[HN Gopher] The gift of it's your problem now
___________________________________________________________________
The gift of it's your problem now
Author : Tomte
Score : 706 points
Date : 2021-12-30 13:03 UTC (1 days ago)
(HTM) web link (apenwarr.ca)
(TXT) w3m dump (apenwarr.ca)
| [deleted]
| beervirus wrote:
| jaredklewis wrote:
| This was a long, thoughtful read. I really enjoyed it and mostly
| see things as the author does.
|
| > So it is with free software. You literally cannot pay for it.
| If you do, it becomes something else.
|
| This is really the crux. Everyone is mad there's no money in
| writing free/os software, but if there was money it wouldn't be
| free/os software. It would just be like what we do at our day
| jobs.
|
| You can write the code someone else wants and get paid for it
| (aka a day job). You also have the option to write the code YOU
| want to write, but in this case you'll need to figure out a plan
| for making money on your own.
| coldpie wrote:
| > Everyone is mad there's no money in writing free/os software,
| but if there was money it wouldn't be free/os software.
|
| This doesn't hold up for me. I develop GPL'd software and I get
| paid for it. I probably wouldn't develop this particular GPL'd
| software if I wasn't getting paid to do it. The issues of
| payment and license seem related, but orthogonal.
| jaredklewis wrote:
| Right, so this is why the article tries to make the subtle
| distinction around "free" vs "open," not in the sense of the
| license, but in the spirit of the project.
|
| Different licenses, but working at GitLab or working at
| GitHub probably feels pretty similar; you have a boss, there
| are probably sprints, you build features, fix bugs, and so
| on.
|
| This is fundamentally different than working on a rust port
| of a GNU utility. This is the sense in which the article is
| using the word "free." This is idiosyncratic and doesn't
| align with its either of free's typical usages (free as in
| beer or free as in FOSS), but there really isn't a perfect
| word for what the article is talking about.
| DarylZero wrote:
| Self-directed programmers. Autonomous programming.
| Independent programming. Volunteer programming.
| kelnos wrote:
| I think there's an important distinction, though. You're not
| getting paid for the GPL'd software as a product; some
| company is (presumably, apologies if I've mischaracterized
| your work) paying you to write some software that also
| happens to be released to the public under the terms of the
| GPL. Presumably this company would also pay you to build the
| same thing, in house, and not open-source it at all.
|
| I read the "everyone is mad there's no money in writing
| free/os software" as meaning that people are upset that you
| can't really sell GPL'd software to other parties. Sure, you
| can dual-license, and require payment for the non-GPL
| version, but then it's not really "free/os software" anymore,
| at least not for the part you're getting paid for. You can
| also sell support and consulting services around the GPL'd
| software, but, again, that's not really getting paid for
| selling the software, at least not directly. And if you're
| writing software for a company that wants to use it directly,
| and decides to also GPL it, you're not really getting paid to
| sell GPL'd software, you're just getting paid to write it for
| someone else, and the license is incidental.
|
| I agree that sometimes people's motivation for working on (or
| not working on) some piece of software can be tied both to
| the license it ends up getting released under, and whether or
| not they get paid for working on it. But I also agree that's
| orthogonal to the point being made.
|
| It's still true that getting paid to write free software is
| harder than getting paid to write proprietary software.
| Companies that would pay you just to write some piece of
| software are more likely to keep the source closed than open
| it. If you write something yourself, selling it directly to
| others is hard enough if it's proprietary, but even more
| difficult if the code is available under a permissive
| license. Selling support or consulting services around the
| software might be viable sometimes, but can also be very
| difficult, and requires a different skill set from writing
| the software in the first place.
| coldpie wrote:
| > I read the "everyone is mad there's no money in writing
| free/os software" as meaning that people are upset that you
| can't really sell GPL'd software to other parties.
|
| Perhaps I'm being too literal/granular, but my point is
| that there definitely is money in _writing_ open source
| software. There isn 't (often) money in selling it once
| it's been written, no, but I find that to be a more ethical
| arrangement for everyone involved, so I think of it as a
| good thing. In my opinion it is better for people to be
| paid to _do_ work, than for _having done_ work.
| joe_the_user wrote:
| JM Keynes said: "A 'sound' banker, alas, is not one who sees
| danger and avoids it, but one who, when he is ruined, is ruined
| in a conventional and orthodox way along with his fellows, so
| that no one can really blame him." and same applies to software
| managers.
|
| We're had lots of nasty security breaches lately. These
| breaches overall have nothing _directly_ to do with free
| software but it 's pretty easy to see what they have in common.
|
| Security breaches grow like hardy weeds on the ground of "I
| don't have to face the consequences of bad security, my
| customers do". The Solar Winds and Log4j breach/hole came from
| wildly different software types but each had the quality of
| paying for security at the rate that it might harm you, not at
| the rate it might do harm in general. And comes because
| security is inherently expensive - since "security is a
| process, not feature", done right costs the entire organization
| time and money rather than simply involving a purchase.
|
| Which to say: _" Everyone is mad there's no money in writing
| free/os software, but if there was money it wouldn't be free/os
| software. It would just be like what we do at our day jobs."_
| seems totally incorrect.
|
| QT makes money selling open source software. Red Hat makes
| money selling open source soft. If there was a market for
| tightly secure, verified open source software, people would be
| working writing (and especially testing) that. But companies
| whatever crap onto their machines, whether barely maintained
| java or dubious closed source stuff.
| jaredklewis wrote:
| I see what you're saying, but just to be clear I'm using
| "free" here in the very idiosyncratic way the article does.
|
| Things like Red Hat, GitLab, or MongoDB from a license
| perspective are free/open source. But these types of projects
| are a totally different beast than "real" (for lack of a
| better word) open source projects like the linux kernel,
| emacs, ruby on rails, or lucene.
| joe_the_user wrote:
| 1) Most people doing open source don't share the author's
| definition so this discussion winds-up not being about
| their
|
| 2) Tremendous effort and money goes into making the Linux
| Kernel secure. The fact that you fail to draw a good line
| between paid open source and "real" open open is indication
| that this idiosyncratic definition is fallacious and
| disingenuous.
|
| 3) Which brings me back to what I think the real,
| reasonable line is. The line is between cheap software,
| software that involves the minimal effort to squeeze out a
| feature and a full, carefully secured software process.
| Open source is virtually irrelevant. If some people didn't
| volunteer to produce free apps that got duplicated
| everywhere, you'd have a low-paid smuck doing somewhere,
| probably producing worse quality. Oppositely, highly secure
| software should be open source or source-available - the
| eyes the better. Linux, notably, benefits from many, many
| people testing it and that benefits the very heavy users of
| Linux who do employ people developing it.
|
| good quality software where people pay for the quality.
| jaredklewis wrote:
| I think your points are fine, just orthogonal to the
| article.
| pronlover723 wrote:
| > You literally cannot pay for it
|
| Sure you can. You can hire someone to fix it to your liking.
|
| As an example, I'm pretty sure that's RedHat's M.O. Pay them to
| fix whatever you want them to fix.
| RicoElectrico wrote:
| I think of platonic ideal FOSS as liberal art in the ancient
| definition: you do it because you can afford it.
|
| Having said that, this does not imply FOSS developers shouldn't
| have the "product mindset". Quite the opposite, in fact.
| kelnos wrote:
| > _Having said that, this does not imply FOSS developers
| shouldn 't have the "product mindset". Quite the opposite, in
| fact._
|
| Disagree. FOSS developers should have whatever mindset they
| feel like having. Motivations run the entire gamut. Some FOSS
| developers really do want to build a polished "product" that
| others will want to buy (or whatever the non-paying
| equivalent might be). Others just want to scratch their itch
| and share what they've made. Telling either of those people
| (or any of the people in between) that they're "doing it
| wrong" is incorrect by definition.
| pietrovismara wrote:
| In an ideal socialist economy, I could imagine engineers being
| sponsored by the state to work on FOSS, similarly to what
| happened in USSR with the Artists' union or in Tito's
| Yugoslavia.
| remram wrote:
| That is very much not true. I get paid to write free software.
| Linux, arguably the most successful piece of free software, is
| almost entirely written by people who are paid to do it.
|
| You don't _pay for the software_ , but that doesn't mean "there
| is no money" or that it is very different from "what we do at
| our day jobs".
| brianpan wrote:
| I think the point is, like the gift analogy in the post, that
| once you're doing it for money it's no longer free.
|
| Not free as in beer or free as in speech, but free as in
| choice (or free as in time). :D
| throwawaylinux wrote:
| Well that's not what FOSS software means, but even if you
| creatively change what it means to fit, that's still not
| true. I'm also paid to work on free software. I work on
| what I like and choose to at my job. That is why I chose to
| take a job where I am. If I didn't have a job I'd be doing
| this anyway as I was when I started getting into it as an
| unpaid hobby for several years. If my employer decided they
| wanted me to work on something I don't want to, I would
| choose to quit and look for something else.
| remram wrote:
| That's not true. You are paid to do it, but it can very
| much be grabbed by anyone for free (as in free beer).
| PragmaticPulp wrote:
| I always wonder how much of the most popular open source
| projects are written by people who are actually being paid for
| the work by their employers
|
| Many of my open source contributions came from fixing bugs or
| adding features because I needed them for my job. Many of the
| biggest open source projects I use come from big companies that
| have full-time engineers working on them.
|
| I've also worked at two separate companies that have hired
| developers of very popular open-source projects. It didn't work
| out in either case because the company wanted them to
| prioritize work related to the company, but they wanted to
| continue focusing on the community as before.
|
| On a micro level, it's surprisingly difficult to arrange to pay
| someone outside of a company to work on a project for you. The
| amount of overhead that goes into arranging the contracting
| agreement, communicating the issue, setting up the contractor
| with your environment, and managing it all can quickly snowball
| into a massive commitment for even small work. The exception is
| hiring contractors or contracting companies who have made a
| business out of working in that exact domain and are already up
| to speed on the project and have good relationships with
| upstream maintainers, but those are rare.
| pm215 wrote:
| Conversely, on the receiving end, if you aren't somebody
| who's made a business out of being a contractor then taking
| some company's money to do a specific piece of work also
| seems like too much hassle and overhead to be worth it...
| WJW wrote:
| I think the "dream" of writing FOSS for a living is that it's
| like a normal job except for all the non-fun parts like
| mandatory HR meetings, boring standups, performance reviews,
| having to deal with customers/PMs/etc who don't understand the
| technical constraints, etc etc etc. It is just writing code you
| want to write with zero other obligations but somehow you get
| paid for it.
|
| When it's written out like that I think most people would
| recognize why it is not very realistic to get paid for
| something like that, but it is still a very tempting vision.
| Kinrany wrote:
| It's perfectly reasonable to want to be paid when your work
| has positive externalities. It doesn't matter whether you
| liked doing the work.
| kristjansson wrote:
| If you want to be paid for creating value, exchange value
| for money. If you want to change society, create value in
| exchange for conditions on its use and obligations of its
| users.
| jaredklewis wrote:
| It is a reasonable desire, but not one very likely to be
| fulfilled.
|
| Let's say I pick up some trash at the local park. Plenty of
| positive externalities there.
|
| But if I then send the community a bill afterwards, I don't
| think it will go over very well. Even if they all
| appreciate the effort they might object, on any number of
| grounds:
|
| - There are other trash pickers who are more efficient and
| can be hired more cheaply.
|
| - There are other higher priority projects to which those
| funds should be allocated.
|
| - That the quality of the trash picking was not in line
| with the bill.
|
| - And on and on.
|
| If I want to get paid for picking up trash I'll have to
| work it out with the community before hand. And then there
| will be expectations, contracts, a supervisor, and all
| those things that come with jobs.
| worldsayshi wrote:
| But if there was already an established budget and way to
| decide how much the trash collection ought to be
| compensated there's no good reason why you shouldn't be.
| There probably needs to be a set contract between the
| community and "whoever wants to pick trash" up front
| though.
| kortilla wrote:
| Right, but that last part of your statement is the
| required piece that changes everything. An agreement _in
| advance_ that when you do something you're gonna get
| money for it.
|
| "Positive externalities" are irrelevant.
| WJW wrote:
| And some sort of new tax on everyone who uses FOSS, of
| course. Budgets don't appear out of nowhere.
| pietrovismara wrote:
| But if the community reacts like this then you didn't
| really solve a problem for them. At least they didn't see
| it this way.
|
| Perhaps a more apt analogy: you invent a better water
| filtering system and provide it to the world for free.
|
| The community immediately starts using it as the benefits
| are undeniable, but now the community needs someone to do
| maintenance on their new filter system and you are the
| only one with the required expertise.
|
| Should they "sponsor" you or is it fair of them to expect
| you to provide them support for free?
| jaredklewis wrote:
| I don't necessarily think it is fair, but my guess is
| that even in your example, the inventor is unlikely to
| get paid very much by the community unless they had a
| maintenance agreement worked out in advance. They might
| be able to get some funding through something like the
| Nobel prize or Gates foundation.
|
| Like the author of the article, I've observed that if you
| give a gift, it's very hard to charge for it after it's
| been accepted. Whether this is innate to human psychology
| or caused by social constructs, I don't know, but it
| basically feels like a law of the universe.
| mbrodersen wrote:
| What an excellent answer.
| thereisnospork wrote:
| There is a lot to be said for the value society receives
| for paying a 10 cent bounty to pick up cans/bottles. How
| to implement a similar universal petty payment system for
| FOSS contributions is beyond me, but a minimal overhead
| method to funnel subsistence-level money to contributors
| feels like it would have net-positive societal benefits.
| hnaccount_rng wrote:
| While not the reason for "Pfand" in Germany (originally
| it's to encourage reuse of bottles, now it's expanded to
| include recycling), this is a pretty good analogy.
| Including the points beyond which it fails: You get
| emptied trash cans because people tried to get at the
| Pfand... Which brings you back to the original point:
| People are far better at gaming a system than the system
| is at setting its rules
| kortilla wrote:
| What does positive externalities have to do with it? The
| entire point of volunteer work is to do something with
| positive externalities where you don't get paid.
| DarylZero wrote:
| Why should it be "volunteer work" though? It's question-
| begging.
| ploxiln wrote:
| Proper use of "begging the question"! I never expected to
| see it in the wild!
| kortilla wrote:
| Are you asking why people volunteer?
|
| If you're asking why people choose an open source license
| when they expect to get paid instead, the answer is
| simple: they don't understand open source.
|
| This is no different than someone putting some literary
| work in the public domain and then getting mad when their
| work gets popular, criticized, all without pay.
| karaterobot wrote:
| I wish there was an open source fairy that put money in my
| bank account every time someone used my software! Until
| then, it's reasonable to _want_ to be paid without having
| to deal with the attendant hassles and responsibilities of
| participating in a business venture, but not reasonable to
| expect that to _happen_.
| mjmahone17 wrote:
| Starting around the renaissance, we kind of had "open
| source fairies" in the form of research grants,
| professorships and other forms of patronage. If you look
| at 19th century scientists, it seems like most the famous
| ones weren't paid to do specific research, but instead
| we're given space to do whatever research they could.
|
| This has gotten more and more restrictive: even in
| academia today, it seems rare for open ended grants to be
| given, and even when there are, there's a lot more
| competition for those grants than we can sustain with
| current funding.
|
| Open ended research doesn't necessarily work in a pure
| market system. And most open ended research probably
| won't provide any concrete monetary benefit to the person
| funding that research. Even Bell Labs wasn't really self-
| funding despite having developed some of the
| underpinnings of our modern economy. This is an (if not
| totally compelling) argument for a basic income: anyone
| can focus on fundamental research without worrying about
| covering life's fundamentals, so long as they're OK
| living a bare bones life while they can't get outside
| funding for it.
| Aloha wrote:
| Edison (et al) especially early on, had to spend huge
| amounts of time raising capital. Our remembrance of
| history is often rosier than the reality.
|
| Bell Labs in many ways _was_ self funding, 80% of the
| research the labs did was unglamorous, and wasn 't basic
| research, it was things to directly further the business
| of AT&T, the Labs did product development and software
| development directly for Western Electric, which is what
| the BOC's paid a license for back to the Labs for, and
| which funded the whole of the Labs operations.
|
| The occasionally glamorous high profile basic research
| that the Labs did was something AT&T did partially as a
| public good, and to avoid antitrust scrutiny as well as
| to develop new foundational innovations for its primary
| business.
|
| Unless you have a deep knowledge of AT&T's pre
| divestiture organizational structure, these facts are
| just not well or widely known.
| syntheweave wrote:
| The market can work, but I think we've been going through
| a particular centuries-long period where the capital-
| intensive projects are most celebrated since they bring
| together the best of industrialization. However, there
| are crowdfunding platforms of various kinds now that let
| you sustainably finance small projects or build a
| marketing story that can be taken to a larger investor.
| When you get some proof, the funding spigot can flood in
| rather suddenly.
|
| I agree that open-ended research still isn't very
| rewarded since it goes too far from immediate wants. But
| I also suspect we are going to get a quality bump on
| "small stuff" in the coming decades, because so many of
| our technologies were rushed to market as soon as they
| were mature enough, and that was a causal factor in major
| quality issues like buggy/insecure software. Those issues
| are not cap-intensive to fix, and could subsist on
| crowdfunding solutions, but they need awareness.
| meheleventyone wrote:
| I think that it's less that people _expect_ it to happen.
| But that it rudely points out the absurdism and
| structural inequality involved in building free software
| within capitalism.
|
| Not just from the perspective of individual compensation
| but that billion dollar corporations can be completely
| exposed due to their reliance on people's hobbies.
| mbrodersen wrote:
| It's also perfectly reasonable for people to not pay you if
| they don't have to. Which is what happens 95% of the time.
| kmonsen wrote:
| I want there to be world peace and all dogs to be happy and
| I think that is reasonable, but I also understand that it
| is not likely to happen. To be honest I feel that is pretty
| similar.
|
| If someone wants to get paid for something, it needs to be
| explicitly charged for. Can always set up a patreon or
| something and only give it to backers or whatever. If they
| give something away for free I think it is a stretch to
| expect to be paid for it just because someone else finds it
| useful.
| mcguire wrote:
| It is certainly reasonable to want that. It is
| unfortunately not reasonable to expect it. Sorry.
|
| I hope you like what you're doing.
| someguydave wrote:
| would you like to live in a world where every behavior that
| could be construed as having benefits for you was expected
| to be compensated?
| tomxor wrote:
| > It doesn't matter whether you liked doing the work.
|
| It matters hugely, a lot of the good FOSS is good because
| the people who wrote it were passionate about what they are
| doing. You cannot create this passion with money, which was
| one of the largest points the author is making.
| Kinrany wrote:
| Is being averse to having good things a prerequisite to
| passion?
| tomxor wrote:
| I did not say that, I only said it _matters_ that you
| like doing the work.
|
| If anything, wanting good things and being dissatisfied
| with what you have is a pre-requisite to having the
| passion to creating something new. But none of what I am
| talking about are liquid, they are tangible - you can't
| have bad money, it's just money.
| thewakalix wrote:
| Sounds like you might like dath ilan.
| Kinrany wrote:
| I would :(
| WJW wrote:
| I agree, but there are two obstacles to actually getting
| paid:
|
| - The amount you can be paid for any sort of work has a
| range. The ceiling of the range is the value you added, the
| floor of the range is how expensive it would be to get
| someone else to do it. Since in open source the competition
| costs zero, this sets a very low floor for how much you can
| charge.
|
| - Wanting to be paid is indeed reasonable, but just wanting
| it is often not enough when it comes to companies. There
| will be contracts involved, minimum time commitments,
| purchasing processes if the company is big enough, etc.
| Navigating all that is what will turn open source back into
| a job, if you really make work of getting paid for it.
| DarylZero wrote:
| > Since in open source the competition costs zero, this
| sets a very low floor for how much you can charge.
|
| The competition? Does that mean copying the same software
| without paying it is competing against paying for it?
| Like how movie piracy competes against DVDs, or not
| tipping competes against tipping?
| WJW wrote:
| I meant it more in the sense of "there are 5 different
| logging libraries for the language I use, will I use the
| one that charges money or one of the 4 that don't?".
| anigbrowl wrote:
| That model works OK for the music industry. If you write code
| and people go 'wow, super useful' you ought to be able to
| make something off it. I mean, it's not so hard to figure out
| if a free software product is widely used or not. A lot of
| problematic situations you outlined had to do with
| expectations of either payment or performance. But if there's
| hundreds of thousands of people using A Thing that sort of
| speaks for itself.
| michaelt wrote:
| If you singlehandedly write TensorFlow, and I
| singlehandedly write a left-pad library which has more
| deployments, should I be paid more than you?
| __s wrote:
| To be fair you can greatly reduce the necessity of those
| other things you list if you take on a role of contributing
| to FOSS dependencies used by where you work. Because you can
| have a significant portion of your time devoted to that work
| & it won't involve those things. You also then gain a passive
| political advantage as feature requests to that dependency
| will fall under your responsibility as the contact point
| between the project & company
|
| Note that I may be totally wrong, as I've never found myself
| in too bureaucratic a team, so have generally found myself
| able to do whatever I want _(within reason ofc, but I try to
| be reasonable)_
| cardosof wrote:
| This. Money and accountability are directly related. So are
| accountability and processes/controls, the "boring" part.
|
| I think the developer dream isn't really FOSS, but something
| along the lines of "very popular, stable API in an API
| marketplace made by a single person".
| pas wrote:
| > "very popular, stable API in an API marketplace made by a
| single person".
|
| Could you explain this a bit please? Or give a few
| examples? It's getting late here and I can't wrap my head
| around this. :) Thanks!
| cardosof wrote:
| Imagine youre the first one to automate something many
| developers need, like converting IPs to locations or
| convert between two specific data formats. You can offer
| your API and make money from it. Check out this example:
|
| https://rapidapi.com/spoonacular/api/recipe-food-
| nutrition/
|
| There are many other APIs with freemium models at this
| API marketplace, and there are other marketplaces as
| well.
| ChuckMcM wrote:
| It reminds me of the joke "I thought I wanted to be a
| software developer but found out what what I really wanted
| was just a paycheck."
|
| The essay is definitely resonates with me in so many ways,
| and the whole idea of foundations as a charity structure not
| a development/company structure was both new and quite
| profound. I expect charities that get "targeted" donations
| feel similarly about them as paying for free software. It is
| all about whose agency is it really?
| dblock wrote:
| I work at AWS on opensearch.org, literally to do this as
| described.
| pm215 wrote:
| I write code somebody else wants and get paid for it as my day
| job. It happens to be open source. Some people write the code
| they want to write, but keep it closed-source. So I don't think
| your contrast quite works.
|
| I think some of the "no money in open source software" unease
| isn't because people would like to get paid to write whatever
| code they feel like, but a desire to retain the benefits of
| having a massive amount of open source code out there (less
| reinvention of the wheel by multiple companies, low-cost low-
| friction way to bootstrap whatever actually interesting/novel
| software your company is doing, etc) but put it on a more
| sustainable footing where money is directed reliably enough at
| the people keeping it together that we can avoid the xkcd "one
| person in Nebraska" failure mode.
| treis wrote:
| IMHO the underlying problem is value based pricing. Roughly
| that means you take how much money your software generates
| for your clients and try to capture as much of that as you
| can. That leads to huge incentive for companies to not depend
| on commercial software since as soon as that happens the
| vendor will take them to pound town in contract negotiations.
|
| That fear makes it nearly impossible for something like Log4J
| to charge anything. Even if it's a penny per year per server
| you don't want to build on it because they can come back next
| year and make it $10 a year. And what are you going to do
| about it?
|
| FOSS removes that threat but it also makes the path of least
| resistance to not pay anything. The ideal solution is
| something like "You have to pay a little bit but it's
| guaranteed that it will never be more than a little bit". But
| I don't see how to do something like that.
| kelnos wrote:
| > _That fear makes it nearly impossible for something like
| Log4J to charge anything. Even if it 's a penny per year
| per server you don't want to build on it because they can
| come back next year and make it $10 a year._
|
| I see it more as a function of scarcity. If it was really
| difficult to write a logging framework, and no one wanted
| to do it without getting paid for use, then anyone writing
| a logging framework would release it under a license that
| requires they get paid for use. But if there is just _one_
| logging framework that exists that meets people 's needs
| and is free (as in beer), then you end up with the
| situation you describe. Then all the other logging
| frameworks either need to find some sort of big
| differentiator that is hard to duplicate and that people
| will pay for, or they just stop charging.
|
| And since we're talking about a logging framework,
| something that isn't very hard to build yourself if you
| confine yourself to the likely very small number of
| features you need... sure, no, of course the idea of paying
| for one is just silly.
| cromulent wrote:
| It is, isn't it. The article talks about "open source is
| communism" but not authoritarianism, real communism. Which
| made me daydream about if the various licenses for FOSS
| required profit making companies to pay 100$ per year for
| all you can eat FOSS. And then it got distributed on some
| usage based basis. Would things be better? Not practical
| though.
| DarylZero wrote:
| Seems practical enough to me, but our government/society
| wouldn't go for it.
| darepublic wrote:
| If you want to make money off your library it kind of has to be
| complicated. Something that could be written in 500 lines
| should clock in at around 10k. And create a slick needlessly
| complicated marketing + docs site that conveniently glosses
| over the ugly warts of the library. Make sure to support react
| native, it's something very few will care about but adds to the
| perceived impenetrable fortress of pristine functionality. Make
| sure to tell your readers-- Don't roll _this_ at home!
| jimhefferon wrote:
| I think the question can be a little more subtle than that. I'm
| involved with an organization that does a lot of Free software.
| But sometimes money is involved.
|
| For instance, we have collected some money and funneled it to
| developers to give them time to do what would otherwise either
| take many years of nights and weekends, or just be too hard to
| get done without time to focus on it alone. This software is
| still Free, though.
| r_hoods_ghost wrote:
| One of the problems is that if your target market is other
| devs, there is a knee jerk demand that your software should be
| foss and free (as in beer).
|
| I hope that we'll see a move away from foss licensing to source
| available licenses over the next few years and an increased
| acceptance of this model in more areas.
|
| Dropping the non discrimination clauses in open source licenses
| while giving licensees the right to view and modify the source
| and integrate it with their own software, but not the right to
| redistribute, is to me a good middle ground for a lot of
| projects. This would allow developers to charge different rates
| (or not charge) depending on the licensee and ensure that they
| can capture more of the value from their work if they need to
| do so in the future, or if their project becomes popular. It
| works for Epic with Unreal Engine and more generally in the
| game industry where it is common to have source available
| licenses.
|
| While free software has its place in certain areas (academia,
| government, hobby projects), and I agree you should be able to
| audit and fix the software that runs on your own devices, it
| also has downsides and I don't think foss licensing should
| always, or even usually, be the default outside of these cases.
| mcguire wrote:
| " _...giving licensees the right to view and modify the
| source and integrate it with their own software, but not the
| right to redistribute, is to me a good middle ground for a
| lot of projects._ "
|
| Licensees have that right with (most) free software licenses.
|
| The downside of this is that, if the owner, Epic say, is not
| interested in changes you need, then you cannot distribute
| those changes no matter how valuable they are to you or
| anyone else. Further, you will have to maintain those changes
| in the face of whatever architectural differences the owner
| decides to introduce.[1] You are in the same position as the
| good old days of proprietary software (Believe me, you could
| absolutely pay IBM to make changes its OS's. If you were,
| say, Ford.) except that you get to see the source. Yay.
|
| [1] Yes, you should be expected to maintain your own changes
| if the original maintainers don't want to. However, that's
| significantly more difficult if the owner is uninterested in
| your features or is actively trying to break you. (Microsoft
| waves in the distance.)
| ignoramous wrote:
| > _One of the problems is that if your target market is other
| devs, there is a knee jerk demand that your software should
| be foss and free (as in beer)._
|
| The problem with source-available COSS licenses like SSPLv1,
| BSLv1, Perimeter etc is that, it almost to the point of
| insulting developers who care about FOSS, wants to have its
| cake and eat it too: That is, the benefits of both, open and
| proprietary software. That's a hard sell, and it remains to
| be seen if they'd be as successful as FOSS for developer
| tools: http://dtrace.org/blogs/bmc/2018/12/14/open-source-
| confronts... and https://steveklabnik.com/writing/the-
| culture-war-at-the-hear...
|
| Another popular strategy is to open source just enough bits,
| but not all of it: Previously named "open-core", pioneered by
| Elastic (who have since moved to SSPLv1) and GitLab, but is
| now accepted as open-source, anyway. Tailscale falls in this
| category. https://www.heavybit.com/library/video/commercial-
| open-sourc...
|
| > _I hope that we 'll see a move away from foss licensing to
| source available licenses over the next few years and an
| increased acceptance of this model in more areas._
|
| Nouveau open source strategy is to have a strangle hold on
| the software itself (think Chrome / Android) by keeping the
| development tightly guarded along with the business interests
| of the original sponsor. Typically, these projects are open
| sourced to commodotise competitor's advantages
| (Symbian/Blackberry in the case of Android, IE in the case of
| Chrome): https://www.joelonsoftware.com/2002/06/12/strategy-
| letter-v/
|
| The traditional way of being in a F/OSS business was through
| associate services like deployments and consulting ala RedHat
| for Linux / Acquia for Drupal:
| http://dtrace.org/blogs/bmc/2004/08/28/the-economics-of-
| soft...
|
| Open source, in particular FOSS (free-as-in-beer), in itself
| is a business strategy (but not a business model) if one
| knows how to use it to their advantage (as the author points
| out, many startups doing so these days):
| https://a16z.com/2019/01/22/what-comes-after-open-source/
| hooande wrote:
| Most money made by open source developers comes in the form of
| donations. Those have no obligation attached by definition.
|
| If a developer doesn't do what the community wants, the
| donations could stop coming. Or not. If they don't do want an
| employer wants, the paychecks will definitely stop coming.
| panic wrote:
| _> I read a book once which argued that the problem with modern
| political discourse is it pits the "I don't want things taken
| from me" (liberty!) people against the "XYZ is a human right"
| (entitlement!) people. And that a better way to frame the
| cultural argument is "XYZ is my responsibility to society."_
|
| I don't know if it's the book he's talking about, but Simone Weil
| makes this argument in the beginning of The Need for
| Roots[+]--that the correct way to think about our relationship to
| society isn't "rights" (someone else's problem) but obligations
| (our problem).
|
| [+] https://antilogicalism.com/wp-
| content/uploads/2019/04/need-r...
| didibus wrote:
| I like this:
|
| > Sometimes liberty is differentiated from freedom by using the
| word "freedom" primarily, if not exclusively, to mean the
| ability to do as one wills and what one has the power to do;
| and using the word "liberty" to mean the absence of arbitrary
| restraints, taking into account the rights of all involved
|
| It's from Wikipedia, and it implies this is the modern take of
| the definition. I think it's how I think of it as well. So it
| is neither of the two you mentioned, but a combination of them
| with the focus being the balance between them.
|
| Liberty would assume all have rights they are entitled too, and
| that none shall arbitrarily restrict ones ability to do as they
| please, where non-arbitrary is defined as not restricting of
| other's rights.
|
| I don't think it really puts people against each other. Some
| people simply disagree with liberty and favor freedom instead.
| Which would mean, some people want to be free to do whatever
| their power allows them too. You can think of it as whatever I
| can get away with because I'm more powerful. It would mean if
| I'm stronger I can strongman my way into doing more things,
| same if I'm richer, more influence, etc.
|
| Fundamentally it's a disagreement with your objective. If you
| don't accept that the less powerful still deserve certain
| rights, or that power should not dictate rights and restraints,
| there's no amount of discourse to be had, you will be
| optimizing for different outcomes.
|
| I also find the framing of rights as someone else's problem
| misleading. It is not someone else's problem, oftentimes it is
| because of restraints society imposes, the other person's
| problem is due to their restraint on other people's rights. For
| example, that I can't just walk in your house and sleep in your
| empty bedrooms as I please, and eat the food sitting idle in
| your fridge, or build myself a cabin using wood from your trees
| and on your land, those are all restraints society is imposing
| on me. So if I'm now homeless and without a job, I cannot just
| do these things to provide for myself shelter and food. But if
| you believe everyone has the right to shelter and food, and you
| are restraining my ability to get them as such, you need to
| offer an alternative, it isn't entitlement, it's the trade for
| accepting the restraints being pushed on me.
|
| For me, it's the fundamental agreement, you accept the
| restraints from laws in exchange for rights. If the rights
| don't come, you're not getting your side of the deal. Now off
| course people can impose restraints with power instead, and
| that's almost always what used to happen and still to a large
| extent does today, but at least we seem to try harder today to
| be just.
| kortilla wrote:
| That's pretty lazy thinking. Those are the same things. Your
| "rights" are everyone's "obligations".
| sophiebits wrote:
| From the post's author, the mentioned book is:
|
| > The Future of Capitalism by Paul Collier. There are a lot of
| insights in there but beware that the writing is kinda
| problematic in some ways, so it doesn't get my full
| endorsement.
|
| https://twitter.com/apenwarr/status/1476590932619567104
| a9h74j wrote:
| I don't recall which of Simone Weil's works this is from, but
| in terms of suggesting the ineffectiveness of rights, she
| presented this dialog of one person pleading with a much more
| powerful one:
|
| Pleading: But sir, you must respect my rights.
|
| Reply: I do not see the necessity of that.
| WalterBright wrote:
| There aren't any fundamental rights which require someone
| else to provide them to you. For example, your right to free
| speech does not oblige others to provide a platform for you.
|
| Now, "rights" can be created by law, but those are a
| different meaning of the word. A more apt word would be one
| of "privilege", "license", "obligation" or "power".
|
| For example, it is often said that the President has the
| right to veto legislation. No, he doesn't. He has the _power_
| to veto legislation.
|
| The words right, privilege, license, obligation, and power
| are probably the most misused words in the English language.
| arminiusreturns wrote:
| What Ive noticed on this topic as a staunch proponent of
| individual rights from their enlightenment and renaissance
| roots is that far too many people pontificating on this
| subject don't even know the difference between a negative
| right and a positive right, nor do they understand the
| perils and antithetical nature of _collective rights_.
| forgatmigej wrote:
| The right to be ignorant is a negative right - which
| might be why it is so well spread and used :)
| HWR_14 wrote:
| > There aren't any fundamental rights which require someone
| else to provide them to you.
|
| I mean, people have a fundamental rights to food, water and
| shelter. So it certainly seems like we have to provide
| people with those or those rights cannot be satisfied.
| cortesoft wrote:
| > There aren't any fundamental rights which require someone
| else to provide them to you.
|
| But don't all of the fundamental rights require someone
| else to protect them for you? Otherwise they aren't rights,
| they are just observations of the state of the world.
|
| In the end, what is the difference between protecting a
| right and defending a right? They both require action and
| resources, and are both an obligation.
| WalterBright wrote:
| Good question.
|
| We empower the government to guarantee our rights.
|
| They are rights whether the government exists or not, and
| whether the government enforces peoples' rights or not.
|
| For example, slavery violates peoples' fundamental right
| to liberty, whether the government legalizes slavery or
| not. Rights do _not_ flow from government action. Rights
| are a fundamental consequence of human nature.
| cortesoft wrote:
| > Rights are a fundamental consequence of human nature.
|
| What does that mean? If someone stronger forces you to do
| work for them and beats you if you refuse, that seems
| like a "fundamental consequence of human nature" a lot
| more than saying that they shouldn't.
|
| To me, the "natural state" is for that you can do
| whatever you can get away with. Any limitation we place
| on that is our attempt to impose our conception of
| humanity on nature.
|
| To put it another way, what about the state of nature
| would imply that we have ANY of the fundamental rights
| people speak of as being such? The natural rights I see
| are what animals have; the right to try to survive as
| best you can, by doing whatever you can.
|
| Now, I am in no way arguing for anarchy or anything, just
| that there is nothing 'natural' about our concepts of
| rights.
| WalterBright wrote:
| As soon as people get together, they tend to form rules,
| a leader, and a means for dealing with someone who breaks
| those rules.
|
| How we find out what the rules _should_ be is by
| observation of the results. A very large number of
| societies have been created, with every set of rules
| imaginable, multiple times.
|
| By correlating rules with success or failure of the
| societies, we can begin to tease out what the best set of
| rules are. Clearly, some sets of rules work a _lot_
| better than others.
|
| The best outcomes come from rules that guarantee a set of
| rights, best excemplified by the Declaration of
| Independence, the inalienable rights to life, liberty,
| and the pursuit of happiness, and later by the Bill of
| Rights.
|
| Some rules work out very badly, like Marxism. No amount
| of wishing Marxism would work made it work, and no amount
| of coercion made it work, either.
|
| This strongly implies that rights _are_ natural, innate
| characteristics of being human.
| jacobolus wrote:
| > _By correlating rules with success or failure of the
| societies, we can begin to tease out what the best set of
| rules are_
|
| This is _not_ how we decide what should be considered
| fundamental human rights. Plenty of rules work out fine
| (i.e. effectively maintain social order and persist for
| long stretches of time) for "society" while being
| disastrous for the disempowered living under them.
|
| > _best outcomes come from rules that guarantee a set of
| rights, best excemplified by the Declaration of
| Independence_
|
| This is entirely circular reasoning. You have pre-
| determined that outcomes similar to your personal
| experience should be considered "good", and then are
| declaring your society to be best because it led to your
| experience as an outcome. But you have neither clearly
| articulated what you mean by "best outcomes", nor
| considered the outcomes for the less fortunate in your
| society. The argument more or less boils down to "Life
| worked out for me personally, and if it didn't work out
| for you in my society, tough luck. If it didn't work out
| for you in a different society, well mine is better."
|
| For example, I might for the sake of argument point out
| that Cuba clearly provides dramatically better healthcare
| and education outcomes than America (an astounding
| accomplishment considering its limited resources), and
| therefore conclude that Cuban society must be better
| structured and do a better job guaranteeing basic rights
| than American society.
| WalterBright wrote:
| > I might for the sake of argument point out that Cuba
| clearly provides dramatically better healthcare and
| education outcomes than America
|
| How many Cubans want to leave and come to America? How
| many Americans want to live in Cuba? Venezuela? N. Korea?
|
| Therein lies the answer to your argument.
|
| It's interesting you chose to compare health care and
| education. Public education in the US is a gigantic
| socialist system. So is health care. You're not comparing
| a socialist system with a market based system. You're
| comparing a socialist system with a socialist system -
| which says nothing about what market system could do.
|
| And lastly, who collects those astounding statistics on
| Cuba? The Soviet Union was famous for celebrating
| astounding statistics on food production, while the
| people starved. Why should we believe statistics
| collected by another communist, totalitarian outfit?
| barrkel wrote:
| You've missed the point: that your argument depends on
| ends - a metric - which you've arbitrarily selected.
| [deleted]
| Talanes wrote:
| > Therein lies the answer to your argument.
|
| Their argument wasn't the specifics of the hypothetical.
| You're actually supposed to believe that Cuba isn't
| unilaterally better than America for the example to work.
|
| You're in the middle of a discussion about Rights, why
| would you think this is suddenly a debate about Cuba?
| WalterBright wrote:
| > why would you think this is suddenly a debate about
| Cuba?
|
| You should ask the person I replied to, as he brought up
| Cuba.
| [deleted]
| cortesoft wrote:
| > By correlating rules with success or failure of the
| societies, we can begin to tease out what the best set of
| rules are. Clearly, some sets of rules work a lot better
| than others.
|
| How do you measure success or failure? Whoever lasts the
| longest is the most successful? Because by that measure,
| the longest lived societies were empires ruled by
| monarchs.. they did not guarantee rights.
| WalterBright wrote:
| > How do you measure success or failure?
|
| A great question!
|
| Here's one way. Does a country build walls to keep people
| in, or keep people out?
|
| How about that terrible video of people clinging to a jet
| leaving Afghanistan and falling off of it to their
| deaths? Were they fleeing a Taliban golden age in
| Afghanistan?
|
| I personally know several people who fled the USSR. Ask
| them about the golden age they risked their lives to
| leave.
| bee_rider wrote:
| > Here's one way. Does a country build walls to keep
| people in, or keep people out?
|
| Can you make this into an actual measurable statistic or
| does this require us to just guess at the motivations of
| wall builders?
| WalterBright wrote:
| I'm wondering what you think the purpose of the wall
| along the Rio Grande is for. It was in all the papers for
| the last 6 years.
|
| Or why the Soviet Union built a wall across Europe.
| bee_rider wrote:
| So, nothing quantifiable?
|
| I guess the if we ask the people who built those walls
| they'll give us whatever answers they think are
| convenient for their propaganda purposes in the moment.
| cortesoft wrote:
| > Here's one way. Does a country build walls to keep
| people in, or keep people out?
|
| Ok, so this basically amounts to using average life
| satisfaction as your measurement for success of a
| country. You could easily use any other measure, though,
| if you have a different goal... for example, my first
| thought was that "continued existence" was the measure of
| success, and whichever nation lasted the longest would be
| considered the most successful (a sort of Darwinian
| measure)...
|
| Look, I personally agree with your measure of success. I
| am a child of the enlightenment, and I do believe that
| state authority rests with the will of the people.
| However, that is not an a priori fact... not everyone
| agrees with that as the criteria you judge a
| civilization, and it is not some natural fact that
| everyone is equal and deserves liberty, etc. Natural law
| is "whoever survives survives".
| AgentOrange1234 wrote:
| If human rights are fundamental consequences of human
| nature, is there some way to list them?
|
| It seems to me the whole notion is a valuable but
| entirely human construction, ripe for debate about what
| counts and what does not.
| WalterBright wrote:
| > is there some way to list them?
|
| Over time, by observation, we discover what they are.
|
| For example, do you have a right to not be a slave? If
| so, why do you think you have that right?
|
| Do you have a right to not have someone clonk you on the
| head with a pipe and steal your wallet? If so, why do you
| think you have that right?
| joshuamorton wrote:
| Yes, at least in the US I have both of those rights, but
| neither is a "fundamental consequences of human nature".
|
| I have the right to not be enslaved because the
| government and broadly society deems that valid. But
| that's a consequence of government force preventing
| people from enslaving others. Without government
| intervention, slavery emerges. It even still happens
| today, in the US in particular cases (prison, as one
| legal example). I don't see how something can be
| considered a fundamental consequence of our nature if,
| when left without supervision, it disappears.
|
| I don't think that you can provide a clear list of such
| "natural" rights. If "liberty" is one, why isn't
| "health"? Improving my health improves my liberty, but
| (in the US) we don't culturally consider healthcare a
| "right", although it is considered such in some other
| countries.
| WalterBright wrote:
| > Without government intervention, slavery emerges
|
| A closer examination of history shows that slavery tends
| to fail when in competition with free labor. The
| emergence of free labor destroyed slavery the world over.
| The Civil War was the last gasp of slavery in the US
| attempting to protect itself from free labor. Slavery had
| already died out in the northern colonies due to it being
| uneconomic.
|
| Free labor caused the collapse of the USSR. Free labor
| destroyed Nazi Europe.
|
| > we don't culturally consider healthcare a "right"
|
| Sure we do. >50% of health care in the US is provided by
| the government, and the rest is heavily controlled by the
| government. Emergency rooms are required to treat people
| who cannot pay for free.
|
| The government has so thoroughly regulated, overseen,
| subsidized, distorted, etc., every aspect of health care,
| that in no way can it be described as free market.
|
| Let's try something that is free market - the software
| business. Software in the US is completely unregulated.
| What's the result? Incredible progress, world leadership,
| and plenty of very high quality FREE software.
|
| It's amazing, unpredicted, and unbelievable. But it's
| true.
| ClumsyPilot wrote:
| "A closer examination of history shows that slavery tends
| to fail when in competition with free labor"
|
| "Free labor destroyed Nazi Europe."
|
| I cannot even comprehend what this means - how were
| slaves a major part of Nazi war effort or economy?
|
| In your mind, did they loose a trade war and the 100+
| million dead soldiers were a side show?
| WalterBright wrote:
| > how were slaves a major part of Nazi war effort or
| economy?
|
| The Nazis employed slave labor on a massive scale. Their
| slaves were Jewish prisoners, political prisoners, and
| POWs.
|
| The US free labor produced plenty of war material for two
| major wars, and enough left over to supply Britain and
| the Soviet Union. US troops were well fed, with plenty of
| gas, bullets, airplanes, ships, aircraft carriers,
| medical supplies, trucks, everything, and also managed to
| ship it all to the war zones.
|
| The Nazis and the Japanese never had a chance once the US
| got going. They had critical shortages of _everything_.
|
| For example, what did the Nazis do when the battleship
| Bismarck was sunk? Game over for the Kriegsmarine except
| for the U-boots. What did the US do when the Japanese
| wrecked the US aircraft carriers? Built lots more! What
| did the Japanese do when their carriers were sunk? Game
| over for naval aviation.
|
| Also, the Wehrmacht in WW2 was still very much a horse
| driven army. The German propaganda newsreels, shown
| endlessly in WW2 documentaries, avoided showing the
| horses and loved showing the mechanized troops. I don't
| think the US used any horses at all.
|
| Free labor also sunk the Confederacy. The Confederacy was
| never able to properly supply their troops with guns,
| cannons, powder, food, uniforms, or even shoes. They were
| largely barefoot.
| ClumsyPilot wrote:
| Help me understand your train of thought, so if there
| Nazis had 'free labor' they would never have shortages of
| oil and natural rubber? Would it just magically appear?
| And without the shortages they would have won the war,
| right?
|
| That must be the point you are making, because if they
| would have lost anyway then your argument makes no sense?
|
| And what about USSR, their 'free but not free' labor
| caused them to win and loose simultaneously?
| WalterBright wrote:
| If the Nazis had free labor, they would have done better,
| but they still would have lost because the US was bigger.
|
| The USSR likely would not have prevailed against the
| Nazis if the US didn't supply them. Or at least it would
| have been far more difficult for them.
|
| Synthetic rubber - "Production of synthetic rubber in the
| United States expanded greatly during World War II since
| the Axis powers controlled nearly all the world's limited
| supplies of natural rubber by mid-1942"
|
| https://en.wikipedia.org/wiki/Synthetic_rubber#World_War_
| II
|
| Synthetic fuel - "During World War II (1939-1945),
| Germany used synthetic-oil manufacturing (German:
| Kohleverflussigung) to produce substitute (Ersatz) oil
| products by using the Bergius process (from coal), the
| Fischer-Tropsch process (water gas), and other methods
| (Zeitz used the TTH and MTH processes)."
|
| https://en.wikipedia.org/wiki/Synthetic_fuel#History
|
| The V2's were fueled by alcohol from potatoes.
| joshuamorton wrote:
| > The US free labor produced plenty of war material for
| two major wars, and enough left over to supply Britain
| and the Soviet Union. US troops were well fed, with
| plenty of gas, bullets, airplanes, ships, aircraft
| carriers, medical supplies, trucks, everything, and also
| managed to ship it all to the war zones.
|
| A more realistic explanation of course is that the Allied
| powers had around 3x the population of the Axis, and that
| America's production infrastructure was never negatively
| impacted, while German and Japanese infrastructure was
| routinely bombed.
|
| The UK, for example, despite not using slave labor,
| wouldn't have been able to win the war without US
| assistance, and you failed to mention the USSR at all,
| which beat Germany just as much as the US did, but
| doesn't fit the market based and slave labor free image
| you're trying to project.
|
| The better explanation is that _when you are already
| losing a war_ you need to eek out more production from
| what you have, and you 're willing to sacrifice long-term
| things for it. Slave labor, in the short term is more
| efficient for some things, especially when you need the
| people who would normally be working in the free market
| to be elsewhere manning the guns. Employing slave labor
| didn't _cause_ the nazis to lose WWII, at best it was
| coincidental, and at worst it was a response to the fact
| that they were already losing.
| WalterBright wrote:
| The Soviet Union was heavily supplied by the US.
|
| The German and Japanese homelands were not bombed until
| they were already losing the war.
|
| The Nazi prosperity before WW2 was fairly limited, as the
| Nazis couldn't resist endless meddling with it. The
| suppression of the Jews surely must have had bad
| consequences for the economy, though I know of nobody who
| has attempted an accounting of it. The living standard
| did not approach that of the US.
|
| > manning the guns
|
| Don't forget that the US pressed into military service
| all the fit men 18-36. Didn't resort to slave labor.
|
| (Footnote: FDR proposed forced labor in his 1945 State of
| the Union Address. Don't believe me? Look it up!
| Fortunately, that went nowhere.)
| joshuamorton wrote:
| >Don't forget that the US pressed into military service
| all the fit men 18-36. Didn't resort to slave labor.
|
| The irony here being, of course, that while the US courts
| ultimately disagreed, forcing people to join the military
| is arguably itself a form of slave labor. It is certainly
| a form of involuntary servitude.
|
| > The German and Japanese homelands were not bombed until
| they were already losing the war.
|
| The Allies had begun bombing Berlin before the US entered
| the war. So if your contention here was that the Nazis
| were losing from day one, sure. Otherwise you're not
| correct.
|
| > The Nazi prosperity before WW2 was fairly limited
|
| The German prosperity before the Nazis took power was
| fairly limited. That was in fact one of the primary
| reasons the Nazis took power in the first place.
| WalterBright wrote:
| > forcing people to join the military is arguably itself
| a form of slave labor
|
| Indeed it is. But the soldiers were taken out of
| production in the economy, which is the point I was
| responding to.
|
| > The Allies had begun bombing Berlin before the US
| entered the war.
|
| Yes, the British bombed Berlin early in the war as a
| propaganda stunt. The US Doolittle raid on Japan was also
| for propaganda. They were ineffectual from a military
| perspective. It doesn't alter my point at all.
|
| > The German prosperity before the Nazis took power was
| fairly limited. That was in fact one of the primary
| reasons the Nazis took power in the first place.
|
| We both know that. The Nazis were in power from
| 1933-1939. There wasn't much prosperity.
| joshuamorton wrote:
| > Indeed it is. But the soldiers were taken out of
| production in the economy, which is the point I was
| responding to.
|
| Right, but the allies had more people, so there's nothing
| relevant about slave labor. Like I said: slave labor is a
| tool of last resort, when the market fails. The US had to
| use that tool to get enough labor in the fighting force,
| but still had enough humans that market systems (and
| propaganda) worked in the economy.
|
| > We both know that. The Nazis were in power from
| 1933-1939. There wasn't much prosperity.
|
| Then I have no clue what your point is. My point was, and
| continues to be, that Nazi use of slave labor was a
| consequence of the already relatively weaker economy. You
| seem to be arguing that slave labor caused the weak
| economy. My point is that it started weaker and remained
| weaker, and to try and keep up, they had to force more
| people to do things.
| cortesoft wrote:
| Your arguments really sound like "just-so stories"
| (https://en.wikipedia.org/wiki/Just-so_story)
|
| You are picking examples that fit your idea of what
| natural rights should be, and are ignoring the countless
| counter examples. If a free society is fundamentally
| better, why is China so successful? Countless empires
| have been built on 5e backs of slaves, conquered people,
| and oppression. Yes, most eventually collapsed, but so
| have all democracies except the ones that are currently
| around... and there is no reason to believe the ones
| around are the "end state" of the evolution and not just
| a snapshot of civilizations that will eventually collapse
| like all those that came before. Democracies have fallen,
| to be replaced by dictatorships... dictatorships still
| exist, and many are successful members of the
| international community... Saudi Arabia is a strong ally
| of the US, and doesn't seem close to collapse.
| WalterBright wrote:
| The rise in the standard of living in China is directly
| correlated with their adoption of a free market and
| dispensing with collectivism.
|
| > Saudi Arabia is a strong ally of the US, and doesn't
| seem close to collapse.
|
| Why not tour Saudi Arabia and come back with a report
| about how people there live?
| cortesoft wrote:
| I wasn't making any claim about the lives of people in
| Saudi Arabia... my only claim is that it is an absolute
| monarchy, it is still around and not close to collapse,
| and is an ally of the US. All of those things are
| objectively true. It isn't only democratic countries that
| have survived.
| WalterBright wrote:
| I didn't make an argument about longevity.
| krapp wrote:
| >Software in the US is completely unregulated.
|
| Banks, the healthcare industry, the aviation industry and
| NASA would like a word with you, as well as US import and
| export control regulators.
|
| Not all software in the US is the vomiting of code
| cowboys into NPM and Github, by a long shot.
|
| >Incredible progress, world leadership, and plenty of
| very high quality FREE software.
|
| Sorry, what potentially world-crippling bug are we on
| this week, I've lost count. Or was it a million dollar
| company that got hacked and exposed PII because their
| database layer was written by an intern using open source
| code written by a high-schooler who thinks writing SQL
| statements with printf is elegant?
|
| No... the unregulated wild west of software is turning
| out to be a nightmare. The regulated part, at least,
| holds bad actors accountable and doesn't depend on "all
| eyes making bugs shallow" and just hope quality emerges
| from the aether.
| WalterBright wrote:
| If I sell medical software, yes, it would have to pass
| the FDA. Same for software going into aviation systems
| (the FAA). Same for NASA.
|
| > Not all
|
| Not a single byte of software on any of my computers now
| or since the 1970s have been regulated at all.
|
| > the unregulated wild west of software is turning out to
| be a nightmare
|
| How much have you paid for the software you're using
| right now? How much have you paid to use HackerNews?
| You're free to go use software written in the 80s, 90s,
| 00s, etc., if you like. I bet you aren't.
|
| Software these days is _far_ less buggy than it used to
| be. It may appear more buggy to you, but that is the
| result of a large increase in the number and efforts of
| sophisticated (and well-funded) engineers attempting to
| subvert it.
| joshuamorton wrote:
| > A closer examination of history shows that slavery
| tends to fail when in competition with free labor. The
| emergence of free labor destroyed slavery the world over.
| The Civil War was the last gasp of slavery in the US
| attempting to protect itself from free labor. Slavery had
| already died out in the northern colonies due to it being
| uneconomic.
|
| I don't mean as an economic system. Chattel slavery is
| one particular example of macro-scale slavery, but macro-
| scale slavery isn't what I was referring to.
|
| Put another way, our markets are not perfectly efficient,
| and there exists enough slack to allow niches where
| inefficient cruelty can exist. Even though slavery was
| inefficient and had died out in the north, the South did
| all it could to keep it around. It still took a laws and
| war to get rid of it. If the government stopped enforcing
| all laws today, how long would it take for _some_ people
| to be kidnapped and enslaved? A week?
|
| > The government has so thoroughly regulated, overseen,
| subsidized, distorted, etc., every aspect of health care,
| that in no way can it be described as free market.
|
| Something being not a free market doesn't make it a
| right, nor does the government providing it as a service
| to some people. You _might_ be able to get away with the
| argument that emergency medical care is considered a
| right in the US, but emergency medical care is only a
| small part of healthcare.
| WalterBright wrote:
| Take a look at what goes on in the healthcare system.
| It's all the result of unintended side effects of well-
| intentioned regulation.
|
| For another example, the AMA deliberately restricts the
| number of seats in medical universities. They are
| empowered to by law. This keeps the number of doctors
| down, and increases their pay.
| joshuamorton wrote:
| This has nothing to do with whether or not something is a
| "right".
|
| I'll remind you, the initial statement you made was
| "Rights are a fundamental consequence of human nature.",
| but you're now saying somewhat ahistorical things about
| slave labor and market economies. Even if what you were
| saying was accurate, is has nothing to do with how we
| define rights.
| WalterBright wrote:
| You can (and people do) invent and define rights all the
| time. People have also tried to legislate that pi=3.
| Almost daily, legislatures try to repeal the Law of
| Supply and Demand.
|
| That doesn't make them rights, and it never works.
| cortesoft wrote:
| What makes something a right, then? You keep talking
| around it, and saying things which you believe are
| rights, but have never said explicitly what makes your
| set of rights somehow objectively rights where others
| aren't.
| WalterBright wrote:
| I did say, multiple times in this thread.
| joshuamorton wrote:
| "The law of supply and demand" isn't a right.
|
| > You can (and people do) invent and define rights all
| the time.[...] That doesn't make them rights
|
| Huh?
| WalterBright wrote:
| "The law of supply and demand" isn't a right.
|
| I didn't say it was. Neither did I say that pi=3 is a
| right. Please read what I wrote again.
| joshuamorton wrote:
| Yes, I and others have asked you to list out what the
| natural rights are, and you've waxed about free markets.
| I have no idea what you're trying to say, since you seem
| to be contradicting yourself. Hence my request for
| clarification. You're doing such a bad job of
| communicating here that the only reason I don't think I'm
| being trolled is that I know you wouldn't do that.
|
| My best guess is that you're trying to make the point
| that market economies are natural and that the rights we
| have under them are therefore natural, but this is
| basically an argument from status quo and it goes
| directly against what you said elsewhere about healthcare
| being a right due to government regulations.
|
| And from that you seem to be saying that healthcare is a
| right due to government regulation, but here you're
| saying that government decree doesn't make something a
| right. So like I said, I'm lost.
| kristov wrote:
| I think it's important to note that these rights are
| there _regardless of who you are or what you have done_.
| And that differs from "natural" human tendencies to
| strip wrongdoers of their rights. We have collectively
| agreed that a wrongdoer can have some rights revoked
| (prison) and yet continue to preserve more fundamental
| rights. Yet many people today still feel that someone
| that commits a terrible crime should be stripped of all
| their rights, including in some cases their most
| fundamental right to be alive.
| ClumsyPilot wrote:
| "Now, "rights" can be created by law, but those are a
| different meaning of the word."
|
| I read a few of your posts, and it felt like reading the
| old testament - full of self contradictions, the only
| constant is you don't like 'government'.
|
| You seem to have little regard for the fact that your
| countrymen have laid down their lives for your rights. The
| only reason we don't have 'Divine right of Kings' is
| because we cut off their heads, and we don't have slavery
| because those that support it have been shot or convinced
| at gunpoint. Women have the right to vote because they
| invented the letter bomb and burned down houses of MPs that
| voted against them.
|
| Every right you enjoy, from a fair trial to your very
| freedom, has been won in blood and while you pontificate
| about 'unexpected, marvelous free market' (which existed
| for thousands of years, Kongo Gumi was incorporated in 578
| CE) society becomes more polarized and likelihood we will
| resort to good old ways of settling differences increases.
| WalterBright wrote:
| > you don't like 'government'
|
| You evidently missed when I wrote that the function of
| government is to be the guarantor of rights.
|
| > You seem to have little regard for the fact that your
| countrymen have laid down their lives for your rights
|
| You would be very, very wrong about that. I have many
| family members who fought in American wars, all the way
| back to the American Revolution. I know what they fought
| for, and it wasn't socialism.
|
| > Every right you enjoy, from a fair trial to your very
| freedom, has been won in blood
|
| You're right, and I enjoy those rights and thank our
| American soldiers for fighting for them. You are very,
| very wrong about my feelings about GIs. My own father
| volunteered to fight the Nazis at the sharp end of the
| spear, and volunteered again for the Korean War at the
| sharp end. He also served in a support role during the
| Vietnam War. I take American freedom very, very
| seriously.
|
| I am grateful for all American servicemen and women who
| risked their lives for American freedom.
| notriddle wrote:
| Your post isn't really an argument. It's just
| contradiction.
|
| The whole point of calling rights "ineffective" is to say
| that this idea of fundamental rights that other people
| aren't obligated to provide to you has no utility. Your
| definition doesn't really contain any evidence to the
| contrary.
| WalterBright wrote:
| > The whole point of calling rights "ineffective"
|
| I never wrote that. I welcome you addressing what I did
| write.
| notriddle wrote:
| No, you didn't write that. It was a9h74j, that you
| replied to, who wrote that. And Simone Weil, originally.
| titzer wrote:
| > There aren't any fundamental rights which require someone
| else to provide them to you.
|
| This is, of course, totally false. From the moment of birth
| your parents have to provide sustenance and safety, or
| you'll die. Similarly, someone must teach you a native
| language, if only indirectly, or you'll be unable to
| communicate or acquire skills. If a parent neglects a child
| and fails to provide them "services" (or whatever), the
| state will absolutely take the child away and punish the
| parents.
|
| As an adult, you have the right to a system of justice that
| allows you to argue grievances and petition for redress
| against others. You have the right to police and fire
| fighters. Those are all services provided to you.
|
| I used to think that everything was a transaction when I
| was a hardcore libertarian, but I'm not anymore. There are
| bazillions of things that we take for granted that are just
| table stakes in a modern society, like the rule of law, an
| educational system, clean air and water, and yes,
| healthcare. A hospital can't refuse you emergency care if
| you can't pay, and that's absolutely a right established in
| the social contract.
|
| Rights are a mix of inherent and acquired capabilities as
| well as courtesies granted by a social contract. Until you
| start paying back every person from whom you've learned a
| word in the English language, yeah, you are getting tons
| and tons of things for free without realizing it.
| simplestats wrote:
| Bluntly claiming someone's post is false is rather rude
| isn't it? particularly on a subjective philosophical
| topic.
|
| Governments are never "givers" they are just different
| systems of trade-offs, which can also be in terms of
| services and freedoms. For example, you have a right to
| justice if you are wronged. Society can either step aside
| and let you seek it yourself, or, if that behavior
| (vigilantism) is outlawed, then they are obligated to
| _instead_ provide you with a system to seek justice
| within. Or they could come up with some alternative to
| allow you to protect your right. From this perspective,
| your right is not an entitlement and you don 't have to
| postulate a new entitlement every time the govt creates a
| new program for (ostensibly) helping people achieve their
| rights better.
| WalterBright wrote:
| > This is, of course, totally false.
|
| Your example is one of the state punishing you, not an
| example of a fundamental right. Services provided to you
| is not a right simply because the government provides
| them.
|
| The proper role of government is as _guarantor_ of
| fundamental rights.
|
| > you are getting tons and tons of things for free
| without realizing it.
|
| This is confusing rights with getting things for free.
| Nothing about fundamental rights prevents you from
| providing free stuff to others. In fact, you have a
| _fundamental right_ to choose to give your stuff to
| others for free. Heck, I work on D every day, and give it
| away for free. My salary as CEO of the D Language
| Foundation is $0. There 's nothing non-libertarian about
| that, since I freely choose to do it.
|
| As for children, as a hardcore libertarian you should be
| aware that the notions of fundamental rights apply only
| to legally consenting adults. Children enjoy only a
| subset of those rights.
| willcipriano wrote:
| Doesn't that cut both ways?
|
| Pleading: But sir, you must respect my laws.
|
| Reply: I do not see the necessity of that.
| didibus wrote:
| Exactly, people are missing that rights and laws are an
| agreed upon arrangement to find a set of compromise for
| everyone to live together happily, which results in
| stability and often overall growth in economy, invention,
| social enjoyment and entertainment, etc.
|
| You can't just tell someone they're not allowed to take
| food from your plate, while simultaneously not providing
| anything for them to eat.
|
| There is no longer any plot of land anywhere that is not
| owned by someone else. Think of those plot of land as
| plates. One who doesn't own any of it is hungry, you tell
| them to get their own food, but they can't take from any of
| the plates of anyone else, so you can't use any land to try
| and get your food from. Now this person tells those who
| have all the food, hey I have the right to food as well,
| and people say, I don't think that's a necessity, well why
| is your right to your land and your plates of food a
| necessity as well? You can't have it both ways. If you want
| to have the right to own the plates of food, you must also
| provide food to others somehow, because you've taken up all
| of the abilities to get food from others.
| pas wrote:
| > You can't just tell someone they're not allowed to take
| food from your plate, while simultaneously not providing
| anything for them to eat.
|
| You can, and a lot of people do say this. And it was said
| many times in history, and ... people were maimed for it
| regularly. (And every day we get the reports, pictures,
| videos about people inside a fence saying that those who
| are outside should just go and try their luck somewhere
| else.)
|
| The whole point is that wordgames are not going to get us
| the desired utopistic society where people feel that
| obligation to act to uphold others' rights in accordance
| to their power/ability for doing so.
|
| It needs a culture that cherishes this, enforces this,
| perpetuates this.
|
| In essence we need a control loop that keeps society on
| track, and this system has to be aware of all the usual
| problems (the optimal set-point of intolerance of
| intolerance, top-down systems tend to consolidate power,
| bottom-up systems can easily oppress minorities,
| political arbitrage of resources for favors is an ever
| present problem, and so on).
| didibus wrote:
| Seems like we're in agreement, unless I'm misreading
| something.
|
| Obviously, you can say that, but the people you say it
| too now also loses their reasons to uphold your words. If
| you tell me I can't have food from you, and I also have
| no other way to get food, I'm going to have to disregard
| your right to property you were hoping to have and force
| my way into your plate of food.
|
| And now we're back at the typical human power struggles
| and infighting.
|
| I think your point is that simply asking for food when
| you don't have it doesn't magically solve the problem.
| And I agree, but if you think about who you're asking it
| makes more sense. You're asking those who have all the
| food or means of producing food to give you some, or to
| do something about your lack of food. They were handed
| ownership of food and food production, now there's people
| who feel they don't have the food they need. They're
| complaining to those who own the food and its production,
| which to me makes sense, since they are the best
| positioned to solve the problem as the owner of the food
| and food production. And those who don't own food or food
| production have little ability to do anything about it.
| That's what I was trying to convey, there's no where else
| to try my luck, everything is already fenced up.
|
| This is kind of just a debate on equal opportunity and
| equity I guess. Everyone should have equal opportunity,
| and those who haven't in the past might need equitable
| retribution to make up for it.
|
| Asking for that I think is very different than asking to
| be handed things without effort. I think most people
| simply ask for justice, if you had land and couldn't make
| food with it, so be it. Most people might accept their
| fate. Now it be nice to also deal with those unlucky in
| their attempts, but now it's a different debate. If you
| never had land to begin with, had your land taken, etc.,
| that's another story.
|
| I'm also 100% in agreement with the following:
|
| > It needs a culture that cherishes this, enforces this,
| perpetuates this.
|
| Even though I'm not so sure how best to nurture such a
| culture.
| DarylZero wrote:
| > rights and laws are an agreed upon arrangement
|
| I don't know why people say this.
|
| It's just a fairy tale. Laws aren't agreed upon; they're
| initiated by conquest and continue through the
| establishment of institutions that preserve an occupation
| over generations.
|
| There may be some kind of "democratic" process for public
| participation in law-making, but that's not the same
| thing as laws being "agreed upon."
|
| There may be some kind of cultural process for raising
| children to accept the laws that existed and were put in
| place by adults before them, but even that's not the same
| thing as laws being "agreed upon."
| bendbro wrote:
| That seems like a bad example. In modern society rights are
| generally enforced by the support of the population via some
| judicial (or extra-judicial) system.
| stavros wrote:
| How is an "obligation" not the exact same thing as a "right",
| just from the other person's perspective?
|
| Pleading: But, sir, you must fulfill your obligations.
|
| Reply: I do not see the necessity of that.
| hdjrudni wrote:
| You didn't flip the dialogue, you just substituted
| different words.
|
| Replier: I should fulfill my obligations to society.
|
| Pleader: _le suffering_
|
| Replier: Ya..I should really do that now. It's my duty.
|
| That's the difference, the perspective. You aren't asking
| someone to fulfill their obligations, people are taking it
| upon themselves because the mindset has shifted. It's now
| upon you to do the right thing, not hand-wave say "you have
| rights..but it's someone else's job to realize them"
| stavros wrote:
| That's not inherent to the word "obligation" any more
| than saying "I must do this, it is your right". It's fine
| as a concept, but saying "instead of talking about
| rights, we should talk about obligations" doesn't clarify
| anything, because my right is simultaneously your
| obligation.
| lostcolony wrote:
| Right, but in so doing you're also switching the
| grammatical subject. The original statement assumes the
| same subject, moving from rights -> obligations implies a
| different meaning. I.e., when speaking of myself, "my
| rights" vs "my obligations" are very different things.
| Likewise when speaking of society, "our rights" vs "our
| obligations" also lead to a different dialog. The onus is
| on what we owe to others, rather than what we are owed,
| even though such a contract necessarily implies both.
| DarylZero wrote:
| Yeah, that makes sense in egalitarian societies, but in
| real world societies, it means the slaves aren't allowed
| a voice.
| stock_toaster wrote:
| I think the whole point is that it is from the other
| perspective (they are "jural corelative"?)[1].
|
| Example: https://en.wikipedia.org/wiki/Noblesse_oblige
|
| [1]: https://en.wikipedia.org/wiki/Corelative
| [deleted]
| VWWHFSfQ wrote:
| > the correct way to think about our relationship to society
|
| This right here is the problem. I'm very familiar with Simone
| Weil's ideas, and also the criticisms. Her entire philosophy
| can be reduced to "Ubuntu": We are who we are, because of who
| we all are.
|
| The problem is that this doesn't follow with a free society. Or
| individual liberties. It's basically that the "individual
| freedom" is reduced to the lowest common denominator of what
| the society will comfortably tolerate. And that, by definition,
| is tyranny.
| zby wrote:
| I have only one question: is his blog a gift?
| unnouinceput wrote:
| I don't like hair trimmers. I have no use for them and they
| only occupy space and eventually I return them when I get them
| as gifts. And yet, every 2 or 3 years I get one as a gift.
|
| His blog is a hair trimmer, now I have to kill the memory it
| occupied in my brain (return the gift).
| fmajid wrote:
| The hair trimmers are not a gift. They are a pointed
| commentary on your grooming, or so I would assume.
| unnouinceput wrote:
| Considering I have a hair salon I go and do said grooming
| every 2 or 3 months, it's not a pointed commentary but a
| poor gift from people who don't really know me. You see,
| it's fashionable in my country to do such a gift to men,
| except in my case I get it from people who don't really
| know me but they enter my my life one way or another. Trust
| me, they learn and next gift is usually perfume or shaving
| water. Those gifts are always welcome, no matter how many
| come.
| ignoramous wrote:
| apenwarr's posts on (software engineering x startups) are even
| more lit. As someone who works on FOSS full-time, I wish they
| wrote about the questions posed in the _epilogue_ section of
| that post.
| tarsiec wrote:
| "Everything I don't like is communism!"
| zaphar wrote:
| That isn't even close to what the author wrote. The "quote"
| reflects nothing of substance from the article.
| xg15 wrote:
| From log4j to Communism vs Authoritarianism in less than 400
| words. Gotta admit, that is impressive even for internet
| standards.
| mirkules wrote:
| What's more is that the author is wrong. Free Software is
| libertarianism, not communism.
|
| "Free" refers to the freedom to modify the software, the
| liberty of one person to (legally) do whatever they want with
| the thing they own. Common ownership, or community control of
| means of production has nothing to do with Free Software.
| Nobody owns free software and nobody controls it.
| fmajid wrote:
| More precisely anarchism. The ethos of Stallman is completely
| at odds with that of libertarians.
| mixedmath wrote:
| Could you expand on how the ethos of Stallman is at odds
| with libertarianism a bit more?
| southerntofu wrote:
| I think the parent refers to different cultural
| understandings of "libertarianism". In most of the world,
| libertarian ideology is anarcho-communism whereas in the
| USA (and in the startup world globally) libertarian
| designates so-called "anarcho-capitalism".
|
| There is some ideological overlap as both branches
| advocate against centralized powers. The key difference
| is in regards to private property: the idea that
| something can be owned by someone who does not make use
| of it (i.e. not a personal possession such as your
| residence) is denounced by anarchists as a way to deprive
| people/communities from their resources for the profits
| of a few ("property is theft") whereas libertarians
| consider that a "natural right".
|
| Still, as Noam Chomsky (and others) pointed out, the
| anarcho-capitalist clique from Silicon Valley always
| relied on major grants from the State and how you would
| prevent the people from accessing the resources they
| produced because they're "owned" by someone else without
| central powers remains a mystery. Libertarians are well-
| known for dreaming of employing people to work for them
| and amassing wealth, but i have yet to meet a libertarian
| who wants to be the lowly exploited worker.
|
| Meanwhile in the anarchist world, we abide by the
| principles of "from each according to their capabilities,
| to each according to their needs". Gathering consent and
| sharing tasks is notably easier when we're doing it for
| ourselves and not for the profit of someone else.
| jrm4 wrote:
| I can't help but think _so much_ of this could be solved if we
| simply had real and effective product liability rules and
| consequences for things that use software.
|
| You give it away for free, no guarantees and such? Great, we
| appreciate it.
|
| You sold something to someone? Okay, well, like with food and
| buildings and cars and airplane rides, we understand that if it's
| done wrong it can be really harmful, so we have real legal
| consequences for getting it wrong. Where you sourced your inputs
| is _not my problem_ when it does -- whether that input was "free
| software" or "rotten ingredients" or "faulty concrete."
| jopsen wrote:
| > if we simply had real and effective product liability
| rules...
|
| Isn't there a risk it software would become as ineffective as
| healthcare?
|
| It seems to me that private enterprises aren't good at handling
| huge uncertainties (like liability). So businesses would
| aggressively minimize liabilities. Sure we would get better
| software, but we might get less competition, higher barriers to
| entry, more expensive products, and less capable products.
|
| Suing companies for doing the wrong thing is an expensive
| mechanism. Gradually regulating supply-chain documentation is
| probably cheaper.
| jrm4 wrote:
| I literally believe we would likely get the opposite of every
| possible negative thing you mentioned; mostly because I think
| the cause of most software problems (or more specifically,
| the difficulty of discovering and fixing them) comes directly
| from the monopoly and monopoly-like players that currently
| exist.
|
| I'm aware that a world in which e.g. Microsoft was actually
| sued to the extent of the damage it has caused is hard to
| envision, but I can't help but think breaking that sort of
| thing up by whatever means gets you more visibility, more
| localism, more shallow bugs, etc.
| pas wrote:
| Software is everywhere. A 5 USD gadget dies because the
| software is shit? Nobody cares. (The ewaste is bad still.) An 1
| USD app has bugs? Meh.
|
| We have liability regulations for the actual things that use
| software. (And in some cases too much and in some cases too
| little. See healthcare, medical devices, FDA on one end, and
| Boeing and the MCAS fuckup on the other end.)
|
| One reason Amazon got sooo big is that they do have a consumer
| protection regulation. (The return everything no questions
| asked policy. Of course they also have a fucking big problem
| with scams, and they are too hostile with merchants, because
| they are a fucking de facto monopoly, and are not forced to
| work much on those problems or "metrics".)
| EGreg wrote:
| Actually, cryptocurrencies and DAOs were supposed to be
| socialism. The network was going to be owned by the people. The
| natural way to monetize open source.
|
| Well, minus the whole one person one vote part, but still better
| than the surveillance capitalism of Big Tech companies funded by
| VCs buying shares, propping up their "free to lockin" model and
| dumping them on the public, who then made them extract rents
| forever to satisfy wall street earnings.
|
| In my opinion, cryptos were seduced by the dark side of profit,
| and buyers failed to care that the emperor (blockchain) has no
| clothes (scalability).
|
| I am focused on micropayments and local currencies with actual
| utility, and moving past blockchain. I am going to link to
| something -- and historically this link was immediately knee-jerk
| perceived as "shilling a coin" but if you read, there is no coin,
| it's just talking about how to ACTUALLY monetize open source
| projectsand joirnalism and other online content on the WEB using
| WEB technology instead of government enforcers:
| https://qbix.com/token
| southerntofu wrote:
| That's an interesting perspective. I've had this debate before
| with people, but i personally believe the way to build
| socialism (or anarchy, or communism or whatever you'd like to
| call it) is to abolish money and private property. Trying to
| game the system using its own axioms is not going to bring any
| major change, as history has shown.
|
| Only by fundamentally changing the nature of relationships can
| we fundamentally change society overall.
| EGreg wrote:
| Without money / currency, how do we reward people for their
| contributions to a project? How do you quantify the needs in
| "to each according to his need"? If one day a person wants to
| throw a party, how will they obtain the materials? But if
| they try to throw a party every single day, someone has to
| account for this, no?
|
| As for private property, I have written about this before --
| I believe that private property, like government, is an
| institution that relies on threats of force to be enforced,
| and restricts people... but that on small levels, it's good
| and as the level gets larger (owning 900 houses vs 9 houses)
| the courts should simply enforce it with less and less force:
| https://magarshak.com/blog/?p=208
| hinkley wrote:
| > If you wanted to pay someone to fix some software, you didn't
| want a gift. You wanted a company.
|
| > But if there is no company and someone gave you something
| anyway? Say thanks.
|
| This is what grinds my gears. There is no market for a company
| that tries to provide a better version of the gift. The author
| completely glosses over the social contracts involved in gift
| giving. Contracts that software developers seem to be
| particularly immune to.
|
| I think the party analogy is closer to the crux of it, because we
| all have a story about someone who threw and awful party or
| bought one pizza for people who helped them move and then retorts
| with something tone deaf like "you didn't have to come you know."
|
| I didn't have to come, but I had other options that day, which I
| turned down to come to your stupid party. There was an
| opportunity cost associated with your gift. I'm not some
| dilettante who is going to crucify you for throwing a boring
| party. If that's the sort of people you attract then you've done
| yourself a favor by filtering them out. But an _awful_ party is
| going to cost the group something.
|
| (Also I wish the author had mentioned "Free as in Puppy" which is
| part of the situation they are describing.)
| BeetleB wrote:
| > The author completely glosses over the social contracts
| involved in gift giving.
|
| First, social contracts with gift giving vary widely across the
| world. It's a good reason they should be ignored here.
|
| Second, as made very clear in the book _Influence_ by Cialdini,
| the common social contract with giving gifts is _reciprocity_ -
| and it holds even when the gift is crappy and /or unwanted.
|
| So if you're going to invoke social contracts, do address all
| aspects of that contract.
|
| You will also find significant disagreement on what the actual
| gift here is. For many, the gift is the _code_ , not the
| _capability_. I 'm giving the world this code. I provide some
| information about it. Whoever chooses to take it is expected to
| evaluate it and see if it fits their purposes.
|
| Finally, regarding the potluck/party scenario, a more
| comparable example is a community potluck where everyone in the
| city is invited and can bring dishes, with _no constraints
| whatsoever_. People will show up, and happily tell everyone
| what 's in their dish and how they made it. Most of them will
| openly say "I really can't claim this won't harm you" and "I'm
| not sure what entails proper cooking." You listen to each one
| and decide if you want to eat it.
|
| Obviously, no one would ever run a potluck that way. You are
| using that fact to bash the developers, when you're not
| realizing the obvious: Potlucks/parties are a very poor
| analogy! Indeed, if you want to stick to the potluck analogy,
| then as an organizer, you definitely _would_ put some rules in
| place - rules that would (and should) preclude most open source
| SW from being used in your product.
| kristjansson wrote:
| Free software isn't a gift to its recipients, it's gift to the
| commons. It's an open house, not an embossed invite. The other
| side has some agency in selecting and evaluating the gift they
| receive, not least because every package disclaims the lack of
| warranty, fitness for purpose, etc.
|
| Does one have an obligation not to impose a bad party on their
| friends? Sure. Should one, seeing lights and music and sign
| saying 'all are welcome', feel a loss if they don't enjoy what
| they find inside? I don't think so.
| bruce343434 wrote:
| You can refuse a puppy
| hinkley wrote:
| I can yes, but if you think you have that much control over
| your environment, outside of a solo project, then you're in
| for some hard lessons ahead. Most of the time we end up
| living not just with our own bad decisions, but everyone
| else's too. Thinking you can stop everything bad from
| happening will just make you crazy, and cost you friends.
|
| I can't refuse a puppy when I come home from work and find
| that my aunt dropped one off that morning and the kids have
| been playing with it all day and already named it. I have to
| get other things done. I can't wait by the door in case
| someone shows up with a box that is making noises.
| janosett wrote:
| I don't think this analogy really holds. Whereas one person or
| a closed group usually organize a party, open source is, well,
| open!
|
| We could re-imagine this as a potluck I suppose. If you decide
| to bring nothing, you can't really complain if the food is
| awful.
| Kinrany wrote:
| I think it does hold: the cost of learning to use an open
| source project is not zero. It's the same as not asking the
| party planner about every detail even when they're perfectly
| willing to answer.
|
| Gift giving inherently involves trust from the recipient. And
| there's no transaction, so it's inherently consequentialist.
| kmac_ wrote:
| It doesn't hold at all. Open source licences usually
| clearly state that there are no guarantees. The contract is
| clear and log4j (or any other) authors don't owe anything
| to anyone. If you want guarantees, pay for it.
| hinkley wrote:
| This is the same blame the victim line of thinking that
| cigarette companies perfected to get out of any
| responsibility for killing millions of people. It's a
| Dark Pattern and we need to stop repeating it.
|
| This notion that people don't "have to use OSS" is
| demonstrably false. As is the "build a better mousetrap"
| aphorism that was so common during the dot com bubble. It
| can be true when there is _one_ OSS tool in a space, but
| every tool eventually becomes a monopoly, or part of an
| oligarchy. There is not space in a grocery store for an
| infinite variety of soda (though by god do they try).
| There are many you will never have heard of because the
| noise ratio has climbed too high. Every. Single. Solution
| is an opportunity cost.
|
| Same is if all of my friends try to throw a party in the
| same week. Nobody is going to all of them, and most
| people are only going to one. Some might not go to any
| for fear of picking wrong, and just opt out and do their
| own thing. If they go to the worst one then they missed
| out on a good time. That is partially on the host, yes. I
| don't owe you an amazing time, but I owe you a not awful
| one.
|
| I can't sell a tool that minifies JavaScript files. That
| is a comoditized space. If all the tools suck? I'm
| entitled to be a little upset about it, and who are you
| to tell me otherwise? DevEx matters and many people still
| don't try, at all.
| Kinrany wrote:
| No one in this thread mentioned licensing or legal
| issues.
|
| As an edge case, consider a CLI that solves a trivial
| problem but also turns the computer into a space heater
| via an always-on service. It will rightfully damage the
| author's reputation with the users and they'll avoid
| using that person's code again, but they won't sue of
| course.
| hinkley wrote:
| I was in a club (full of adults) in high school that I only
| realized how amazing the leadership was after the then-
| president had passed away due to health issues. Which is a
| shame because adult me definitely would have found him and
| said thank you, and also fuck all those people who tried to
| vote you out, and then didn't do as well.
|
| They ran a fund raiser event (not unlike a fun run) twice a
| year and it was eye opening how many hands it took to make a
| good idea into one people invited their friends to next year.
| I volunteered a couple years at a couple of events and I know
| I worked harder those two days than I did when I
| participated, and not on the tasks I expected to be
| challenging. High school movie parties fall apart because
| it's all anarchy, _and_ no self control. There 's a lot that
| goes into making a soiree a success instead of a disaster.
|
| My partner years ago stopped hosting parties because we were
| both ragged by the time people arrived, and there was always
| something we worked hard on that went unnoticed. Sometimes
| necessary, other times just a bad call on our part. Now we
| farm out the work a bit more, but even a potluck has key
| dishes and can fail if everyone guesses wrong. But if you pay
| close enough attention to a potluck, for many families
| grandma's dishes are the keystone that holds it together.
| She's seen some shit. She knows what's what.
|
| I used to bring an Igloo water dispenser to a volunteer group
| because the group I was in in high school worried a _lot_
| about people injuring themselves in the heat. They had
| meetings every year before the events to refresh people. Heat
| exhaustion is scary, even dangerous, but heat stroke is life-
| altering. For the volunteer group, I think maybe five of us
| cared enough to bring fluids, and while my extra didn 't
| always get used, I'm absolutely sure that one of us saved
| somebody. And if one of the other five had been sick, or had
| a wedding, then mine wouldn't have been backup. It's not hard
| to bring water, but someone _has_ to do it. Unfailingly.
|
| The rest of the group would of course care if someone got
| sick, but only to prevent it happening a second time. When
| you do something right the first time, nobody appreciates how
| hard it was.
| pmjones wrote:
| I expounded on the gift-giving theme as well, some years ago, and
| am glad to see I was not alone: http://paul-m-
| jones.com/post/2018/12/11/open-source-and-sque...
| dado3212 wrote:
| > Miraculously the Internet Consensus is always the same both
| before and after these kinds of events. In engineering we call
| this a "non-causal system" because the outputs are produced
| before the inputs.
|
| So funny.
| gitgud wrote:
| > _When you try to pay for gifts, it turns the whole gift process
| into a transaction. It stops being a gift. It becomes an
| inefficient, misdesigned, awkward market._
|
| This resonated with me. When opensource involves money,
| incentives become misaligned... And all the bad parts of a SASS
| product become important, vendor lock in, upselling etc...
| Snetry wrote:
| > As a result, they started a nonprofit organization to rewrite
| all of Unix, which the printer did not run and which therefore
| would not solve any of the original problem, but was a pretty
| cool project nonetheless and was much more fun than the original
| problem, and the rest was history.
|
| That is an incredibly bad retelling of the GNU story
| shadowgovt wrote:
| As with most legends, it left out the details but got the crux
| of the situation right.
| badsectoracula wrote:
| The crux of the situation was that RMS started GNU because he
| realized that not having access to the printer's source code
| put whoever had access to it in a position of power over his
| use of the printer and the implications that has when
| extended to other aspects where software is concerned and
| will be concerned with as computer use increases.
|
| This was not mentioned at all in the blog post.
| shadowgovt wrote:
| He doesn't mention the power dynamic in the story
| (https://www.fsf.org/blogs/community/201cthe-printer-
| story201...).
|
| You can infer it mattered, but you can also infer he was
| pissed he couldn't make the machine do what he wanted.
| These are both valid interpretations if the same story...
| Which is the "crux" is up to the teller.
| badsectoracula wrote:
| The _entire point_ of Free Software is about users being
| in control of their programs, so _of course_ it is about
| the power dynamic. But of course even if it was about him
| pissed - and he was pissed, which is something he did
| mention - it was because he was denied that control.
|
| There isn't really any other interpretation than that.
|
| Also the story you linked at is not RMS' story, but a
| different and more recent story which is also about a
| printer that sounds similar to RMS'. The RMS story is
| linked in the page you gave, though it is a transcript
| and kinda big. Here is the relevant bits:
|
| > And then I heard that somebody at Carnegie Mellon
| University had a copy of that software. So I was visiting
| there later, so I went to his office and I said, "Hi, I'm
| from MIT. Could I have a copy of the printer source
| code?" And he said "No, I promised not to give you a
| copy." [Laughter] I was stunned. I was so -- I was angry,
| and I had no idea how I could do justice to it. All I
| could think of was to turn around on my heel and walk out
| of his room. Maybe I slammed the door. [Laughter] And I
| thought about it later on, because I realized that I was
| seeing not just an isolated jerk, but a social phenomenon
| that was important and affected a lot of people.
|
| Emphasis on the last bit: "And I thought about it later
| on, because I realized that I was seeing not just an
| isolated jerk, but a social phenomenon that was important
| and affected a lot of people."
|
| And after all he made the Free Software Foundation, not
| Working Printers Foundation.
| shadowgovt wrote:
| That's a good story about being pissed you can't make the
| software do what you want.
| badsectoracula wrote:
| That's not what the story is about though.
| Snetry wrote:
| did it get the crux right? To me this reads like Stallman got
| mad a company said no to him and because of that decided to
| rewrite UNIX because idk
| shadowgovt wrote:
| That happens sometimes. Knuth got mad there wasn't any good
| typesetting software for his book and wrote TeX.
|
| Stallman wanted an ecosystem he could control. Did it work?
| Sort of.
| sja wrote:
| I interpreted this bit as intentionally reductive for the sake
| of humor. And I thought it was funny!
| Snetry wrote:
| okay after a reading it a few times I can see how it could be
| considered tongue in cheek I'll give it that
| rfrey wrote:
| This article was not about retelling the GNU story. Think of
| that sentence as a cultural reference, not an explanatory
| history.
| Snetry wrote:
| okay but even then it botches it
| 1970-01-01 wrote:
| >"Internet access is a human right," is just a sneaky way of
| saying "someone should give people free Internet."
|
| This isn't correct. It does not mean someone should pay your ISP
| bill. Human rights are standards of living that are protected by
| laws.
| mherdeg wrote:
| Hmm, re:
|
| > how startups tend to go bankrupt and their tech dies with them
|
| I have this mental model, which may not be entirely accurate,
| that the original Iridium corporation successfully launched
| satellites into orbit, erased the multi-billion dollar costs of
| the launch using bankruptcy, and then handed over control to a
| successor corporation who inherited control of the constellation
| but none of the startup costs.
|
| Do I have the story right? Is there any other example like this
| where a failed company manages to leave us with something useful
| while its immense costs were just ... evaporated?
| CommieBobDole wrote:
| That's roughly true, but it's sort of a special case; as I
| recall it, the US Department of Defense had come to depend on
| Iridium and didn't want to lose service, so they facilitated
| the orderly bankruptcy and re-emergence of the company, in part
| by offering an enormous multi-year contract to the successor
| company.
| gowld wrote:
| The company didn't "fail" -- it ripped off creditors.
| Kon-Peki wrote:
| Motorola developed and launched Iridium. They may have lost
| their $X investment, but they also went out and sold mobile
| network infrastructure equipment in the developing world for
| $(X * Y).
| jcun4128 wrote:
| I liked the book Eccentric Orbits about Iridium
| kingcharles wrote:
| Do things like Tumblr and Skype count?
|
| Where a legacy Internet behemoth mistakenly clicks "Buy It Now"
| on a startup for eleventy billion dollars during some drug-and-
| drink fueled bender and then wakes up the next day and offloads
| it to some rando on Twitter for whatever they have lying around
| in their PayPal balance.
| neilparikh wrote:
| It's funny, I think Yahoo has done this twice now: once with
| Tumblr and once with Delicious (although the chain of
| ownership for Delicious is much longer).
| beervirus wrote:
| coliveira wrote:
| They didn't give me anything, they gave to the companies that
| bought the satellites for next to nothing.
| [deleted]
| jasode wrote:
| _> Is there any other example like this where a failed company
| manages to leave us with something useful while its immense
| costs were just ... evaporated?_
|
| Blender's original investors' capital not totally evaporated
| but the $100k buyout to release it as open source was a small
| fraction of their $4.5 million:
|
| https://docs.blender.org/manual/en/latest/getting_started/ab...
| didibus wrote:
| > Authoritarianism is about taking things from me. Communism, in
| its noncorporeal theoretical form, is about giving things away
|
| That seems slightly wrong to me. I feel like this is comparing
| apples to oranges. Authoritarianism is a ruling arrangement, but
| communism is an economic arrangement.
|
| In a way, democracy is to the right to rule as what communism is
| to the right to wealth.
|
| In a democracy, all citizen has equal right to rule, everyone
| gets one vote. In communism, all citizen has equal right to
| wealth, everyone gets the same amount of ownership into the sum
| total wealth of the country. (in practice, just like there are
| false democracies where fraud is rampant and not everyone truly
| gets an equal vote, communism in practice till now seem to not
| have truly given equal wealth to all)
|
| Why has there never been a democratic communist country is a good
| question, but there are quite a few social democracies and those
| have worked quite well till now... like most western countries
| except the US (and even the US has quite a lot of socialism built
| in and is really a social democracy even if maybe more
| libertarian than others).
|
| I'm not saying that communism would work better, but I do find it
| annoying when people restrict the search space into alternative
| economic arrangements by pointing out the correlation between
| communism and authoritarianism.
|
| I see communism as more of giving me things, then giving things
| away. It only seems to give things away if you start with the
| assumption you own more things to begin with. But the current
| distribution is that communism should in theory give more people
| more things, while only taking away from a small percentage which
| currently disproportionately own most wealth.
|
| The counterpoint being the size of the pie. If we all own an
| equal share of a small pie, you might still have less pie than if
| you were to own the smallest slice of a much bigger pie. This is
| the best argument I've heard for capitalism. And with a little
| sprinkle of socialism, you can regulate capitalism so that there
| are limits on how small a slice can be, giving people a
| reasonable living baseline and growing the overall size of the
| pie at the same time.
|
| The weaker part of this argument is establishing a proof that
| there are no other ways that would also yield a bigger pie while
| also having a more even distribution of it.
| h2odragon wrote:
| What other gifts continue to be the responsibility of the giver
| after they're given?
|
| If I give you a puppy, and it gets sick, should the vet bill me?
|
| If I gave you a car, and the wheels fall off two years later, is
| that my problem?
|
| In this instance people have been using this Java package for
| _years_ I gather without problems. Why is the responsibility for
| changing the package anyone but theirs, the people using it; now
| that they 're decided they have stricter requirements for that
| need?
|
| Even the entertainment industry's notion of "ownership" isn't so
| endless. They'd like to be paid every time we use their product,
| but have settled for "licensed media" ... but that license
| doesn't extend to replacing the media when it wears out.
| shadowgovt wrote:
| > Why is the responsibility for changing the package anyone but
| theirs, the people using it; now that they're decided they have
| stricter requirements for that need?
|
| It isn't. Every open source consumer is ultimately responsible
| for the use of the code. That's baked into every open source
| license I'm aware of. Even the "share and enjoy" mantra is a
| tongue-in-cheek reference to a rhyme that ends with
| recommending what porcine orifices you can put your head on if
| you don't like the software.
|
| ... But there's more to be gained by the original authors, in
| glory and internet points, by publishing a fix for the problem
| than in washing their hands of the whole affair. Some people
| want their code correct as a point of professional pride alone.
| ekidd wrote:
| > Even the "share and enjoy" mantra is a tongue-in-cheek
| reference to a rhyme
|
| I don't know of any rhyme, but I always assumed that this was
| a reference to the _Hitchhiker 's Guide_ and Sirius
| Cybernetics Corporation. Which, yes, does involve a pig:
| https://www.goodreads.com/quotes/95859-share-and-enjoy-is-
| th...
|
| Sirus Cybernetics Corporation was best known for having
| created Marvin, the depressed android, and doors with
| cheerful personalities:
|
| > "All the doors in this spaceship have a cheerful and sunny
| disposition. It is their pleasure to open for you, and their
| satisfaction to close again with the knowledge of a job well
| done."
|
| So yes, "Share and enjoy" was originally deeply drenched in
| irony, and it functioned as a warning to proceed at the
| user's own risk.
| xg15 wrote:
| It's not just internet points, it's what makes the whole
| thing practically viable.
|
| If you don't give any guarantees beside "it's a hobby
| project", you can't expect anyone else to use your software
| beyond hobby projects either.
| ekidd wrote:
| > If you don't give any guarantees beside "it's a hobby
| project", you can't expect anyone else to use your software
| beyond hobby projects either.
|
| I am happy to provide consulting services and support
| guarantees through my LLC, and have done so in the past.
|
| Non-paying users who ask nicely might get fixes. Or they
| might not! Unfortunately, those fixes might also arrive a
| year or two after they stopped caring, I'm sad to say.
|
| But a project which doesn't bring me any revenue, and which
| doesn't function as valuable advertising, is only going to
| receive support when I have the time and the inclination.
|
| Realistically, commerical adoption is only interesting to
| me if there's _some_ upside for me. This isn 't to say that
| companies should never use my libraries or tools. Just that
| if they want timely support, they should be prepared to
| either pay me, or use the "Fork" button.
| BeetleB wrote:
| > If you don't give any guarantees beside "it's a hobby
| project", you can't expect anyone else to use your software
| beyond hobby projects either.
|
| Can't speak for log4j, but I don't _expect_ anyone to use
| my SW beyond hobby projects. If they do, I expect them to
| be responsible for how they use it.
| fxtentacle wrote:
| Or it's the opposite. I've had people base their business
| operations on my clearly marked hobby project. And then
| they started being nasty when I stopped updating it.
| jjav wrote:
| > If you don't give any guarantees beside "it's a hobby
| project", you can't expect anyone else to use your software
| beyond hobby projects either.
|
| That's a good thing. The companies shouldn't be expecting
| free code and free support. If they want something for a
| commercial product, pay for a commercial library with a
| support contract.
| nomdep wrote:
| Reviewing code is (should be) significant less work than
| reimplementing it yourself, if you were able to do it in
| the first place.
| netcan wrote:
| So... this is essentially a cultural question, so I think the
| best way to look at it is empirically.
|
| Not exactly your question, but there's an anthropological
| pattern whereby gift exchange between individuals of disparate
| class or power (eg peasant & lord) automatically create a
| tradition. If a boss gives his employees a turkey for
| christmas, christmas turkeys become a permanent expectation. If
| a lord give his king 20 camels for spring equinox, this can
| easily escalate into a permanent tax.
| hinkley wrote:
| I know a former software developer who is very open about
| going to therapy. He once commented on this fact, saying that
| he knew someone who also talked openly about therapy, and
| that he never would have gone if they hadn't known this
| person. Essentially he's hoping to be 'that guy' for somebody
| else.
|
| Computer science, to people who are picking college degrees,
| seems like a safe, sterile environment of pure logic. But the
| only jobs are in software development, which is organic as
| hell. It's messy, it often smells, sometimes it rots. And
| sometimes it's just scary. A lot of people seem to be in
| denial about this for a long time.
|
| Software is full of social capital and emotions, and we often
| try to conceal both behind a mask of objective thought. I can
| tell you ten logical reasons we shouldn't write the code this
| way but the real problem is that I think your solution is
| going to leave me stressed out of my comfort zone and/or
| missing life events because I either can't trust that you'll
| clean up your own mess, or that the business won't let you
| because you can't do it fast or robust enough. So I'm gonna
| argue with you about getting anywhere near that cliff edge,
| but we're not going to talk about the proverbial agoraphobia
| because that's too hard.
|
| And if my logical, objective, sterile reasons for saying 'no'
| are deflected, odds are very good I'm going to acquiesce
| instead of actually agree, and I'll be secretly stressed,
| possibly grumpy, possibly even ready with an 'I told you so.'
| All while we're trying to keep hard things 'professional'.
|
| Your solution is nerve wracking. This one is not. We should
| use this one, because we have better things to stress about.
| You're goddamned right we're going to trade a little more
| stress for you now for less stress for the entire company
| three months from now. It's a fair trade.
| stevenhuang wrote:
| Did you respond to the wrong comment? Not sure where you're
| going with this comment.
| hinkley wrote:
| ???
|
| Must be a sibling comment. Shoot.
| xorcist wrote:
| The examples are a bit one sided.
|
| If I give you covid, is that my responsibility?
|
| If I give you a piece of software with a backdoor in it, is
| that my problem?
|
| In reality, all actions carry various kinds of
| responsibilities. And well designed backdoors looks exactly
| like oversights, so the difference isn't all that clear cut in
| pratice.
| kelnos wrote:
| I mean, it depends?
|
| If you give me covid, and you did so intentionally or
| negligently (as in, you knew you had it and yet did not
| isolate or at least tell me you have it so I can decide not
| to meet with you), then yes, that absolutely is your
| responsibility. But if you contracted covid from a trip to
| the grocery store, were asymptomatic, had no idea you had it,
| and I got it from you, I certainly wouldn't hold you
| responsible.
|
| The software-with-backdoor bit is similar. Did _you_ put the
| backdoor there, and then give me the software with the intent
| to later use the backdoor against me? That may not be your
| "problem", but it's certainly your responsibility. Or did a
| contributor sneak a backdoor into the software, but, despite
| your best efforts, you missed it? I'd be upset, and might
| trust your technical judgment less, but I would hold the
| contributor responsible, not you.
|
| > _In reality, all actions carry various kinds of
| responsibilities._
|
| Yeah. Going back to the covid example, I could imagine an
| intermediate situation where you didn't know you were
| infected, but for the past months you'd been engaging in all
| sorts of risky behaviors: not getting vaccinated, no social
| distancing, no masking in crowded indoor places, hanging out
| with unvaccinated people in close quarters, etc., then I'm
| probably not going to react as severely as if you
| deliberately gave it to me, or knew you had it and didn't
| warn me, but I'm certainly not going to hold you blameless
| either.
| [deleted]
| [deleted]
| xg15 wrote:
| > _In this instance people have been using this Java package
| for years I gather without problems. Why is the responsibility
| for changing the package anyone but theirs, the people using
| it; now that they 're decided they have stricter requirements
| for that need?_
|
| Because for a long time, libraries have been advertised as
| building blocks that you can quickly integrate into your own
| application _without having to understand in detail how the
| library works_. This assumption has been pretty crucial in the
| cost /benefits calculation for using libraries vs writing
| functionality yourself.
|
| Now that internet security is becoming an ever more serious
| topic, this assumption might be less and less viable to hold.
| We've walked back on it to an extend already with the current
| best practice of "you don't have to understand how it works,
| but at least update frequently".
|
| However, it might as well happen that this is not enough to
| keep security issues from happening. Things are already moving
| in a direction where it's absolutely expected that a developer
| understands and takes responsibility for every line of code
| that is included in their prodiuct, whether they wrote it
| themself or not. But if that happens, it will fundamentally
| change the way we deal with libraries and how software
| ecosystems work.
|
| Yes, free software devs can smugly repeat their stance of "it's
| a gift so don't complain, no guarantees about anything" - but
| if everyone took this serious, no one could use free software
| for anything critical, so the free software movement would be
| mostly dead.
|
| > _now that they 're decided they have stricter requirements
| for that need?_
|
| I think what made the log4j vulnerability so dangerous wasn't
| the ability to load arbitrary code via JNDI on it's own (even
| though that was certainly a horribly overengeneered and
| dangerous feature). The main vulnerability was that log4j was
| accepting substitution patterns in the "parameters" section of
| a logging command, the main purpose of which is to accept
| untrusted input. There has been at least one other CVE which
| exploits this without needing JNDI at all.
|
| "Don't trust user input" hass been a fundamental rule of
| security for a long time, and it was reasonable to assume the
| log4j authors were aware of it. So the current situation is not
| that requirements have suddenly became stricter, it's simply
| that log4j broke a fundamental assumption about its API.
|
| (I'm also pretty sure that while the JNDI thing was an
| unfortunate feature and was "working as intended", the
| "substitutions in untrusted input" part was likely a honest bug
| and never intended like that)
| jjav wrote:
| Back a few decades ago, companies (at least ones I worked at)
| did not often use open source libraries in products.
| Sometimes you'd go through months of lawyer meetings to get
| some special case approved, but that was rare. So when you
| needed a library you couldn't write internally, you'd buy it
| from a vendor. That came with maintenance and a support
| contract.
|
| As a developer that was a bit of a pain since you had to get
| purchase approval instead of just adding a dependency to a
| build file.
|
| But, I'm feeling that is actually the better model the
| industry should go back to. It meant that developing
| libraries was actually a viable business. Today companies
| just leech off the open source everything, externalizing all
| their costs and dumping the maintenance burden on unpaid
| volunteers.
| burnished wrote:
| How do you 'leech' off of something intended to be used for
| the common good? That perspective just doesn't make sense.
| mcguire wrote:
| " _As a developer that was a bit of a pain since you had to
| get purchase approval instead of just adding a dependency
| to a build file._ "
|
| How much of a pain was it when the vendor refused to fix
| your bug because it, or you, weren't important enough? When
| the vendor went out of business, or was bought by a company
| uninterested in the product you were using?
|
| Oh, and when you consider writing a library internally,
| keep in mind that patents are a thing.
|
| " _It meant that developing libraries was actually a viable
| business._ "
|
| Yeah, I remember that. I remember when there were a million
| billion little companies producing C++ libraries. Then C++
| started to get really popular, and those companies'
| customers went from a small group of experts to a large
| group of, uh, non-experts. Then they discovered that
| support was hard and all went out of business.
|
| I really wonder what would have happened it HP hadn't open-
| sourced the STL...
| nradov wrote:
| I have zero sympathy for the library users who got burned by
| this security defect. It's fine to use free software for
| critical systems, but only as long as you have developers who
| can maintain it internally or a paid support contract with a
| vendor who can do that for you. Those options cost money. If
| you fail to account for that in your software bill of
| materials then you deserve the consequences.
| quags wrote:
| This is what happens as things move more into mainstream from
| a few technical users using this as intended in sort of a
| small walled garden so to speak and then as it grows you get
| non technical users and bad actors. Look how smtp started,
| open for anyone where open relays were expected, to what we
| have today - still a large spam problem, compromised accounts
| with security on top of it. There are lots of rewrites and
| different smtp programs as things like smail and sendmail
| were replaced by exim, postfix and qmail (qmail which is free
| software, but really unmaintained and could be anyone's
| problem if they wanted).
|
| I'd argue if there is an application that being built on
| libraries with out a full understanding of keeping them
| maintained over the years you will get a massive cluster fuck
| with code rot. These are things that are learned with
| experience, as a dev starts they take short cuts and learn
| from the mistakes. It is not a bad system when you are
| learning from your mistakes. There are simple solutions like
| using an operating system that is maintained. Log4j and java
| packages exist for example in operating systems that get
| security updates - and continue to do so for the life of the
| operating system.
| xg15 wrote:
| Yeah, my guess is also that long-term, software development
| will involve less libraries and more "reinventing the
| wheel" for those reasons.
|
| > _Log4j and java packages exist for example in operating
| systems that get security updates - and continue to do so
| for the life of the operating system._
|
| But how does an updated OS help if the packages themselves
| are not updated?
| danaris wrote:
| > Yeah, my guess is also that long-term, software
| development will involve less libraries and more
| "reinventing the wheel" for those reasons.
|
| I very much hope not.
|
| I would greatly prefer to see some certification bodies
| arise that can vet libraries for exploits like this and
| give a certificate of some sort saying "This library is
| safe to use".
|
| Of course, that requires them to have some _extremely_
| good exploit-finders.
| throw0101a wrote:
| > _But how does an updated OS help if the packages
| themselves are not updated?_
|
| Package maintainers apply patches and roll a new package
| version (e.g., +deb11u1).
|
| At some point the package maintainers themselves may not
| want to babysit things anymore and deprecate the package.
| But most packaging systems that I'm aware of have
| mechanisms for applying patches.
|
| In many cases _even if_ the software itself is _still_
| maintained, the package maintainers may only apply a
| specific patch to ensure maximum compatibility.
|
| It's why many of us prefer 'slow moving' distros with
| "old" packages: minimal change for a given version and
| then only when 'necessary'.
| hinkley wrote:
| It's also a competitive problem.
|
| Log4j commoditized log formatting, appending, and rolling for
| Java. If all my competitors use it and I don't, then I'm
| behind them in the market. I spent engineering resources
| creating my own, and add another layer to the NIH snowball
| which will eventually start rolling all on its own if I don't
| constantly invest a small amount of my limited attention into
| stopping it.
|
| I only win if my competitors don't get away with it. Whole
| empires have been built in the time between log4j being
| 'production ready' and the discovery of this RCE bug. I'm
| reasonably sure that the majority of software companies that
| have ever existed, existed during this period, and any of
| them who used Java got away with it, and trillions of dollars
| to go with 'it'.
| imran-iq wrote:
| >Yes, free software devs can smugly repeat their stance of
| "it's a gift so don't complain, no guarantees about anything"
| - but if everyone took this serious, no one could use free
| software for anything critical, so the free software movement
| would be mostly dead.
|
| I don't think they have to smugly reply, it's included in the
| licence[1] of the software that folks chose to use. See
| sections 7 and 8
|
| 1: https://logging.apache.org/log4j/2.x/license.html
| isogon wrote:
| There is social context to licenses.
|
| My employment contract states that I am an at-will
| employee, so my boss could technically fire me because they
| didn't like my haircut. If they were to _actually_ do this,
| I would certainly be slighted by this, probably post about
| it publicly and forewarn others against working for them,
| although they would not have violated the letter of the
| contract nor my understanding of its literal meaning.
| chiggsy wrote:
| There is no such context. The licence specifies clearly
| and completely the terms of use. You cannot handwave an
| unwritten "social context" into existence, that adds and
| obligation to the creators that their licence explicitly
| refused to accept. What you get, of course, is the actual
| source code.
|
| It's understandable that you would assume such a spurious
| obligation, human history is full of references to such
| obligations, up until the age of Big Data, which is when
| we realized that most of these assumptions were false.
| It's been a painful time for all of us.
|
| In fact, the actual obligation is yours, if you decided
| to use this logging library. Seems there was a severe
| vulnerability in the code. It also seems that the people
| who responsibly forked the code, ran their own security
| audit, discovered the vulnerability and then patched
| decided not to make their contributions known to the
| general community of users of the software. They, if they
| exist, seem to be acting as if no obligations exist with
| respect to the code they acquired.
|
| Speaking of assumptions, your proposed actions regarding
| your employment assume that your boss was obligated to
| tell you the reason your contract was terminated. Again,
| no such obligation exists. They can't fire you out of
| disgust for your Satanism, or because of your Innuit
| heritage, or because there are ambiguities regarding your
| gender. Luckily for them, at-will employees can be
| terminated, well, at-will, so there is no need for them
| to specify that it was not, in fact, because of your
| quite stylish haircut. Your public postings might in fact
| earn you a letter from the legal department, since you
| have no way of knowing the real reason was that you
| downloaded logging code on to mission critical servers,
| and lacked either the inclination or capacity to verify
| this internet code, and then when asked about your
| decision to do this thing, you quoted an imaginary
| "social context," an unwritten, unknown construct, that
| in this case silently tacks on the term "users of this
| library will receive free, unpaid support in perpetuity"
| that functioned exactly like Adam Keynes "invisible
| hand," that is, some rationalization to absolve you of
| the responsibility for explaining problematic aspects of
| the mental model used in your decision making. This was a
| vast surprise to the administrators of your company, who,
| understandably, know very little about logging libraries,
| which is why they hired someone to provide the required
| functionality.
| imran-iq wrote:
| > There is social context to licenses.
|
| What is the social context in terms of open source
| software and licences?
|
| > so my boss could technically fire me because they
| didn't like my haircut. If they were to _actually_ do
| this, I would certainly be slighted by this
|
| If we translate this to the log4j scenario: log4j says
| there is no support or warranty provided in their
| licence, however if they _actually_ do not provide
| support or warrant, you would be slighted by this.
|
| To me this does not sound fair at all. Your boss at least
| pays you for your time as part of your contract. What do
| the log4j developers get for their time? Absolutely
| nothing. Yet it is expected they should provide support
| even when the licence says they won't? That's just comes
| off as entitled.
|
| Drew DeVault has blog post that covers this better than I
| can: https://drewdevault.com/2021/06/14/Provided-as-is-
| without-wa...
| isogon wrote:
| Right, and I disagree with that post in this sense: there
| is a social expectation of fitness for a purpose that
| cannot be disclaimed with a license.
|
| Many projects under licenses providing no warranty are
| nevertheless of high quality and well-maintained. Making
| the category in question precise is difficult, but it
| includes log4j. Projects by organizations such as Apache
| and eminent individuals like Bellard or Valsorda fall in
| this category. There is therefore an expectation that if
| you are such a project, yet unwilling to hold yourself to
| that standard of quality, you should make it clear for
| your users. Using a license with a no-warranty clause
| does not achieve it because it is not a distinguishing
| factor. The license, of course, protects from legal
| liability and so on, but no one is talking about legal
| matters here -- only about whether we should be
| collectively unhappy with the log4j maintainers.
|
| The reason for this unhappiness would not be that they
| aren't willing to donate more of their time, but that
| their stewardship of the project is poor. Vulnerabilities
| are found in FOSS all the time; this instance was special
| because the misfeature in question was an egregious
| inclusion in the first place. It appears to be not a case
| of lack of time for review, but a lack of sense to say,
| "no, interpreting strings after formatting is insane and
| will never be part of this library." Obviously, they are
| entitled to include whatever code they want in their
| project, but some code is incompatible with it being
| useful -- if they do not aim to clear that bar, they
| should make it clear, because others in their position
| do.
|
| I would say that something like opening your README with
| "this is not a serious project, you should not use this
| in prod" would be reasonable. This warning needs to be
| front and center and explicit, not merely sating "we are
| unpaid volunteers" or similar. There is precedent for
| this. Yes, some ignore such warnings and complain -- as
| long as this verbiage creates a useful distinction, such
| people are wrong and we should ridicule them. This
| warning would stand in contrast with the great many
| projects which aim to be fit for a purpose in practice,
| such as Postgres, Linux, Blender, etc. Obviously, such
| projects are usually better funded than log4j -- making
| it clear that you're not funded well enough to dedicate
| much time to the project an important part of this
| warning's content.
|
| To continue the workplace analogy, I would be the
| unreasonable one to complain if the company specifically
| warned that they were significantly more trigger-happy
| that the normal company hiring at-will.
| 908B64B197 wrote:
| > However, it might as well happen that this is not enough to
| keep security issues from happening. Things are already
| moving in a direction where it's absolutely expected that a
| developer understands and takes responsibility for every line
| of code that is included in their prodiuct, whether they
| wrote it themself or not. But if that happens, it will
| fundamentally change the way we deal with libraries and how
| software ecosystems work.
|
| That's one of the differences between coders and engineers.
|
| Coders just import libraries to avoid re-inventing the wheel.
| Engineers consider each import as a dependency they'll have
| to maintain, buy support for or replace. Log4j just
| highlighted this difference, with some knowing exactly what
| to patch and others franctically trying to determine if one
| of the thousands of dependencies they imported into their app
| actually used it.
|
| > Yes, free software devs can smugly repeat their stance of
| "it's a gift so don't complain, no guarantees about anything"
| - but if everyone took this serious, no one could use free
| software for anything critical, so the free software movement
| would be mostly dead.
|
| There's a simple alternative: hire the devs.
| mcguire wrote:
| " _" Don't trust user input" hass been a fundamental rule of
| security for a long time, and it was reasonable to assume the
| log4j authors were aware of it. So the current situation is
| not that requirements have suddenly became stricter, it's
| simply that log4j broke a fundamental assumption about its
| API._"
|
| Once you see it this way, the whole "open source is broken"
| debate goes out the window. It was just a bug. A bad one, but
| not anything that hasn't happened before and won't happen
| again, open source or not.
|
| " _Yes, free software devs can smugly repeat their stance of
| "it's a gift so don't complain, no guarantees about anything"
| - but if everyone took this serious, no one could use free
| software for anything critical, so the free software movement
| would be mostly dead._"
|
| Free software devs _have_ to smugly repeat "no guarantees
| about anything" in the same way that non-free software
| development has to do it: Otherwise all software development
| would be mostly dead.
| BeetleB wrote:
| > Because for a long time, libraries have been advertised as
| building blocks that you can quickly integrate into your own
| application without having to understand in detail how the
| library works.
|
| Libraries _in general_ have been advertised this way, but it
| 's not true for any given library, unless the library
| maintainers make that claim. In fact, it's quite common for
| people to release libraries with the exact opposite claim:
| They are not liable for anything that goes wrong, and they
| don't promise any support.
|
| It is a bit offensive to have expectations from someone when
| the person makes it unambiguous how their SW can be used, and
| where their responsibility lies.
|
| Now yes, it is true that many major, popular open source
| libraries do make a show of their libraries being reliable,
| and do provide support. And those that do tend to have more
| adoption. But even a number of those do say "Hey, we're
| putting in this effort, but are not _promising_ bad things
| won 't happen."
|
| > Yes, free software devs can smugly repeat their stance of
| "it's a gift so don't complain, no guarantees about anything"
| - but if everyone took this serious, no one could use free
| software for anything critical, so the free software movement
| would be mostly dead.
|
| This is transforming a continuum into a fairly worthless
| binary scenario. You're not going to have every library say
| "We won't provide support" just as you won't have every
| library say "We'll follow best security practices" - so why
| bring it up? It's trivial to show the latter would have
| likely killed the free SW movement too.
|
| The reality is a continuum. And that is how the free software
| movement succeeds.
| daniel-cussen wrote:
| > If I give you a puppy, and it gets sick, should the vet bill
| me?
|
| > If I gave you a car, and the wheels fall off two years later,
| is that my problem?
|
| So in Western culture there's this notion that a gift creates
| no further obligations. The recipient should just be happy he
| got what he got and not expect anything more. As if to say, at
| least you didn't get nothing, you can still get nothing, you
| want nothing?
|
| I would say with the puppy if it gets sick and the recipient
| can't afford it, you should accept paying the bill. Before it
| was the "giftee's" puppy, it was your puppy for some small
| amount of time after you got it and before you gave it. Surely
| when you gave me a puppy you expected me to be able to keep it
| alive, right? And as for the car, it's not right to give
| someone a car whose maintenance they can't afford. The puppy
| and the car are two excellent examples of gifts that cannot be
| given without forming a relationship between the giver and the
| receiver.
|
| On the other hand a gift you can give and split and that's it
| is food or money. Just handing money to a beggar, he might ask
| for more, and you can walk.
|
| In some African cultures it's more like, if you do me a favor,
| do me another favor, and then we're true blue and you can rely
| on me to help you in return, but never in a tit-for-tat manner.
| It's in the book Debt: The First 5000 Years.
| georgebarnett wrote:
| The software library in question wasn't gifted. It was made
| open/available for re-use from a library.
|
| The person who chose to put it into _their_ code took
| ownership of its ongoing maintenance in their instance of its
| usage (presumably because they felt that would be less work
| than entirely diy).
|
| There is no puppy here.
| pas wrote:
| It's prudent to decline a gift if one doesn't really have the
| circumstance to accept it responsibly. As in the case of a
| puppy. Or an offered position. (Eg. if someone shows up at
| your doorstep and gifts you a military rank and accepting
| that would make people to expect you to go and lead them in
| battle.)
|
| But a car is not a liability. They can sell it. It won't "go
| bad like a puppy" if it just sits in a garage.
| daniel-cussen wrote:
| A car is a liability. And it does go bad if it sits in the
| garage, the tires, the battery dies...Plus the space it
| takes up. Maybe if you didn't have that car in your garage
| you could do something interesting with that garage, like
| form Hewlett-Packard or Apple? I expect there wasn't a car
| in those garages. So it takes up space, about the same as
| what you need to house someone, and if you want to sell it
| you I suppose have to drive it...no I guess you're right in
| that regard, you can show it to people until you sell it.
| But it's better to regift it, so you're not responsible for
| harm that could come from bad condition, in fact come to
| think if there's no trust it might itself be a regift.
| Yeah, it's a liability.
| aflag wrote:
| Worst case scenario, you can throw the car away. You had
| no car before receiving it as a gift, you'll be not worse
| off if you throw it away. The dog is a little worse
| because you may become attached and in general, you can't
| really treat animals like objects in our society.
| daniel-cussen wrote:
| Throw the car away how? What type of garbage do you put
| it with, recycling or compost?
| aflag wrote:
| You can get it towed to a junkyard and they will even pay
| you a little bit for it, probably enough to at least pay
| for the towing costs. Otherwise, I'm sure you can arrange
| something with your council.
| kelnos wrote:
| Is that true? I would expect that most junkyards would
| charge you both for towing and scrapping the car.
|
| (Granted, nowadays, due to the supply chain issues and
| component shortages, people will pay an arm and a leg for
| a car that even barely runs, so there's that.)
| aflag wrote:
| They won't tow it for you. But they will usually pay for
| your car if it's in any reasonable condition, though not
| a lot. Maybe it's different in different countries
| dasil003 wrote:
| This cultural expectation follows naturally from the nature of
| software. Software (especially of the networked variety) isn't
| something you can just deploy and be done. It has to be
| maintained to continue running over time as the ecosystem
| changes. The cost of this maintenance is lowest when amortized
| across the largest set of users, hence the success of open
| source software, and the desire to avoid forks. The people who
| are most qualified to maintain software are the original
| creators, so that is the path of least resistance.
|
| Of course no one is obligated to maintain anything, open source
| maintainers abandon stuff all the time without any
| repercussions beyond passive internet rage.
| andrewflnr wrote:
| Yep. The puppy analogy falls apart when you've given the same
| puppy to 10,000 people. All of them _could_ pay the vet bill
| separately, but we instinctively recoil from that as being
| horribly inefficient (and personally inconvenient) when it 's
| possible for just the one puppy-giver to pay it.
| rapind wrote:
| I think it could be both a user and an industry issue.
|
| Lately I've been experimenting with treating many libraries as
| a starting point in some of my projects. Meaning I read and use
| the code, often removing things I don't need.
|
| So I fork and maintain my own lesser / crippled version (and
| hope authors don't take this as passive aggressive criticism!).
| This helps me lower attack surface and better understand what's
| going on.
|
| This doesn't work for everything obviously. I'm not forking an
| OS or database, so there are still lots of black boxes, but for
| some stuff for I'm liking this approach.
|
| Now if another dev inherits my code I doubt they'll see it my
| way. The industry wisdom points at simply assembling libraries
| and only writing your specific business logic. So what if you
| use a library to do one thing that just happens to do 100 other
| things (this having a much larger attack surface and bug
| potential)?
|
| I don't know yet if I'm being foolish or if I've stumbled on
| some ancient programmer wisdom I simply failed to grasp
| earlier. At least I'll probably never run into a leftpad issue.
| kelnos wrote:
| I've been thinking about this too. Most of my JVM projects
| use slf4j and logback, but the same concept applies as for
| log4j. I probably use less than 10% of the features provided.
|
| I log strings at different logging levels, and want to be
| able to set the level globally at which log lines actually
| get emitted. My use of interpolation is dirt-simple: I just
| expect the logging framework to call ".toString()" on the
| things I pass. I log exceptions, and expect the framework to
| emit a stack trace in addition to the exception message. I
| log to stdout, and use pretty much the same log-line format
| for everything. I like the loggers to be named, and
| occasionally use the ability to change the log level on a
| per-logger basis.
|
| I could build this set of features in... I dunno, a day?
| Sure, it would take me a lot longer to build the entirety of
| slf4j+logback, or log4j, but I don't need 90% of their
| features. So, yeah, I'll continue to just use slf4j+logback
| (hell, maybe I should use slf4j-simple); the idea of writing
| my own simple logging library doesn't really interest me all
| that much, even if it wouldn't be too hard to do so. But I'm
| still carrying around all this extra attack surface, and
| that's unfortunate.
| FridgeSeal wrote:
| > So what if you use a library to do one thing that just
| happens to do 100 other things (this having a much larger
| attack surface and bug potential)?
|
| I've wondered about this for a while, and one idea that's
| crossed my mind is whether compiler stages could be
| introduced to do this. For example, you add a dependency, you
| use a few methods and structures. You compile it, the
| compiler goes through your code, looks at what traits,
| implementations, etc that you do and don't use, it grabs just
| the code required to satisfy these, and proceeds as normal.
| At the end it spits out a little report for you telling you
| what specific things it included/excluded from your
| binary/library. Like tree-shaking in JS but better.
|
| Maybe this already happens during dead-code-elimination
| passes, or during some other compiler step, maybe most of our
| libraries are far too interconnected/non-modular to be able
| to do this without ending up with the whole dependency
| anyway, maybe it's computationally infeasible due to some
| result in Computer Science, I don't know-and wouldn't really
| know where to look to find out-but if it could be done, and
| if we could go even further to embed this metadata into the
| resulting binary itself, we'd at least have a provable way of
| saying "my application is safe from x because it does not
| include <vulnerable part of lib y>".
|
| I imagine to do this, you'd need to operate on source code-
| unless there's some magic way to do it with precompiled
| binaries-and runtime dynamism would make things extra
| difficult, but it's an interesting idea.
| kelnos wrote:
| This is pretty normal for compiled languages like C, C++,
| and Rust; the linker will throw out functions and classes
| that aren't used. In Java it's a bit different, because the
| compiler doesn't know if some code is using reflection to
| talk to some other code, so it can't safely throw away
| stuff that isn't directly referenced. Even then, tools like
| ProGuard can help you trim out code you don't use, but I
| don't think they're used all that often outside of mobile.
|
| But the log4j thing really isn't in the same class because
| it's not really "code that wasn't used". It's code that
| probably users didn't expect was there, and if they knew
| would probably not want used, but it's there, and the
| proper functioning of the library included that code path
| that allowed for JNDI interpolation. Whether or not that
| code is really "needed" is not something the compiler can
| really figure out, at least not without teaching the
| compiler that very very very specific thing (which would be
| madness). And even then, let's say you bizarrely _wanted_
| to be able to do things very much like what the log4j
| exploits do, there 's no way the compiler (or even some
| kind of specific purpose-built code scanner) can know
| whether or not some string that might be supplied by a user
| in the future is going to trigger this JNDI interpolation
| code.
| renewiltord wrote:
| It's just a natural outcome of the fact that most programmers are
| talkers, not doers. Naturally, they go online to talk about how
| they wouldn't have written the bug and haven't ever. But the
| truth is that's because they've never done anything worthwhile.
|
| It's like the whole OpenSSL thing again.
| athrowaway3z wrote:
| I appreciate that this is just some over dramatic roast, but
| claiming that some parts of open source are suboptimal wrt
| security is a "non causal observation" means you're ignoring the
| difference between 'warning' and 'example'.
| lambdatronics wrote:
| Wow, the "Authoritarianism" section is the essay I wish I had
| written, but better than I would have written it! Thank you!
| runningmike wrote:
| 'You literally cannot pay for it. If you do, it becomes something
| else.' This is mot true and imho misleading. You can pay for GPL
| software. Many people do pay a lot for FOSS software. You can pay
| devs that develop GPL software. And it will still be FOSS.
| Payments do not change wether software is FOSS or not.
| tonyedgecombe wrote:
| >Many people do pay a lot for FOSS software.
|
| A few. Most people leech.
| jdiez17 wrote:
| In that case (using the article's analogies), you are receiving
| a gift (GPL/FOSS software), and choosing to give them a gift as
| well (money). Both transactions are 100% no strings attached.
| jopsen wrote:
| I bought qcad a few years ago (used it for a hobby project),
| I payed for it because compiling from source would have been
| a hassle.
|
| Note. qcad is open source.
|
| But yes, there is a limit for what you can charge and how far
| you can scale that model :)
| [deleted]
| adamgordonbell wrote:
| There is a book, called 'The Gift: How the Creative Spirit
| Transforms the World' that is popular in author circles. It's
| about the gift economy and how it's different than capitalism and
| how creative endeavours are really part of the gift economy, not
| the cash economy proper.
|
| I honestly got a bit bored of reading it and stopped, but the
| idea stays with me. This essay captures some of that idea - why
| you can't pay for a gift, how gifts work differently. They are a
| form of capital in that gift givers get social credit or
| something, but it's a very different system, a more traditional
| one than capitalism.
| jboynyc wrote:
| You might have more fun reading Marcel Mauss' classic, also
| called _The Gift_ , on the structure and function of gift
| exchange across various societies.
| gowld wrote:
| "gift economy" is also the model underpinning Free Software.
| throwaway4aday wrote:
| It's also the model underpinning bribery. It's multi-purpose.
| ignoramous wrote:
| Does the book talk about one among the dangling questions the
| author posed but didn't answer: _how simultaneously, whole
| promising branches of the "gift economy" structure have never
| been explored._?
| tehjoker wrote:
| The gift economy part was good, the poorly read philosophy on
| communism lacking in class consciousness was yawn. Points for
| recognizing authoritarianism from capitalism. Negative points for
| assuming the US government was designed to secure liberty for all
| rather than the landed classes.
| a4isms wrote:
| Fred tosses and turns, unable to sleep. Wilma sits up. "Fred,
| what's the problem? Why are you tossing and turning?"
|
| Fred comes clean: "I owe Barney $10,000 and I promised to pay it
| tomorrow. And I know he needs it, because he bought a new set of
| golf clubs to use at the company golf tournament this weekend on
| credit, and if he doesn't pay, he'll have to take the clubs
| back."
|
| Wilma picks up the phone. "Betty? Sorry to call you so late, but
| would you give Barney a message? Tell him that Fred doesn't have
| the $10,000 he promised. Yes, that's all. Good night!"
|
| Fred stares at Wilma, aghast. "What did you do THAT for?"
|
| Wilma smiles. "It's Barney's problem now. Let him toss and turn,
| we can go to sleep!"
| hemmert wrote:
| Thanks for that gift of an article!
| Centmo wrote:
| If you liked it so much, why don't you give a donation :)
| z3t4 wrote:
| I will read it for free
| draw_down wrote:
| andybak wrote:
| In case I forget when I'm done - I'm half a dozen paragraphs in
| and I want to say how much I love this style of writing.
| ignoramous wrote:
| You're not the only one:
| https://news.ycombinator.com/item?id=2320966 (2011)
| coderintherye wrote:
| Somewhat related to the points about authoritarianism, a book
| review of "The Conquest of Bread" that had some discussion about
| a month back: https://news.ycombinator.com/item?id=29349688
___________________________________________________________________
(page generated 2021-12-31 23:02 UTC)