Slashdot Mirror
The Failed Economics of Our Software Commons
An anonymous reader writes: Most software developers are intimately familiar with having to waste time implementing something they probably shouldn't need to implement, or spending countless hours making their code work with bad (but required) software. Developer Paul Chiusano says this is because the economic model we use for building software just doesn't work. He writes, "What's the problem? In software, everyone is solving similar problems, and software makes it trivial to share solutions to these problems (unlike physical goods), in the form of common libraries, tools, etc. This ease of sharing means it makes perfect sense for actors to cooperate on the development of solutions to common problems. ... Obviously, it would be crazy to staff such critical projects largely with a handful of unpaid volunteers working in their spare time. Er, right?? Yet that is what projects like OpenSSL do. A huge number of people and businesses ostensibly benefit from these projects, and the vast majority are freeriders that contribute nothing to their development. This problem of freeriders is something that has plagued open source software for a very long time." Chiusano has some suggestions on how we can improve the way we allocate resources to software development.
Freeriders are giving you the marketshare. Having a loss leader is not an uncommon business practice, nor is it untenable.
You can't handle the truth.
If we want to address this issue, we need a complete overhaul of our IP laws.
If you want to be paid then charge for the software. Don't whine after the fact that thing you give away for free is used FOR FREE.
Reminds me of the "No Leeches" of the BBS days. Maybe we will see some upload / download ratios.
In other words, "People aren't writing the software I think they should be working on! WAAH!"
... that has plagued open source software for a very long time."
You mean entropy, this "free riders" problem is nothing but a restatement of limited amount of biological energy in any given human being to perform work over their lifetime. Human beings are limited creatures in terms of time and energy. If you want more then you're going to have to convince someone with the purse strings to finance some of these things on behalf of the common good. Good luck with that.
The real problem in many cases is that there are too many options, too many different libraries, and too much code that does pretty much the same thing in slightly different ways. How can you standardize when there are so many different "standards" to choose from?
This is actually a good thing, because it avoids a monoculture.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
As a little toddler I already developed signs of geekiness. As I grew older, my geekiness ballooned so much so that I could not, even if I want to, deny that in this life, I am a geek
Now that I am old, as an old geek, I still think that what we geek do, what we truly enjoy doing, often goes counter to the outside rule
That is why, when that guy is telling me (and other geeks) that we live by a "failed economic commons", hey, I am not surprised
If we geeks are to live by a "successful economic commons" many of the geeky things that we do, and many of the geeky creations that we have created, would not exist
The gist of the whole thing is this --- economy, whether it be "failed" or "successful" --- is in eye of the beholder
One can say that the economy of a certain country/region is good --- but good for whom? For the general populace, or for the 0.1%?
That is why, we geek don't give a flying fuck about the economy. We do what we do because we enjoy what we do. That is all
If they (and when I say "they" I mean those who look down on the geeks) don't like it, they can go jump into the sea
Muchas Gracias, Señor Edward Snowden !
If you don't want free riders, don't make free software.
You get to choose your license. You don't get to complain that people are following it.
The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
I'm not knocking it, it's the model that China has used for the past three millenia and it's worked reasonably well for them.
However, we do things differently in the West, particularly in the US. We're Adam Smith (the 1776 one, not the modern day popular author) guys and gals, moderately distrustful of government and the people who populate it. And no more trusting of committees such as the ones that the author is proposing. These are like the industrial consortium that pop up all the time, ilke OpenStack. Want to bet your company on those? Good luck.
Most of this stuff is done by people who have jobs, it's just not their core business to sell tiny little improvements that nobody is going to buy individually.
Since it misses what could be discovered within a few minutes of inquiring into the subject I think the post is designed either to push an agenda or to start an argument.
Imagine how the Open Source community would be if everyone using a tool *did* contribute to or fork the tool.
I use KDE all the time, but I know I'm shit at C++. You won't see me polluting the codebase with my awful code, or spamming the design forums whenever I see something I would do differently. The Linux community is better off for it too. :)
The people who do this have a number of reasons. Some do it open source software garners job offers. Some do it because they or the businesses they work for need free software to exist, and it's a self perpetuating loop - the more free software there is the more people contribute to it, so the more they have to chose from. For some it's like attending church - it feels right. For some it's a nice social group to be in. None of these reasons means they or the system they contribute to are crazy.
As for the free loaders - without legions of these "free loaders" free software would not exist. Few would bother to put the effort into Linux, or X, or Debian if there weren't legions of users out there to test it, and give feedback, find bugs, suggest improvements. They are a necessary part of the system. A system that for all its faults, works as least as well as any other commercial way of developing software if you go by deployments.
How about you use the GNU General Public License? It has strong copyleft, which prevents people from distributing closed-source software that uses your library.
Part of the problem is a lack of support by OS makers for legacy software. We've solved a huge number of problems, many times, but those tools are destroyed when the OS makers fail to support legacy software so we keep reinventing the wheel, badly.
Don't confuse the issue by pretending it's all about collaboration and economics of software. It doesn't make sense to try to shoehorn my software idea into an existing framework exclusively due to price and availability. Just because there's a square peg available for free doesn't mean that it'll fit a round problem, even if a square solution may take longer.
I predominately work in computational analysis and have spent a significant portion of my career trying to figure out physical problems (first in video games and now in engineering analysis), particularly in the finite element/CFD domain. That makes OpenFOAM is a classic example for me -- it's the benchmark for open source CFD analysis. But I'm still employed at an engineering firm developing our own numerical analysis tools.
OpenFOAM is quite good at a very small subset of what it claims to do, but it doesn't do *everything* well. Unfortunately, the framework is sufficiently mature at this point that trying to fork it and address those flaws would be a colossal undertaking. This means that for many toolsets, starting from the ground up is simply a more attractive alternative. Could we reuse a few elements deep in the integrators? Maybe, but those would come with their own baggage.
I'm a Linux/Unix/sometimes-Windows admin, and I'll be the first to admit that a lot of open source projects start as hobbies. That they are useful for people other than their creators is nice, but I don't complain to my friends that no one pays me for playing RPGs. I've been post-beta testing AD&D for decades. Where's my money?
> This problem of freeriders is something that has plagued open source software for a very long time.
The "economic model" of open software already accounts for this. You want the bugs in OpenSSL fixed? Fix them yourself or pay someone else to do it! Or you have to wait for someone else to do the same. The economic incentive is there. You arent paying for it = you dont value it. Free software gives you the benefits of its software, but it is very clear that it is "as is without the implied warranties of merchantability or fitness for purpose."
For the devs working on it "for free." That's their choice.
For the people relying on it without contributing? That's their risk.
Works as intended.
Who's this Johnny-come-lately Chiusano guy? What happened to Bennett Haselton?
Large companies need to stop spending boat loads of money on buying overpriced, re-released commercial operating system and productivity software that changes absolutely nothing useful about business functionality and spend maybe say, 10% of the money from what that budget would have been on donating to or contributing to software projects that the infrastructure's critical functionality relies upon.
Seriously. The money would go further and the software would last longer and everyone would get a lot more actual work done. Every time you buy a new version of Windows its like you're paying to re-arrange the deck chairs on the Titanic.
And don't fucking reply to me saying shit like "durrr, but OpenSSL got hacked and doesn't deserve to have had more money." Maybe that's true, but probably not. Even if it were true, above, I said donating or contributing, as in - spend your own company resources auditing the software if you don't trust it. If you find enough vulnerabilities to distrust the people who make it, then FORK IT OR PAY SOMEONE TO DO SO. The bottom line is, economically even in a worst-case scenario its still cheaper than every single company rolling their own from scratch, or every single company buying the same software over and over again made (perhaps not any more securely or competently) by some completely unaccountable, inauditable closed-source company.
> Since it misses what could be discovered within a few minutes of inquiring into the subject I think the post is designed either to push an agenda or to start an argument.
It's pushing an agenda... it's pimping some start-up website for "matching pledges" or some such nonsense.
Don't expect me to work on your favored project.
Not everything boils down to rational economics. People do lots of things voluntarily, without expectation of immediate financial gain.
The other issue with infrastructure type software (viz. OpenSSL) is that once created, they only occasionally require modification. It isn't a full time job. It'd be better managed by some interested custodians in their spare time (or rather; in time they choose to allocate to the pursuit); than for the software to be owned and managed by some organisation which assigns square pegs to round holes in order to get some half-arsed patches written and out "on time and within budget".
When money is involved, the question that comes to mind is "who should be in charge?"
There's a surprisingly consistent answer to this question.
I hear it a lot, from a lot of different people and that answer is "I should".
Snowdrift describes a way to raise funds.
It might even be more effective at raising funds.
But I see nothing that promotes spending those funds wisely.
The real problem is that software is bunches of little idiot savants glued together. They do their known role well but ONLY their known role. They are not flexible and have no common sense to adapt to new situations. They have to have an exacting or pre-known environment.
When we try to make software more flexible, it becomes unpredictable, often backfiring. Often it's better to keep it narrow and crash rather than have it "guess" and do something wrong because you may end up with a million wrong results before you catch it.
I remember a story about military battle simulation software being built in the early days of OOP. An Australian company wanted a customized version for Australia, so they asked the vendor to add Kangaroos to the simulation.
Rather than code up a Kangaroo from scratch, which would take a while, the developers made the Kangaroo class inherit from the already built "Human" class. It all worked fine until a group of simulated Kangaroo's were spooked by explosions and whipped out weapons and started fighting back. The "Human" class was tuned for military simulations, not general animals because that wasn't the vendor's original goal.
The story may be an urban myth, but it illustrates some of the pitfalls of "reuse". Unless you have full knowledge of what you are reusing, you may end up reusing unexpected and inappropriate sub-features.
It's probably an undeniable rule of the universe that you have to balance predictability against flexibility. No free lunch, at least not until "true" AI comes along such that software won't make stupid guesses anymore; but then we'd all be obsolete.
Table-ized A.I.
The article is long and poorly organized (that is, the organization is stream of conscious writing like most bloggers; he goes off into a mini-rant about how much he hates CSS/HTML, for example). Here is a summary, as well as I can understand it:
1) A new non-profit is trying to make it easy to fund open-source software, with a new donation method. You can donate, but your donation doesn't go through until ten (or X) other people donate the same amount.
2) This will increase funding for open source projects because:
* Companies don't want to fund open source if someone else will do it.
* It will be cheaper TCO for companies to fund open source projects they use. For example, if OpenSSL had been given more money, they would have fewer bugs (probably by rewriting everything in Erlang; really, that's what he said).
That is literally it. In all 2000 words he wrote, I cannot find another single point that supports his main thesis, that the new non-profit will increase funding for open source-projects. He however did spend a lot of words explaining that popular open source projects should get more money from the companies that use them, so that's something.
"First they came for the slanderers and i said nothing."
While people yell it's too offensive and impossible to get success at business (an very common opinion I've heard so many times), it at least makes the game much fair via requesting you pay for your freedom. For other licenses I think they work "well" is only because they welcome people to pillage their work as the article reveals, so sorry I don't feel sorry for those projects adopted such licenses and claim they're more friendly toward business.
Red Hat
It would seem that if your business has an interest in the direction that something like OpesnSSL is going, then said business will provide developers to work on it. While there are always going to be freeriders, they don't cost you any more to the develop the software than if there were not. On the other hand, if you owned the software instead of relying on the community to do the brunt of the development work for you, then you would be in a position to sell it to the supposed freeloaders. Of course, your costs would go up to develop it totally in house and there is no guarantee they would pay versus going elsewhere. It seems like everybody wins with the current system.
Software is thought-stuff as Brooks famously put it, and it lives in a multidimensional nonlinear space. Just because two programmers are implementing the same thing sitting next door to each other doesn't always mean they're mucking in the darkness, looking for a great software sage to show them how to write reusable code. Maybe one of them is coding for speed, the other for memory footprint, and the third for prettyness. You can't have one set of libraries do all three for you without effectively implementing it three times and giving them each the option. Just because software looks close, doesn't always mean there's a short path to get it to where you need it.
After working on a Windows system at my job, using my Linux computer is like a breath of fresh air.
Where is the problem? F/OSS has been around for decades.
The article sounds like somebody pissing and moaning about the foss model.
I work on my pet project (http://msscodefactory.sourceforge.net) because it's a fun challenge I set myself many years ago. Whether others use it is irrelevant. Whether I ever make money off it is irrelevant. There is only one thing that matters to me:
That's it. Beginning and end of story. I work on it for fun.
I do not fail; I succeed at finding out what does not work.
Listen whore. No one is forcing you to offer your wares for free.
Perhaps you should seek advice from a skull.
The benefits of open source softwares and freeware are incomprehensible those brainwash that greed is good or even that only through greed can come good. The open source projects have created enabling technologies such as httpd, TCP/IP, html, mosaic, etc. Without those technologies the economic booms circling the globe would probably be impossible. It created a feedback loops which into the private sector which then creates jobs and technologies which then help open source projects.
Calling those effects a failure is just silly.
putting the 'B' in LGBTQ+
As a support engineer (supporting engineers, not end-users!) I think that the problem with his premise is that he woefully underestimates the value of actual fielded use of a software package. I get it... developers are important. But no one knows how well a bridge works until the cars drive over it, AND an unexpected storm hits it and things still remain standing. Software weathers many more unexpected storms than a bridge does. Worse yet, they're frequently malicious, targeted storms.
No matter how much engineering and how much testing goes into a project, you don't really know how stable it is until it's used and tested and cracked and fixed.
Packages like OpenSSL got the mind-share, and yeah, they got cracked. And they got fixed. That is the point TFA misses. All the 'freeloaders' and the contributors are all yielding the benefits of the target that the freeloaders provided.
And it's much more hardened for the efforts of both the devs and the users! (and strangely the crackers, too!)
We only know what works on the long term by putting it to use. And finding what breaks. And fixing it. So starting from scratch is an exercise in redundancy.
OpenSSL was brought up as an example. So combine advanced networking with cryptography. I studied networking in university, and also cryptography. The main developers of OpenSSL are mostly PhD's because that's what you need to work on OpenSSL effectively. Its like this: there is a common story that "Any kid on the street can download and hack the Linux kernel". Well its true that any kid can download the source. You can tinker with the source, but unless you know advanced C programming, and have good understanding of operating system design (beyond an undergraduate degree operating systems course), they you won't be doing very much. There are many levels of people that you have to get through to get changes accepted, and something useless won't get past step 1. And that's the point. Some projects are more complicated, and you won't get a huge number of people on some projects because you are going places that not a lot of people can go.
The guys that argue that everything should be free are now complaining that they aren't getting paid? That is how I interpret this. And it is hilarious.
When thinking about the economics of FOSS the first thing to note is that the 'marginal cost' of another user is zero. Immediately a 'tragedy of the commons' problem is therefore impossible (you can't ruin the commons by overusing it because your use in no way impeds my ability to use it too, which is the definition of the tragedy of the commons).
There are some people trying to think through what zero marginal cost of use means for understanding the economics of FOSS, and standard economic arguements do not apply. I don't know much of what they have come up with but suffice to say a number of things look different (I am an economist, but different field of econ). Given just how well FOSS has done in creating open standards and common libraries the free rider problem, while it may exist, is clearly minor.
That said the snowdrift.coop idea, plugging which is really the point of the whole TFA, does sound like it might be a nice idea.
The large companies I have worked for tend to PURCHASE supported free software from Red Hat, SuSE, Oracle (even if it's a clone of Red Hat), IBM, etc. Indirectly this means that they end up paying for the development of free software since these open source companies all PAY their employees many of whom write code that gets licensed under the GPL and contributed as open source. All you need to do to verify this it look at the contributions to the kernel or many of the key Linux subsystems to see the bulk of the contributions are coming from RH, SuSE, IBM, etc. (Why do you think SCO sued IBM for copyright infringement for IBM's contributions to the Linux kernel?)
Most companies are not and don't want to be in the software business. Software development isn't even close to what they do. They are quite happy to pay for software that may or may not be open source. If it is open source, they want the same level of support (or better) as they get with their closed source vendors. While they may not be contributing code, they are paying the salaries of people who write open source software as their full time job by buying this support.
The person who claims that open source is failing due to "free riders" and "volunteer maintainers" hasn't looked at how open source development works. Hell, even back when classic programs like awk and grep were developed and circulated in the old Unix community it was through /usr/contrib the bulk of the developers were professional software developers. These programs (and many more) were developed by software professionals who chose to make them available to others rather than sell them (for a variety of reasons).
Yeah, there are a lot of pieces of open source that were developed and are maintained by volunteers. There's nothing wrong with that and, for quite a few years, open source has had fewer errors and has been far higher quality than the equivalent closed source programs. I'm not arguing that the OpenSSL flaw isn't serious. It is and it needs to be fixed but a certain closed source software vendor seems to patch a dozen equivalent flaws each month. I'd hardly call the OpenSSL flaw a reason to condemn the open source development model.
Cheers,
Daver
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
I open source as many parts of my paid projects as i can so that I'm not forced to reinvent the same wheel i made through a previous employer.
This makes me more productive perceptually since i bring value from my previous positions. Others could as well, but aren't as versed with my creations as i am.
So why do my current employers give to my next? It's a perk choosing them nothing.
Science & open-source build trust from peer review. Learn systems you can trust.
he vast majority are freeriders that contribute nothing to their development
For a lot of software, this simply isn't true. The millions of installs that don't pay a developer to work on the code still provide test environments, installed base to make the product popular and various other advantages. Very few of the highly successful Free Software projects would be where they are today if only people who contribute to their development had been allowed to use them.
Assorted stuff I do sometimes: Lemuria.org
"Various hedge funds and investment banks likely devote more resources to getting trade times down by a few milliseconds (including building a straighter fiber-optic cable between Chicago and NY) than the sum total value of all developer time devoted to to every open source project ever, since the dawn of software."
My understanding that most of the software used in these trading platforms is heavly borrowed fron Open Source. They're quite happy to use it, but not so happy to contribute it back to the community.
Michael Lewis: Did Goldman Sachs Overstep in Criminally Charging Its Ex-Programmer?
'(At Serge’s trial Kevin Marino, his lawyer, flashed two pages of computer code: the original, with its open-source license on top, and a replica, with the open-source license stripped off and replaced by the Goldman Sachs license.)'
So basically, free software should only be free to those that contribute?
So you "pay" for "free" software by contributing.
It was in the first paragraph. The rest is just uninformed griping that doesn't contribute to the current understanding of the problem.
In market-based economies, pricing of goods depends on fixed and marginal costs. Perfectly competitive (i.e., totally equivalent goods, completely interchangable with each other) cannot be priced above the marginal cost of producing another unit of it (in the long run, at least). Generating pricing power requires differentiation.
Software that is a commodity cannot be priced above its marginal cost. The marginal cost of another OpenSSL download is about zilch. If there was an efficient market able to make micropayments, market balance could be restored. As it is now, it's a hobby activity for individuals and a cost of doing business for large companies.
I would argue that editors, OS kernels, and compilers are, at this point, commodities. Obviously commercial offerings are differentiated just enough to generate some pricing power, and that suggests that Open Source offerings at least theoretically could (dual open/commercial licenses, like Qt in the past), but I would argue this is a temporary market inefficiency.
Incidentally, the classic way to make money giving away software was to then sell the consulting services around it.
Um, no, it hasn't. Software distribution is essentially costless at this point and as such freeriders don't plague anybody.
Quick and terrible analogy. I live in a really wealthy area and people around my neighborhood buy fireworks at the 4th of July that put some large cities to shame. I don't personally waste my money on fireworks, but I don't need to. On the 4th it sound like a war zone down here and I can sit on my back porch (I'm up a hill) and enjoy one hell of a show.
Am I "plaguing" those folks who bought fireworks for their own enjoyment?
No.
I use plenty of free software to which I contribute nothing. Frankly, I haven't done systems level programming in 20+ years so contributing to Linux probably ain't happening. But I do have my own set of free software available on github, including a complete 1D barcode generator/decoder written in pure Ruby. Same thing in Perl. I have some incredible maze generation code in JavaScript. And sprintf in pure JavaScript. There's some other stuff. I'm actually going through my massive code base that I've built up in the last 25+ years of software development and putting anything that I deem even remotely useful to somebody out on github - dual licensed under BSD and GPL. This is a long-term project for me.
I'm not being plagued by people who "freeload" off of me. I WANT THEM TO. The point is to save somebody else the time of inventing that particular wheel. It costs me nothing but a little time, but I enjoy that time and it's useful for me to curate the work, anyway.
I'm a businessman, too. I have plenty of code that I exploit for profit in various ways. It's hard for me to see how this isn't working. Maybe I should have RTFA'd, but given the summary I'd probably pop a blood vessel if I wandered into the rest of it.
Do you have ESP?
It follows that Open Source software does not and cannot exist, except as an innocent hobby, or else the theories of economics are erring.
I have an interest in the FOSS software that is useful to me. I do help to test. I do not open a wallet for support, and I am retired, and I need my pesos for other things. We are freeloaders because we don't have the means to contribute, or the link to where we could do it. I am waiting for an alternative to kickstart.com where I could have a login account, and therein, a list of software developers looking for donations. I would put some money into a $pool that is divided up by proportionally by popularity, based on the registered urls and password.