Slashdot Mirror
Corporations and OSS Do Not Mix (coglib.com)
An anonymous reader writes: Ian Cordasco, a prolific open source developer, wrote a lengthy post about his experiences working on code that gets used by companies as part of their business. His basic thesis is that the open source development process is not particularly compatible with for-profit corporations, and having them involved frequently makes progress more difficult. "As soon as a bug affects them, they want it fixed immediately. If you don't fix it in 24 hours (because maybe you have a real life or a family or you're sick or any number of other very valid reasons) then the threats start." He adds, "When companies do 'contribute,' it's often not in the best interest of the community, it isn't enough, or it's thoroughly misguided." Cordasco is quick to note that there are exceptions, but he has an idea why the majority behave that way: "I don't have the complete answer, but one important point is that there is toxicity in the community, its leaders, and or its contributors, and the companies have learned their behavior from this toxicity." He provides a list of suggestions both for companies using open source software, and also some further reading on the subject from Ashe Dryden, David MacIver, and Cory Benfield.
If somebody wants a fix for software that they haven't paid anything for, and they want it now, why not offer paid support on that one issue at a rate of $416 per hour? A 24 hour fix would place a cool $10,000 in your pocket. And if they don't want to, then tell them to hire somebody else to do it.
"No one is asking companies to endure a significant financial burden in order to contribute back." c'mon, man. it ain't gonna happen on its own.
What threats? (I didn't RTFA yet). Start with the warranty disclaimer that you attached to your licence in capital letters. Then, if they "contribute", tell them nicely to fork off (the technical term, not the innuendo) and, if their fork is actually any good, they should ask you to merge their changes, which you will if they're not bullshit.
If they keep kicking and screaming like baby lawyers, submit for their review a support contract. Make sure your rate is in the "highly paid consultant" range - you might even get away with it, as at that point you'd be speaking _their_ language.
"Everybody's naked underneath" -- The Doctor
The listed threat is "Well if you're not going to take this seriously, we'll have to start using another project."
As an opensource developer, do you really see someone as choosing to use another project as a problem? They aren't contributing anything apparently. If they are being a pain in the ass, is them "threatening" to stop messiness with you really something to be afraid of? At least they reported an issue, and let you know why were using your software: that's more than you usually get (I suspect most open source projects never hear anything at all from most of the users: I've directly or indirectly used work from many hundreds of such projects for sure, and only contacted several of them).
Yeah, when you start throwing around suppositions that reveal a bias against the OSS leadership for being "toxic", I don't see much credibility in your opinion. Why not blame cosmic rays while you're at it? It's one thing to suggest "we can do better", but quite another to just pretend that it's the fault of people you clearly don't like. You and everyone else is relying on their work to a staggering degree, and now you talk like an usurper who wants to blame the software creators instead of the monied interests who don't have an incentive to contribute back, because some alleged asshole is doing it for free already.
The core problem isn't that OSS is incomparable with "business", it is only incomparable with the business of "selling software".
OTOH, I spent several hours going round-and-round with my brother inlaw. He runs/owns a company that installs business solutions (computers and software) into other businesses. He was all "I could never make money on open source platforms" using linux as the O.S. because it's free. But he readily admitted that installing Windows had a zero profit margin because of licensing.
There is also the ready admission that having a Windows service contract (again sold a essentially zero markup because of the licenses) doesn't garantee that Microsoft will issue you a patch if you complain about a problem. You are basically just paying up front for the chance to be told to work around a problem or the "opportunity" for an unsupported patch that you'll have to buy again if you upgrade.
Business men have no idea how to deal with OSS because they tend to mimic others and very few have ever done it. The idea of having a line item for zero-dollars that already had zero markup when the line item was non-zero dollars, is mystifying.
So here's this smart guy running a services business, but unable to see how he could charge to service OSS. But companies service OSS all the time.
The true failure, deeper in, is the idea that every incremental correction and modification is precious and must be hoarded and monetized.
And further in still is the complete failure to understand things like the up-front cost of a GPL project base is "disclosure", and that disclosure of those incremental changes is very cheap. Compare embedding linux kernels in things to the up-front and per-unit costs of Wince or VxWorks. Then really _think_ about how non-money-value your fix to that one serial driver really is compared to the item you wan to sell.
Companies tend to forget which businesses they are _not_ in. Selling software is not sustainable, but selling experience (games) and experience (professional expertese) are. So is selling "devices".
So its a problem made up of compounded risk adversity multiplied by inherently unimaginative "business thinking".
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
Yes, I RTFA. At least until the "Woe is me!" whingeing made me stop.
For example:
This is because the company wanted to invest as little time in the problem as possible so the person couldn't fix the tests, write new ones, or write a real fix. I don't blame the engineer, I blame their manager and their company. If the project is that important to them, they should have let the engineer spend a few hours, fix the bug the right way and follow the guidelines outlined in the contributor's documentation.
This clueless twit reflexively blames crappy fixes and failure to follow his guidelines on "their manager and their company", and not the rock-brain of a developer. He needs to actually try managing developers himself some day, then he'd realize the developers do a wonderful job of failing to follow guidelines and submitting crappy fixes all on their own.
TFA is full of crap like that.
Sounds like some bullshit. As someone who works in IT for a major corporation and has to deal with bugs that affect us in COTS software (such as MS Windows and MS Office), threatening people after 24 hours would be ridiculous. If the issue is currently unknown, expect a minimum of 2 weeks with a norm of more like 2 months for a fix - if the vendor will even agree to fix it. Why would a corporation threaten some OSS developer? It just doesn't scan and seems like BS.
Presumably, they chose the OSS software over another project in the first place for a reason, so starting to use another project would be their own loss. In actuality, that's not really a threat, that's just petty spite. I would have a hard time taking any company seriously that acted so unprofessional.
File under 'M' for 'Manic ranting'
"Well if you're not going to take this seriously, we'll have to start using another project."
I've never exactly gotten this. Why does anyone who is giving something away particularly care if someone who is getting it for free uses it or not?
This guy clearly doesn't understand that Open Source means "Free to Use" not "Free Beer", and that most corporations (the executives, not the software engineers or managers) are plenty happy to pay for support from the subject matter experts in it, so long as it saves them overall money. In fact, many corporation's resistance to OSS is due to the lack of such support - because their customers aren't so understanding..
This is the very business model that Red Hat uses. All this guy needs to do is put up a "priority payment" system for bug fixes, and post it publicly. Done and done.
Sorry if I'm a bit grumpy. Had a rough week dealing with end users and I'm feeling a bit BOfH.
linquendum tondere
Corporations are almost certainly the biggest consumers and supporters of open source. I would be very surprised if he ever got any money from hobbyists.
... this is a case of the squeaky well gets noticed.
I work in a large software company where we use thousands of open source projects in a couple of hundred projects and I'm intimately involved in the management of open source within the company. I've never had a team come to me and say "we need this bug fixed in the next day or two". And they damn sure don't go out threatening projects (that would be one of those "career limiting moves"). While I don't doubt that this guy has had people do that to him I gotta believe those are the people that he notices and remembers, not the silent majority.
Really? Not even an implied one that you might not still have a job otherwise? I've had that happen a few times, unfortunately.
File under 'M' for 'Manic ranting'
"As soon as a bug affects them, they want it fixed immediately."
You respond with, "feel free to hire a team of programmers to fix that. you have the source code.:"
Honestly, you have to act like Linus if you run an OSS project.
Do not look at laser with remaining good eye.
... If you don't fix it in 24 hours (because maybe you have a real life or a family or you're sick or any number of other very valid reasons) then the threats start....
Does the license under which the OSS code is used by the company say that bugs will be fixed within 24 hours? Was a contract entered that says bugs will be fixed within 24 hours?
.
If the answer to both of the above is "no", then what's the problem?
I don't see why the guy is whining, and tainting the entire OSS community with his personal issues.
Whenever I see "OSS", I always think it means the "Office of Strategic Services". I don't think that mixed well with businesses, either.
"If you are using it without paying for it, are you really taking it seriously either?"
RMS is right about how open source can work in conjunction with companies - if they want "real" support, they can damn well pay for it.
The cost of hiring good coders cannot be avoided. Either you are paying good programmers to work for you, are you are paying less and are at the mercy of coders who feel like donating enough good code to you, that your business will function.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
This isn't a surprise to me. I work for a profitable government organization. We bring in substantial tax dollars. But at the end of the day all my work has to be justified, much of it within the confines of a specific project. That means once specific goals are met I must move on to other things. Bugs which affect us must be fixed, but others languish because of other priorities.
When has Microsoft ever fixed a customer-specific problem within 24 hours? I haven't actually talked to a live MS rep since 1994
Table-ized A.I.
Probably most open source software is developed either by corporations or by consortia of corporations. His situation, where he develops open source software independently that is then used by big corporations, is probably unusual. In particular, I suspect most of those corporations asking for quick turnaround on fixes, would probably be willing to pay for that kind of support if only someone would offer it.
The incompatibility is that businesses need software that works. The OSS community wants to produce buggy, incomplete, undocumented software.
Of course, a business that uses open source software will be most concerned about bugs that affect it. Isn't that natural? So if he wants the other bugs fixed, he can personally contribute his time to the project, and fix the bugs HE wants fixed! This article looks to me like a simple case of a guy who doesn't agree with his company's priorities, and is venting on the Web.
What in the holy fuck did I just read?
It's OSS. They want a bug fixed so damned bad that they're going to start threatening the author? Tell 'em to go pound sand, and have their own gods-be-damned programmer(s) fix it. It's not like they don't have the gods-be-damned source code for the thing.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
What in the holy fuck did I just read?
Something about He-Man and the proper location where one should amputate their genitals?
Linus Torvalds started writing a kernel because he wanted a unix like OS for his own use.
Stallman started writing the shell and the tools because he envisioned a operating system for the community by the community and of the community.
IBM started using the linux kernel because they saw business sense in using a good quality kernel which was "usable" at a fraction of the cost of their usual software.
It is futile to expect these two groups to work or even understand each others goals and aspirations. They are fundamentally different.
Except for Android. Or Tesla. Or Google search. Or most of the internet. Or...
This and no other is the root from which a tyrant springs; when first he appears as a protector - Plato (423 to 327 BC)
I've seen all of this with my freely available code or tools. And I always say the same thing "Thanks for bring the bug to my attention..." and then if I'm currently busy with other things or I don't care that much about the code anymore I follow up with "I'm currently busy with other projects, my hourly rate is $xxx if you need it fixed ASAP I would be happy to provide an estimate and invoice for the work. Otherwise it probably won't be fixed for a few weeks if ever."
Everyone so far has been very understanding and a number of them have paid for the addition or fix. I'll even list the sponsoring party in the changelog.
--Fixed crash from XYZ. Fix sponsored by AnimationCorp LLC.
I get paid to work on a free tool that I use too, they get something they need, I get some minor self promotion for the tool being used by more people and they get some minor promotion in the changelog/release notes.
Based on my experience, I'm working for one of the big multi-nationals for years.
Bugs fixed quicker in commercial software, are you kidding me?
Fucking, seriously???
It's not only that most of the times you have to find workarounds/fixes yourself, it's that since it's commercial and not OSS code, what you'll likely face won't even be decompiled code, it will be bloody OBFUSCATED decompiled code with things like a.b.c.d1() all over the place!!!
At least for the corp I work for (and I'm pretty sure for most corporations out there) the main reasons for go for commercial over OSS is: LEGAL.
Some motherfucker patents "using (some ancient thingy that everyone on the planet uses) to quickly iterate over tree)" and kaboom, with OSS (no protection whatsoever) you need to pay either them directly or lawyers to fend them off.
With commercial software that's seller's problem.
As easy as that.
There are, of course, libs that are too widely used and would seriously harm IT projects if not used, e.g. apache commons libs. Well, for that there is short whitelist of items that "have been reviewed" along with "mitigation strategies".
Every manager is aware of this, so when you have a choice over "ShareIt" or "ShareThis", one is free, one is not, decision is made instantly, "of course we want the non-free one".
Companies, especially financial but also any company being "risk-evaluated" need to be able to "continue normal operation" in max. 24-hours, if they can't they risk-evaluation will drop and then they will be devalued, which technically means that their worth will drop. For an A+ or A rated company such devaluation is catastrophic because loan are based on this rating and will need to be paid immediately.
That means effectively that any piece of mission critical software or hardware need to either be replaced or fixed in under 24-hours.
YES, I do work in IT in a financial company with "triple A" rating.
(and btw. there are not so many of that kind companies left after the financial crisis)...
My company completely overhauled openvpn, and gave the results back to the community. Granted, this was under a government contract, but still.
Religion is what happens when nature strikes and groupthink goes wrong.
Sources are useless to the general consumer, they don't understand it, can't modify it. You're thinking, just because I'm a programmer, everyone else in the world is a programmer and capable of making changes to my code. It's not that easy, even if the end-user is a programmer.
End users want software... that works... they don't care about source code. That's why in a restaurant, they give you the meal, not a recipe so you can go in the kitchen and cook it yourself.
Well, why did you release it to people you don't know or care about? Keep it on your local machine if you have no intention of helping others. Or at least have the decency to state that you won't support your software on the download page so people won't bother downloading it in the first place.
Saying it doesn't confer any responsibilities on you is pure BS and lies. You wrote it, so you understand it the most, and therefore you're responsible for any changes. Are you implying you are not responsible for the bugs you put into the software, intentional or not? Now that's hilarious.
Corporations don't have to share the source of code they use internally. There are some licenses that say you have to share any code that results in the page sent to the user, though, I think.
One problem is business view OSS much as any other product, i.e. someone supplied it and thus the expect that person to help solve problems that arise. The do not see the OSS community as a community but as yet another vendor. Other vendors don't say "We'll, if it doesn't work right tell us and we'll see if we want to fix it and if someone is interested in fixing it they'll do so when they get around to it." As a result, there are differing expectation on what OSS really id; which if course does not absolve those acing like jerks.
Companies do not realize they can fix a problem themselves by patching their code even if the community doesn't agree with the fix. Of course, when they break something else they will expect someone else to fix the new problem.
The OSS community bears some blame as well, beyond the toxicity argument. There are those who want wider acceptance and use of OSS without changing the norms and culture that define the OSS community. Unfortunately, as communities grow up they change and such changes are sometimes hard for those who helped build the community to accept.
I'm a consultant - I convert gibberish into cash-flow.
You're really pretentious and full of assumptions. I'm an end user (that also happens to do some programming every now and then) and I care about source code in certain circumstances.
Why does it matter if someone he doesn't know or cares about has access to some sourcecode he wrote?
Opensource lets you help yourself in the worst case scenario. I'd say that's a lot of help in it self.
Why assume someone will support software when they didn't write "I am going to support this software" on their webpage? I think that's indecent.
I don't see the responsibility here, at all.
If you bothered reading the licensing of software you used, they usually have sections like:
In summary, yes, the license you were granted to use most software generally offers no warranty and in turn, no responsibility.
Change is certain; progress is not obligatory.
What a load of complete BS... Did you attend some evening school where they teach you how to be evil and write confusing, convoluted lies that gives the illusion that a thief in fact was innocent and the victim of thief was in fact the thief. Or are you a lawyer, by chance?
Feel free to post a correction then.
Actually, I believe what I have written. I should note that I was genuinely interested in your reasoning behind why does it matter if someone he doesn't know or cares about has access to some sourcecode he wrote in response to your 'putting it out there'. If he doesn't care about those particular individuals and doesn't care whether they got it or not, I'm not seeing an actual argument here.
To even help you get a perspective, perhaps this person posted the sourcecode because he wanted to have other programming contributors, contribute more to the application and is not particularly interested in giving handouts of his precious free time when he already works a full time job during the day.
I'm an armchair lawyer at best. But I get the distinct impression you have some sort of 'higher' moral grounds that are strictly from one point of view that doesn't encompass the entire situation. From my perspective, it's interesting how playing a little of devil's advocate on some of your statements is likely being interpreted by you as 'evil'.
As someone that has worked in consultancies, I also have experience with what some companies (I certainly haven't worked for all) do with clients that very problematic usually and are asking for a higher level of support than they're willing to do and not willing to compromise on it. They tend to state they can't help you and in extreme cases, they just terminate your support contract early. Alternatively, if the software was bought as a product, they offer your money back and request you return the product since it didn't meet your requirements.
I very much suspect your point of view stems from the rudeness of responses. Try to apply similar circumstances as above to open source:
When something is taken as rude, I suspect this this leads to people thinking they're entitled to something and I get the impression this is where your point of view may stem from.
Change is certain; progress is not obligatory.
What's pretentious about wanting software that works. It's folks who pretend they care about access to source code that are pretentious because they neither read nor change the source. Open source been around for decades but we have not seen the hundreds or even dozens of variations of a given software that was promised by OSS evangelists. Heck, I would like to see a Linux tree that is free of systemd. So far, most distros are adopting systemd.
He said, "I don't have special obligations to people I don't know." That implies he doesn't care for these strangers. Then why is he giving out free software to these people? BTW, fixing bugs that you created in the first place, is in no way a "special obligation.' If you disagree, you should stop releasing software since you're a shoddy developer.
Because every other individual or organization that releases software, supports their code? The exceptions are lazy programmers or shysters who you want to charge you $$$ for simple fixes (as is in this case).
I suppose the end-user's grandmother is supposed to fix the code then if the original developer won't fix bugs. Programmers are supposed to spend 50%-70% of their time adding minor features or fixing bugs. That's the maintenance phase once version 1.0 is released. If you don't have the time to do that, find someone who will maintain the code or don't release the code at all.
Those sections usually address previously unknown bugs in the software that cause the end-user harm/damage. It would be brain-dead stupid and negligent to release software to customers when you know severe showstopper bugs exist in your software and yet you refuse to fix it until some extortion money has been extracted from the hapless user.
There is nothing with wanting that software, but it's another thing to apply those values to someone else who has other priorities.
I wouldn't fall into this category, but it happens most modifications I do these days to opensource products is for personal interests that I rarely contribute back. Kind of similar to RMS' printer driver issue.
Yeah, I am sure there are a lot of shit OSS evangelists out there.
I'm on the fence on the issue, but mostly because I haven't learned sufficiently enough about it to have a decent opinion.
I could give an example of my own I guess. Such as the reason I published some random little things (like an XML parser I wrote in m68k assembler for a hobby project), if it's useful to someone, great. If not, sorry but it meets my needs currently and I don't have an interest in it outside of my scope. I might offer a little help here and there if my life isn't busy and I have the drive after doing all the other stuff I have to do at the end of the day, but it's not assured.
In my consultancy life, working with large multi-national companies, 'support' (despite paid for) was often (not always), next to non-existent if it wasn't a user/developer-error issue and the only thing they could do was 'waive' various fees. In my personal life, I have had problems with certain audio hardware and software, they just up-front told me that they don't support it and offered a refund. I've also fought with a Mobile Virtual Network Operator (Giff gaff), who would refuse to support me in practically any circumstance (despite having a very specific technical issue) and refer me to their community forums for support despite being willing to pay for support etc.
In summary, no, I don't agree with your assumption here.
I'm not lazy, the average hours I worked last year (and I know this because of my time sheets) was 112 hours per week (and I only really posted or went on sites like Slashdot when I was travelling). The very few days I took for Holidays are included in that calculation too. I actually stopped contributing to some projects at that point (with some angry users, they were unwilling to accept that I wasn't willing to work further on the project unless I was getting a sufficient salary to quit my existing job to do so - fortunately, there were a lot of understanding users too).
The fun fact behind this though, I was working crazy hours particularly because we weren't getting the support (struggled to find even contractors of a reasonable calibre to help me too) and had deadlines to meet.
Considering most of the industry expects you to pay in some form for support (most of which in my experience is insufficient when a 'real' problem is encountered). Then, going further into my consultancy experience, where I've had a one line change and they would charge you ridiculous money (we're talking over 1000USD
Change is certain; progress is not obligatory.
Ian must have never worked for a big company, it's their normal way of working.
I see it here each time there is an issue with some piece of enterprise software, the phone is picked up, the account manager is called and threatened.
If you talk about OSS, the first question you get is - who do we call when it doesn't work. As long as you can say there is a support structure behind it, they panic goes away. Support mostly means that you have somebody to yell at, because the actual support part is in most cases not that great (with any vendor).
On a long enough timeline, the survival rate for everyone drops to zero.
And yet these corporations are still happily ponying up money for bug-ridden Windows. If these companies were as serious about demanding OSS bug fixes as they are about Windows bug fixes, Windows would be bug-free by now.
The thing is though, when your dependency code base is OSS, you are actually capable of finding and fixing the problem yourself, often just by subclassing something or creating an alternate implementation of an interface. Many times being able to see the anatomy of the issue allows you to work around it from the outside. I can't imagine turnaround like this ever being possible in a closed-source system, at least not without requiring enormously expensive contracts with not just the delivering company but each vendor supplying any part of the solution.
They don't understand that _any_ consultant could help them because the software source is available.
You are exactly correct that is a mind-set problem based in fear.
Business people are often not smart in the ways of "optional thought". They have game-plan mentalities based on team trimumph over all comers. (Next time someone tells you they are majoring in or have a degree in "business" ask them which sport they played in high school. No really, they act stunned and are all "how did you know?" in wonderment.
So they need someone to go to without thought. A vendor under contract is like the special teams in football. It doesn't matter how terrible your field-goal special team is, now is the moment you punt and it's then it's the punters fault we lost. Coach said so.
So business, particularly big business, is about apportioning blame (renamed "responsibility") because it's run like (and usually by) loss-adverse athletic reasoning.
There's a good reason that the entire tech explosion of the last fifty years happened outside of "normal business channels" and is full of geeks. What was done required non-linear thought by the drivers. Those companies all _hired_ MBAs to run the boring balls from legal to HR and back, but the innovation was done far away from the MBA's sight.
That's also why the Carly F.s of the world totally consumed companies like HP and turned them into "also rans" in their own fields. Get enough bankers and business men "on your team" and they'll crush the geeks before they realize they sold off or frightened away all the talent.
Innovation can be a team sport, but only a cooperative team sport like hakey-sack or "the floor is lava". 8-)
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
Companies tend to forget which businesses they are _not_ in. Selling software is not sustainable, but selling experience (games) and experience (professional expertese) are.
So how would one sell "experience" (games) without "selling software"? For one thing, video game console developer contracts are known to forbid inclusion of copylefted code in a product. For another, are you referring to combining a free engine with non-free assets (scripts, meshes, textures, maps, and audio)? And if so, how should a studio adopting such a business model deter casual infringement of a game's assets?
Indeed, there is an explicit disclaimer of warranty in the GPL and other OSS licenses.
Which doesn't do you much good if your code is available in a country where a disclaimer of an legally recognized implied warranty is considered unconscionable and therefore null, void, and of no force or effect.
I can't think of any off the top of my head. But about a decade and a half ago, there was a proposal called Uniform Computer Information Transaction Act to make each of the several states in the United States such a jurisdiction: Why We Must Fight UCITA