| software of that is what you want. Which I'd actually
| fine by me.
| Kye wrote:
| That's why I default to they/them unless I have some
| indication otherwise. One time a dude went off on me for it,
| and I broke his brain by suggesting pronouns in his bio would
| have saved him a public freakout. I always found the
| prescription to default to masculine terms as a default
| gender neutral awfully suspicious even before I knew I was
| nonbinary.
| gtsop wrote:
| I usually do they/them nowadays, but habbit is hard one to
| break and i cant edit the comment atm. I hope the author
| understands that my pronouns don't bare any judgemental
| meaning
| xena wrote:
| I have no reason to judge you ^^, just trying to be
| polite.
| okareaman wrote:
| I learned from the actix-web debacle that I don't want to ever do
| libre or open source software. If people want to complain to me
| about my code and call me a lousy programmer, then they have to
| pay me for the right.
|
| A sad day for Rust
|
| https://steveklabnik.com/writing/a-sad-day-for-rust
| frizzle112 wrote:
| Author describes a classic tragedy of the commons situation -
| many reap the benefits but there's little incentive to invest in
| OSS.
|
| Analysis from there is weak. The incentives I think fairly
| clearly lead to major underinvestment in open source relative to
| the ideal level because of the incentive problems Even if there
| is some investment and some significant success if there was
| investment of time and money order proportional to usage of major
| OSS components.
| PaulKeeble wrote:
| Its probably time for the next generation of open source
| licensing to make the code not usable for profit making purposes,
| thus ensuring open source is either funded by the companies that
| use it or forms its own separate community away from
| corporations.
| nixpulvis wrote:
| How do you practically inforce these licenses? At aquision time
| in a big code audit? Independent review with mandatory
| certificates for businesses over a certain gross profit? What
| are the current ways we catch lisence breach? So many
| questions...
|
| I know that I hate, HATE, thinking about lisences, to the point
| I typically don't include one, or use some nebulous beer-ware
| hack. How does a new set of licenses help me?
| paulryanrogers wrote:
| How does it work now with GPL and AGPL? As I understand it
| muck rackers dig into distributions of software and services
| then report any violations they find. Then the copyright
| holders can choose whether or not to take them to court.
| jt2190 wrote:
| > I typically don't include [a license]...
|
| This would be UNLICENSED or NONE then. Unlicensed software
| can't be used for too many things, since it's encumbered by
| copyright restrictions. (The author's right to create copies
| is, in the U.S. at least, _implicit_ , meaning that the
| simple act of creating a work is enough to have the
| "copyright" for it.)
|
| There is The Unlicense [1] that explicitly transfers
| copyright to the Public Domain.
|
| [1] https://spdx.org/licenses/Unlicense.html
| nixpulvis wrote:
| What about the whole concept of Copyleft? Which is
| something that seemed interesting to me but I never really
| understood the full implications of.
| jt2190 wrote:
| With "Copyleft" licenses the license terms automatically
| apply to derivative works. So if you fix a bug in some
| GPL licensed code, that bug fix is also licensed under
| the GPL terms. The "deal" is essentially "everyone
| benefits from everyone's work."
|
| The difficult part is enforcement: How can we even know
| if a user has made a modification?
|
| The older licenses assume that a user can't really get
| more than personal benefit from a modification unless
| they "distribute" a copy of the modified software to
| someone else. Clearly the recipient of a copy of
| commercial software can look and see if any Copyleft code
| was included.
|
| With the rise of software-as-a-service, however, the
| modified copy never leaves the user's computers. This
| seems like it violates the spirit of "everyone benefits
| from everyone's work". This is one of the issues new Open
| Source licenses are trying to address.
| jollybean wrote:
| GPL will for the most part only mean nobody will use it.
|
| There are only very few cases in which GPL is ideal.
| rightbyte wrote:
| What? Linux, gcc?
| jollybean wrote:
| VideoLan in that category as well.
|
| I think GPL with it's focus on 'can't be used in
| commercial' is deeply limiting.
|
| I think the 'You have to make public variations of this
| module but it can be used for anything and linked to closed
| source statically or dynamically' ... is more ideal for
| those kinds of things, which is kind of pragmatically the
| case. But still.
|
| It would also be nice if courts could make rulings on
| verbiage or licences instead of waiting for trials because
| that legal cloud is a big overhang for the entire world.
| madeofpalk wrote:
| GPL, AGPL, etc.
| candiddevmike wrote:
| See Commons Clause or Business Source License for an example.
| But then it's source available, not "FOSS".
| echelon wrote:
| The license should require the entire system to be open source,
| with exceptions for secrets and small integration pieces under
| 1000 LOC.
|
| If AWS wants to use it, the entirety of their platform would
| have to be open. Billing system, machine provisioning,
| networking, database failover -- everything.
|
| They won't do it. But someone with ambition will, and they'll
| start to grow a platform that is less risky and increasingly
| more attractive. As it gains steam, it could become not only a
| refuge from cloud lock in, but a huge threat to existing
| players.
| NavinF wrote:
| All open source licenses allow commercial use. That's a major
| part of the definition of "open source":
| https://opensource.org/faq#commercial
|
| "Source available" licenses that don't allow profit do exist.
| See all the anti-cloud licenses that came out when AWS started
| selling open source databases as a service. It's just that
| hardly anyone touches code licensed like that. Hell, even Linux
| used to have a "can't have money change hands" clause until
| Linus realized that was stupid. See his debconf talk where he
| talks about it.
| unbanned wrote:
| I just wouldn't use it then. Or I'd use it and just not tell
| anyone. Or take its essence and build it from ground up with a
| different name.
|
| Who's gonna sue me?
| js8 wrote:
| Why when you already have GPL? Most companies do not allow GPL
| software to be used for products.
| goalieca wrote:
| It becomes murky when you don't actually ship software and
| use it as a service in the backend. GPL is from the olden
| days when you actually distributed your software. Now it's
| only the front end and that ships as source still because
| wasm and the rest haven't taken over yet.
| inops wrote:
| AGPL then. It extends the meaning of "distribute", but is
| still FSF/OSI-approved
| xyzzy_plugh wrote:
| AGPL is super scary for corporations, as it's not clear
| where the boundaries are and no one wants to go to court
| to find out. GPL is relatively straight forward: as long
| as you don't link to it, make sources including any
| changes available to your users.
|
| AGPL is like, okay maybe everything needs to be released.
| And when you are also using proprietary third party
| software it becomes a real hairy mess.
| BarryMilo wrote:
| They exist, they're just not used a lot. I assume this is
| because most apps are made for profit.
| tw04 wrote:
| >If FOSS was broken, the internet as we know it today wouldn't
| exist; the countless marvels of technology that we take for
| granted and techno-economies that thrive on them wouldn't exist;
|
| I guess I just vehemently disagree. Nearly all of the early open-
| source software that made the internet possible was produced in
| universities. The only reason it was sustainable was because it
| was professors being paid by the university, or students doing it
| for free. Implying that means it's viable for all these _other_
| projects that were created and maintained outside of a university
| setting is just not accurate. There 's also this fallacy of: it
| worked this long so it will continue working forever.
|
| For me the long and short of it is: the only way I can foresee
| open source working in the way the purists want is if there is a
| universal basic income. SOMEONE has to pay the bills, and as
| we've seen time and again, hoping to feed your family on
| donations is a fool's errand. With UBI, artists of all kinds
| (including developers) can pursue things that would otherwise be
| impossible. Without it, we're left with the constant push and
| pull of people either burning out maintaining stuff in their
| spare time, or hoping a given corporate maintainer wants the same
| features and functionality as the community.
| c-smile wrote:
| > the only way I can foresee open source working in the way the
| purists want is if there is a universal basic income.
|
| Essentially honest FOSS will be available when we evolve to
| "From each according to his ability, to each according to his
| needs"[1] type of society.
|
| Human race is clearly on asymptotical track to that. But not
| yet.
|
| [1] (C) 1875, Karl Marx.
| smitty1e wrote:
| Moltke seems more credible than Marx:
|
| "No plan of operations extends with certainty beyond the
| first encounter with the enemy's main strength."
|
| http://connect2amc.com/118-strategic-planning-moltke-the-
| eld...
| c-smile wrote:
| That citation appears as irrelevant completely to the
| topic.
|
| If you want more relevant citation then this: "A journey of
| a thousand miles begins with a single step" (C) Lao Tzu
|
| For that matter I would say that first major step to real
| FOSS was made in 1917. But it was too early and shouldn't
| that brutally enforced. Evolution is the only reasonable
| way to get anywhere in such complex systems.
|
| Relevant fact: all hardware and software in USSR was Open
| Source. Any non-trivial product must be and was accompanied
| by full schematics. Software sources must be printed out,
| etc. By law.
| hutzlibu wrote:
| "That citation appears as irrelevant completely to the
| topic."
|
| The point was, that marxism as a theory is only a plan -
| and that plan did not really worked out in reality so
| far.
|
| And if you want to paint the USSR in a golden FOSS
| picture, well I would suggest talking with people who
| actually lived there and were not in a privileged party
| position. And it would be news to me, that the USSR
| published their tank, aircraft or rockets schematics.
| c-smile wrote:
| > USSR in a golden FOSS picture
|
| I do not have such intention. I just wanted to point out
| particular fact.
|
| > I would suggest talking with people who actually lived
| there
|
| I do that every day. With myself.
|
| > privileged party position
|
| That's definitely not about myself.
|
| > the USSR published their tank, aircraft or rockets
| schematics.
|
| I had a rank of Lieutenant (Reserve) of Strategic Forces
| of USSR and specialty "Control Systems of Ballistic
| Missiles".
|
| Trust me, end users of these devices had full schematics
| :)
| soco wrote:
| Mike Tyson: "Everyone has a plan until they get punched in
| the mouth."
| netizen-936824 wrote:
| In my opinion, corporations and govt entities should switch to
| a model in which they don't purchase software but instead have
| internal staff work on the FOSS that's used in the group. This
| could help the FOSS ecosystem while removing the profit
| incentives that people have to make shitty pointless web apps.
| Although I'm sure some shitty pointless web apps will still get
| made, I think this could shift the dynamic of the software
| production ecosystem for the better.
| jrm4 wrote:
| You're simply _wrong_ in a way I can 't succinctly summarize
| historically; you really have to get to know the spirit of the
| people who made this stuff. But FOSS is the difference between
| the VERY free and open (at least optionally, if not in
| practice, but like, basically anyone can put up a website and
| do anything on it) internet we have vs. what would have
| happened, which probably would have been slight incremental
| improvements in phone and TV. More" on demand," but damn sure
| no Youtube.
| chasd00 wrote:
| > ...the only way I can foresee open source working in the way
| the purists want...
|
| Well the point of open source is it works however the person
| opening the work wants. There's a license compatible with every
| philosophy out there. Take your pick.
|
| Open source isn't broken because it can't really break at all.
| For something to break it would have to have a concrete form to
| begin with.
| mwfunk wrote:
| Agreed. It's only broken if there were some ideal Utopian
| open source world that we were falling short of, where if
| only everyone can work out some issues, then that world will
| come into existence.
|
| When people are growing up it's easy to get swept up in ideas
| like, "if only everyone saw things the way I did, everything
| would be perfect and so much better than it is right now".
|
| There will always be lots of conflicting ideas about how
| software should be developed and distributed and so far none
| of them have proven so effective that all of the others have
| fallen by the wayside. IMO the best anyone can do is advocate
| for whatever makes the most sense to them, but not make the
| mistake of thinking that anyone has all the answers.
| secondcoming wrote:
| This is great if you have the financial resources to find and
| legally pursue licence violators.
| cube00 wrote:
| Especially internationally
| fartcannon wrote:
| Even if the licenses are abused, there will still be free
| and open source software. It's a beautiful idea that won't
| die as long as there are tinkerers in the world.
| ren_engineer wrote:
| >professors paid by the university
|
| universities were being paid by the military, who get their
| money from the taxpayers.
| ChrisLomont wrote:
| Far more private money went into open source than the
| military put it via professors. Almost of the big successful
| projects would be viable without significant private
| investment into them.
| k__ wrote:
| This.
|
| OSS is broken, but I'd even go so far and say that most of
| software is, because money is often an after thought.
| megous wrote:
| And by broken, you mean what?
| sidlls wrote:
| Can't speak for the GP, but from my perspective: misaligned
| incentives (financial and technical), poor documentation,
| buggy _important_ edge cases, toxic attitudes, egos, and so
| on. In short: it's broken the same way any other
| development is, except it also includes the extreme end of
| economic exploitation.
| megous wrote:
| That all sounds like project specific issues. A lot of
| FOSS projects are exceptionally well documented. The same
| with the attitude, some are wrose, some better. It
| doesn't seem like this is specific to FOSS licensing.
| xchaotic wrote:
| I work with a company that contributes to some open
| source but most of the code is closed-source. I feel that
| the reason many enterprises pay for the software is that
| when there's an exotic bug that only happens with LDAP
| with a certain cypher being used, they know it will get
| fixed (because it's funded by support/maintenance fees).
| While there may be exceptions, I just don't see OSS
| contributors going out of their way to fix such edge
| cases. So perhaps the solution for some open source
| project issues might be to not-opensource it.
| megous wrote:
| Point of FOSS is that you can fix exotic issues yourself,
| at your timeline and perhaps share your fixes with the
| original project, if you also want other people to
| distrute the fix for you via some standard Linux distro.
|
| That's the main freedom you get from FOSS. FOSS != free
| support. It's empowering.
| feffe wrote:
| OSS or Free software is not broken. To claim that it's
| broken, there must be some outspoken intent that has been
| violated. For example that said software should be used by
| big mega corps for free and that there should never be any
| bugs in it. That is not the case, thus it's not broken. Most
| free software is made to scratch an itch. Some projects grow
| big and serious. Some is abandoned when the original author
| grows tired of it. A responsible organization would be
| expected to take the support responsibility for any free
| software that it uses as none is included in the price ($0).
| Or pay another company to offer that support if the task is
| too big. If you don't agree to these terms, refrain from
| using such software in your product.
| [deleted]
| twelvechairs wrote:
| In rebuttal I'll paraphrase a little from Paul Ramsey
| (maintainer of 20-year open source project PostGIS)[0]
|
| His basic view is that Open Source is the dominant model today,
| but tension comes as very little of the value produced comes
| back to the community that creates this value. He argues this
| will always be 'the bare minimum' by virtue of economics, but
| that if something important slows down too much someone will
| put some money in it. But this is a model that operates and
| works. It is borne out by his history in postgis, which is
| maintained by a small number of people mostly in moderately-
| profitable service companies, in the red-hat mould. He's
| concerned about value being captured by cloud companies though
| who frequently don't employ open-source maintainers however.
| Some of this is further expounded in another talk by him here
| [1] (slides at [2]) on the future of open-source where he is
| very bullish.
|
| [0] from about 19:00 onwards here
| https://thegeomob.com/podcast/episode-88
|
| [1] https://www.youtube.com/watch?v=NQ5_NnrBHjo
|
| [2] https://docs.google.com/presentation/d/1-PAgIk9--
| nedCdfMGEwh...
| darksaints wrote:
| This personally rings true for me. My company is getting
| literally billions of dollars worth of value from a couple of
| applications (one of which I created and maintain) built upon
| the foundation of Postgres and PostGIS. And we benefit
| immensely from active development of it: PostGIS version 3.1
| released a new more efficient overlay algorithm which
| probably saves us $5k a year in _compute costs alone_ , and
| untold thousands with the ability to deprecate a hacked house
| of cards that was ready to crumble.
|
| And yet every time I have mentioned to my management that it
| would be great if we could take 1% of our consulting budget
| and funnel it towards PostGIS, they respond almost
| bewildered...why willingly pay for something that we already
| get for free? It's frustrating and I have no idea how to
| remedy it.
| sangnoir wrote:
| > For me the long and short of it is: the only way I can
| foresee open source working in the way the purists want is if
| there is a universal basic income.
|
| I suspect I'm a "purist" by your measure, and I disagree
| completely. University professors, students and volunteer
| contributors/maintainers will continue to exist going forward.
| Nothing _has_ to change.
|
| The problem is that this doesn't "scale" at the rate demanded
| by corporations, and corporate engineers[1]. The problem is not
| with FOSS - it is on the voracious consumption side. I suspect
| the volunteer vs corp usage will follow the Predator-Prey
| cycle, with volunteers being the prey. When the predator
| population grows too large, it will set off events that will
| lead to its population collapsing to a sustainable level. The
| onus is on startups/medium & large corps to help scale FOSS -
| not UBI or the like where the corps continue to freeride (which
| is fine, to a point)
|
| 1. Disclosure: I'm also one, in addition to being a volunteer
| contributor. I volunteer as a way to give back to an amazing
| project, and I earn a salary that meets all my needs.
| jandrewrogers wrote:
| For some types of software, we really do not want students
| doing it, for free or otherwise. There are whole classes of
| software, like database engines, that are non-obvious and
| require many years of real-world domain experience before it is
| plausible that someone will design a competent, scalable
| architecture and implementation. If open source is going to run
| critical infrastructure, we don't want naive and inefficient
| software design but that is frequently what we get; this isn't
| a criticism of the people that create many of these projects,
| more the process in practice and our expectations of it.
|
| UBI is not a solution because it would, at best, pay poverty
| wages. People with the skills to be effective core contributors
| also have the skills to be paid much, much more for their time.
| Few people, and definitely not enough, are going to sacrifice
| the living standards of themselves or their family for some
| ideal of OSS.
|
| There are strong adverse incentives that make it improbable
| that the people designing and building OSS are who we as
| _users_ of OSS would want to be in that role in an ideal world.
| This has been getting worse with time. The risk for OSS is that
| those adverse incentives are never addressed.
| berkeley39 wrote:
| > For some types of software, we really do not want students
| doing it, for free or otherwise. There are whole classes of
| software, like _database engines_ , that are non-obvious and
| require many years of real-world domain experience before it
| is plausible that someone will design a competent, scalable
| architecture and implementation.
|
| Of course as with all things the situation is more nuanced
| than this. Since you mention database engines we should keep
| in mind that without Stonebraker and 39 of his students[1]
| there would be no Postgres. Yet without incentives and many
| years of contributions from professionals (and students who
| would become professionals) we would not have PostgreSQL. A
| healthy system has a place for contributors of all levels of
| experience.
|
| 1- https://momjian.us/main/blogs/pgblog/2020.html#September_2
| 1_...
| jandrewrogers wrote:
| Database development has changed quite a lot since then.
| When I first started working on databases in the 1990s, two
| things were true that made it _much_ easier for relatively
| inexperienced developers (like myself at the time) to
| produce a reasonably good result. First, the state-of-the-
| art implementations at the time were incredibly well-
| documented in an accessible way and the academic literature
| also reflected those designs. Second, the implementations
| were relatively simple and straightforward; you did not
| need esoteric systems knowledge and design theory to write
| code that was competitive with other implementations. The
| most complicated thing you had to worry about was lock
| structures and concurrency control. Not only were there
| relatively simple examples to copy and study, the gap
| between those examples and the state-of-the-art was pretty
| small.
|
| Neither of these is true today. The design of state-of-the-
| art implementations are often poorly documented; the
| computer science has evolved radically since the 1990s with
| significant gaps in the literature; competitive
| implementations require real expertise in silicon
| architecture and Linux kernel internals, you can't just
| write something obvious in C and expect a good result. And
| that's without even getting into difficult topics like
| distributed execution, parallel orchestration, scheduler
| design, etc that we didn't have to worry about back then.
|
| I'm not sure I'd be able to bootstrap the necessary
| expertise to build database engines today like I did back
| then.
| evandwight wrote:
| Ubi won't touch tech salaries.
|
| People don't need to maximize income. I volunteer because I
| have enough and money isn't the only objective.
|
| Open source doesn't need to pay faang salaries to exist.
| wongarsu wrote:
| Exactly, UBI doesn't need to pay faang salaries for some
| people to give up their jobs to maintain projects they love.
| SQueeeeeL wrote:
| There are a lot of people who are very good at coding who
| don't care for high salaries. Despite mainstream pop being
| the most profitable, many musicians pursue niche genres.
| wutbrodo wrote:
| This still doesn't make UBI relevant to this discussion.
| It's already fairly trivial for a talented SWE to make UBI-
| level income working 10 hours a week by picking up software
| contracts here and there. Eng already have access to the
| levels of income that UBI would provide, with plenty of
| time left over to dedicate to open source, and yet this
| path is relatively untrodden.
|
| Plenty of engineers (myself included) already leverage the
| flexibility and surplus pay of the industry to opt out of
| the "40 years of 40 hours" ratrace. But they do so to
| varying degrees, and evidently aren't spending enough of
| that surplus on OSS to fix the problem we're discussing.
|
| I don't see what UBI would materially contribute to this
| dynamic.
| dmitriid wrote:
| > It's already fairly trivial for a talented SWE to make
| UBI-level income working 10 hours a week by picking up
| software contracts here and there.
|
| What about less talented ones that can still contribute,
| but need to work 20 hours a week? Or 30 hours a week? Or
| _gasp_ 40 hours a week?
|
| > Eng already have access to the levels of income that
| UBI would provide, with plenty of time left over
|
| No. There isn't plenty of time left over. Moreover, why
| wouldn't I want to work on something _full time_ , and
| not in my "left over time"?
|
| > Plenty of engineers
|
| Which means: not even the majority of engineers.
|
| > I don't see what UBI would materially contribute to
| this dynamic.
|
| "I don't see how giving all engineers, and not some
| percent of engineers, the option to pursue projects they
| like would materially contribute to this dynamic".
|
| Do also read this short article, "Software below the
| poverty line", https://staltz.com/software-below-the-
| poverty-line.html
| gopher_space wrote:
| If picking up software contracts here and there is
| consistent enough for you to count on then it's either
| already a full time job or the end result of years of
| networking and experience.
|
| UBI would let people devoted to a subject pursue only
| that.
| caconym_ wrote:
| > already fairly trivial for a talented SWE
|
| This level of subjective qualification makes everything
| that comes after it essentially meaningless.
| ajross wrote:
| > Nearly all of the early open-source software that made the
| internet possible was produced in universities.
|
| Well... BSD unix was. Unix itself was Bell Labs, the original
| TCP/IP spec was done by DARPA contractors (mostly BBN). HTTP
| was CERN but the breakthrough "browser" product was venture
| funded. GNU was a private organization, though RMS's office was
| provided by MIT for years and years. Linux obviously was an
| established community effort long before anyone with deep
| pockets showed up. Post-90's "corporate" open source has
| emerged basically everywhere, with Google and Intel being big
| early players (Facebook and Microsoft have been late to the
| game but done very well for themselves too).
|
| I think if anything what this proves is that "Open Source" is
| going to pop up basically anywhere it's allowed to, and that
| any pronouncements about where it "really" came from are
| probably not informative.
| pjmlp wrote:
| UNIX was only free beer because AT&T wasn't allowed to sell
| it initially, the lawsuit against BSD and forbidding the
| Lion's commentary came rather fast as soon as they were
| allowed to take commercial advantage of their research work.
| riquito wrote:
| > Nearly all of the early open-source software that made the
| internet possible was produced in universities. The only reason
| it was sustainable was because it was professors being paid by
| the university, or students doing it for free.
|
| I'm surprised no one mentioned that there was no personal
| computer. Where else would you get a computer to develop free
| software back then?
| thoraway66 wrote:
| > SOMEONE has to pay the bills
|
| Aren't we paying the bill by doing the work to provide these
| things?
|
| Finance was the old information network for distributing need.
| It was easily hacked/corrupted.
|
| Isn't the internet the replacement?
|
| Do the work to have the stuff. Why the old money network too?
|
| Open source is pretty strong evidence social doing just to do
| cool/useful shit just happens.
|
| People grow food to eat, not because a boss said we need to
| produce N tons of corn this quarter.
| em-bee wrote:
| universities are going to continue to exist and students will
| be attending them. what exactly suggests that this will not
| continue forever?
|
| of course FOSS has always depended on people who had the
| resources to work on it. in the beginning this was only
| universities and as FOSS got more popular more funding sources
| appeared.
|
| the problem that we are facing is not one of funding. there is
| plenty of funding available. the problem is a generational
| shift of that funding.
|
| people who used to be able to afford working on FOSS no longer
| can because their life changed. they are no longer students,
| they have a family and so on.
|
| FOSS development will continue. the fallacy is to believe that
| an individual contributor will always be able to keep
| contributing for the rest of their life. we need to acknowledge
| that unpaid FOSS contributions are limited to a few years of an
| individuals life. and after that they need to move on. and most
| do. those that didn't move on but continued contributing were
| those who managed to find additional funding sources.
|
| the problem and the difficulty is that we get more and more
| software that is not new but needs to be maintained. most of
| those using their own funds will want to work on their own new
| software and not maintain someone elses.
|
| so the questions is not how do we fund FOSS development, but
| rather how do we fund FOSS maintenance. that is the new thing
| that we didn't have to deal with a few decades ago
| watwut wrote:
| I dont understand how exactly is open source supposed to be
| broken. It is accepted and respected these days. There is tons
| of it too.
|
| If does not produces flawless miracles, but commercial software
| is not flawless either. The log4j bug has impact it has
| literally because open source was successful.
| [deleted]
| rob_c wrote:
| Having worked with people in industry who understand the point
| and value of giving back this is a little naive I would argue.
|
| A fraction of some talented persons time from say HP is
| probably worth 100x first year developers who aren't paid to
| understand the tools the company is using.
|
| To turn your argument on its head how much would every company
| have to invest to build a modern website from complete scratch
| in isolation? Then think why do that when you can effectively
| spread the cost?
|
| Both approaches have ups and downs but I'm not sure the
| "someone always picks up the cost" isn't anything other than a
| statement of realism. It is a good reason to explain why nobody
| just works on a project in their basement for free and do
| nothing else, but doesn't role out being able to do this if
| responsible companies pick up a fraction of the tab they should
| be paying via donations.
|
| As others have said a huge amount of the value comes from
| support, community and the contributions from many people, be
| they working on the same tools for a product they sell, to make
| a product or service they plan to sell or to scratch that itch
| on that project in their spare time they're playing with.
| indymike wrote:
| > Nearly all of the early open-source software that made the
| internet possible was produced in universities.
|
| Yes, and released with the BSD license, then copied.
| einpoklum wrote:
| > SOMEONE has to pay the bills, and as we've seen time and
| again, hoping to feed your family on donations is a fool's
| errand.
|
| Not that I entirely reject the ghist of your claim, but what
| about:
|
| * Older, retired people?
|
| * Spouse working for-pay supports spouse working on FOSS?
|
| * Part-time for-pay work, rest of time FOSS (like myself...)?
|
| In those situations you pay the bills without donations.
| Exendroinient wrote:
| In general, society has problems with monetization of valuable
| things. It's not only the case with FOSS, it's also holds true
| with science and a long term not quarterly counted products
| development. Sadly vile entertainment and advertising is
| perfectly monetized.
| jph wrote:
| > If there was a paywall, even for $1, how many people would
| install a library?
|
| I would LOVE this solution. I use open source professionally, and
| I continually advocate for ways to pay open source projects and
| developer. And if there's a way to pay extra to fund a feature,
| or hire a developer as a consultant, so much the better. In my
| experience, companies are highly willing and able to pay for
| software and services that accelerate the companies' goals.
|
| If you want to pay for open source, then I can suggest Open
| Collective, Patreon, and GitHub Sponsors as ways that are working
| well IME. Or consider donating to nonprofit open source advocacy
| organizations including Electronic Frontier Foundation (EFF),
| Free Software Foundation (FSF), Apache Foundation, Linux
| Foundation, and similar groups.
| usrbinbash wrote:
| >companies are highly willing and able to pay for software and
| services that accelerate the companies' goals.
|
| The are also willing to buy things and keep everyone else from
| using them.
| einpoklum wrote:
| > Then why is it that millions of FOSS developers, despite
| knowing that their work may be consumed by for-profit
| corporations for nothing in return
|
| Well, that in itself is already some kind of return. Widespread
| use - even in a commercial setting - means widespread interest in
| your work and possibly in you. That might not directly translate
| into $$$ in the bank, but it is quite useful psychologically,
| technologically (think: issue reports and triage, testing of new
| functionality, input on future design) and even financially, in a
| roundabout way.
|
| Still, the main reason - for many of us anyway - is that we
| wrote, and write, based on _need_: We needed the software, or our
| friends/coworkers needed it, or maybe we perceived a public need;
| we wanted to satisfy this need, and there you have it.
|
| ----
|
| Nitpick:
|
| > A world without Wikipedia.
|
| Wikipedia could have functioned just fine on some commercial
| equivalent of a Wiki. Wikipedia editing does not involve working
| on MediaWiki source code. So, not a good example IMHO.
| pjmlp wrote:
| We would just keep using Encarta.
| bluefox wrote:
| Solutions involving companies paying directly to the people whose
| code they use miss the point.
|
| The reason is that software shared with the world is often shared
| out of passion and idealism. If only code that's useful to some
| companies is paid for, the world of free (as in beer or
| otherwise) software as we know and love is still unsustainable,
| and not just because fledgling projects tend to be inferior in
| many ways to everything that came before.
|
| Some software is written simply for the fun of it. Future Crew
| were kids writing demos and putting them out (by the way, an
| executable for a program that's written in assembly is not so far
| removed from its source code; so whether they put out the source
| code or not is immaterial, here the point is "free as in beer").
| These demos were unlikely to be directly useful to companies, but
| we were still amazed by them and some of us got into programming
| because of them. Do you want to live in a world where only people
| who produce software that's useful to some company can sustain
| themselves?
|
| Their parents provided them with food and shelter, so they didn't
| have to think too hard about writing and releasing it. People in
| this thread claim that they don't feel exploited, probably for
| similar reasons. They probably have an income or enough money to
| make them feel comfortable giving something away. What happens
| when circumstances don't go your way, though? Then, while you
| live off your savings, see them shrink day by day, you realize
| that society doesn't give you the basic stuff that's needed for
| living, so why the hell should you give anything away? If you
| already gave stuff away while you were fat and healthy, and this
| stuff is being used profitably by others, the resentment can only
| grow.
| orblivion wrote:
| A half baked idea, curious what people think:
|
| Would it be possible to create an insurance policy against these
| major FOSS vulnerabilities?
|
| The insurance company would then require audits of your tech
| stack, and fund security research. This is analogous to what car
| insurance companies already do. And then companies who are not
| insured are viewed as suspect, etc etc.
|
| There's apparently a misalignment of incentives because there's a
| break in the chain of responsibility. The idea here is to close
| that loop.
| convolvatron wrote:
| car insurance companies hires actuaries that correlate driving
| speed to payout and adjust rates accordingly.
|
| if you think that software quality and risk can be so easily
| quantified then you clearly dont have your hands in software.
| orblivion wrote:
| What about insurance companies that need to predict weather
| disasters? Is that also more predictable than software?
|
| If it's something harder to predict, is there a way you could
| put error bars around it? Granted premiums could get high as
| a result.
| phkahler wrote:
| The core "problem" stems from software having zero
| production/replication cost, and we live in a world where nobody
| is used to funding development.
|
| Even software companies are charging rent for what already
| exists, and using some of that to develop their next version or
| new product.
|
| The zero cost reproduction enables the free collaboration, but
| doesnt fit our existing ideas around paying for things.
|
| I think that notion that all commercial software is rented needs
| to be widely understood.
| quadrangle wrote:
| Yes to everything you're saying. I'd highlight your points in a
| different priority order. The fact that our society lacks
| effective concepts for supporting and sustaining anything
| abundant is the KEY issue. Your "doesnt fit our existing ideas
| around paying for things" point.
|
| Our whole capitalist system has no means to encourage us to
| leave nature alone where it happens to provide us immense
| value. Our system just destroys it (and eventually itself in
| the process). That we even allow monopolies on products that
| are basically just ideas is a grotesque aberration.
|
| Although we need to fund development, a lot of it could happen
| without funding if we simply supported healthy natural systems
| and didn't have legally-supported monopolies. The challenge
| that open-source projects have basically amount whether the
| developers can live okay enough and not have to deal with
| competition and exploitation from large-capitalized
| monopolists.
___________________________________________________________________
(page generated 2021-12-12 23:01 UTC)