Corporations and OSS Do Not Mix

An anonymous reader writes: Ian Cordasco, a prolific open source developer, wrote a lengthy post about his experiences working on code that gets used by companies as part of their business. His basic thesis is that the open source development process is not particularly compatible with for-profit corporations, and having them involved frequently makes progress more difficult. "As soon as a bug affects them, they want it fixed immediately. If you don't fix it in 24 hours (because maybe you have a real life or a family or you're sick or any number of other very valid reasons) then the threats start." He adds, "When companies do 'contribute,' it's often not in the best interest of the community, it isn't enough, or it's thoroughly misguided." Cordasco is quick to note that there are exceptions, but he has an idea why the majority behave that way: "I don't have the complete answer, but one important point is that there is toxicity in the community, its leaders, and or its contributors, and the companies have learned their behavior from this toxicity." He provides a list of suggestions both for companies using open source software, and also some further reading on the subject from Ashe Dryden, David MacIver, and Cory Benfield.

Offer paid support?

[ArmoredDragon]

If somebody wants a fix for software that they haven't paid anything for, and they want it now, why not offer paid support on that one issue at a rate of $416 per hour? A 24 hour fix would place a cool $10,000 in your pocket. And if they don't want to, then tell them to hire somebody else to do it.

Re:Offer paid support?

[ArmoredDragon]

I know RedHat does. If you don't have a contract with them, and you are a business, then they likely aren't going to bother with you. Now if you find a security vulnerability on the other hand, that's different, but if something doesn't work and you need it to work to fit a business need, they're going to want you to buy a contract.

Re:Offer paid support?

I love this business model!
1. Create OSS software that does something expensive commercial software does, include many subtle bugs. Release it free to the world.
2. Wait for phone to start ringing from desperate suckers I mean cheap corporations.
3. Offer to fix the bugs quickly for a fee.
4. Go to bar, watch the big game with buddies.
5. The next day, release the patch that you created at the same time you wrote the original, flawed code.
6. Send invoice.
7. Profit!!!!

Re:Offer paid support?

[jonnythan]

Because the corporation is "contributing" to the project in some way, and they feel entitled to have such bugs fixed in a short period of time.

No one cares if some random company using a piece of OSS demands a bug fix. That's not what this is about. This is about getting for-profit corporations getting involved somehow in a project, and then threatening to pull support if issues affecting them aren't resolved immediately.

Re:Offer paid support?

[mark-t]

Presumably, they have chosen OSS over alternative projects in the first place for a reason, so them switching to another product just because a bug isn't fixed as soon as they might like would be their own loss on that level.

Re:Offer paid support?

[johnnys]

Because business NEEDS to have the illusion that they "have a neck to choke" when something goes wrong, so they need to have a "contract" with a "company". I've heard this from the C-suite for years. (That is what Red Hat is selling, and why they're successful!)

It's nuts, really: Anyone who reads common software company contracts/EULAs knows that they have NO recourse if something goes wrong, but if they think they can somehow hang blame on a vendor if they have a problem, then that makes them feel safe.

In truth, the OSS model means that if something goes wrong and the vendor tells you to f**k off or goes bankrupt, you can find someone else to help you. If a closed-source vendor can't/won't help or goes under, you're screwed much harder.

Threats?

[iTrawl]

What threats? (I didn't RTFA yet). Start with the warranty disclaimer that you attached to your licence in capital letters. Then, if they "contribute", tell them nicely to fork off (the technical term, not the innuendo) and, if their fork is actually any good, they should ask you to merge their changes, which you will if they're not bullshit.

If they keep kicking and screaming like baby lawyers, submit for their review a support contract. Make sure your rate is in the "highly paid consultant" range - you might even get away with it, as at that point you'd be speaking _their_ language.

Re:Threats?

[BarbaraHudson]

The threat is to move to using another OSS project. Of course, that other project probably have maintainers working under the same constraints, so the problem won't go away magically. When someone threatens to do that, the proper response is "I'm good with that. Which one are you switching to?" They probably haven't done the research to evaluate other products, or, if they have, they haven't found something compelling enough to make the switch. Call their bluff. The only thing you have to lose is someone who thinks that making threats is the right way to ask someone a favor.

They know it will cost them money to switch. That's part of the cost of being a dick.

OSS is not compatible with businessmen.

[IBitOBear]

The core problem isn't that OSS is incomparable with "business", it is only incomparable with the business of "selling software".

OTOH, I spent several hours going round-and-round with my brother inlaw. He runs/owns a company that installs business solutions (computers and software) into other businesses. He was all "I could never make money on open source platforms" using linux as the O.S. because it's free. But he readily admitted that installing Windows had a zero profit margin because of licensing.

There is also the ready admission that having a Windows service contract (again sold a essentially zero markup because of the licenses) doesn't garantee that Microsoft will issue you a patch if you complain about a problem. You are basically just paying up front for the chance to be told to work around a problem or the "opportunity" for an unsupported patch that you'll have to buy again if you upgrade.

Business men have no idea how to deal with OSS because they tend to mimic others and very few have ever done it. The idea of having a line item for zero-dollars that already had zero markup when the line item was non-zero dollars, is mystifying.

So here's this smart guy running a services business, but unable to see how he could charge to service OSS. But companies service OSS all the time.

The true failure, deeper in, is the idea that every incremental correction and modification is precious and must be hoarded and monetized.

And further in still is the complete failure to understand things like the up-front cost of a GPL project base is "disclosure", and that disclosure of those incremental changes is very cheap. Compare embedding linux kernels in things to the up-front and per-unit costs of Wince or VxWorks. Then really _think_ about how non-money-value your fix to that one serial driver really is compared to the item you wan to sell.

Companies tend to forget which businesses they are _not_ in. Selling software is not sustainable, but selling experience (games) and experience (professional expertese) are. So is selling "devices".

So its a problem made up of compounded risk adversity multiplied by inherently unimaginative "business thinking".

Re:OSS is not compatible with businessmen.

[serviscope_minor]

Well done for condescendly making the parent's point while claiming he's wrong.

RedHat sell expertise (i.e. support). If you just want the software, you can get it for free from CentOS.

Seems a bit overblown

Sounds like some bullshit. As someone who works in IT for a major corporation and has to deal with bugs that affect us in COTS software (such as MS Windows and MS Office), threatening people after 24 hours would be ridiculous. If the issue is currently unknown, expect a minimum of 2 weeks with a norm of more like 2 months for a fix - if the vendor will even agree to fix it. Why would a corporation threaten some OSS developer? It just doesn't scan and seems like BS.

Re:Seems a bit overblown

[mysidia]

Why would a corporation threaten some OSS developer?

Because they're scared, and don't have the right expertise in their company to deal with the situation, also they don't have any consultant who can help them, And the bug is an unmitigatable remotely-exploitable 0Day in the web application framework used on their main e-commerce website with public exploit code but no patch, so that's an act of desperation and demonstration of internal management incompetence (not having competent staff or agreements in place to deal with the impact of a bug).

This is the threat...?

[StevenMaurer]

"Well if you're not going to take this seriously, we'll have to start using another project."

I've never exactly gotten this. Why does anyone who is giving something away particularly care if someone who is getting it for free uses it or not?

This guy clearly doesn't understand that Open Source means "Free to Use" not "Free Beer", and that most corporations (the executives, not the software engineers or managers) are plenty happy to pay for support from the subject matter experts in it, so long as it saves them overall money. In fact, many corporation's resistance to OSS is due to the lack of such support - because their customers aren't so understanding..

This is the very business model that Red Hat uses. All this guy needs to do is put up a "priority payment" system for bug fixes, and post it publicly. Done and done.

I suspect...

[SwashbucklingCowboy]

... this is a case of the squeaky well gets noticed.

I work in a large software company where we use thousands of open source projects in a couple of hundred projects and I'm intimately involved in the management of open source within the company. I've never had a team come to me and say "we need this bug fixed in the next day or two". And they damn sure don't go out threatening projects (that would be one of those "career limiting moves"). While I don't doubt that this guy has had people do that to him I gotta believe those are the people that he notices and remembers, not the silent majority.

So tell them to Bugger off.

[Lumpy]

"As soon as a bug affects them, they want it fixed immediately."

You respond with, "feel free to hire a team of programmers to fix that. you have the source code.:"

Honestly, you have to act like Linus if you run an OSS project.

Re:Toxicity, of course.

[quantaman]

Yeah, when you start throwing around suppositions that reveal a bias against the OSS leadership for being "toxic", I don't see much credibility in your opinion. Why not blame cosmic rays while you're at it? It's one thing to suggest "we can do better", but quite another to just pretend that it's the fault of people you clearly don't like. You and everyone else is relying on their work to a staggering degree, and now you talk like an usurper who wants to blame the software creators instead of the monied interests who don't have an incentive to contribute back, because some alleged asshole is doing it for free already.

I think toxicity does exist but it's not really a fault of the developers as much as the medium.

If you work in an office and are able to talk to your co-workers directly it's pretty easy to have good relationships. There's lot of opportunity to talk about pleasant non-work stuff, the proximity incentivizes you to keep things civil, and when you do disagree you have body language and tone to help get your point across.

If you turn to an email only relationship all of these things are gone. There's not a lot of opportunity to bond over non-work items, the fact you never see the other person physically means it doesn't matter much if you piss them off, and if you need to communicate something you need to be very blunt.

Online communications will invariably have a much stronger bias towards assholery.