> If you did not provide a valid license key 15 minutes after the application started, the app just stopped working.
IMO, all of the shenanigans with license changes (MIT/LGPL/etc) are nothing to most users. On HN we are sensitive to these nuances . But in the "real world" of corporate worker bees just trying to get stuff done I doubt it even registers.
More likely what happens is someone searches for a solution to a problem, installs it and sees if it works and then moves on with their day. Except they can't move on if the software stops working after 15 minutes. Clearly it is doing what they need, so now they need to unblock themselves.
We might assume they'll read the code, find the license check and remove it. And I bet some percentage do exactly that. But some percentage of users would rather swipe a credit card for $X instead.
All I'm asking is, if you want to eventually make money on your project, at least be up front about it in the beginning so that your users can make an informed decision when they decide whether to bake it into their stack.
The rug-pull approach is always a much worse look in the end.
Like a project could be born out of pure generosity, but after the happy initial phase the project might get too heavy on the maintenance requirements, causing the author to approach burnout, and possibly deciding that they want to make money to continue pulling the cart forward.
However, here's something I do think: if you create something as Open Source, it should be out of a mentality of goodwill and for the greater good, regardless of how it ends up being used. OSS licenses do mean this with their terms. If you later get tired or burned out, you should just retire and allow the community to keep taking care of it. Just like it happened with the Jq tool [1].
In real world, when maintainers change the license, if a software is widespread enough, a fork is created, and at least part of the community moves to it.
But, as TFA states:
> I guess any sub-$1k amount for businesses is peanuts, so the only thing these price increases changed was improving the revenue.
Businesses spend money to solve problems. $1k is a lot of money for a consumer product, but for a business product, $1k when something is business critical and handles high volume is significantly cheaper than hiring a person or contractor to solve the problem.
Furthermore, the benefit goes both ways, as Reinman now supports the product full-time. The business customers are now working with a product that has full-time support, instead of hobbyist support.
Treat CLA as that: an upfront statement that the author may and probably will change the license in the future.
A person changed their mind. That is okay.
I rather the approach be that if it is an open source project, that they ask for donations. It is possible to succeed in that way, though it requires learning how to pull it off, where they also get corporate sponsors and donations.
That isn't how it works in practice, I think.
If you have already decided from the start to make money on your FOSS project, you're going to need a plan more evolved and refined than "push to GitHub and sort out the details later", otherwise you've already failed. Many people will even decide to just not do open source, for that reason.
If you're not planning on making money, that might change later when you realize that the only value you get from million-dollar corporations making heaps of money off your work is some bug reports and requests to do more in your off time. Alternatively, you might decide you enjoy the work and want to make a living off it. Neither of these are bad, per se. Also, nobody signs a contract stating they're going to work for free forever, so you're going to have to live with that.
The reality is that most of the people who derive great value from open source and free software just want it for free; the labor and economics can and must be sorted out by someone else, preferably at absolute zero cost to them. For many purposes, it's no different of a relationship than the one between a random underpaid restaurant server and random demanding customer.
When you say "users can [then] make an informed decision [on your monetized project]", I assume the informed decision you're referring to is "I'll never pay money," because that's what it is about 99% of the time.
By placing things like sustainability at the core of such projects, if the users still value it, there is a potential path ahead.
I'm sure many people would've paid because the free version was not advertised.
If it's $5/user/month, with 3 plans, with add-ons and it's unclear how many people you have to on board (just devs? Maybe business too? Does security team need access?) it's much harder discussion as nobody knows final cost (apart from the fact that we're not gonna like it in the long run).
This is really what you should expect when you work to improve the commons in the same world where there are entities that are hyper-optimized to make the most short-term profit out of anything they can exploit. Of course they're not going to give anything back. It could happen to any FOSS dev. It sucks, and it's definitely human to look at all the money they're making and feel like you deserve some of it. You do deserve it! Everyone deserves to make a living. But the world is still a better place with FOSS in it. It's a shame for this to happen to someone and for them to decide that improving the commons was a mistake and instead they should have been making projects that FOSS orgs can't use and individuals and small orgs are priced out of (but is still "peanuts" for big businesses.) If you make best-in-class software that's FOSS, everyone benefits, and you can feel proud that individuals have access to the same resources as big corps because of what you've done.
I'm also tentatively in favour of the idea of scaring away big corps with GPLv3 or AGPL licensed software.
* why I am doing that
* plethora of burned-out maintainers and their posts
* how I am going to deal with the issues/PRs, toxic entitlement
* what's my exit strategy
The first thing before you go into open source (provided it's actually used open source) is to answer these questions honestly for yourself. Because it's massive time sink with no money and *there will never be money* (unless you go open core or your employer pays you, in that case that's just a job just like any other).
GPL scares freeloaders.
So the author can just write whatever validity date/license details (apparently hostname etc), sign it and give that to their customers.
EC beats other signatures because signature is muuuuuch shorter, so it can still look like an API key.
embed the public part in your application and you can verify that something signed with the 'dgst' command and the private key really has been signed with the private key (which you obviously shouldn't publish)
(Note if using plain commands there is more friendly than openssl, minify/signify are much harder to get wrong, but I'm not sure they're as easy to use programmatically in as many languages there are for libcrypto/sodium/etc; this is really just an example)
Signs, locks, and copyrights keep honest people honest. They don't change anyone else's behavior.
Nobody does things for free. We do things because we gain either money or status or pleasure. If you want someone to work for you, and you don't want to pay them money, you have to give them either status or pleasure.
One example of getting people to do things for pleasure is ad-supported social media sites. They are giving people pleasure (modulo engagement psychology) and getting their attention on ads for free.
But let's focus on getting people to do things for status. PhDs are a classic example: if you get a PhD and stay in Academia, your salary is tiny relative to industry. But there is a promise of status ("you're on the frontier of knowledge!"; "people call you 'doctor'!"). The few principal investigators that get the giant grants are successful only because they rely on an army of underpaid experts.
Which means there is an incentive--even if unconscious--to convince people that status is worth the lower salaries. The fights for being first-author, or publishing in a top-tier journal, or even insisting on being called "Doctor" are all competitions for status, because that's what you're getting paid instead of money.
Open Source is the same way. Arguments about purity ("is that really an OSS license") and self-sacrifice ("I won't accept money from corporations") are all evidence that people are earning status instead of money.
By itself, this is not a bad thing (in either OSS or Academia). People should be free to choose how to sell their time. The problem is that those who benefit from the work-for-status arrangement (large corporations, large universities, and their leaders) are incented to use dark patterns to preserve that arrangement.
We're sensitive to social media sites using dark patterns to manipulate people into trading work (or money) for pleasure. We should be equally sensitive to how open-source culture can (even unintentionally) drive people to be underpaid.
This is likely a country-dependent thing... I'm in academia and I have never encountered anyone who was clearly doing it for status. Worse: there is a strong concept of egalitarianism in my experience. So not only do I not know of folks who "do" academia for the status, but you don't really have that much compared to others anyway.
Again: this is likely country-dependent (as well as field-dependent and, perhaps, institute-dependent). And I'm likely at least a bit blind to some of what's happening since I personally don't attach much value to academic status. So your mileage may vary.
That's why someone who is not motivated won't do anything, disciplined or not. Lately people have been discipline at the forefront but motivation comes first and needs to be sustained. Just an aparté.
You're not wrong.
Next, I started to increase the pricing; 250€ became 495€, then 695€ and 795€, and finally 895€. To my surprise, it did not mean getting fewer customers. I guess any sub-$1k amount for businesses is peanuts, so the only thing these price increases changed was improving the revenue.
This is the key portion. The open source project was turned into a commercial source available library with a license key.
I am glad this has worked well for the developer who now has a decent income for all the hard work put into this library.
it is also why people are reluctant to sign CLAs.
I came across some Scheme/Racket/? library recently that attempts to quantify contribution levels and distribute any received funds fairly based on that. Unfortunately, I can't find it at the moment, but it was a cool idea.
Isn't this a rug-pull?
Open source project which others havecontributed to, and whose reputation was earned by nature of being open source.
Than, after you have users, switch to proprietary. Sounds bad to me, but maybe I didn't fully understand?
BTW, Apple used to have a thing with Darwin server where you could disable the license check legally, but only a hacker would do that. Companies still paid for the software. That sounds like a better solution, IMO - at least for those that are two small to pay but growing by the seat of their pants can still use and promote the software.
TBH, I wouldn't dare to use such a model in the B2C market, though. Everyone would pirate it.
More seriously:
- you get support by paying, this is important for many businesses - $1k/year is cheap
- risk of getting sued if the word gets out you're using something against its license (and for network-facing code, I'd suspect it's easy enough to miss something)
For me the advantage of source-available is you can always shortcut the support if there's a business critical problem and you can't wait for the author to wake up, so I think it's a great model.
> I also changed the license from LGPL to a commercial license.
OK ...
> Derivatives works (including modifications or anything statically linked to the library) can only be redistributed under LGPL
Well… better late than never. Congrats!
At a bare minimum, you should probably at least use the GNU General Public License version 2.
At the end I didn't, but I'm really happy you found a way to live with it.
Congratz!
“I searched my mailbox for emails related to that company and found a single complaint about a feature. No pull requests, no donations, no nothing.”
I find it quite pathetic that a company whose entire life depended on the work of the author but the only thing they ever contributed was a complaint. Surely something that meant this much to them was worth either compensation or contribution of more productive kinds.
I am gonna check out emailengine for future work.
https://github.com/cla-assistant/cla-assistant/issues/534
Very terse answer that says:
As you noticed, this would mean a completely different line of code
I felt like this was a very strange response to a legitimate question and it makes me feel like there must be something more there.
See e.g. usage here https://community.sap.com/t5/technology-blogs-by-sap/one-cod...
Which they address in the later part of their answer which you leave out:
Surely most parts of the project could be reused, but this development would still mean a huge investment, which we can't afford. Nevertheless all kinds of contribution are still welcome and we would try to provide our support as good as we can.
It just didn't jibe with me and still feels like it is an easy and obvious upgrade.
But, you are right, they did justify it, it seems like an overstatement to say it would be a huge investment. I should review the code myself to verify, but a statement like that the lazy programmer in me shy away from even doing that.
One often runs into issues with a third-party library that comes down to not understanding what's going on under the hood. In cases like this, it's really helpful to be able to look at the source and see what the issue is, you can also (in some cases) track PRs that address issues you are encountering.
I've found this numerous times with paid third party deps.
Long ago, I worked for a company that sold mortgage software. This is back when SOAP is all the rage. The software is not open source, but it is source-available, or rather, a law firm has the source code. My employer's customers are mostly banks or home builders that offer mortgage services. My employer is a very small one. Customers like banks want to know if you will stick around, if they buy into your software, and if you can't stick around. They need the source code.
It seems to me he could just keep the license GPL then, wouldn't change a thing. The (small) businesses don't care about the license, but walk the path of least resistance.
Stripe for people who don't care about taxes or are large enough to have an accountant do it for them.
All the EU makers I know are using some sort of MoR. Stripe is still very popular in USA for makers who sell to USA, as sales taxes have tresholds; unless you sell a lot from an individual state, you don't have to worry about it.
VATMOSS in Europe (the regulation which drove all the small sellers I know to drop their ecommerce websites and move to Amazon - talk about regulation to protect the people and damage Big Business!) doesn't have tresholds and you need a massive up to date VAT list + storing proof of user residing somewhere.
Looking to do something similar in terms of offering better, paid alternatives to the existing solutions out there in a source-available fashion.
Anyone here experiencing trouble with tools you'd terribly want someone to improve?
Shipping OSS is a donation of one's time, money, and expertise. Volunteering is a rewarding way to participate in a community.
Usually in any community, you meet someone who opens a door to an opportunity that you never would have found otherwise.
It is as a kid that I was a bit more... parcimonious?
I think people need to be ok with being compensated. That's more cultural perhaps.
I even got a YC interview based on this idea for last summer's batch (rejected primarily for being a solo founder, they seem to like solo founders only if they had a previous exit), but ultimately I gave up on the project because I realized I didn't actually like the problem space, it seemed too boring for me after a while and I wanted to concentrate on building things I thought were interesting.
I suppose some have argued that FOSS represents a Public Commons in the way that fields and wells and physical marketplaces used to, but none of those things survived capitalism, so I don't see why a technological commons should be expected to either.
For me I've been thinking lately that perhaps those interested in FOSS should instead consider how we can use FOSS to detach ourselves from needing to participate in global capitalism at all. Is there FOSS technology we can use to liberate people from things they need to spend money on right now? An example could be the Global Village Construction Set: https://www.opensourceecology.org/gvcs/ a set of open source designs for things like hydraulic motors or microcombines or steam engines that you can build on your own, usually not for cheap, but for far, far cheaper than you could buy from John Deere. Here's another cool project, some guy has just been building things like solar panels and basic circuit boards on his property from very base components for years: https://simplifier.neocities.org/
Some other FOSS liberation examples:
Combining a tool like Jellyfin with Sonarr, Radarr, and etc, can liberate people from their 5 different media subscriptions. Or at least they can still buy DVDs and put them on Jellyfin to have the convenience of streaming with the media library of their own choosing.
Deploying Matrix or another FOSS communication tool can let organizations have enterprise-level communication software without paying HUGE seat-based license fees to corporations like Slack.
In fact there's many ways to liberate yourself from paid SaaS in this list: https://github.com/awesome-selfhosted/awesome-selfhosted at my co-op we self-host and deploy all our services for this reason, it saves us a TON of money.
I don't have many other examples to mind because this is something I'm actively still researching. Friends in Venezuela though especially tell me how FOSS technology can liberate in ways I wouldn't expect here with my 64gb RAM machine with the latest processor, that I can easily replace components on on a whim. Such as how they can keep all their broken down machines pieced together from junkyards running pretty ok on various linux distros, and how they can sell creative work using free tools like gimp (no, really) or darktable. Like as not they'll just pirate software, though, but apparently FOSS often runs better on shitty hardware.
Anyway my long term plan is to find or build more and more things that let people just not spend money on things anymore. That could be by making it easier to not have to throw things away anymore, or building tools to replace proprietary ones, or, idk, other ways I haven't thought of.
To all of you around here who do FOSS, please reconsider this kind of attitude. The ones offering can be employees, and they had to argue your case.
Just a couple weeks ago I asked a maintainer of one our Rust dependencies to give us a quote for fixing an issue. I had beforehand negotiated the deal with the CTO, it could have been anywhere up to $5k for roughly one day of work. No license involved, just money against some of their time to improve their open source code. To my dismay, they refused and did it "for free" while giving us a link for a donation.
Guess what? The donation never came. It doesn't make sense for the ones who think in ROI, even less for the CFO behind them. Now I'm too ashamed to even show up on the issue board so we're all at a loss.
Some projects might not be setup for either, but it sounded to me like the above poster was dealing with some one who was willing to accept it as a donation, and it would likely have been trivial to send an invoice for 5000.
It astounds me that companies would rather waste hundreds of thousands of dollars instead of just throwing a few thousand that will benefit them in the long haul.
I genuinely believe more companies should adopt a policy of just letting devs work half a day on fridays on whatever they want, whether it be technical debt, or even open source projects the company depends on. Maybe that would be more feasible, but even then lots of places would still not understand the value.
It's just a matter of not offering to work for free to a corporation that really doesn't need your generosity.
ad 1) No, you don't need to. At least in Germany anybody who's legally competent can write invoices. If the invoices are secondary income, you will be taxed heavily (and declare it you must), but that's it. It has been some time since I last lived and worked in the USA, but I mean to recall that it was basically the same. Of course, invoiced money is your money now and you need to donate it to the FOSS project, which then needs some kind of treasury. But you said as much already.
ad 2) No, you don't need to. Your employer is your employer, not your owner. Now I don't know about the USA today (see above) but in European countries what you do outside working hours is your private affair -- discounting a few, very specific fringe cases. If you play soccer, dabble in explosives, or code for money doesn't matter. And frankly, your typical employer in most cases does not care anyway.
I told them to continue using it for free until it can attract at least 100 customers. Then it might be worth the hassle.
This is one of the reasons I have never set up sponsorships on any of my GitHub accounts (my taxes are complicated enough).
Lesson: Unless you're registered as a 501(c), or an organization with similar status in your jurisdiction, don't even think of accepting "donations" from anyone who retains an accountant. It just doesn't work that way, open source or not.
In a way it feels against "the spirit", but maybe it's exactly the same way of thinking you're pointing out.
If it’s an ROI problem, the return is getting the issue resolved.
This is the root of most things like the BSL. You create an open source project or product, and companies with billions in quarterly revenue build the core of their business on your software, and meanwhile won't contribute to your ongoing viability (nevermind actual success) even in amounts that are entirely trivial for them. Toss the cloud providers into it now and it's even uglier.
In a larger sense, we desperately need a societal shift in perspective from naively viewing companies as benevolent by default, to viewing companies as they actually are by default: they'll literally kill people if it's profitable.
How would copyleft* have prevented this?
AGPL might, but GPL (and therefore, copyleft) doesn't prevent the upthread outcome.
* - GPL is the prototypical/original [as far as I know] widely-used example of a copyleft license and the startup using nodemailer could have done that just as well (and for free) if nodemailer was GPL-licensed.
Doctors would kill for profit. Politicians would. The same for engineers, cookers. Any profession, activity or line of business really.
That's human nature. But not all humans. Not even majority, I'd say certainly.
The problem is that this small minority gets 99% of the news. Very rarely one hears when a CEO avoids a decision that could endanger someone. Or when a Doctor is honest and preserves the patient's health above all.
It doesn't mean these good things aren't happening all the time. Look at your life and remember: how many people could have done harm to you for a profit? How many do you remember actually doing it?
Even the right open source license, such as the AGPL, would probably have worked well, with the proprietary license as an option (in the same way he tried LGPL + MIT).
For SaaS companies who just want to use the software on their backend and are not interested in redistributing it in any way, there's no realistic difference between LGPL and more permissive licenses like MIT and BSD.
> I searched my mailbox for emails related to that company and found a single complaint about a feature. No pull requests, no donations, no nothing.
Edit down voters might ask themselves what is much older than 15 years that some companies pay a lot of money for?
I have a difficult time believing that any piece of code that can be "sat on for 15 years" would disrupt anything. 15 years, especially in tech, feels like a couple generations these days.
https://anonymoushash.vmbrasseur.com/2018/08/24/open-source-...
Previous HN discussion: https://news.ycombinator.com/item?id=26602316
Sure, open source is not a business model, it defines a set of software programs that respect some rules: the OSD [1].
But you can certainly have a business model around open source software.
And on HN, it's actually true. Open Source projects get lots of kudos here.
The problem is, others may see what is essentially a marketing strategy aimed at a niche audience and conclude that Open Source is an essential, in fact they most essential, part of the business. Hence the need to remind people that Open Source is not a business model.