Metasploit As Case Study In Selling a FOSS Project

coondoggie sends in a Network World interview with HD Moore on the occasion of the commercial release of Metasploit by Rapid7, the company that bought it half a year ago. The pseudonomous author uses the occasion to explore the question of what happens to a vital open source project once it is sold commercially. "Metasploit might become one of the first examples of how a completely FOSS project grows up to be successful. It is the venture capital model without the startup money (though VCs are funding plenty of OS startups these days, too). Build it. They will come. Someone will buy it. And if you want them to stay, the FOSS project better remain as well supported as the eventual commercial version. This isn't the first open source project to have been bought by a big guy. And the jury is still out on on most of them. I could argue that Metasploit is a bit unique in that it didn't have a commercial arm when Rapid7 acquired it. That could not be said about SUSE or MySQL or even Gluecode (bought by IBM), etc."

Sustainable open source?

[alain94040]

The challenge for open source is that, while it's a fun hobby, how can we make it sustainable?"

sustainable is the key word for me here. If selling to a private corporation is the only sustainable way, that's too bad. That's why I like hybrid software licenses that combine open collaboration with some guarantee of revenue-sharing. Can we find a way to work together on a piece of code but still sell it for a reasonable price to end-users and sustain the developers? I sure hope so.

Because in the case of Metasploit, what do you think happens when all the developers now have a paying job? Even though the code is open, if it doesn't get maintained, it will die. So in practice, the project is basically at the mercy of the acquirer.

Re:Sustainable open source?

[ushering05401]

A revenue sharing license limits the contributor base for your project based on increases in accounting overhead to track and disburse monies over time.

And that page you linked is scary. They claim to pre-define growth rates on participating code-bases to protect against devaluing of contributor shares. WTF.

Re:Sustainable open source?

Prior to the acquisition, all of the developers also had full-time paying jobs (with a couple exceptions for students). The difference is now we a half-dozen getting a salary to work on it full-time, in addition to the normal community contributions. Since all of the core code goes back to the BSD-licensed public source tree, the acquirer has a strong incentive to continue maintaining it in order to prevent a fork.

Re:Sustainable open source?

[hdmoore]

There we go - found my real /. account -- the post above is my own, you can find open tickets in the Metasploit Redmine tracker for the msfweb/msfgui overhaul.

Re:Sustainable open source?

[insufflate10mg]

I read it, thought about it, said "naw can't be," read your post, and felt relieved. Mod this man up.

Re:Sustainable open source?

[maxume]

He appears to be associated with it, in some way or another (but maybe he is just a huge fan).

His whole analysis seems to ignore the part where some huge portion of open source software was released by a corporation (that payed an individual to do some work-for-hire, so the individual really doesn't have to worry if the work is sustainable or not, he is getting his right then).

Re:Sustainable open source?

[ducomputergeek]

Recently I've come across this in the day job where we forked an opensource project in order to get it PA-DSS certified, which the original supporting organization had no will to do so. But the process required by PA-DSS makes a community driven development model almost impossible. There has to be proper testing procedures in place and documented and a chain of trust for security updates, etc.. That pretty much means that the project now has to be run by our internal development team and signed binaries distributed if a customer wants PA-DSS certification. We supply the source code on the installation CD, but we have to tell customers if they do make any customizations, they are on their own when it comes to PA-DSS & other PCI requirements.

sounds like a decades-out-of-date argument

[Trepidity]

The challenge for open source is that, while it's a fun hobby, how can we make it sustainable?

That's pretty much what people said in the 80s, arguing that the GNU project maybe could build a text editor as hobbyists, but certainly couldn't build something like, say, a compiler. Then Linux was just a hobby project, fun, but surely nobody could use it for real work. Debian, a whole OS without any paid devs? Ridiculous! And yet despite being supposedly unsustainable, the flood of open source software doesn't seem to be showing any signs of stopping? Next you're going to tell me these hippie kids will write a free encyclopedia, too.

Sure, exploring ways of tying together funding and development is always interesting, but I don't think it's because of any crisis of sustainability...

Re:sounds like a decades-out-of-date argument

[LWATCDR]

"Debian, a whole OS without any paid devs?"
1. Debian is not an OS. It is a distro.
2. No Linux Distro I know of is free of code from paid devs! RedHat, IBM, Novell/SUSE, Intel, and many more pay people to develop code and then contribute that code to Linux. So any Distro that includes say.. The FOSS Intel video driver is using the code of paid devs.

Even RMS states the F in FOSS does not mean unpaid or free as in beer.

And I disagree about a crisis of sustainability. FOSS has not been wildly profitable as a whole. It has not inspired a huge numbers of vibrant projects. For every FireFox there are tens of thousands of projects that never get past a page on source forge.
Even some really good FOSS software just sort of lingers on the fringe. One great project IMHO is DeVeDe which is a super simple and easy to use DVD creation tool.
"I am not the dev but I use it"
Without a clear source of revenue projects will fade.
BTW the problem is getting worse for closed source software.
Most people have found software that frankly is good enough so they are not buying new software as much.
Also people have found free software on the internet both in the form of FOSS and in the form of piracy.
That is why you see so much interest in mobile apps. It is still possible to make money and maybe even grow large in that space. On the PC it is just too crowded.

Re:sounds like a decades-out-of-date argument

[jd]

Fair point, but look at some of the contributors to Linux: IBM, SGI, Hewlett-Packard, Oracle. They contributed largely in the spirit of openly contributing (highly commendable) but they also contributed because they were going to get some sort of return on that investment, no matter how indirect or long-term it might be. This was certainly not the reason Linux became what it is, but to ignore the fact that they help sustain Linux would be plain folly. Indeed, there was quite a dramatic pick-up of interest after the IBCS patch showed that the kernel was as capable as any commercial offering, albeit minus a few "Enterprise" features. (IBCS is how Oracle first ran on Linux, as a Linux port didn't exist at the time.) That's when pressure for such extras built up and the itches got scratched.

Similar things could be said of Apache. SGI has contributed much, including a high-performance accelerator that the Apache team rejected. (Interestingly, the next generation of Apache web servers was dramatically slower. Probably coincidental, but pissing off people with the arcane skill in optimizing is never a good idea.)

What of the GNU compiler collection? Well, I'll be generous and not say too much about the disastrous folly that caused EGCS to form, or the equally disastrous failures in Gnu Fortran which resulted in large-scale defections to the G95 project. I'm also deeply concerned about the whole PGCC fiasco (Intel's patches were superb on Intel hardware, great contribution from that perspective, but why the hell was it working worse on non-Intel hardware?), the bit-rot that caused various older compiler back-ends to be dropped from GCC, the huge maintenance problems being faced by people like the D frontend for GCC, and so on. It is superb, it's a magnificent testament to Open Source that GCC is =THE= benchmark to beat by compilers at the Supercomputer conference (you don't benchmark against things considered junk), and it is progressing. However, there is clearly a long history of conflicting egos and conflicting goals that have been as damaging to the product as productive.

And the BSD kernels? Very good development, but again a lot of fragmentation due to clashes. Individuals doing superb work, I'm not going to question the amazing technology that is inside FreeBSD, NetBSD, OpenBSD, DragonflyBSD, or any other *BSD. But there's way way too much bitterness, hostility and rivalry that goes well beyond the spirit of competition. They're all perfectly self-sustaining, I'm not going to even try to dispute that. The developers are highly passionate about what they do and what they do is magnificent. But, frankly, there have been times when I wish someone would slip some Prozac to those guys. The *BSD effort started TWO YEARS before Linux, it should be running the world by now, but it isn't. The kernels are all good, are all worthy equals to Linux, but damnit they had huge chunks already done AND a two year head-start. There shouldn't be any commercial UNIXes any more. Why does Solaris still exist? Why was all of this advantage squandered?

Re:sounds like a decades-out-of-date argument

[micheas]

... And I disagree about a crisis of sustainability. FOSS has not been wildly profitable as a whole. It has not inspired a huge numbers of vibrant projects. For every FireFox there are tens of thousands of projects that never get past a page on source forge.
Even some really good FOSS software just sort of lingers on the fringe. One great project IMHO is DeVeDe which is a super simple and easy to use DVD creation tool.
"I am not the dev but I use it"
Without a clear source of revenue projects will fade.
BTW the problem is getting worse for closed source software. ...

But, neither has closed source software been wildly profitable, as a whole.

over 90% of the wysiwig web page creator tools in the '90s didn't survive until 2000, and most of them never turned a profit, despite VC funding (or maybe because of VC funding), Dreamweaver, and Frontpage are the exceptions, and Frontpage was profitable because it was bought by microsoft.

Re:sounds like a decades-out-of-date argument

[greenbird]

snip long rant nit picking issues with various open source projects

You know, no one said open source was perfect. Even including the issues you mention every one of those open source projects offer products that are better than any closed source offerings. Not arguable better but for the most part excepted as better by everyone but a few zealots.

And Linux does run the world. The number of people who run critical systems on MS products is small and dwindling rapidly. Every heard of a router running Windows? As to commercial Unixes, They're hanging on only as long as there isn't funding to shift off of them.

The only reason Windows is still here is because people are use to it and most people are very adverse to change. That and Microsoft spends outrageous sums on marketing. And games which is the only thing MS Windows is really usable for. Desktop Linux has been more intuitive and easier to use than MS Windows since about the second or third version on Ubuntu came out.

Re:sounds like a decades-out-of-date argument

[LWATCDR]

What part of "BTW the problem is getting worse for closed source software. ..."
did you not understand?
There is a growing problem of profitability in the closed source segment as well.
It is really sad because I feel over all it is causing a real decline in innovation everywhere in the PC space.
Take OpenOffice for example. It's big "feature" is how close to Office it can get.
Don't get me wrong because I feel that we need OpenOffice and it serves a vital function. "But Calc SUCKS! OpenOffice FIX CALC IT IS A SLOW PIG".
What I don't see is any innovation in the spreadsheet space.
Where is a spreadsheet that uses Lisp as it's macro language?
Or a Word-processor that uses Python?
Maybe on that separates formulas for data like Lotus Improv did way back when?
PC software has gotten deadly dull. Show me a new tool or app.

Re:sounds like a decades-out-of-date argument

[maxume]

http://www.resolversystems.com/products/resolver-one/

I suspect there are plenty of other such things that you also do not know about. I guess it doesn't exactly fit one of your labels, but it fits what you are going on about.

Re:sounds like a decades-out-of-date argument

[micheas]

The examples I was trying to give you were over 10 years old.

Software has never been, over all, that profitable, but when it is profitable, it can be very profitable.

Re:sounds like a decades-out-of-date argument

[micheas]

Overall, besides the idea that software was profitable, I agree with you.

Re:sounds like a decades-out-of-date argument

[Trepidity]

Sure, there are plenty of stalled open-source projects, but there are a whole lot of wildly successful ones too. Besides Linux and gcc, web infrastructure is in large part open-source: Apache, nginx, Perl, Python, PHP, Ruby, MySQL, PostgreSQL combine for significant marketshare, and there's a lot of innovation in that area. In fact there's not much interesting happening on the web that isn't open-source: Microsoft and Adobe are pretty much the only two games in town on that front.

Re:sounds like a decades-out-of-date argument

[jd]

I'll wait until we're in the same galaxy, never mind on the same planet, before ripping this post to shreds. For now, I'll start with asking where this supposed rant is.

"GCC is =THE= benchmark to beat" is oh so very very condemning, I must say.

For BSD, "Very good development" and the developers are "magnificent". Hmmm. Yes, I could see how this could be taken as a put-down. What of, I'm not sure, as it clearly doesn't include the development or the developers, but probably something could be found.

As for the Linux kernel being "as capable as any commercial offering, albeit minus a few "Enterprise" features" --- ooooh, nasty attack there, I must say. Aside from the occasional data centre and Government departments, does anyone actually give a rat's ass about Linux being Carrier-Grade, FAA-certified or Common Criteria-Certified? These badges aren't exactly core to most people's uses of the system.

As for your bit about Windows, I fail to see the significance. I never mentioned Windows. I expressly and specifically referred to commercial Unixes, which either use the stock System V base or the stock BSD 4.4 base as a starting point. It does not make any sense to ask about Windows being around, since Windows and the *BSDs aren't even in the same market, but it DOES make sense to ask about BSD-vs-BSD or BSD-vs-SysV, as these ARE the same market.

And, let's face it, Solaris has had very little serious effort put into it for a very long time. I forget when Sun actually started the Solaris product line (which ran alongside SunOS for a while), but it isn't significantly older than 386BSD (from which FreeBSD came).

But look at the difference in effort! There are Open Source BSDs that will run on everything (and the kitchen sink port is due soon). There are Open Source BSDs where the entire kernel has been at least as well audited as Trusted Solaris. There are Open Source BSDs that have greater networking ability and performance than Solaris. Open Source BSDs were seriously looked at by DARPA because they're so damn good, and are used by mainstream desktop OS' and data centre firewalls.

(These compliments are seeeeerious examples of my staggering hostility to Open Source, I must say.)

Open Solaris exists solely because Open Source OS' were seriously competing with regular Solaris, especially on the x86 platform (but Linux works perfectly well on the Sparcs too). Clearly, then, there has been some impact. Sun didn't revise their service model for amusement.

However, the combined skills across the entire BSD and Linux spectrum far and away outstrips anything Sun could have ever thrown at Solaris, and one need only compare the 30+ specialist filesystems for Linux to the meagre generic offerings of Solaris to see that this talent has produced results. Tangible, real, solid, measurable results.

My complaint is not that Open Source isn't perfect (although indeed my post made it very clear it was damn close to perfect), my complaint is that stupid infighting, vicious and pointless hostility (of which your post is a great example) and other such drivel is why Linux and the *BSDs are why these OS' aren't the sole survivors of the OS wars.

Open Source is not the problem. Adversity to change (which is irrelevant) is not the problem. Marketing is not the problem. Attitudes like yours which create fictitious problems for the sole purpose of spewing at them - THAT is the problem. It is the ONLY problem. Everything else was fixed years ago.

Re:sounds like a decades-out-of-date argument

[LWATCDR]

Thanks that looks kind of interesting. I was hoping for Lisp but Python is still an interesting idea.

Re:sounds like a decades-out-of-date argument

[greenbird]

Open Source is not the problem. Adversity to change (which is irrelevant) is not the problem. Marketing is not the problem. Attitudes like yours which create fictitious problems for the sole purpose of spewing at them - THAT is the problem. It is the ONLY problem. Everything else was fixed years ago.

Thanks for the laugh. I need one this morning. All that and your conclusion is that I'm the problem for...what was the reason again? Fictitious problems? Adversity to change and marketing are fictitious problems? Yeah, better wait till we're on the same planet at least.

Re:sounds like a decades-out-of-date argument

[jd]

Adversity to change is indeed a fictitious problem, as far as this is concerned. The difference between Unixes is so utterly insignificant that the IBCS module was capable of running Solaris, SunOS, Xenix and Wyse binaries as if native. It didn't have to re-implement stuff, as with Wine, it just had to do a few minor tweaks and things Just Worked. Thus, there IS NO CHANGE. You can't be adverse to something that doesn't bloody well exist.

Marketing is also irrelevant as Unix vendors all market about the same, if you include non-traditional forms.

You notice a certain vendor missing, such as Microsoft? Hmmm? This is because I BLOODY WELL WASN'T TALKING ABOUT THEM! I referred solely to domination in the Unix world, and ONLY the Unix world, EXCLUSIVELY the Unix world, and NOTHING BUT the Unix world.

So wake up and smell the coffee. Oh, you're still off-planet. Better wait until you're at least at a planet that has coffee.

The assumption

[Monkeedude1212]

Build it. They will come. Someone will buy it. And if you want them to stay , the FOSS project better be remain as well supported as the eventual commercial version

(Ignoring how difficult that is to read, since its a quote.)

So at what point do you think the acquirer will always want them to stay, or that the FOSS project will remain as well supported?

I wouldn't be surprised if this turns out like every other Open Source project that gets bought out.

How?

How do you buy an open source project? You can't buy the code. Do you just buy the name?

Re:How?

[Trepidity]

Sounds like basically the name plus some core devs. It's BSD-licensed, so in theory they could've made their own proprietary version without even buying it, but in that case it might've been harder to get any attention or traction, and they might have had difficulty finding people familiar enough with the codebase and willing to write proprietary-licensed additions/extensions.

Re:How?

[Gerald]

Do you just buy the name?

You make it sound like the name is inconsequential. Depending on the project, trademarks and domain names can be as important as copyrights and licenses.

Re:How?

[pclminion]

You can't buy the code.

Yes you can. OSS code is owned by somebody. If it was not, how could the license requirements be enforced? You buy the code, you just realize that you can't stop anybody else in the world from using it -- that's the whole point. You do own it though.

Lol wut?

Metasploit might become one of the first examples of how a completely FOSS project grows up to be successful.

Wait, what???

Re:Lol wut?

[elrous0]

Damn, I lost another monocle.

a sad story

[Lord+Ender]

Metasploit used to have nice GUI and web-based interfaces. Once it was purchased, they were immediately dropped.

Also, a project like Metasploit can't live without community contributions, and we have yet to see if these are sustained. When contributing to a noncommercial open source project, the feel is one of peers collaborating. When contributing to a commercial product, the feel is more like working without a paycheck...

Re:a sad story

[charlesnw]

Metasploit used to have nice GUI and web-based interfaces. Once it was purchased, they were immediately dropped. Citation needed. I can't download the latest release at work, but I downloaded one recently and it had the web interface.

Re:a sad story

[Lord+Ender]

HDM ended support for the GTK and web interfaces when he was purchased. Now, you need to purchase Metasploit Express ( http://www.metasploit.com/express/ ) to get a graphical interface for Metasploit.

Re:a sad story

Not quite - Prior to the 3.2 release, both the main developer for msfweb and the main developer for msfgui dropped out of the project (LMH and Fabrice); We fixed these interfaces up just enough to make them work for 3.2, but they have always been incredibly buggy and crash-prone. The msfweb interface needs an overhaul to be really usable (and we would love for someone in the community to take this on), however the msfgui interface will have to be rewritten from the ground up due to an insane number of crash bugs in the ruby-gnome2 codebase. As the project moved towards 1.9 compatibility, both msfweb and msfgui fell even further behind. We deprecated these interfaces in 3.3, which was immediately after the acquisition, but the acquisition had little to do with the decision to stop trying to maintain these. The main goal of msfweb and msfgui was to support an interactive console on the Windows platform; since we added RXVT/Cygwin to the 3.3.x packaging, it became possible to run msfconsole natively, removing the need to keep hacking msfweb/msfgui to work. The decision really came down to msfweb vs cygwin; with msfgui no longer an option due to the aforementioned crash bugs.

Long-term, we are trying to consolidate all of the interaction into a small number of tools; currently we have msfconsole, msfcli, msfweb, msfgui, msfrpc, and then msfencode+msfpayload. We would like to merge the cli functionality into the console (its buggy with certain module types at the moment), remove msfweb and msfgui until we find a new owner in the community, make msfrpc the standard way to programmatically interact with the framework, and combine msfpayload/msfencode into a single utility.

Re:a sad story

[Lord+Ender]

Well, apologies if I mistakenly attributed to the Rapid7 purchase what was actually a technical decision. From an outsider viewpoint, the project was acquired, then the GUI support was dropped, then a commercial GUI (Metasploit Express) was offered for purchase; so it certainly seemed like these things were related.

You deserve to make money from your great project--thanks for creating it. I do, of course, hope that the project isn't forced to compromise because of the new financial interests.

Re:a sad story

[Lord+Ender]

To add to my own post: please read the AC post below this one. It seems to be by HDM or someone knowledgeable about the project, and the poster attributes the changes technical reasons.

Re:a sad story

[hdmoore]

Thanks! We would be happy to continue development of msfweb/msfgui if we find someone in the community to take it on. Funny enough, many of the "hardcore" users (module developers) were happy about the decision to deprecate the web and gui interfaces, but they tend to be console-mode purists anyways :) Sorry for the AC comment earlier, took a bit to find my credentials for this account.

Re:a sad story

Frankly, the web and gui were limited. You couldn't easily background sessions, perform route add/port forwarding, or any of the other really cool advanced features. Once I forced myself to learn Metasploit in Linux, it solved the debate. I wouldn't go back to those interfaces for any reason.

Sustainability

[MikeRT]

The challenge for open source is that, while it's a fun hobby, how can we make it sustainable?

There is tried and proven set of options: get a paying user to underwrite the work, get a paying user to buy customization services from individuals, form a company around it or form a non-profit which accepts tax deductible donations to fund development. There really isn't much of a difference here between this form of labor and all other forms of labor.

Open source recipe to success

[unity100]

- Develop a software that can be used for the average need of the average user out there. (average relative to any particular field).
- Let people have it free
- Develop modules for niche needs for the software
- Sell modules
- Profit

logic is, not everyone will need every functionality. it will just bloat the software. so, something that will work and do the core tasks needed needs to be open source. and any added obscure or specific functionality has to come with modules. this way, users will be able to add functionality to their software as they need.

this works in oscommerce for example. in joomla, drupal, any major os software. it can work for many of them.

I don't get it ...

[RAMMS+EIN]

``Metasploit might become one of the first examples of how a completely FOSS project grows up to be successful.''

What is the definition of 'successful' being used here? I see open source projects all around me. Aren't those successful?

Re:I don't get it ...

[sourcerror]

A lot of them started as failed commercial products (e.g. Firefox,Blender). Although I still not see how it'd be first. (BSD?, GNU/Linux?)

Re:I don't get it ...

[sourcerror]

Oh, and Warzone2100 (failed commercially, gone opensource)

pseudonomous author

[seifried]

Isn't. I've seen his drivers license, his name is in fact "H D Moore" (that or he went to some trouble getting a changed/fake license just to carry a "my first name is H. No seriously." story).

Re:pseudonomous author

It cracks me up every time he complains about registration forms that refuse one letter first names.

Re:pseudonomous author

[seifried]

Hey if it was up to me I'd name both my twins the same name, different middle names (but same first letter so the middle initial is the same as well) but my wife very very strongly vetoed it.

Drupal and Acquia plus Drupal distros

[twasserman]

Another interesting example of commercial success around a "pure" FOSS project is Drupal, originally developed about 10 years ago as the centerpiece of Dries Buytaert's Ph.D. research. About two years ago, Acquia was started to provide a supported distribution of Drupal with commercial support and now hosting for Drupal projects (drupalgardens). With so many themes and modules being developed for Drupal, many of which are free, we are now seeing new Drupal distros spring up, in much the same way that Linux distros sprung up in the 1990's. The various distros package a "trusted" collection of modules and themes, which work across all community and commercial versions of a specific version of Drupal, e.g.,Drupal 6.x. The recent Drupalcon in San Francisco had about 3000 registrants, hundreds of sessions, and about 20 vendors of Drupal training and professional services. The registration fee averaged about $200, so that added up to some significant revenue, along with some very substantial expenses from holding the event in Moscone Center, the same place that Oracle holds their OpenWorld event with 40,000 attendees.

Even with all of this commercial activity, anyone can go to drupal.org, freely download the community edition with any desired modules and themes, and participate as a member of the Drupal community, contributing to the project in many different ways.

Sourcefire and L0phtCrack

Hopefully this ends up being more of a SourceFire/Snort success than the L0phtCrack@Stake variety.

The Tale of the Three Headed Hammer

[zogger]

~~~Once upon a time, a long time ago, in the land known as FreakingFarkedUpLand...a tool company was formed. They made tools. They designed tools and sold tools. They never used tools all that much, a teeny bit..but they wanted to
"make money", and they decided since the upcoming "modern civilization" that everyone was talking about was coming soon, that by selling tools to build civilization, they could all be rich. Well, they was just one guy to start with, but he had some "investors" who needed to get rich quick and easy too....

That was the plan, man...

One of their first mastermind inventions was the "three headed hammer". See, since most hammers only have one head on them, one weight and one size, well gosh darn it, a carpenter might need several, to pound different size nails into different hardness and thicknesses of wood. Little tacks to huge spikes.but you needed different hammers usually. So..they decided that their new invention would have three hammer heads instead of just one, on the same hammer handle shaft. Amazing! Three different sized heads, sticking out at angles. Just flip it around, a new hammer! They would get rich, everyone would buy..err, "license"... their hammer.
The inventor and investors sat around gloating over their huge profits to come...

Unfortunately, back in the real world ->>>

"Yo, Sparky..about this new hammer I got from you.."

YES, YES, WHAT ABOUT MY MOST EXCELLENT HAMMER THAT IS GOING TO MAKE ME RICH?

"Well, you see..these extra heads..when you go to swing at a nail, the heads sticking out to the side smash your hand and.."

WHAT, YOU DARE TO CRITICIZE MY HAMMER! PLUS, YOU HAVE VIOLATED MY HAMMERING LICENSE!

"Ya, but...and this handle..it is freaking 30 inches long, so I decided to cut half of it off and..."

YOU WHAT!!??!! MY LAWYERS WILL BE ONTO YOU SHORTLY, FOR DISASSEMBLING *MY* HAMMER. THAT'S ILLEGAL YOU KNOW, AND I NEED TO MAKE MONEY BY LICENSING MY HAMMERS!

"Ya, but Sparky..check this out..just come work with us carpenters, you can still fool around with new hammer designs, and we can all make money by building new "civilization" houses, and we'll just share ideas on what works and what doesn't and..."

NO, NO, NO A THOUSAND TIMES NO! I AM ONLY IN THE HAMMER DESIGN BUSINESS, THAT IS THE ONLY WAY TO MAKE MONEY, LA LA LA, I CAN'T HEAR YOU, AND I DON'T NEED TO LEARN TO BUILD ANYTHING AS LONG AS I HAVE MY THREE HEADED HAMMER. RICH I SAY, NOW PAY ME LOTS AND OODLES, ALWAYS AND FOREVER.

"Sparky..that just ain't gonna work. There's plenty of work for civilization builders..but not so much for hammer designers...I mean, it's a rock on the end of a stick, man, check it out, excuse me, three rocks in your case..whoopedy zing. The real work that pays good is over here in the sweat zone where all this building is going on. Good honest work, needed, and.."

NOPE! THE ONLIEST WAY TO "MAKE MONEY" IS BY LICENSING THREE HEADED HAMMERS, FULL TIME! BEGONE! AND BE WARNED! OUR NEXT PRODUCT OUT IS THE AUTOMATIC SCRIBE! AND IF YOU USE IT, YOU WILL HAVE TO PAY US A ROYAL PERCENTAGE ON EVERYTHING YOU SCRIBE WITH IT!

"OK...uhh..see ya around.."

THE END

two side

businessman steals from open src without contribution
developers contributes to open src without life

this is unhealthy and unidirectional
and what 's the end of it?

death of open src

either break business
or
break development

Absurdities

[jd]

I've noticed that whenever I fry the crap out of delinquent thinkers on one thread, I get these sorts of even-more-mindless posts from ever-more delinquent thinkers. Dunno if it's a case of flushing the vermin out of the woodwork, or merely a case of me not being "one of you", that gets your snot-filled attitude going. But frankly it pisses me off.

My thoughs

[devent]

I don't think you can get rich if your main product is the open source software. There are only a few exceptions where software is the real product, like Windows, PhotoShop, etc. This software is a niche product, very specialized. But most of the time software is just a by-product of your enterprise.

Apple, for example, don't sell MacOS so much as Macs. Apple is a hardware company, the MacOS system is just a by-product. If Apple would release MacOS as open source, they wouldn't lose much, because nobody can sell it which an Mac-clone.

For most companies, the software is just a necessity to get the enterprise running. That is why Linux is so much used. Everybody needs an operating system but nobody really makes money with an operating system (which Microsoft as a special case). RedHah, Novell, they sell support; IBM sells it's mainframes; Google sells it's web-apps as a service;

We just looking at games, Microsoft and Adobe and ask how they could make money if their products were open source. But they are the exceptions in software applications. They targeting end-user with their software, it's their core business. But if you are a car company, for example, using open source software or releasing the code shouldn't make any difference. In fact, a model like the Linux kernel is very good to save costs and to lower risks. Instead that every car manufacturer creates their own software to control the car, they could make an open source project and contribute to it like with the Linux kernel. They could save costs, because now all car manufacturers are sharing the costs, and lower the risks, because the code is tested by many more companies in very different scenarios. That is what the Open handset Alliance (OHA) is doing and why everyone now embrace Android.