>If FOSS was broken, the internet as we know it today wouldn’t exist; the countless marvels of technology that we take for granted and techno-economies that thrive on them wouldn’t exist;
I guess I just vehemently disagree. Nearly all of the early open-source software that made the internet possible was produced in universities. The only reason it was sustainable was because it was professors being paid by the university, or students doing it for free. Implying that means it's viable for all these other projects that were created and maintained outside of a university setting is just not accurate. There's also this fallacy of: it worked this long so it will continue working forever.
For me the long and short of it is: the only way I can foresee open source working in the way the purists want is if there is a universal basic income. SOMEONE has to pay the bills, and as we've seen time and again, hoping to feed your family on donations is a fool's errand. With UBI, artists of all kinds (including developers) can pursue things that would otherwise be impossible. Without it, we're left with the constant push and pull of people either burning out maintaining stuff in their spare time, or hoping a given corporate maintainer wants the same features and functionality as the community.
In rebuttal I'll paraphrase a little from Paul Ramsey (maintainer of 20-year open source project PostGIS)[0]
His basic view is that Open Source is the dominant model today, but tension comes as very little of the value produced comes back to the community that creates this value. He argues this will always be 'the bare minimum' by virtue of economics, but that if something important slows down too much someone will put some money in it. But this is a model that operates and works. It is borne out by his history in postgis, which is maintained by a small number of people mostly in moderately-profitable service companies, in the red-hat mould. He's concerned about value being captured by cloud companies though who frequently don't employ open-source maintainers however. Some of this is further expounded in another talk by him here [1] (slides at [2]) on the future of open-source where he is very bullish.
universities are going to continue to exist and students will be attending them. what exactly suggests that this will not continue forever?
of course FOSS has always depended on people who had the resources to work on it. in the beginning this was only universities and as FOSS got more popular more funding sources appeared.
the problem that we are facing is not one of funding. there is plenty of funding available. the problem is a generational shift of that funding.
people who used to be able to afford working on FOSS no longer can because their life changed. they are no longer students, they have a family and so on.
FOSS development will continue. the fallacy is to believe that an individual contributor will always be able to keep contributing for the rest of their life. we need to acknowledge that unpaid FOSS contributions are limited to a few years of an individuals life. and after that they need to move on. and most do. those that didn't move on but continued contributing were those who managed to find additional funding sources.
the problem and the difficulty is that we get more and more software that is not new but needs to be maintained. most of those using their own funds will want to work on their own new software and not maintain someone elses.
so the questions is not how do we fund FOSS development, but rather how do we fund FOSS maintenance. that is the new thing that we didn't have to deal with a few decades ago
> …the only way I can foresee open source working in the way the purists want…
Well the point of open source is it works however the person opening the work wants. There’s a license compatible with every philosophy out there. Take your pick.
Open source isn’t broken because it can’t really break at all. For something to break it would have to have a concrete form to begin with.
> Nearly all of the early open-source software that made the internet possible was produced in universities. The only reason it was sustainable was because it was professors being paid by the university, or students doing it for free.
I'm surprised no one mentioned that there was no personal computer. Where else would you get a computer to develop free software back then?
> For me the long and short of it is: the only way I can foresee open source working in the way the purists want is if there is a universal basic income.
I suspect I'm a "purist" by your measure, and I disagree completely. University professors, students and volunteer contributors/maintainers will continue to exist going forward. Nothing has to change.
The problem is that this doesn't "scale" at the rate demanded by corporations, and corporate engineers[1]. The problem is not with FOSS - it is on the voracious consumption side. I suspect the volunteer vs corp usage will follow the Predator-Prey cycle, with volunteers being the prey. When the predator population grows too large, it will set off events that will lead to its population collapsing to a sustainable level. The onus is on startups/medium & large corps to help scale FOSS - not UBI or the like where the corps continue to freeride (which is fine, to a point)
1. Disclosure: I'm also one, in addition to being a volunteer contributor. I volunteer as a way to give back to an amazing project, and I earn a salary that meets all my needs.
In my opinion, corporations and govt entities should switch to a model in which they don't purchase software but instead have internal staff work on the FOSS that's used in the group.
This could help the FOSS ecosystem while removing the profit incentives that people have to make shitty pointless web apps. Although I'm sure some shitty pointless web apps will still get made, I think this could shift the dynamic of the software production ecosystem for the better.
> Nearly all of the early open-source software that made the internet possible was produced in universities.
Well... BSD unix was. Unix itself was Bell Labs, the original TCP/IP spec was done by DARPA contractors (mostly BBN). HTTP was CERN but the breakthrough "browser" product was venture funded. GNU was a private organization, though RMS's office was provided by MIT for years and years. Linux obviously was an established community effort long before anyone with deep pockets showed up. Post-90's "corporate" open source has emerged basically everywhere, with Google and Intel being big early players (Facebook and Microsoft have been late to the game but done very well for themselves too).
I think if anything what this proves is that "Open Source" is going to pop up basically anywhere it's allowed to, and that any pronouncements about where it "really" came from are probably not informative.
For some types of software, we really do not want students doing it, for free or otherwise. There are whole classes of software, like database engines, that are non-obvious and require many years of real-world domain experience before it is plausible that someone will design a competent, scalable architecture and implementation. If open source is going to run critical infrastructure, we don't want naive and inefficient software design but that is frequently what we get; this isn't a criticism of the people that create many of these projects, more the process in practice and our expectations of it.
UBI is not a solution because it would, at best, pay poverty wages. People with the skills to be effective core contributors also have the skills to be paid much, much more for their time. Few people, and definitely not enough, are going to sacrifice the living standards of themselves or their family for some ideal of OSS.
There are strong adverse incentives that make it improbable that the people designing and building OSS are who we as users of OSS would want to be in that role in an ideal world. This has been getting worse with time. The risk for OSS is that those adverse incentives are never addressed.
You're simply wrong in a way I can't succinctly summarize historically; you really have to get to know the spirit of the people who made this stuff. But FOSS is the difference between the VERY free and open (at least optionally, if not in practice, but like, basically anyone can put up a website and do anything on it) internet we have vs. what would have happened, which probably would have been slight incremental improvements in phone and TV. More" on demand," but damn sure no Youtube.
Having worked with people in industry who understand the point and value of giving back this is a little naive I would argue.
A fraction of some talented persons time from say HP is probably worth 100x first year developers who aren't paid to understand the tools the company is using.
To turn your argument on its head how much would every company have to invest to build a modern website from complete scratch in isolation? Then think why do that when you can effectively spread the cost?
Both approaches have ups and downs but I'm not sure the "someone always picks up the cost" isn't anything other than a statement of realism. It is a good reason to explain why nobody just works on a project in their basement for free and do nothing else, but doesn't role out being able to do this if responsible companies pick up a fraction of the tab they should be paying via donations.
As others have said a huge amount of the value comes from support, community and the contributions from many people, be they working on the same tools for a product they sell, to make a product or service they plan to sell or to scratch that itch on that project in their spare time they're playing with.
It feels like we moved from a world where open source software was develop by a community, to one where most of us are just consumers of the code. I don't know if where actually more contributors 20 years ago, relatively speaking, but much of the code was also less complex.
Open source is still remarkably successful and the only reason why the whole Log4J RCE is such a big deal, is because the library is hugely successful. The failing isn't in the work of the author(s), but those of us who been consuming the code. We don't need to fund the main developers, what we need is for the project, and projects like it, to be true communities. That mean that all the companies who have been relying on open source need to allocate time to community work.
We pay for open source software by helping build it and that goes beyond creating an issue on Github or complaining about missing features and poor documentation. We all part of the open source community, but we seem to have forgotten how it works. Now we believe that we can throw money at the problem, but that still leaves a single developer with the responsibility for a massive code base. OpenBSD was right: "Show us the code or shut up".
I didn't get that the original article was bashing the concept of open source; more like it was bashing the "on the ground reality" of today's open source.
I think that there's a great deal of "brokenness" in the way that the software development community works, in general. Because OS is so ubiquitous, and because, as the author mentions, so many people make money on it, we think of OS as the problem.
I think the general quality level of software is catastrophically bad, in many instances. This is because people rush to do "big things," and they aren't actually ready to manage these "big things."
One example is overengineered design. This is something that we're all guilty of. Indeed, today, I am in the process of completely rewriting a view controller that I designed, that has that whole "Lucy and the Chocolate Factory"[0] thing going for it. The only solution was to take off, and nuke it from orbit.
When I create an overengineered design, it becomes brittle, and difficult to maintain or extend. What triggered my rewriting this, was because I needed to modify the way that the layout was done, and found it to be a complete bitch to figure out.
Fortunately, I am very experienced, and also wrote the original (messy) code. It would be another matter, entirely, if it was a "black box" dependency. I probably would have avoided modifying the layout, which would have resulted in a much lower quality of UX for my app.
I recently looked into open sourcing Homechart (https://homechart.app). It's free to use already (for self hosting), but some users wanted it to be open source (almost entirely for auditing purposes, but I doubt they'd even read the code). I don't want anyone using it for commercial purposes, and I found a few licenses that would prevent this-- namely Commons Clause, but at the end of the day I didn't see a benefit to having it OSS aside from appeasing some OSS purists. The app is already free, and I don't need the added burden of responding to issues and pull requests (and supporting the code they add).
EDIT: I also don't want folks redistributing custom builds or effectively reselling it somehow. I'm a solo dev, I don't have the resources to litigate and enforce any kind of restrictive license.
It seems like both sides of this supposed debate are saying precisely the same thing, with one side ("how dare we suggest anything is wrong wth open source") taking umbrage for no apparent reason. The premise of "both" arguments is that open source maintainers are being exploited.
I don't think anyone is being exploited. The work you do for free, and publish online with a permissive license, was meant to be "exploited" by anyone, that's what OSS means. Everyone knows that. We still spend time doing it because of, as the author of the blog post correctly mentions, several different, personal reasons.
I publish all my hobby projects on GitHub. I have zero expectation to ever get paid for it, even though I know some big companies have used libraries I've written. I am not sure I even want to get paid, as that would increase my accountability a lot!
Do I feel exploited?? Not at all. No one asked me to do it. I do it because I like contributing my knowledge and I hope it will benefit someone doing good work some time... even if most beneficiaries are indeed greed, for-profit organizations. I also use heaps of "free" products by these same greedy companies... my website is hosted entirely free (with HTTPS and everything) by Netlify... I also have several project websites on GitHub Pages (free), run my CI on GitHub , TravisCI and, AppVeyor and CircleCI (all completely free), write some code on IntelliJ (Jetbrains), emacs (ok, this one is not from big co.) and VSCode (big bad MSFT) which are all totally free to use.
My browser is also completely free, thanks to Mozilla!
Sure, they use lots and lots of OSS, but without those, these products might never have existed as the cost to create them from scratch or by paying every single OSS library for use would have been prohibitive.
There aren't merely two sides of a "supposed" debate. There are at least two sides of a bona fide debate. And you could not possibly have missed one of the sides because its argument was copy-pasted dozens of times on the other post.
The dozens of copy-pasted comments left by mbrodersen on the other post can only be interpreted to be against the claim that companies are exploiting open source maintainers here. Under this argument that was copy-pasted dozens of times, companies paying exactly $0 for software set at $0 are behaving in a natural and predictable manner within "the marketplace." It's an unambiguous argument. It's impossible to miss because it was copy-pasted dozens of times.
Now, I didn't notice the dozens of copy-pasted mbroderson comments being flagged or downvoted. Nor did I notice dang explaining to mbroderson that copy-pasting a low-effort "market mechanics" retort throughout a long thread is against the rules of HN.
And now that argument-- which again, was copy-pasted dozens of times on the other thread-- is in the ether. You cannot merely ignore it and claim that "both sides" are somehow saying the same thing. One side clearly isn't, at least a dozen times, copy-pasted.
So I'm curious what you think about the claim that nobody is exploiting anybody here, because if open source devs want greater than $0 from companies that use their software they should charge greater than $0 to companies that use their software.
I think I stated the claim correctly-- if not perhaps mbroderson can copy-paste the argument here.
Except they're mostly not. While it's not hard to find exceptions most of the maintainers and other coder associated with major open source projects are being paid by companies to do so.
> The premise of "both" arguments is that open source maintainers are being exploited.
A lot of the business models that are exploiting OSS and OSS maintainers are very much parasitic. I think industry needs to be reminded that the first rule of being a parasite is "don't kill the host." That is what is happening as companies monetize open source and then don't support the team creating and maintaining the software they are exploiting.
I don't feel particularly exploited - but then my OS library is not particularly popular (or widely used). I suppose if the library did become popular and some $MegaCorp built a cash printing product on top of it I could add some code to the library to print disparaging remarks about $MegaCorp practices in the CLI (or whatever).
Then again, I also give my poetry and my (2 completed) novels away for free. I'm not the greatest Poster Child for the Capitalist cause.
Oh my goodness.. if open source had not existed in the world, the world must
not be as good as today. The world w/o OSS must fall behind the world w/ OSS.
If open source is broken, it must be repaired.
I have contributed to OSS for over 2 years and it makes me feel fun and feel a
sense of achievement. And I feel so grateful towards who had contributed to
open source and had cultivated open source culture. I received help a lot from
OSS and lots of open knowledge from the internet. And now I want to give it
back to open source culture and I think I am making the world better a little
bit.
Did this guy really just write a rebuttal to an article that he didn't bother to read well enough to understand?
They are literally arguing the same things. The article he is arguing against is not trying to shit on open source. It's trying to explain how insane it is that so much open source development is so critical but so massively underfunded.
The original article isn't saying that the idea of open source is fundamentally broken. It's the consumers of open source software whose morals are fundamentally broken.
Please, for the love of all that is holy, just spend like 5 extra minutes reading what you are arguing against next time. This is so embarrassing that I'm feeling the second-hand embarrassment.
Open source is most certainly broken, and not just due to the various financial, freedom and security issues these two articles focus on. My biggest peeve: documentation is often minimal (e.g. API docs only) or filled with useless toy examples that are effectively just rephrasing of API docs.
The entire underpinning of free and open source software is silly: software in this context isn't an academic pursuit producing knowledge that should be freely shared to our collective advancement as a civilization. It's a hammer, a wrench, a table: in short, a product. That fundamental category error made by our community is the source of all the problems with F/OSS, financial and otherwise.
You know, one of those terrible aspects of open source is that if you see a lack of documentation, you can just contribute it yourself. Good luck contributing new docs to literally any proprietary product.
This implies that the issue is due to being open source. The majority of closed source software, especially in house software, has minimal or nonexistent documentation. If there is any, it was likely done once at the start of the project and never updated since.
I've been a consultant for over 10 years. I always make sure to ask for access to any documentation for systems I'll be working on. I think I've gotten significant (out of date) documentation maybe once. This isn't an issue stemming from being open source.
I agree with what you say, but FYI docs is one of the easiest yet most valuable thing a person can contribute. As a maintainer, I wish I had more feedback and contributions to the docs!
You're describing two legitimate worlds, the Ivory Tower and the Marketplace, let's call them for short, but I don't think the error is conflating them. I think the error(s) arise in the intersection between the two realms. The Internet was a-commercial or even anti-commercial at first (having gestated in the Ivory Tower) and retrofitting it for commerce and industry has been, um, a wild ride. Kind of a gold rush.
Copying and running code is (effectively) free, developing, maintaining, and auditing code is still expensive. Folks who want to use software without paying the costs get what they pay for, eh?
I feel that if there's anything the community is doing wrong, it's in the emphasis on new and shiny rather than mature and stable. I feel we should be entering a "contractile" stage of (global IT) development, with consolidation and convergence of software and hardware replacing the wild burgeoning and rampant growth of complexity.
"Like, complexity is an existential threat, man..."
Re the author of "open source is broken": The irony of bashing open source on a websiate using systems/code/infra containing thousands of open source lines of code which I am sure he hasn't paid for... has probably escaped his attention.
Honestly, I am not sure why there is an argument anymore. Let people write or use free or proprietary software as they see fit. You all know the pros, you all know the cons, make a decision and god's speed, live your life. I side with the free software. You do you.
Would it be possible to create an insurance policy against these major FOSS vulnerabilities?
The insurance company would then require audits of your tech stack, and fund security research. This is analogous to what car insurance companies already do. And then companies who are not insured are viewed as suspect, etc etc.
There's apparently a misalignment of incentives because there's a break in the chain of responsibility. The idea here is to close that loop.
> While I believe that it is unethical for large for-profit corporations to not support FOSS projects from which they derive (extract?) immense amounts of value, it is not illegal, thanks to the system.
While I very much agree with the article on it's core topic, this is incorrect. It is not illegal thanks to the license. The FOSS world created the licenses, it is made legal by choice, it isn't due to the system. "The system" very much allows for this problem to be entirely avoided.
If you're happy making free software but you don't want anyone to profit from your work without cutting you in on the success you contribute to, consider a dual license. Maybe the free software world should consider addressing this problem in some license scheme, a couple of options being royalties paid if the software is used in profit generating endeavors, or even something more restrictive, like requiring all derivative works and works being supported by licensed software to release their source as well. Imagine if Android were licensed in this way, google would not get to marry proprietary crap to it, as just one example.
The thing is, the answers for this are all here and old. I'm just kind of waiting for people to figure it out.
If you're creating cool stuff and giving it away, great! No obligation.
If, however, you're creating a paid product or service -- there already exists a ton of law and precedent and ideas about obligations. We just need to remember these and start using them again.
These ideas and law generally point to: If you put a product out there, and make claims about what it can and cannot do (either explicitly or implicitly) then you must be held responsible for the harm if people reasonably rely on it and you screw up. That's it. That's the entirety of it.
FOSS is one of your inputs, could be seen as something like gasoline or trucks or whatever. It's your job as a company to handle those safely and make sure they don't goop out and cause harm, and if you don't get this right, you should be sued.
Edit -- and of course, sometimes the companies are too slow to make this happen and so we need regulation. We perhaps need an EPA or FDA for software.
The problem is Free as in Beer and Free as in Speech are related.
The issue is not $1 downloads so much at is the overhead, pain and issues that come along with it.
It's hard to manage and control downloads, usage, and the legal issue might be that any hint of licensing problem makes it 'no go' from a corporate perspective.
So the gap between 'Free Beer and Speech' and 50-cent Beer and Speech is enormous.
In general, society has problems with monetization of valuable things. It's not only the case with FOSS, it's also holds true with science and a long term not quarterly counted products development. Sadly vile entertainment and advertising is perfectly monetized.
You zing, but there's a grain of truth there, isn't it?
"Free" software began when RMS wanted to fix his printer and got locked out by Xerox. "Open" software was an attempt to woo business to use free software but (arguably) threw the baby out with the bathwater by eliminating the "virality" of the GPL et. al., which was kind of the whole point (of "Free" ethos.)
The whole Free vs. Open issue is effectively moot anyway since everybody uses proprietary closed systems. Even the FOSS folks use GitHub.
"Free Software" generally refers specifically to GPL-licensed software, which one of many popular "open source" licenses. (GNU claims that their use of the word "Free" refers to freedom, not price.)
This (IMO, weird) debate seems to be around all kinds of open source projects.
I feel like we should at least reference some companies who "do FOSS right" by releasing internal projects to the ecosystem. in the data science realm, for example, I've made heavy use of Superset and Airflow from Airbnb as well as the Plotly tools (Dash, etc) and numerous others.
In many ways FOSS is thriving and on the cutting edge, and in others (especially project maintenance) it seems to be struggling.
But let's at least recognize some of the good actors in that space.
Author describes a classic tragedy of the commons situation - many reap the benefits but there's little incentive to invest in OSS.
Analysis from there is weak. The incentives I think fairly clearly lead to major underinvestment in open source relative to the ideal level because of the incentive problems Even if there is some investment and some significant success if there was investment of time and money order proportional to usage of major OSS components.
[+] [-] tw04|4 years ago|reply
I guess I just vehemently disagree. Nearly all of the early open-source software that made the internet possible was produced in universities. The only reason it was sustainable was because it was professors being paid by the university, or students doing it for free. Implying that means it's viable for all these other projects that were created and maintained outside of a university setting is just not accurate. There's also this fallacy of: it worked this long so it will continue working forever.
For me the long and short of it is: the only way I can foresee open source working in the way the purists want is if there is a universal basic income. SOMEONE has to pay the bills, and as we've seen time and again, hoping to feed your family on donations is a fool's errand. With UBI, artists of all kinds (including developers) can pursue things that would otherwise be impossible. Without it, we're left with the constant push and pull of people either burning out maintaining stuff in their spare time, or hoping a given corporate maintainer wants the same features and functionality as the community.
[+] [-] twelvechairs|4 years ago|reply
His basic view is that Open Source is the dominant model today, but tension comes as very little of the value produced comes back to the community that creates this value. He argues this will always be 'the bare minimum' by virtue of economics, but that if something important slows down too much someone will put some money in it. But this is a model that operates and works. It is borne out by his history in postgis, which is maintained by a small number of people mostly in moderately-profitable service companies, in the red-hat mould. He's concerned about value being captured by cloud companies though who frequently don't employ open-source maintainers however. Some of this is further expounded in another talk by him here [1] (slides at [2]) on the future of open-source where he is very bullish.
[0] from about 19:00 onwards here https://thegeomob.com/podcast/episode-88
[1] https://www.youtube.com/watch?v=NQ5_NnrBHjo
[2] https://docs.google.com/presentation/d/1-PAgIk9--nedCdfMGEwh...
[+] [-] em-bee|4 years ago|reply
of course FOSS has always depended on people who had the resources to work on it. in the beginning this was only universities and as FOSS got more popular more funding sources appeared.
the problem that we are facing is not one of funding. there is plenty of funding available. the problem is a generational shift of that funding.
people who used to be able to afford working on FOSS no longer can because their life changed. they are no longer students, they have a family and so on.
FOSS development will continue. the fallacy is to believe that an individual contributor will always be able to keep contributing for the rest of their life. we need to acknowledge that unpaid FOSS contributions are limited to a few years of an individuals life. and after that they need to move on. and most do. those that didn't move on but continued contributing were those who managed to find additional funding sources.
the problem and the difficulty is that we get more and more software that is not new but needs to be maintained. most of those using their own funds will want to work on their own new software and not maintain someone elses.
so the questions is not how do we fund FOSS development, but rather how do we fund FOSS maintenance. that is the new thing that we didn't have to deal with a few decades ago
[+] [-] evandwight|4 years ago|reply
People don't need to maximize income. I volunteer because I have enough and money isn't the only objective.
Open source doesn't need to pay faang salaries to exist.
[+] [-] chasd00|4 years ago|reply
Well the point of open source is it works however the person opening the work wants. There’s a license compatible with every philosophy out there. Take your pick.
Open source isn’t broken because it can’t really break at all. For something to break it would have to have a concrete form to begin with.
[+] [-] riquito|4 years ago|reply
I'm surprised no one mentioned that there was no personal computer. Where else would you get a computer to develop free software back then?
[+] [-] sangnoir|4 years ago|reply
I suspect I'm a "purist" by your measure, and I disagree completely. University professors, students and volunteer contributors/maintainers will continue to exist going forward. Nothing has to change.
The problem is that this doesn't "scale" at the rate demanded by corporations, and corporate engineers[1]. The problem is not with FOSS - it is on the voracious consumption side. I suspect the volunteer vs corp usage will follow the Predator-Prey cycle, with volunteers being the prey. When the predator population grows too large, it will set off events that will lead to its population collapsing to a sustainable level. The onus is on startups/medium & large corps to help scale FOSS - not UBI or the like where the corps continue to freeride (which is fine, to a point)
1. Disclosure: I'm also one, in addition to being a volunteer contributor. I volunteer as a way to give back to an amazing project, and I earn a salary that meets all my needs.
[+] [-] netizen-936824|4 years ago|reply
[+] [-] ajross|4 years ago|reply
Well... BSD unix was. Unix itself was Bell Labs, the original TCP/IP spec was done by DARPA contractors (mostly BBN). HTTP was CERN but the breakthrough "browser" product was venture funded. GNU was a private organization, though RMS's office was provided by MIT for years and years. Linux obviously was an established community effort long before anyone with deep pockets showed up. Post-90's "corporate" open source has emerged basically everywhere, with Google and Intel being big early players (Facebook and Microsoft have been late to the game but done very well for themselves too).
I think if anything what this proves is that "Open Source" is going to pop up basically anywhere it's allowed to, and that any pronouncements about where it "really" came from are probably not informative.
[+] [-] jandrewrogers|4 years ago|reply
UBI is not a solution because it would, at best, pay poverty wages. People with the skills to be effective core contributors also have the skills to be paid much, much more for their time. Few people, and definitely not enough, are going to sacrifice the living standards of themselves or their family for some ideal of OSS.
There are strong adverse incentives that make it improbable that the people designing and building OSS are who we as users of OSS would want to be in that role in an ideal world. This has been getting worse with time. The risk for OSS is that those adverse incentives are never addressed.
[+] [-] ren_engineer|4 years ago|reply
universities were being paid by the military, who get their money from the taxpayers.
[+] [-] jrm4|4 years ago|reply
[+] [-] rob_c|4 years ago|reply
A fraction of some talented persons time from say HP is probably worth 100x first year developers who aren't paid to understand the tools the company is using.
To turn your argument on its head how much would every company have to invest to build a modern website from complete scratch in isolation? Then think why do that when you can effectively spread the cost?
Both approaches have ups and downs but I'm not sure the "someone always picks up the cost" isn't anything other than a statement of realism. It is a good reason to explain why nobody just works on a project in their basement for free and do nothing else, but doesn't role out being able to do this if responsible companies pick up a fraction of the tab they should be paying via donations.
As others have said a huge amount of the value comes from support, community and the contributions from many people, be they working on the same tools for a product they sell, to make a product or service they plan to sell or to scratch that itch on that project in their spare time they're playing with.
[+] [-] indymike|4 years ago|reply
Yes, and released with the BSD license, then copied.
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] mrweasel|4 years ago|reply
Open source is still remarkably successful and the only reason why the whole Log4J RCE is such a big deal, is because the library is hugely successful. The failing isn't in the work of the author(s), but those of us who been consuming the code. We don't need to fund the main developers, what we need is for the project, and projects like it, to be true communities. That mean that all the companies who have been relying on open source need to allocate time to community work.
We pay for open source software by helping build it and that goes beyond creating an issue on Github or complaining about missing features and poor documentation. We all part of the open source community, but we seem to have forgotten how it works. Now we believe that we can throw money at the problem, but that still leaves a single developer with the responsibility for a massive code base. OpenBSD was right: "Show us the code or shut up".
[+] [-] ChrisMarshallNY|4 years ago|reply
I think that there's a great deal of "brokenness" in the way that the software development community works, in general. Because OS is so ubiquitous, and because, as the author mentions, so many people make money on it, we think of OS as the problem.
I think the general quality level of software is catastrophically bad, in many instances. This is because people rush to do "big things," and they aren't actually ready to manage these "big things."
One example is overengineered design. This is something that we're all guilty of. Indeed, today, I am in the process of completely rewriting a view controller that I designed, that has that whole "Lucy and the Chocolate Factory"[0] thing going for it. The only solution was to take off, and nuke it from orbit.
When I create an overengineered design, it becomes brittle, and difficult to maintain or extend. What triggered my rewriting this, was because I needed to modify the way that the layout was done, and found it to be a complete bitch to figure out.
Fortunately, I am very experienced, and also wrote the original (messy) code. It would be another matter, entirely, if it was a "black box" dependency. I probably would have avoided modifying the layout, which would have resulted in a much lower quality of UX for my app.
[0] https://www.youtube.com/watch?v=NkQ58I53mjk
[+] [-] candiddevmike|4 years ago|reply
EDIT: I also don't want folks redistributing custom builds or effectively reselling it somehow. I'm a solo dev, I don't have the resources to litigate and enforce any kind of restrictive license.
[+] [-] tptacek|4 years ago|reply
[+] [-] brabel|4 years ago|reply
I publish all my hobby projects on GitHub. I have zero expectation to ever get paid for it, even though I know some big companies have used libraries I've written. I am not sure I even want to get paid, as that would increase my accountability a lot!
Do I feel exploited?? Not at all. No one asked me to do it. I do it because I like contributing my knowledge and I hope it will benefit someone doing good work some time... even if most beneficiaries are indeed greed, for-profit organizations. I also use heaps of "free" products by these same greedy companies... my website is hosted entirely free (with HTTPS and everything) by Netlify... I also have several project websites on GitHub Pages (free), run my CI on GitHub , TravisCI and, AppVeyor and CircleCI (all completely free), write some code on IntelliJ (Jetbrains), emacs (ok, this one is not from big co.) and VSCode (big bad MSFT) which are all totally free to use.
My browser is also completely free, thanks to Mozilla!
Sure, they use lots and lots of OSS, but without those, these products might never have existed as the cost to create them from scratch or by paying every single OSS library for use would have been prohibitive.
So, I agree with OP, OSS is working just fine.
[+] [-] jancsika|4 years ago|reply
The dozens of copy-pasted comments left by mbrodersen on the other post can only be interpreted to be against the claim that companies are exploiting open source maintainers here. Under this argument that was copy-pasted dozens of times, companies paying exactly $0 for software set at $0 are behaving in a natural and predictable manner within "the marketplace." It's an unambiguous argument. It's impossible to miss because it was copy-pasted dozens of times.
Now, I didn't notice the dozens of copy-pasted mbroderson comments being flagged or downvoted. Nor did I notice dang explaining to mbroderson that copy-pasting a low-effort "market mechanics" retort throughout a long thread is against the rules of HN.
And now that argument-- which again, was copy-pasted dozens of times on the other thread-- is in the ether. You cannot merely ignore it and claim that "both sides" are somehow saying the same thing. One side clearly isn't, at least a dozen times, copy-pasted.
So I'm curious what you think about the claim that nobody is exploiting anybody here, because if open source devs want greater than $0 from companies that use their software they should charge greater than $0 to companies that use their software.
I think I stated the claim correctly-- if not perhaps mbroderson can copy-paste the argument here.
[+] [-] ghaff|4 years ago|reply
[+] [-] indymike|4 years ago|reply
A lot of the business models that are exploiting OSS and OSS maintainers are very much parasitic. I think industry needs to be reminded that the first rule of being a parasite is "don't kill the host." That is what is happening as companies monetize open source and then don't support the team creating and maintaining the software they are exploiting.
[+] [-] rikroots|4 years ago|reply
Then again, I also give my poetry and my (2 completed) novels away for free. I'm not the greatest Poster Child for the Capitalist cause.
[+] [-] rhdxmr|4 years ago|reply
If open source is broken, it must be repaired.
I have contributed to OSS for over 2 years and it makes me feel fun and feel a sense of achievement. And I feel so grateful towards who had contributed to open source and had cultivated open source culture. I received help a lot from OSS and lots of open knowledge from the internet. And now I want to give it back to open source culture and I think I am making the world better a little bit.
[+] [-] IceDane|4 years ago|reply
They are literally arguing the same things. The article he is arguing against is not trying to shit on open source. It's trying to explain how insane it is that so much open source development is so critical but so massively underfunded.
The original article isn't saying that the idea of open source is fundamentally broken. It's the consumers of open source software whose morals are fundamentally broken.
Please, for the love of all that is holy, just spend like 5 extra minutes reading what you are arguing against next time. This is so embarrassing that I'm feeling the second-hand embarrassment.
[+] [-] sidlls|4 years ago|reply
The entire underpinning of free and open source software is silly: software in this context isn't an academic pursuit producing knowledge that should be freely shared to our collective advancement as a civilization. It's a hammer, a wrench, a table: in short, a product. That fundamental category error made by our community is the source of all the problems with F/OSS, financial and otherwise.
[+] [-] throwaway984393|4 years ago|reply
[+] [-] cpitman|4 years ago|reply
I've been a consultant for over 10 years. I always make sure to ask for access to any documentation for systems I'll be working on. I think I've gotten significant (out of date) documentation maybe once. This isn't an issue stemming from being open source.
[+] [-] loic-sharma|4 years ago|reply
[+] [-] carapace|4 years ago|reply
Copying and running code is (effectively) free, developing, maintaining, and auditing code is still expensive. Folks who want to use software without paying the costs get what they pay for, eh?
I feel that if there's anything the community is doing wrong, it's in the emphasis on new and shiny rather than mature and stable. I feel we should be entering a "contractile" stage of (global IT) development, with consolidation and convergence of software and hardware replacing the wild burgeoning and rampant growth of complexity.
"Like, complexity is an existential threat, man..."
[+] [-] haukem|4 years ago|reply
Someone working on open source to have fun is more likely to invest their time in more features instead of better documentation.
Here companies or users like you could step in and contribute better documentation or pay the original authors to improve the documentation.
[+] [-] trixie_|4 years ago|reply
[+] [-] watwut|4 years ago|reply
[+] [-] commandlinefan|4 years ago|reply
… from corporations that don’t bat an eye at donating billions to (often dubious) “social” organizations - often ones that criticize them anyway.
[+] [-] gtsop|4 years ago|reply
Honestly, I am not sure why there is an argument anymore. Let people write or use free or proprietary software as they see fit. You all know the pros, you all know the cons, make a decision and god's speed, live your life. I side with the free software. You do you.
[+] [-] orblivion|4 years ago|reply
Would it be possible to create an insurance policy against these major FOSS vulnerabilities?
The insurance company would then require audits of your tech stack, and fund security research. This is analogous to what car insurance companies already do. And then companies who are not insured are viewed as suspect, etc etc.
There's apparently a misalignment of incentives because there's a break in the chain of responsibility. The idea here is to close that loop.
[+] [-] phkahler|4 years ago|reply
Even software companies are charging rent for what already exists, and using some of that to develop their next version or new product.
The zero cost reproduction enables the free collaboration, but doesnt fit our existing ideas around paying for things.
I think that notion that all commercial software is rented needs to be widely understood.
[+] [-] betwixthewires|4 years ago|reply
While I very much agree with the article on it's core topic, this is incorrect. It is not illegal thanks to the license. The FOSS world created the licenses, it is made legal by choice, it isn't due to the system. "The system" very much allows for this problem to be entirely avoided.
If you're happy making free software but you don't want anyone to profit from your work without cutting you in on the success you contribute to, consider a dual license. Maybe the free software world should consider addressing this problem in some license scheme, a couple of options being royalties paid if the software is used in profit generating endeavors, or even something more restrictive, like requiring all derivative works and works being supported by licensed software to release their source as well. Imagine if Android were licensed in this way, google would not get to marry proprietary crap to it, as just one example.
[+] [-] jrm4|4 years ago|reply
If you're creating cool stuff and giving it away, great! No obligation.
If, however, you're creating a paid product or service -- there already exists a ton of law and precedent and ideas about obligations. We just need to remember these and start using them again.
These ideas and law generally point to: If you put a product out there, and make claims about what it can and cannot do (either explicitly or implicitly) then you must be held responsible for the harm if people reasonably rely on it and you screw up. That's it. That's the entirety of it.
FOSS is one of your inputs, could be seen as something like gasoline or trucks or whatever. It's your job as a company to handle those safely and make sure they don't goop out and cause harm, and if you don't get this right, you should be sued.
Edit -- and of course, sometimes the companies are too slow to make this happen and so we need regulation. We perhaps need an EPA or FDA for software.
[+] [-] jollybean|4 years ago|reply
The issue is not $1 downloads so much at is the overhead, pain and issues that come along with it.
It's hard to manage and control downloads, usage, and the legal issue might be that any hint of licensing problem makes it 'no go' from a corporate perspective.
So the gap between 'Free Beer and Speech' and 50-cent Beer and Speech is enormous.
[+] [-] sneak|4 years ago|reply
Free as in freedom always necessarily denotes free as in beer as well. It's not an accident or side effect.
[+] [-] Exendroinient|4 years ago|reply
[+] [-] Starlevel001|4 years ago|reply
[+] [-] carapace|4 years ago|reply
"Free" software began when RMS wanted to fix his printer and got locked out by Xerox. "Open" software was an attempt to woo business to use free software but (arguably) threw the baby out with the bathwater by eliminating the "virality" of the GPL et. al., which was kind of the whole point (of "Free" ethos.)
The whole Free vs. Open issue is effectively moot anyway since everybody uses proprietary closed systems. Even the FOSS folks use GitHub.
[+] [-] bityard|4 years ago|reply
This (IMO, weird) debate seems to be around all kinds of open source projects.
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] bshipp|4 years ago|reply
In many ways FOSS is thriving and on the cutting edge, and in others (especially project maintenance) it seems to be struggling.
But let's at least recognize some of the good actors in that space.
[+] [-] frizzle112|4 years ago|reply
Analysis from there is weak. The incentives I think fairly clearly lead to major underinvestment in open source relative to the ideal level because of the incentive problems Even if there is some investment and some significant success if there was investment of time and money order proportional to usage of major OSS components.