I guess I just vehemently disagree. Nearly all of the early open-source software that made the internet possible was produced in universities. The only reason it was sustainable was because it was professors being paid by the university, or students doing it for free. Implying that means it's viable for all these other projects that were created and maintained outside of a university setting is just not accurate. There's also this fallacy of: it worked this long so it will continue working forever.
For me the long and short of it is: the only way I can foresee open source working in the way the purists want is if there is a universal basic income. SOMEONE has to pay the bills, and as we've seen time and again, hoping to feed your family on donations is a fool's errand. With UBI, artists of all kinds (including developers) can pursue things that would otherwise be impossible. Without it, we're left with the constant push and pull of people either burning out maintaining stuff in their spare time, or hoping a given corporate maintainer wants the same features and functionality as the community.
His basic view is that Open Source is the dominant model today, but tension comes as very little of the value produced comes back to the community that creates this value. He argues this will always be 'the bare minimum' by virtue of economics, but that if something important slows down too much someone will put some money in it. But this is a model that operates and works. It is borne out by his history in postgis, which is maintained by a small number of people mostly in moderately-profitable service companies, in the red-hat mould. He's concerned about value being captured by cloud companies though who frequently don't employ open-source maintainers however. Some of this is further expounded in another talk by him here [1] (slides at [2]) on the future of open-source where he is very bullish.
[0] from about 19:00 onwards here https://thegeomob.com/podcast/episode-88
[1] https://www.youtube.com/watch?v=NQ5_NnrBHjo
[2] https://docs.google.com/presentation/d/1-PAgIk9--nedCdfMGEwh...
And yet every time I have mentioned to my management that it would be great if we could take 1% of our consulting budget and funnel it towards PostGIS, they respond almost bewildered...why willingly pay for something that we already get for free? It's frustrating and I have no idea how to remedy it.
of course FOSS has always depended on people who had the resources to work on it. in the beginning this was only universities and as FOSS got more popular more funding sources appeared.
the problem that we are facing is not one of funding. there is plenty of funding available. the problem is a generational shift of that funding.
people who used to be able to afford working on FOSS no longer can because their life changed. they are no longer students, they have a family and so on.
FOSS development will continue. the fallacy is to believe that an individual contributor will always be able to keep contributing for the rest of their life. we need to acknowledge that unpaid FOSS contributions are limited to a few years of an individuals life. and after that they need to move on. and most do. those that didn't move on but continued contributing were those who managed to find additional funding sources.
the problem and the difficulty is that we get more and more software that is not new but needs to be maintained. most of those using their own funds will want to work on their own new software and not maintain someone elses.
so the questions is not how do we fund FOSS development, but rather how do we fund FOSS maintenance. that is the new thing that we didn't have to deal with a few decades ago
People don't need to maximize income. I volunteer because I have enough and money isn't the only objective.
Open source doesn't need to pay faang salaries to exist.
Well the point of open source is it works however the person opening the work wants. There’s a license compatible with every philosophy out there. Take your pick.
Open source isn’t broken because it can’t really break at all. For something to break it would have to have a concrete form to begin with.
When people are growing up it's easy to get swept up in ideas like, "if only everyone saw things the way I did, everything would be perfect and so much better than it is right now".
There will always be lots of conflicting ideas about how software should be developed and distributed and so far none of them have proven so effective that all of the others have fallen by the wayside. IMO the best anyone can do is advocate for whatever makes the most sense to them, but not make the mistake of thinking that anyone has all the answers.
I'm surprised no one mentioned that there was no personal computer. Where else would you get a computer to develop free software back then?
I suspect I'm a "purist" by your measure, and I disagree completely. University professors, students and volunteer contributors/maintainers will continue to exist going forward. Nothing has to change.
The problem is that this doesn't "scale" at the rate demanded by corporations, and corporate engineers[1]. The problem is not with FOSS - it is on the voracious consumption side. I suspect the volunteer vs corp usage will follow the Predator-Prey cycle, with volunteers being the prey. When the predator population grows too large, it will set off events that will lead to its population collapsing to a sustainable level. The onus is on startups/medium & large corps to help scale FOSS - not UBI or the like where the corps continue to freeride (which is fine, to a point)
1. Disclosure: I'm also one, in addition to being a volunteer contributor. I volunteer as a way to give back to an amazing project, and I earn a salary that meets all my needs.
Well... BSD unix was. Unix itself was Bell Labs, the original TCP/IP spec was done by DARPA contractors (mostly BBN). HTTP was CERN but the breakthrough "browser" product was venture funded. GNU was a private organization, though RMS's office was provided by MIT for years and years. Linux obviously was an established community effort long before anyone with deep pockets showed up. Post-90's "corporate" open source has emerged basically everywhere, with Google and Intel being big early players (Facebook and Microsoft have been late to the game but done very well for themselves too).
I think if anything what this proves is that "Open Source" is going to pop up basically anywhere it's allowed to, and that any pronouncements about where it "really" came from are probably not informative.
UBI is not a solution because it would, at best, pay poverty wages. People with the skills to be effective core contributors also have the skills to be paid much, much more for their time. Few people, and definitely not enough, are going to sacrifice the living standards of themselves or their family for some ideal of OSS.
There are strong adverse incentives that make it improbable that the people designing and building OSS are who we as users of OSS would want to be in that role in an ideal world. This has been getting worse with time. The risk for OSS is that those adverse incentives are never addressed.
Of course as with all things the situation is more nuanced than this. Since you mention database engines we should keep in mind that without Stonebraker and 39 of his students[1] there would be no Postgres. Yet without incentives and many years of contributions from professionals (and students who would become professionals) we would not have PostgreSQL. A healthy system has a place for contributors of all levels of experience.
1- https://momjian.us/main/blogs/pgblog/2020.html#September_21_...
universities were being paid by the military, who get their money from the taxpayers.
A fraction of some talented persons time from say HP is probably worth 100x first year developers who aren't paid to understand the tools the company is using.
To turn your argument on its head how much would every company have to invest to build a modern website from complete scratch in isolation? Then think why do that when you can effectively spread the cost?
Both approaches have ups and downs but I'm not sure the "someone always picks up the cost" isn't anything other than a statement of realism. It is a good reason to explain why nobody just works on a project in their basement for free and do nothing else, but doesn't role out being able to do this if responsible companies pick up a fraction of the tab they should be paying via donations.
As others have said a huge amount of the value comes from support, community and the contributions from many people, be they working on the same tools for a product they sell, to make a product or service they plan to sell or to scratch that itch on that project in their spare time they're playing with.
Yes, and released with the BSD license, then copied.
If does not produces flawless miracles, but commercial software is not flawless either. The log4j bug has impact it has literally because open source was successful.
OSS is broken, but I'd even go so far and say that most of software is, because money is often an after thought.
Essentially honest FOSS will be available when we evolve to "From each according to his ability, to each according to his needs"[1] type of society.
Human race is clearly on asymptotical track to that. But not yet.
[1] (C) 1875, Karl Marx.
“No plan of operations extends with certainty beyond the first encounter with the enemy’s main strength.”
http://connect2amc.com/118-strategic-planning-moltke-the-eld...
Not that I entirely reject the ghist of your claim, but what about:
* Older, retired people?
* Spouse working for-pay supports spouse working on FOSS?
* Part-time for-pay work, rest of time FOSS (like myself...)?
In those situations you pay the bills without donations.
Open source is still remarkably successful and the only reason why the whole Log4J RCE is such a big deal, is because the library is hugely successful. The failing isn't in the work of the author(s), but those of us who been consuming the code. We don't need to fund the main developers, what we need is for the project, and projects like it, to be true communities. That mean that all the companies who have been relying on open source need to allocate time to community work.
We pay for open source software by helping build it and that goes beyond creating an issue on Github or complaining about missing features and poor documentation. We all part of the open source community, but we seem to have forgotten how it works. Now we believe that we can throw money at the problem, but that still leaves a single developer with the responsibility for a massive code base. OpenBSD was right: "Show us the code or shut up".
We don't need to turn OS maintainers into service providers that sell support contracts to enterprises.
Enterprises could just contribute to projects in kind, eg. by auditing a library, by fixing a bug, or by writing some docs.
Are you sure that's even a contradiction? I mean, if you start with a developer community, and add a lot of people who simply had not been exposed to / using the software, you get to the situation of "most of us being just consumers of the code".
Now, you could argue that communities have been fraying/weakening over the past few decades, but that would be almost an orthogonal argument.
> That mean that all the companies who have been relying on open source need to allocate time to community work.
We need to funnel some social resources into building and maintaining such communities. If companies were to do that, then great, or rather, not great but sort-of-ok. The thing is, they aren't doing it, as they are fundamentally motivated not to: It hurts their profitability (except perhaps for vague extra-long-term concerns). So, it's not useful to say that "companies should do it".
Valid point, but so far NO useful solutions have appeared. I don't need log4j, my employer does. So why should I pay the developers? Because that's the only other solution I've seen presented.
I think that there's a great deal of "brokenness" in the way that the software development community works, in general. Because OS is so ubiquitous, and because, as the author mentions, so many people make money on it, we think of OS as the problem.
I think the general quality level of software is catastrophically bad, in many instances. This is because people rush to do "big things," and they aren't actually ready to manage these "big things."
One example is overengineered design. This is something that we're all guilty of. Indeed, today, I am in the process of completely rewriting a view controller that I designed, that has that whole "Lucy and the Chocolate Factory"[0] thing going for it. The only solution was to take off, and nuke it from orbit.
When I create an overengineered design, it becomes brittle, and difficult to maintain or extend. What triggered my rewriting this, was because I needed to modify the way that the layout was done, and found it to be a complete bitch to figure out.
Fortunately, I am very experienced, and also wrote the original (messy) code. It would be another matter, entirely, if it was a "black box" dependency. I probably would have avoided modifying the layout, which would have resulted in a much lower quality of UX for my app.
EDIT: I also don't want folks redistributing custom builds or effectively reselling it somehow. I'm a solo dev, I don't have the resources to litigate and enforce any kind of restrictive license.
You don't have to. open sourcing does not mean putting it on Github with an open bug tracker, you could simply offer tarball downloads, mention you don't support it, and ignore any email about it.
For example, the XNU kernel at the heart of macOS is open source, along with some of its kernel extensions. Apple isn’t interested in having other people work on it though or having their commit history unveil vulnerabilities, so they just squash all the commits into one and release the tarball for every new macOS version.
Open-source kernel? Check.
What I would recommend if you release an executable using native code. You should look into distributing debugging symbols. The private symbols contain function names, sometimes variable names, and all library calls, but not the source code. This means auditing is extremely easy, but stealing it is a bit hard. It also lets them run your stuff under a debugger extremely easy or make patches through instrumentation.
I just state clearly in README that certain projects of mine are open source but not open contribution. This way people can follow development and modify things to their liking if they want to, but I don’t need to hear from them.
Of course don’t do it if you don’t want to see others repackage your stuff.
Consider allowing some trusted users in your community audit/demo access? The developer of the AetherSX2 emulator for Android worked with the PCSX2 team (Open Source parent software) and YouTubers/other established media in the emulation community to verify their claimed improvements and reputation. https://pcsx2.net/301-aethersx2-pcsx2-mobile.html
At the end of the day, the code is written in Go (highly reduced attack surface), doesn't need to be exposed to the internet (works fine locally or over a VPN), and functions perfectly fine with outbound internet access blocked (no phoning home or tracking). I built it the way I want self hosted software to work.
I don't have/use Android, so no dog in this fight, but I can say these things happen in pretty much every other non-niche platform: iOS, Windows, Mac. I've even had people cloning a VS Code extension I did.
I was a penetration tester for a while and it was quite common for my clients to have customers who requested a security audit of their product. We would conduct the assessment and provide them with a letter that basically says we did an audit and we found x number of crit/high/med/low issues and then did a retest to verify that client fixed x number of crit/high/med/low issues. Might be worth a shot!
I know Mozilla has also done some similar stuff, but they normally release the entirety of the report. https://blog.mozilla.org/security/files/2021/08/FVP-02-repor...
Understand that some people will avoid your app and look for something that is open-source, for various reasons. So they can be confident they'll never have to pay, so they can theoretically fix bugs and port to newer platforms if they need to, so they can be confident there is no underhanded reporting or remote-control in the software, whatever. When looking for something, I value and prefer open-source alternatives, myself.
But that's not everyone, and that's fine. You don't have to open-source your app.
I publish all my hobby projects on GitHub. I have zero expectation to ever get paid for it, even though I know some big companies have used libraries I've written. I am not sure I even want to get paid, as that would increase my accountability a lot!
Do I feel exploited?? Not at all. No one asked me to do it. I do it because I like contributing my knowledge and I hope it will benefit someone doing good work some time... even if most beneficiaries are indeed greed, for-profit organizations. I also use heaps of "free" products by these same greedy companies... my website is hosted entirely free (with HTTPS and everything) by Netlify... I also have several project websites on GitHub Pages (free), run my CI on GitHub , TravisCI and, AppVeyor and CircleCI (all completely free), write some code on IntelliJ (Jetbrains), emacs (ok, this one is not from big co.) and VSCode (big bad MSFT) which are all totally free to use.
My browser is also completely free, thanks to Mozilla!
Sure, they use lots and lots of OSS, but without those, these products might never have existed as the cost to create them from scratch or by paying every single OSS library for use would have been prohibitive.
So, I agree with OP, OSS is working just fine.
The dozens of copy-pasted comments left by mbrodersen on the other post can only be interpreted to be against the claim that companies are exploiting open source maintainers here. Under this argument that was copy-pasted dozens of times, companies paying exactly $0 for software set at $0 are behaving in a natural and predictable manner within "the marketplace." It's an unambiguous argument. It's impossible to miss because it was copy-pasted dozens of times.
Now, I didn't notice the dozens of copy-pasted mbroderson comments being flagged or downvoted. Nor did I notice dang explaining to mbroderson that copy-pasting a low-effort "market mechanics" retort throughout a long thread is against the rules of HN.
And now that argument-- which again, was copy-pasted dozens of times on the other thread-- is in the ether. You cannot merely ignore it and claim that "both sides" are somehow saying the same thing. One side clearly isn't, at least a dozen times, copy-pasted.
So I'm curious what you think about the claim that nobody is exploiting anybody here, because if open source devs want greater than $0 from companies that use their software they should charge greater than $0 to companies that use their software.
I think I stated the claim correctly-- if not perhaps mbroderson can copy-paste the argument here.
I do not have real data, but I assume that more than 50% of the effort invested in open source is not directly paid by a company. For the Linux kernel 20% to 30% of the commits come from people doing it as a hobby, the Linux kernel is supported very well by big cooperations.
A lot of the business models that are exploiting OSS and OSS maintainers are very much parasitic. I think industry needs to be reminded that the first rule of being a parasite is "don't kill the host." That is what is happening as companies monetize open source and then don't support the team creating and maintaining the software they are exploiting.
Then again, I also give my poetry and my (2 completed) novels away for free. I'm not the greatest Poster Child for the Capitalist cause.
If open source is broken, it must be repaired.
I have contributed to OSS for over 2 years and it makes me feel fun and feel a sense of achievement. And I feel so grateful towards who had contributed to open source and had cultivated open source culture. I received help a lot from OSS and lots of open knowledge from the internet. And now I want to give it back to open source culture and I think I am making the world better a little bit.
They are literally arguing the same things. The article he is arguing against is not trying to shit on open source. It's trying to explain how insane it is that so much open source development is so critical but so massively underfunded.
The original article isn't saying that the idea of open source is fundamentally broken. It's the consumers of open source software whose morals are fundamentally broken.
Please, for the love of all that is holy, just spend like 5 extra minutes reading what you are arguing against next time. This is so embarrassing that I'm feeling the second-hand embarrassment.
The entire underpinning of free and open source software is silly: software in this context isn't an academic pursuit producing knowledge that should be freely shared to our collective advancement as a civilization. It's a hammer, a wrench, a table: in short, a product. That fundamental category error made by our community is the source of all the problems with F/OSS, financial and otherwise.
I've been a consultant for over 10 years. I always make sure to ask for access to any documentation for systems I'll be working on. I think I've gotten significant (out of date) documentation maybe once. This isn't an issue stemming from being open source.
That becomes a lot of work very quickly, so I tend to only get involved in libraries that will quickly hit some kind of stable maintenance mode or in which I have personal stake and thus just need to polish up my own notes for how to get off the ground.
Copying and running code is (effectively) free, developing, maintaining, and auditing code is still expensive. Folks who want to use software without paying the costs get what they pay for, eh?
I feel that if there's anything the community is doing wrong, it's in the emphasis on new and shiny rather than mature and stable. I feel we should be entering a "contractile" stage of (global IT) development, with consolidation and convergence of software and hardware replacing the wild burgeoning and rampant growth of complexity.
"Like, complexity is an existential threat, man..."
Someone working on open source to have fun is more likely to invest their time in more features instead of better documentation.
Here companies or users like you could step in and contribute better documentation or pay the original authors to improve the documentation.
… from corporations that don’t bat an eye at donating billions to (often dubious) “social” organizations - often ones that criticize them anyway.
Some “social” organizations are much better at this and have very good people taking care of marketing and accounting to people who control money.
Most members of open source projects just want to code and not take care of tax exception for donations and filing out the correct tax forms in time.
Honestly, I am not sure why there is an argument anymore. Let people write or use free or proprietary software as they see fit. You all know the pros, you all know the cons, make a decision and god's speed, live your life. I side with the free software. You do you.
There is a lot more happening behind the scenes than you know of, I make a tiny fraction of my donations public knowledge.
> The irony of bashing open source on a website using systems/code/infra containing thousands of open source lines of code which I am sure they haven't paid for... has probably escaped their attention.
Hey, what are your thoughts on the OP's argument, though?
I read your article and it did seem to have plenty of truth to it, much like other articles that i've read in the past: https://staltz.com/software-below-the-poverty-line.html
Personally, i use a lot of open source software and i definitely won't pay for most of it, many people out there won't pay for any of it. I don't find that ironic, i find it sad. There is no obligation or anything to encourage anyone to donate to the authors, most people don't care.
If i went to work on Monday and suggested that we as a company throw money at open source, i'd probably be looked at funny. In the company, near the holidays we have an initiative where employees vote for charities and each vote gets 100 EUR donated towards them... but curiously, no one even considers something like that for open source projects, despite there being hundreds if not thousands of those in their dependencies.
I think it's probably a cultural issue to some degree, simple psychology otherwise.
Edit: it seems like i cannot edit it anymore, but it was not meant to be disrespectful or on purpose.
Eg
- Post on twitter/facebook - pay for a proprietary stack - pay for an open source stack (donate) - print stuff and hand them out in person (half joking, but you get the point i hope)
This is literally the 'yet you participate in society' argument.
However the author has the following options: - pay for proprietary stack of technology to publish their website - pay for the open source software they are using (donate) - not do any websites and publish their opinion on other social media or even physical print. Write a papper, print flyers - do literally nothing
All of these are actual viable options. Not participating in society kinda isn't an option if you wanna live
Would it be possible to create an insurance policy against these major FOSS vulnerabilities?
The insurance company would then require audits of your tech stack, and fund security research. This is analogous to what car insurance companies already do. And then companies who are not insured are viewed as suspect, etc etc.
There's apparently a misalignment of incentives because there's a break in the chain of responsibility. The idea here is to close that loop.
As many have said that the only defense against data extraction of personal information is to not collect them. I think this collection has to become more expensive than the benefits to marketing and advertising. Insurance might help here, but I expect premiums to be high if risk is adequately and realistically assessed.
Against exploits like the log4j thing... the library is popular and was used for years. In open source and commercial software alike. I doubt any audit would have found the problem. Most probably didn't expect it in such a library in the first place and would have started review with the more arcane dependencies. The only benefit of other components is probably security through obscurity. But what would you insure against here? Against exploits in software in general? I don't think that would improve software security in the long run.
if you think that software quality and risk can be so easily quantified then you clearly dont have your hands in software.
If it's something harder to predict, is there a way you could put error bars around it? Granted premiums could get high as a result.
Even software companies are charging rent for what already exists, and using some of that to develop their next version or new product.
The zero cost reproduction enables the free collaboration, but doesnt fit our existing ideas around paying for things.
I think that notion that all commercial software is rented needs to be widely understood.
Our whole capitalist system has no means to encourage us to leave nature alone where it happens to provide us immense value. Our system just destroys it (and eventually itself in the process). That we even allow monopolies on products that are basically just ideas is a grotesque aberration.
Although we need to fund development, a lot of it could happen without funding if we simply supported healthy natural systems and didn't have legally-supported monopolies. The challenge that open-source projects have basically amount whether the developers can live okay enough and not have to deal with competition and exploitation from large-capitalized monopolists.
That's why companies buy libraries from other companies that are supported - as in the liability can be passed down the line.
Not really. Redhat sells support, Microsoft charges rent. This is made even more explicit with SaaS - Software as a Service. Nobody is providing service, they're simply providing access to the capabilities of the software for a fee. That's rent.
Development teams are usually classified as cost center, not any kind of customer service.
While I very much agree with the article on it's core topic, this is incorrect. It is not illegal thanks to the license. The FOSS world created the licenses, it is made legal by choice, it isn't due to the system. "The system" very much allows for this problem to be entirely avoided.
If you're happy making free software but you don't want anyone to profit from your work without cutting you in on the success you contribute to, consider a dual license. Maybe the free software world should consider addressing this problem in some license scheme, a couple of options being royalties paid if the software is used in profit generating endeavors, or even something more restrictive, like requiring all derivative works and works being supported by licensed software to release their source as well. Imagine if Android were licensed in this way, google would not get to marry proprietary crap to it, as just one example.
If you're creating cool stuff and giving it away, great! No obligation.
If, however, you're creating a paid product or service -- there already exists a ton of law and precedent and ideas about obligations. We just need to remember these and start using them again.
These ideas and law generally point to: If you put a product out there, and make claims about what it can and cannot do (either explicitly or implicitly) then you must be held responsible for the harm if people reasonably rely on it and you screw up. That's it. That's the entirety of it.
FOSS is one of your inputs, could be seen as something like gasoline or trucks or whatever. It's your job as a company to handle those safely and make sure they don't goop out and cause harm, and if you don't get this right, you should be sued.
Edit -- and of course, sometimes the companies are too slow to make this happen and so we need regulation. We perhaps need an EPA or FDA for software.
The issue is not $1 downloads so much at is the overhead, pain and issues that come along with it.
It's hard to manage and control downloads, usage, and the legal issue might be that any hint of licensing problem makes it 'no go' from a corporate perspective.
So the gap between 'Free Beer and Speech' and 50-cent Beer and Speech is enormous.
Free as in freedom always necessarily denotes free as in beer as well. It's not an accident or side effect.
"Free" software began when RMS wanted to fix his printer and got locked out by Xerox. "Open" software was an attempt to woo business to use free software but (arguably) threw the baby out with the bathwater by eliminating the "virality" of the GPL et. al., which was kind of the whole point (of "Free" ethos.)
The whole Free vs. Open issue is effectively moot anyway since everybody uses proprietary closed systems. Even the FOSS folks use GitHub.
This (IMO, weird) debate seems to be around all kinds of open source projects.
That is very incorrect. See https://www.gnu.org/licenses/license-list.html
In many ways FOSS is thriving and on the cutting edge, and in others (especially project maintenance) it seems to be struggling.
But let's at least recognize some of the good actors in that space.
Analysis from there is weak. The incentives I think fairly clearly lead to major underinvestment in open source relative to the ideal level because of the incentive problems Even if there is some investment and some significant success if there was investment of time and money order proportional to usage of major OSS components.
My employers paid me to get things done, not to write software. Writing, adapting, or fixing software is the means, not the end.
The reason is that software shared with the world is often shared out of passion and idealism. If only code that's useful to some companies is paid for, the world of free (as in beer or otherwise) software as we know and love is still unsustainable, and not just because fledgling projects tend to be inferior in many ways to everything that came before.
Some software is written simply for the fun of it. Future Crew were kids writing demos and putting them out (by the way, an executable for a program that's written in assembly is not so far removed from its source code; so whether they put out the source code or not is immaterial, here the point is "free as in beer"). These demos were unlikely to be directly useful to companies, but we were still amazed by them and some of us got into programming because of them. Do you want to live in a world where only people who produce software that's useful to some company can sustain themselves?
Their parents provided them with food and shelter, so they didn't have to think too hard about writing and releasing it. People in this thread claim that they don't feel exploited, probably for similar reasons. They probably have an income or enough money to make them feel comfortable giving something away. What happens when circumstances don't go your way, though? Then, while you live off your savings, see them shrink day by day, you realize that society doesn't give you the basic stuff that's needed for living, so why the hell should you give anything away? If you already gave stuff away while you were fat and healthy, and this stuff is being used profitably by others, the resentment can only grow.
Offering support and accepting liability for problems with your code isn't fun or easy.
Mostly only OEMs of non-computer equipment, such as Boeing, warranty physical products that include software. For code that doesn't run in planes or cars or other machines -- there is no warranty.
A sad day for Rust
Well, that in itself is already some kind of return. Widespread use - even in a commercial setting - means widespread interest in your work and possibly in you. That might not directly translate into $$$ in the bank, but it is quite useful psychologically, technologically (think: issue reports and triage, testing of new functionality, input on future design) and even financially, in a roundabout way.
Still, the main reason - for many of us anyway - is that we wrote, and write, based on _need_: We needed the software, or our friends/coworkers needed it, or maybe we perceived a public need; we wanted to satisfy this need, and there you have it.
----
Nitpick:
> A world without Wikipedia.
Wikipedia could have functioned just fine on some commercial equivalent of a Wiki. Wikipedia editing does not involve working on MediaWiki source code. So, not a good example IMHO.
I’m not holding my breath since the OSI is funded almost entirely by huge companies that are quite happy with all the free labor they are exploiting. So far the OSI has plugged it’s ears and pretended everything is fine, and OSS zealots attack the character of any lowly developer who isn’t happy providing uncompensated labor to surveillance capitalist behemoths.
I don’t see FOSS surviving another generation if this doesn’t happen, or at least not in a form that isn’t weaponized to herd everyone into proprietary cloud environments.
The fact this is how we're starting to develop software also helps me understnad why, as a user, all my shit's jenky as hell.
OSS (to me) was supposed to allow us to bridge the gap between developers and users, making code easy enough to tweak that when a problem or unwanted behaviour comes up you can just fix it yourself. But it's getting harder and harder to see this dream anymore. There are a lot of nooks and crannies in OSS though, and I know there are still plenty of places where this dream is still very much alive. It's just become less and less mainstream, sadly.
The problem of getting the money down to F/OSS that powers inner machinery (libraries, frameworks, etc) is a bit tougher, but I think that could work out easily by doing a general % of revenue and deciding allocation. For example even if you do a 1% allocation to libraries in particular, as libraries are reused much more easily, at scale library authors will do quite well.
Maybe a license that asks for a % of revenue is an easier static goal but I'm optimistic enough to think that the partnership approach could work.
I don't think there is a solution, short of radically restructuring the entire world economy. The fundamental problem is people being people.
I don't know what software will look like in a generation. I suspect it will be radically different, but that's just my guess. But I suspect open source will trundle along as the rickety, half-assed philosophy that has worked (more or less) so far.
I'm confused about what you want here. The GPL does not deal with SaaSification; for that you need the AGPL. But what problem do you have with the AGPL?
That said, I believe SSPL is an overkill, and what's needed for a less known SaaS product is a legally enforceable revenue-sharing mechanism - so it can benefit from being listed on popular platforms.
It's like if I say "fruitcake is terrible" and someone says "I like fruitcake, I use it as a paperweight and a doorstopper" as a rebuttal.
Developer Ecosystem wouldn’t be same without them. I truly appreciate their efforts to make amazing software in there free time and it means a lot to me.
As a developer I owe a lot to open source thats why If I can’t contribute to their software I always try to personally thank them when using their software.
In particular, this doesn't make any sense:
> While I believe that it is unethical for large for-profit corporations to not support FOSS projects from which they derive (extract?) immense amounts of value, it is not illegal, thanks to the system.
It's been made specifically, intensionally legal by the people creating it. So of course it's legal, and it's weird to say, "I went out of my way to make this free, but it's unethical for you to actually use it for free".
In capitalism, you have the right to set your own price for your labor and property, and there are lots of mechanisms for charging people for stuff. That's what all these software vendors are doing! In contrast, the MIT and Apache licenses say "I made this but do whatever you want". We choose this license when making things because we want everyone to do what they want. We can't be angry when they do.
C'mon, man! Your argument is that its all society's fault, and FOSS isn't broken! That's the weakest argument I've ever heard for keeping it!
My self-diagnosis as an unpaid open source maintainer (rr) is that we like to share, the marginal cost of sharing with potentially everyone is close to zero (at least early in a project), so throwing code on Github with a liberal license feels good. It also benefits the project to some extent because some improvements may come back. But then we see rr creating huge value for people, some of whom are very well paid for their work, and none of that is coming back to us, and that seems unfair even though we did technically agree to it --- sure, you don't have to give back, but it would be the nice thing to do. But in software it's very easy to extract a ton of value from dependencies without really noticing, and very hard to give back systematically. So it's the same old story --- perfectly good human instincts aren't a 100% fit for our modern environment.
What if we made it easier to identify the value we're all extracting and contribute back systematically? If we did, maybe we could build social norms around that. E.g. imagine we had tools that monitor your software development workflow, identify the tools and libraries you use, and quantify your usage via some heuristics. Then imagine you integrate something like Github Sponsors so you can allocate $X to support all your dependencies and make that happen at the press of a button. Then imagine we advocate for professional software developers to allocate 1% of their income that way, and agitate for Big Tech companies to make that a policy.
I would LOVE this solution. I use open source professionally, and I continually advocate for ways to pay open source projects and developer. And if there's a way to pay extra to fund a feature, or hire a developer as a consultant, so much the better. In my experience, companies are highly willing and able to pay for software and services that accelerate the companies' goals.
If you want to pay for open source, then I can suggest Open Collective, Patreon, and GitHub Sponsors as ways that are working well IME. Or consider donating to nonprofit open source advocacy organizations including Electronic Frontier Foundation (EFF), Free Software Foundation (FSF), Apache Foundation, Linux Foundation, and similar groups.
The are also willing to buy things and keep everyone else from using them.
Actually, and critically, it is both!
You can't have free as in freedom without being free as in beer first.
So many big corporations benefit from FOSS without giving anything in return? Well, then tax them. I mean lightly, say take .01% of the biggest 100 annual profit, then distribute part of it to the 100 more important FOSS projects and part to other FOSS projects whose developers are either unemployed or in financial difficulties, important projects with too few or no maintainers, that is, where it is necessary. It doesn't seem that hard to me, but I'm sure neither FAANG nor any other giants would take this step if it doesn't become law somehow. To become law, however, it may need some changes in our definition of healthy capitalism, which to me is the hardest part.
I find it interesting that the author wasn't willing to call out Capitalism by name.
tl;dr: "open source" means free labor for corporations.
“Source available” licenses that don’t allow profit do exist. See all the anti-cloud licenses that came out when AWS started selling open source databases as a service. It’s just that hardly anyone touches code licensed like that. Hell, even Linux used to have a “can’t have money change hands” clause until Linus realized that was stupid. See his debconf talk where he talks about it.
If AWS wants to use it, the entirety of their platform would have to be open. Billing system, machine provisioning, networking, database failover -- everything.
They won't do it. But someone with ambition will, and they'll start to grow a platform that is less risky and increasingly more attractive. As it gains steam, it could become not only a refuge from cloud lock in, but a huge threat to existing players.
I know that I hate, HATE, thinking about lisences, to the point I typically don't include one, or use some nebulous beer-ware hack. How does a new set of licenses help me?
This would be UNLICENSED or NONE then. Unlicensed software can’t be used for too many things, since it’s encumbered by copyright restrictions. (The author’s right to create copies is, in the U.S. at least, implicit, meaning that the simple act of creating a work is enough to have the “copyright” for it.)
There is The Unlicense [1] that explicitly transfers copyright to the Public Domain.
There are only very few cases in which GPL is ideal.
Who's gonna sue me?
But seriously, this is that businesses are broken and grab a free thing and use it. If businesses were gassing employees because they got free ammonia to clean their buildings we wouldn't be blaming the ammonia producers.
Please, stop blaming tools for the axe wielding by morons users. I'd say educate the users, but we all know thats not gonna change any time soon...
