Slashdot Mirror
Corporations and OSS Do Not Mix (coglib.com)
An anonymous reader writes: Ian Cordasco, a prolific open source developer, wrote a lengthy post about his experiences working on code that gets used by companies as part of their business. His basic thesis is that the open source development process is not particularly compatible with for-profit corporations, and having them involved frequently makes progress more difficult. "As soon as a bug affects them, they want it fixed immediately. If you don't fix it in 24 hours (because maybe you have a real life or a family or you're sick or any number of other very valid reasons) then the threats start." He adds, "When companies do 'contribute,' it's often not in the best interest of the community, it isn't enough, or it's thoroughly misguided." Cordasco is quick to note that there are exceptions, but he has an idea why the majority behave that way: "I don't have the complete answer, but one important point is that there is toxicity in the community, its leaders, and or its contributors, and the companies have learned their behavior from this toxicity." He provides a list of suggestions both for companies using open source software, and also some further reading on the subject from Ashe Dryden, David MacIver, and Cory Benfield.
If somebody wants a fix for software that they haven't paid anything for, and they want it now, why not offer paid support on that one issue at a rate of $416 per hour? A 24 hour fix would place a cool $10,000 in your pocket. And if they don't want to, then tell them to hire somebody else to do it.
So Slashdot is basically scraping reddit/r/programming at this point for anything interesting? Or maybe just reddit. Maybe I will just cut out the middle man
"No one is asking companies to endure a significant financial burden in order to contribute back." c'mon, man. it ain't gonna happen on its own.
What threats? (I didn't RTFA yet). Start with the warranty disclaimer that you attached to your licence in capital letters. Then, if they "contribute", tell them nicely to fork off (the technical term, not the innuendo) and, if their fork is actually any good, they should ask you to merge their changes, which you will if they're not bullshit.
If they keep kicking and screaming like baby lawyers, submit for their review a support contract. Make sure your rate is in the "highly paid consultant" range - you might even get away with it, as at that point you'd be speaking _their_ language.
"Everybody's naked underneath" -- The Doctor
The listed threat is "Well if you're not going to take this seriously, we'll have to start using another project."
As an opensource developer, do you really see someone as choosing to use another project as a problem? They aren't contributing anything apparently. If they are being a pain in the ass, is them "threatening" to stop messiness with you really something to be afraid of? At least they reported an issue, and let you know why were using your software: that's more than you usually get (I suspect most open source projects never hear anything at all from most of the users: I've directly or indirectly used work from many hundreds of such projects for sure, and only contacted several of them).
Yeah, when you start throwing around suppositions that reveal a bias against the OSS leadership for being "toxic", I don't see much credibility in your opinion. Why not blame cosmic rays while you're at it? It's one thing to suggest "we can do better", but quite another to just pretend that it's the fault of people you clearly don't like. You and everyone else is relying on their work to a staggering degree, and now you talk like an usurper who wants to blame the software creators instead of the monied interests who don't have an incentive to contribute back, because some alleged asshole is doing it for free already.
The core problem isn't that OSS is incomparable with "business", it is only incomparable with the business of "selling software".
OTOH, I spent several hours going round-and-round with my brother inlaw. He runs/owns a company that installs business solutions (computers and software) into other businesses. He was all "I could never make money on open source platforms" using linux as the O.S. because it's free. But he readily admitted that installing Windows had a zero profit margin because of licensing.
There is also the ready admission that having a Windows service contract (again sold a essentially zero markup because of the licenses) doesn't garantee that Microsoft will issue you a patch if you complain about a problem. You are basically just paying up front for the chance to be told to work around a problem or the "opportunity" for an unsupported patch that you'll have to buy again if you upgrade.
Business men have no idea how to deal with OSS because they tend to mimic others and very few have ever done it. The idea of having a line item for zero-dollars that already had zero markup when the line item was non-zero dollars, is mystifying.
So here's this smart guy running a services business, but unable to see how he could charge to service OSS. But companies service OSS all the time.
The true failure, deeper in, is the idea that every incremental correction and modification is precious and must be hoarded and monetized.
And further in still is the complete failure to understand things like the up-front cost of a GPL project base is "disclosure", and that disclosure of those incremental changes is very cheap. Compare embedding linux kernels in things to the up-front and per-unit costs of Wince or VxWorks. Then really _think_ about how non-money-value your fix to that one serial driver really is compared to the item you wan to sell.
Companies tend to forget which businesses they are _not_ in. Selling software is not sustainable, but selling experience (games) and experience (professional expertese) are. So is selling "devices".
So its a problem made up of compounded risk adversity multiplied by inherently unimaginative "business thinking".
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
Yes, I RTFA. At least until the "Woe is me!" whingeing made me stop.
For example:
This is because the company wanted to invest as little time in the problem as possible so the person couldn't fix the tests, write new ones, or write a real fix. I don't blame the engineer, I blame their manager and their company. If the project is that important to them, they should have let the engineer spend a few hours, fix the bug the right way and follow the guidelines outlined in the contributor's documentation.
This clueless twit reflexively blames crappy fixes and failure to follow his guidelines on "their manager and their company", and not the rock-brain of a developer. He needs to actually try managing developers himself some day, then he'd realize the developers do a wonderful job of failing to follow guidelines and submitting crappy fixes all on their own.
TFA is full of crap like that.
Sounds like some bullshit. As someone who works in IT for a major corporation and has to deal with bugs that affect us in COTS software (such as MS Windows and MS Office), threatening people after 24 hours would be ridiculous. If the issue is currently unknown, expect a minimum of 2 weeks with a norm of more like 2 months for a fix - if the vendor will even agree to fix it. Why would a corporation threaten some OSS developer? It just doesn't scan and seems like BS.
Presumably, they chose the OSS software over another project in the first place for a reason, so starting to use another project would be their own loss. In actuality, that's not really a threat, that's just petty spite. I would have a hard time taking any company seriously that acted so unprofessional.
File under 'M' for 'Manic ranting'
"Well if you're not going to take this seriously, we'll have to start using another project."
I've never exactly gotten this. Why does anyone who is giving something away particularly care if someone who is getting it for free uses it or not?
This guy clearly doesn't understand that Open Source means "Free to Use" not "Free Beer", and that most corporations (the executives, not the software engineers or managers) are plenty happy to pay for support from the subject matter experts in it, so long as it saves them overall money. In fact, many corporation's resistance to OSS is due to the lack of such support - because their customers aren't so understanding..
This is the very business model that Red Hat uses. All this guy needs to do is put up a "priority payment" system for bug fixes, and post it publicly. Done and done.
Sorry if I'm a bit grumpy. Had a rough week dealing with end users and I'm feeling a bit BOfH.
linquendum tondere
Corporations are almost certainly the biggest consumers and supporters of open source. I would be very surprised if he ever got any money from hobbyists.
"As soon as a bug affects them, they want it fixed immediately. If you don't fix it in 24 hours (because maybe you have a real life or a family or you're sick or any number of other very valid reasons) then the threats start."
Seriously? Having dealt with all sorts of bugs in commercial, closed-source software for more than a decade, I've never heard anyone make threats if a bug isn't fixed in 24 hours.
How about you offer them their money back? IE, they didn't pay for it, and they got more than their money's worth by using your open-source code for free.
... this is a case of the squeaky well gets noticed.
I work in a large software company where we use thousands of open source projects in a couple of hundred projects and I'm intimately involved in the management of open source within the company. I've never had a team come to me and say "we need this bug fixed in the next day or two". And they damn sure don't go out threatening projects (that would be one of those "career limiting moves"). While I don't doubt that this guy has had people do that to him I gotta believe those are the people that he notices and remembers, not the silent majority.
By the very nature of business (which is to make money), businesspeople want as much as possible for as little money as possible. Non-business OSS people should just ignore their unreasonable requests or tell them to take a hike if they start bothering you.
Unless you are hired by business to do OSS, any OSS dev who fills pressure to satisfy the demands of businesses (or users in general), needs to remember that you are working on the project in your spare time for fun. Your commitment should be to the quality of the project itself. Distill what you want from their complaints and ignore the rest.
Verisign owns the root DNS and thus the internet. OSS is what they use to do that job. "Nuff" said. Oh wait, my bad, -- Verisign uses some Microsoft Word for letters 'n' stuff.
The Open source community has NEVER wanted greedy criminal organizations (i.e corps) to use open source software. This is why we refuse to sell out and take money from these fucking jackals. They can go fuck themselves and continue sucking on Micro$haft's fat cock and get their 'security' fixes once a decade or so.
This 'prolific open source developer' is clearly a retard who doesn't even know what he's talking about. Why is /. giving this jackass a soapbox?
And companies just want to be slow and keep things complicated for their own purposes.
Open Source developers work on things for the real work on the project, to solve a problem. That leads to severely different cycles of development (think api's and interop).
Corporate developers are driven due to a master plan, the trouble is that things get released to the public from corporations with a schedule that no-one outside of the corporation is aware of.
This leads to open source developers either forking away from a corporate project or stuck doing nothing. That friction can't last long because the developers working on their own time are going to inevitably become more and more efficient.
If it leads to ugliness, it's hard to understand why the market trusts the people who don't release the code of what they are working on.
"As soon as a bug affects them, they want it fixed immediately."
You respond with, "feel free to hire a team of programmers to fix that. you have the source code.:"
Honestly, you have to act like Linus if you run an OSS project.
Do not look at laser with remaining good eye.
I know that in 2003 some software sold by Haliburton had emacs among other things on the CDROM, with a text file of the GNU licence along with it. I think it was the same with the 1999 version but I'm not entirely sure.
So the "Corporations and OSS Do Not Mix" idea was far out of date twelve years ago.
Bugfixes often take months in commercial software.
... If you don't fix it in 24 hours (because maybe you have a real life or a family or you're sick or any number of other very valid reasons) then the threats start....
Does the license under which the OSS code is used by the company say that bugs will be fixed within 24 hours? Was a contract entered that says bugs will be fixed within 24 hours?
.
If the answer to both of the above is "no", then what's the problem?
I don't see why the guy is whining, and tainting the entire OSS community with his personal issues.
Whenever I see "OSS", I always think it means the "Office of Strategic Services". I don't think that mixed well with businesses, either.
"If you are using it without paying for it, are you really taking it seriously either?"
RMS is right about how open source can work in conjunction with companies - if they want "real" support, they can damn well pay for it.
The cost of hiring good coders cannot be avoided. Either you are paying good programmers to work for you, are you are paying less and are at the mercy of coders who feel like donating enough good code to you, that your business will function.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
This isn't a surprise to me. I work for a profitable government organization. We bring in substantial tax dollars. But at the end of the day all my work has to be justified, much of it within the confines of a specific project. That means once specific goals are met I must move on to other things. Bugs which affect us must be fixed, but others languish because of other priorities.
What a bunch of whining.
I want to say more, but for some reason, nothing more is coming to mind. Well, ok, there's this.
Tell the cocaine snorting assholes to shove it. Refuse to fix the bug. Quote an obscene price (worse than the $461 or whatever/hr quoted above). The only way to combat abusive gaslighting crack snorting dipshit sexually harassing managers is to refuse to comply.
I mean, seriously, what the living fuck. If they want the bug fixed, they'll have one of their own developers on it. They're ABUSING you.
I have seen with my own eyes two female software developers chased out of software jobs by asshole cocaine-snorting gaslighting abusive sexually harassing managers. DON'T LET THEM DO IT if they're not paying out. Fuck them. And fuck you if you give in.
And they blame us for this. They blame us when they chase away women programmers.
Here's a message for the Masters of the Universe: I know what you're doing. I know that before a few months there will be a rape accusation or else a sexual harassment accusation against me. Your backup plan is that I won't be able to access my meds. I don't fucking give a shit.
Here is my promise: if I lose access to my meds or if I lose my income, I will amputate my genitals outside of one of your hospitals. Give me a "religious objection!" then. I will be happy to die by bleeding out in one of your emergency rooms.
Heh, I am not afraid to walk away. Have fun without me if you think my skills are so trivial that they can be learned in an hour.
When has Microsoft ever fixed a customer-specific problem within 24 hours? I haven't actually talked to a live MS rep since 1994
Table-ized A.I.
Probably most open source software is developed either by corporations or by consortia of corporations. His situation, where he develops open source software independently that is then used by big corporations, is probably unusual. In particular, I suspect most of those corporations asking for quick turnaround on fixes, would probably be willing to pay for that kind of support if only someone would offer it.
I've found a few bugs in OSS and I've always hired reputable community members to immediately work around/fix the issue and contribute back to the community.
Yeah, it costs money. But, everyone I've hired has quickly identified and fixed my issues.
My last experience was with Percona and MySQL. Our database crashed, we recorded the error data and within 3 days they came to the office, identified the flaw ( a checksum of 0 is valid but the code throws an error) and had a pull request into mainline mysql by the end of the week.
The incompatibility is that businesses need software that works. The OSS community wants to produce buggy, incomplete, undocumented software.
Of course, a business that uses open source software will be most concerned about bugs that affect it. Isn't that natural? So if he wants the other bugs fixed, he can personally contribute his time to the project, and fix the bugs HE wants fixed! This article looks to me like a simple case of a guy who doesn't agree with his company's priorities, and is venting on the Web.
No less than 3 points ranting about code of conduct. I guess no one can keep themselves out of the outrage wars these days.
It's OSS. They want a bug fixed so damned bad that they're going to start threatening the author? Tell 'em to go pound sand, and have their own gods-be-damned programmer(s) fix it. It's not like they don't have the gods-be-damned source code for the thing.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Linus Torvalds started writing a kernel because he wanted a unix like OS for his own use.
Stallman started writing the shell and the tools because he envisioned a operating system for the community by the community and of the community.
IBM started using the linux kernel because they saw business sense in using a good quality kernel which was "usable" at a fraction of the cost of their usual software.
It is futile to expect these two groups to work or even understand each others goals and aspirations. They are fundamentally different.
Saw this coming, more articles about the "toxicity" of open source.
The women in tech groups can't get torvalds alone long enough to false flag him, so they're going to attack the entire community instead.
OSS doesn't have a problem, but the SJWs have a problem with OSS, because it's proving to be resistant to their efforts to "diversify", when really, they just want to move in and take over. Because power.
What corporations want is the ability to get qualified support for software that runs business, and this is a completely reasonable and non-toxic expectation. It does not however exclude Open Source software. It only excludes software without explicit paid support with contractual obligations and SLAs. The author, I think, is too vague and too broad in his assertions.
Except for Android. Or Tesla. Or Google search. Or most of the internet. Or...
This and no other is the root from which a tyrant springs; when first he appears as a protector - Plato (423 to 327 BC)
I've seen all of this with my freely available code or tools. And I always say the same thing "Thanks for bring the bug to my attention..." and then if I'm currently busy with other things or I don't care that much about the code anymore I follow up with "I'm currently busy with other projects, my hourly rate is $xxx if you need it fixed ASAP I would be happy to provide an estimate and invoice for the work. Otherwise it probably won't be fixed for a few weeks if ever."
Everyone so far has been very understanding and a number of them have paid for the addition or fix. I'll even list the sponsoring party in the changelog.
--Fixed crash from XYZ. Fix sponsored by AnimationCorp LLC.
I get paid to work on a free tool that I use too, they get something they need, I get some minor self promotion for the tool being used by more people and they get some minor promotion in the changelog/release notes.
A close friend of mine, Paul Tagliamonte, was involved in the discussion about Debian's switch to systemd. He received at least 3 death threats due to his participation. In what world is this acceptable behaviour for a community?
The Islamic world.
Based on my experience, I'm working for one of the big multi-nationals for years.
Bugs fixed quicker in commercial software, are you kidding me?
Fucking, seriously???
It's not only that most of the times you have to find workarounds/fixes yourself, it's that since it's commercial and not OSS code, what you'll likely face won't even be decompiled code, it will be bloody OBFUSCATED decompiled code with things like a.b.c.d1() all over the place!!!
At least for the corp I work for (and I'm pretty sure for most corporations out there) the main reasons for go for commercial over OSS is: LEGAL.
Some motherfucker patents "using (some ancient thingy that everyone on the planet uses) to quickly iterate over tree)" and kaboom, with OSS (no protection whatsoever) you need to pay either them directly or lawyers to fend them off.
With commercial software that's seller's problem.
As easy as that.
There are, of course, libs that are too widely used and would seriously harm IT projects if not used, e.g. apache commons libs. Well, for that there is short whitelist of items that "have been reviewed" along with "mitigation strategies".
Every manager is aware of this, so when you have a choice over "ShareIt" or "ShareThis", one is free, one is not, decision is made instantly, "of course we want the non-free one".
Companies, especially financial but also any company being "risk-evaluated" need to be able to "continue normal operation" in max. 24-hours, if they can't they risk-evaluation will drop and then they will be devalued, which technically means that their worth will drop. For an A+ or A rated company such devaluation is catastrophic because loan are based on this rating and will need to be paid immediately.
That means effectively that any piece of mission critical software or hardware need to either be replaced or fixed in under 24-hours.
YES, I do work in IT in a financial company with "triple A" rating.
(and btw. there are not so many of that kind companies left after the financial crisis)...
My company completely overhauled openvpn, and gave the results back to the community. Granted, this was under a government contract, but still.
Religion is what happens when nature strikes and groupthink goes wrong.
If I release the sources, that's that.
I don't have special obligations to people I don't know.
Releasing source code does not confer any responsibilities on me. You can say it does all you like.
> As soon as a bug affects them, they want it fixed immediately
Doesn't everybody? How is this exclusive to OSS? What a customer wants, and what has been agreed on, are not always compatible.
> I don't have the complete answer, but one important point is that there is toxicity in the community, its leaders, and or its contributors, and the companies have learned their behavior from this toxicity."
WTF!? This seems to be the epitome a non-sequitur. How does toxicity in the OSS community make OSS more demanding?
What a case of victimitis. If you release something for free and someone is whining about problems with it, who cares? They "threaten" to switch to a "competitor", who cares? Ask them to pay for your time, or tell them to fuck off. Don't be such a weak little man.
For service companies (RED HAT et al?) FOSS works GREAT
For product companies (ex Microsoft wt all) it is AWFUL, however they are now transitioning to service companies so FOSS and platform agnostic is GREAT.
CTOs, CFOs, COOs, and CEOs all want someone to blame (and preferably not them) when the shit hits the fan. No paid support means they can only yell at the sysadmin, who is already doing their best to fix a project manager's or application analysts shitty coded applications.
Corporations don't have to share the source of code they use internally. There are some licenses that say you have to share any code that results in the page sent to the user, though, I think.
business urgencies aside, developers who have significantly different opinions about a project just resolve it with a fork, and then often a useful relationship remains where code is shared between the two... business will have to learn.
The title is all wrong. Corporation without OSS and OSS Do Not Mix :)
I mix corporate and OSS business without any problems.
WoW. That must be new around here
One problem is business view OSS much as any other product, i.e. someone supplied it and thus the expect that person to help solve problems that arise. The do not see the OSS community as a community but as yet another vendor. Other vendors don't say "We'll, if it doesn't work right tell us and we'll see if we want to fix it and if someone is interested in fixing it they'll do so when they get around to it." As a result, there are differing expectation on what OSS really id; which if course does not absolve those acing like jerks.
Companies do not realize they can fix a problem themselves by patching their code even if the community doesn't agree with the fix. Of course, when they break something else they will expect someone else to fix the new problem.
The OSS community bears some blame as well, beyond the toxicity argument. There are those who want wider acceptance and use of OSS without changing the norms and culture that define the OSS community. Unfortunately, as communities grow up they change and such changes are sometimes hard for those who helped build the community to accept.
I'm a consultant - I convert gibberish into cash-flow.
Ian must have never worked for a big company, it's their normal way of working.
I see it here each time there is an issue with some piece of enterprise software, the phone is picked up, the account manager is called and threatened.
If you talk about OSS, the first question you get is - who do we call when it doesn't work. As long as you can say there is a support structure behind it, they panic goes away. Support mostly means that you have somebody to yell at, because the actual support part is in most cases not that great (with any vendor).
On a long enough timeline, the survival rate for everyone drops to zero.
And yet these corporations are still happily ponying up money for bug-ridden Windows. If these companies were as serious about demanding OSS bug fixes as they are about Windows bug fixes, Windows would be bug-free by now.
They don't understand that _any_ consultant could help them because the software source is available.
You are exactly correct that is a mind-set problem based in fear.
Business people are often not smart in the ways of "optional thought". They have game-plan mentalities based on team trimumph over all comers. (Next time someone tells you they are majoring in or have a degree in "business" ask them which sport they played in high school. No really, they act stunned and are all "how did you know?" in wonderment.
So they need someone to go to without thought. A vendor under contract is like the special teams in football. It doesn't matter how terrible your field-goal special team is, now is the moment you punt and it's then it's the punters fault we lost. Coach said so.
So business, particularly big business, is about apportioning blame (renamed "responsibility") because it's run like (and usually by) loss-adverse athletic reasoning.
There's a good reason that the entire tech explosion of the last fifty years happened outside of "normal business channels" and is full of geeks. What was done required non-linear thought by the drivers. Those companies all _hired_ MBAs to run the boring balls from legal to HR and back, but the innovation was done far away from the MBA's sight.
That's also why the Carly F.s of the world totally consumed companies like HP and turned them into "also rans" in their own fields. Get enough bankers and business men "on your team" and they'll crush the geeks before they realize they sold off or frightened away all the talent.
Innovation can be a team sport, but only a cooperative team sport like hakey-sack or "the floor is lava". 8-)
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
Companies tend to forget which businesses they are _not_ in. Selling software is not sustainable, but selling experience (games) and experience (professional expertese) are.
So how would one sell "experience" (games) without "selling software"? For one thing, video game console developer contracts are known to forbid inclusion of copylefted code in a product. For another, are you referring to combining a free engine with non-free assets (scripts, meshes, textures, maps, and audio)? And if so, how should a studio adopting such a business model deter casual infringement of a game's assets?
Indeed, there is an explicit disclaimer of warranty in the GPL and other OSS licenses.
Which doesn't do you much good if your code is available in a country where a disclaimer of an legally recognized implied warranty is considered unconscionable and therefore null, void, and of no force or effect.
I can't think of any off the top of my head. But about a decade and a half ago, there was a proposal called Uniform Computer Information Transaction Act to make each of the several states in the United States such a jurisdiction: Why We Must Fight UCITA