Slashdot Mirror
The Complicated Economy of Open Source Software (vice.com)
An excerpt from a report, which looks at the complicated business of funding open source software development: On the surface, the open source software community has never been better. Companies and governments are adopting open source software at rates that would've been unfathomable 20 years ago, and a whole new generation of programmers are cutting their teeth on developing software in plain sight and making it freely available for anyone to use. Go a little deeper, however, and the cracks start to show. The ascendancy of open source has placed a mounting burden on the maintainers of popular software, who now handle more bug reports, feature requests, code reviews, and code commits than ever before.
At the same time, open source developers must also deal with an influx of corporate users who are unfamiliar with community norms when it comes to producing and consuming open source software. This leads to developer burnout and a growing feeling of resentment toward the companies that rely on free labor to produce software that is folded into products and sold back to consumers for huge profits. From this perspective, Heartbleed wasn't an isolated example of developer burnout and lack of funding, but an outgrowth of a systemic disease that had been festering in the open source software community for years. Identifying the symptoms and causes of this disease was the easy part; finding a cure is more difficult. Further reading: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?
At the same time, open source developers must also deal with an influx of corporate users who are unfamiliar with community norms when it comes to producing and consuming open source software. This leads to developer burnout and a growing feeling of resentment toward the companies that rely on free labor to produce software that is folded into products and sold back to consumers for huge profits. From this perspective, Heartbleed wasn't an isolated example of developer burnout and lack of funding, but an outgrowth of a systemic disease that had been festering in the open source software community for years. Identifying the symptoms and causes of this disease was the easy part; finding a cure is more difficult. Further reading: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?
I've been working on a project for almost 20 years at this point, and I definitely feel the same as what's reported here. As the project has gotten more popular and more users come on board, there is now much more demand on our team. And some companies have noticed the usefulness of the project and used it in commercial products. Not that I'm against that (as that's what the GPL basically encourages), but it would be nice at times if there was more contributions back from those that benefit from it.
And I don't necessarily mean money either. Extra help in coding, testing, etc would be nice too. But I suspect that people get used to a product being free, and then asking for anything more once it becomes popular is out of the question for them. But in the long run, it really leads to developer burnout, as more people want more and more, and can't (or won't) contribute. I know I am personally feeling the burden and looking at burnout soon.
Anyway, long story short; I can sympathize with developers in a similar situation.
I wonder how many people who use open source projects ever contribute to it in the form of donations or even support? Maybe the problem is that in every praise of a Linux desktop from a user, they always mention that its "free" to download. When in fact they should say its free but they welcome donations that keep the project healthy and alive with good support.
Linux is only free if your time has no value
This applies to many other things in life and in software.
Best regards.
"I thank you for your feedback, but I wanted to let you know this project is not actively maintained. This is a hobby project for which I do not get paid, and unfortunately I do not have the time to address all the feedback it receives. If you'd like to contact me about paid support or services, please send an email to..."
Setup an autoresponder. Burnout is stupid.
The summary mentions that the corporate world doesn't understand the OSS norms. Just as likely, in my opinion, the OSS volunteers don't have a good understanding of the corporate participants. We all appreciate OSS volunteers and the wonderful software they create. That said, it should be no surprise to anyone, least of which the person who put the license on the software, that corporations are going to do anything lawful they can to make money. If that means creating terrible patches and not integrating with the flow of the OSS project itself, they may do that. Those engineers at those companies are not the ones profiting in most cases. They are merely being asked to do more with less, as that seems to be the trend. The choice may be to attempt to get changes harmonized with the community or just publish whatever they come up with at the end. I suspect that there's a latent annoyance about this particular thing coming from the OSS volunteers. But, if you have given the company this right in the license (to use the software as long as changes are published), you can't be surprised that they're not doing a good job of helping you merge them into the mainline. They're doing the least they can get away with. To tie it all together, I think it's no coincidence that one of the largest, most successful OSS projects, Linux, was driven by a man who literally had no shame about giving the middle finger to an uncooperative company. (https://arstechnica.com/information-technology/2012/06/linus-torvalds-says-f-k-you-to-nvidia/). He understands the dance, and it's not an easy one. These companies will walk all over you. Let's not accidentally encourage naivety and call it a virtue.
Idea: Tax Amazon at, say, a tenth the rate I pay, then provide grants to the open source projects they are using for free.
Society solved this kind of problem long ago, we have just forgotten the solutions. Treat open source software as the infrastructure that it is.
... it would be nice at times if there was more contributions back from those that benefit from it.
Sure, it would be nice. It'd be nice for you to mow my lawn too.
Not sure why people seem to expect it, though, after they've effectively given the software away.
And then complain about contributions not happening.
What else do you want to go with that pony?
captcha: naivete
Just one dev's opinion, but whether they're paid or not isn't the biggest issue. It's developer and community involvement - with devs ACTIVELY working on fixes, regardless of compensation (money, pride, prestige, etc.)
And that doesn't mean the original creator/author and one other person/spouse/friend. This means a minimum of 6-10 devs that are actively working on it. When one can't respond, another can pick up the slack.
End users turn their backs on projects that get the, "I'm too busy to do this," self-defense treatment from overworked developers/maintainers. That kills trust, which in turn kills the community of users and shrinks the possible pool of other devs who will bother to offer help.
(Worse yet, the "I'm too busy devs," sometimes ghost their own project outright - while retaining the keys to the project and keep others from taking over or even applying patches. For example, I've seen this in the Drupal community many times (abandoned add-ons/modules/themes with years of no new releases with fixes despite the list of offered (and community reviewed) patches that rot on the vine). Git forks and such can help alleviate some of this, but It is a real PITA having to recompile patches into increasingly fragile build processes and maintain them ourselves when a simple release of control over the project when it's been abandoned for a certain period of time - allowing for new releases - would fix the problem.)
Advice to OSS devs: 1) Be kind to contributors - even bug reporters. They just don't understand. 2) Don't waste time engaging jerks. Shun them. 3) Accept good help when offered, and KINDLY reject bad help. 4) Ask for compensation when necessary (for requests that don't really help the project or are one-off features). 5) Give up control ASAP when you're "done". Don't strangle your baby by holding on too long. 6) Commit to warning end users if the project is going to be shut down. Not doing this is devastating to popular project end users.
Advice to all end users:
1) Don't be a community leech! Donate in relation to how much you use a project.
2) Don't just have a problem -- try to have a solution. You'll get back what you put into it.
If you're an individual end user:
a) Be kind and professional in your requests and effusive (but short) in your thanks for anything done (even a WONTFIX).
b) Help out a little wherever you can (even simple, end-user friendly documentation for non-brainiacs; Almost all devs can use a heaping helping of help on.)
If you're an organization with a budget:
a) Donate any resources when possible to help it keep going. ($$$ is good, in-house dev hours is better, and both is best.)
b) Know when to get out - usually when the community leaders disappear and the FIRST sign of tickets not being responded to. Jumping too early hurts your org, but waiting too long is even worse.
1. Be kind to all contributors - even bug reporters that are wrong or uninformed. . They just don't understand.
Instead of having kazillions of similar software, how about focusing on building a single REAL competitive, cross-platform and actual useful product. There are a lot of examples of talent wasted on building semi-identical software: GNOME, KDE etc, then GIMP, Paint.NET, KRITA, the LibreOffice, OpenOffice, NeoOffice, KOffice etc.
But I don't think it's a problem of the developers, new products appears due to frustration and frictions from existing products. It's the responsibility of these Open Source Software "Foundations" (Apache, Mozilla etc.) to make it work. To ensure a long-term investment and to gather people around to build a solid product. But I'm afraid they have another agenda.
Topic really touches a nerve for me, but I'm not going to write a novel-length contribution for Slashdot. Minimal background: My experiences with OSS and earlier forms goes back 3 or 4 decades and I think the potential remains unrealized on both sides. Both the programmers and the users have been let down, and I think the underlying problem is the money. No shit, Sherlock. Economics is about money and the overwhelming money is elsewhere.
As a recovering programmer, let me focus on that side: Why should programmers give away valuable things for free? Various motivations, but altruism is relatively rare. Idealism is probably more frequent, but doesn't pay the bills. I'm pretty sure some of them are hoping to win the lottery and become rich and famous without signing away all ownership to some corporate cancer, but that train left the station long ago... Various other motives, but the bottom line is that OSS remains minor...
So my best fantasy of an alternative solution approach would be to put the cart behind the horse with a charity share brokerage. The objective is cost recovery for the REAL costs (including time) of OSS with the payments committed up front. Kind of like the way you can detect a successful lawyer by the ability to accept only the desirable cases, the OSS programmer would get to accept only the desirable programming projects. That should include projects for new software, new features, support, and even ongoing-cost projects like keeping a server up and running. It also implies fail-safe programming practices, where compliant software would have to check its own update status before doing dangerous things.
Anyway, that's enough time for this can of worms for now, pending expressions of actual interest. Even better if you have a superior solution idea, but there has been little mention of "solution" in this discussion so far. So for now I bid you ADSAuPR, atAJG.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Fuck that; It's simple: PAY THEM.
If you're good at something, never do it for free.
I don't do work off the clock for my employer. I sure as hell don't do work for the world for free either. You want my services, you pay me. So I have no sympathy for you crying idiots who bust your butts for no money.
Otherwise known as "talking my ball and going home".
I don't think this movement is nearly as successful as it appears to be. As I mentioned yesterday, FOSS has made very few inroads outside the domain of system software. Most of the adoption by corporate users (like me) is simply because it's free. We contribute very little back to these projects and have very little interaction with their developers. Does that make us bad people? Maybe, but who's going to be able to convince their beancounters to donate money or resources to these projects when we get to use them regardless. Plus the "ivory tower" mentality of many FOSS types doesn't instill us with any confidence that they are interested in serving the needs of our customers should those venture outside of defined boundaries.
To put it another way, if FOSS is so successful how come one of the top 2 or 3 names in the field isn't able to pay the bills with it?
Part of the attraction for OSS over proprietary software is the possibility of (competitive) contracting out support. Outside of RedHat for Linux, where are the support shops? I've worked on many (large) projects where they would be happy to let a contract for product support, but we couldn't find anyone to contract with. The expectation would be that we'd pay someone to fix bugs that got reported (with priority for those bugs we reported as significant), while contributing those fixes back to the OSS project (in accordance with the OSS project's rules.) If necessary, that might mean forking the project because we needed some fix/feature that was not accepted by the "rulers"/community at large. Again, though, the ability to do that is supposed to be A Feature, not A Bug (tm).
Not all users, even of infrastructure components, are going to be qualified to maintain those projects. And from a company's perspective, they'd rather invest developer resources in their own projects, and let the experts in the OSS components maintain that software.
How hard do you think, it would be to create extremely hard to detect bugs, to use as secret backdoors, in any commonly used open source software, by any experienced programmer?
Do you seriously think nobody in the world realized this before?
IMHO, anybody who care about computer/internet security, should/must absolutely stay away from any open source software!!!
(& not to mention, open source is nothing but abuse of programmers, by making them work for free!
Just one example, recently Red Hat got sold for billions of dollars, except all the programmers (who made it) got nothing!!!)
From the summary:
This leads to developer burnout and a growing feeling of resentment toward the companies that rely on free labor to produce software that is folded into products and sold back to consumers for huge profits.
From your comment:
And some companies have noticed the usefulness of the project and used it in commercial products. Not that I'm against that (as that's what the GPL basically encourages), but it would be nice at times if there was more contributions back from those that benefit from it.
How can a group of IT geeks consistently conflate Open Source (Apache, BSD, MIT) licensing with Free/Libre (GPL) Licensing? If a company rolls an open source product into their proprietary product, the license for the original work must not have been GPL.
GPL qualifies as an Open Source license, but most Open Source licenses do not qualify as Free/Libre. When the right to examine, modify, and re-release the code is withdrawn, that software is not Free. Don't blame Richard Stallman's GPL if Bruce Peren's OSI has you confused.
of all the topics I've read over the weekend on Slashdot, this has been about the most sensible. except for some flame-bait, but on the whole, even the lowly scoring posts have something insightful to say.
Strangely though, I don't think I agree with anyone in particular.
I'd first want to offer a counter discussion to anyone reading this.
How many plumbers do you see fixing people's leaks, or installing new heating systems for free? Does anyone know a plumber who'd work for free, and not even ask you to supply parts? Don't even offer them fuel money for getting to your home!
You can apply that to any profession. I've never met with any "trade" that is encouraged to give labour (labor) away for free.
Actually, I tell a lie. We call it charity work. We call it community work. You might even choose to pay with your own money to fly to another country and do some good deed, such as repairing a church or something. (see, they need plumbers too!)
Communities of this kind, charities do get organised. They have policies and procedures. they have a command hierarchy. They have departments. They have employees. Yeah, that's right - employees. So those trying to do good deeds actually ask those with money to donate, and have armies of volunteers to hound you at every corner, and shame you into giving some pocket change at least - because it's for a good cause!.
This way of thinking enables resources to be directed where it otherwise would not be possible, and the Romanians won't get their church fixed for free (personal example from over 20 years ago). But even with all the volunteering, and personal cost - it was not a work completed without capital expenditure. Without sponsors, and donations, it could never have happened. That's very real.
moving on.
Somehow, a movement that was more about "sticking it to the man (corporations)" and about proving that either "we can do it too" or "we can do it better" - and free... became a kind of virtuous quagmire where good intentions are openly exploited for the profit of corporations. Don't get me wrong here, I'm not shooting at corporations, companies, or charities for not contributing to open source software. I'm mearly pointing out that in reality, any profit seeking company will look for ways to save time and money in expenditure, to maximise profits. It's called capitalism.
So if people want o make software, and put it out there for the world to use - for free, then that's exactly what will happen. It doesn't mean you're ever going to get rich off of it. Someone else might though - and the moment you gave it away, you didn't give up the right to seek compensation yourself, you just enabled someone else to do exactly that, and to profit from your hard work, without paying anything back.
So if Amazon wants to rename MongoDb something else - and sell it as a managed service, they were always free to do so. They may be able to profit from it, and if that hurts you, or offends you - then perhaps you should think twice before giving away more of your hard work for free.
There are people who say it's not about the money, but they'd like some help with the project, and the people using the project should want to contribute back. Sounds fair, but in reality, you're now begging. Sounds like begging. Plenty of people on the streets who do that - and how many of them make a decent living out of it? how many can pay a morgage and keep up payments on a home?
The only answer the OSS have on this, is to sell maintenance contracts. Get people to pay for bug fixes, and features. But the moment you do, you've just become a corporate entity yourself, and will need to file taxes, keep accounts, and have contracts, and service level agreements, and pretty soon you'll need an army of employees if your services are in demand (see RedHat).
It seems to me, that success financially is the exception, not the rule, if you're giving your code away for free.
Lastly, I want to shout out for students, and universit
Attitudes like that will ensure the rich get richer. I have no problem with charity and altruism, but keep in mind that when you do that, you do it with NO EXPECTATIONS of any recompense or credit. Don't cry afterwards that you didn't get a pony, an ice cream cone or a gold star.
If you want to get paid, you negotiate that before any work is done. Only a fool digs the ditch and then wonders why no one paid him.
I tried for 20 years (since before university) with various project and means, extremely difficult to get people to pay for open source, support, documentation, donate, you name it. My latest expedient is YouTube videos to finance Open Source work: https://www.youtube.com/user/r... I'm at $3 a day, :-/
If that means creating terrible patches and not integrating with the flow of the OSS project itself, they may do that... The choice may be to attempt to get changes harmonized with the community or just publish whatever they come up with at the end. I suspect that there's a latent annoyance about this particular thing coming from the OSS volunteers. But ... you can't be surprised that they're not doing a good job of helping you merge them into the mainline. They're doing the least they can get away with.
Except, they're missing out on some of the benefits by doing that. If they get their patches into mainline more easily, it's more likely that the next few releases will have their patches in them, and they won't have to keep updating their patches for the newer versions. Even more so if they contribute a unit test along with the patch - then they can have the comfort of knowing that their special case will be fixed for all time!
Because companies are focused on the short term benefits, they are losing out on the long term benefits for themselves.
And if they put the project "out of business" because it can't manage to handle all these out-of-flow patches, then the project goes away, and the company has to support the legacy system themselves.
"Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
I've been in meetings where a choice of technology comes down to free VS non-free, and free wins almost every time. They are sometimes willing to pay something for "support", but not much. As for "giving back", some companies prohibit their employees from contributing code to anything.
So open source is great for the consumers of it, but less great for the providers and their commercial competitors.
To be fair, you have to have a very high IQ to understand Linux.
I used to be a fairly prolific FOSS author and contributor. After many bad experiences with corporate leech asshattery and the general precariousness and impecunity of life as a Free Software developer, I said "never again".
Now I still want to write Free-like-freedom software that any human being can use and share. But I am absolutely unwilling to give anything, even a steaming bucket of my own turds, for free to the capitalist dogs and their corporate cancers.
Unfortunately there is no Free Software license that distinguishes between human persons and corporate legal fiction "persons". I've been wondering what it would take to modify the GPL or BSD licenses to support this distinction in a way that would be upheld by the courts. Maybe call them HGPL and HBSD, the H standing for "human".
Doubtless some butthurt shill is going to reply, "boohoo, corporations are just groups of people working together". No, you fool! A corporation is a legal entity, distinct from any of its slaves or owners. All software and related systems ("intellectual property") used by a company are owned (in a legally enforceable way) by the company - not by the slave who happened to build them.
He's a simple test whether the HBSD/HGPL would apply: is the owner of the "intellectual property" a human being, or a legal entity? If the owner is human - congratulations, use my software for free! If the owner is a corporation - fuck you, pay me or get sued.
Many companies hire full time programmers to work on the Linux kernel because they make so much money off it and need it to advance. It is not just large companies like Google or Intel either.
Medium and even smaller companies hire staff to work on it at least part-time.
Of course, the issue now is that so many companies rely on so much F/OSS that they can't hire people to work on all of them. There should be some kind of concerted effort between them to make sure the software they rely on has enough programmers and other staff to keep it going.
F/OSS has taken over the world and something will need to give before it collapses.
Thanks for you feeback. This is my website Phong Kham Da Khoa Hien Dai
have you noticed a trend of dependency infiltration? I think it's because people want to have projects depend on their package so they can get a job due to having proven expertise.
My theory is that for this reason a lot of packages in npm for example(and more and more on gradle) depend on other packages and get code submitted to make them depend on _more_ packages not _less_ packages, to the point where package dependencies are inserted just for things that need 3 lines of code to not be dependent on said extra package. and using that package needs 3 lines of code.
and that package has no backwards compatibility contract/mindset by the developer either.
though, on the topic, if the package is popular why do you need to worry so much about what the users want? just ask for donations to add the features they want if they want them in there. so why all the stress about the users? wouldn't it feel less useful if there weren't any users?
like, if they aren't paying you guys why do you need to worry about what they want, since they're using the software anyways. it's not like you have any obligation towards them like you would have if you were actually charging for it. like how is the stress worse than if you were working on commercial software and your manager just sold an impossible feature to make to a customer?
world was created 5 seconds before this post as it is.
OpenSSL was an on purpose weakened chair from day one.
Someone wanted to peer into the insides of many fat servers.
Same for PHP. Now figure who could be such orgs.
Figure who the most intelligent, financed and shrewd bastards are.
These folks also have a warm war going on. More reasons.
Software is software, whether Open Source or Commercial. I tried explaining to a peer that a given commercial product was a heavy user of OSS. The peer said that was a flaw because OSS is totally unsupported...so we should go with a separate product that is totally supported by commercial software.
There are many OSS products that have a corporate license model in place that bridges the divide between the two. In the case above, the product using OSS invests in the technologies it needs, regardless of whether the product is OSS. That's a matter of risk management (pay to ensure your dependencies are supported) and giving back to the community.
I no longer develop...I'm effectively a layman. I use a few OSS offerings (e.g. Atom), and I license to a few products I like (e.g. Font Awesome). So, here's my thought:
If you're using FOSS, ask yourself how much you would pay for the product if it were commercial. Then either donate or license that amount financially...or offer your time. Assume you work 1800 hours per year (US Department of Labor says the average US adult works 1811 hours/year). Divide your take-home income by that amount. That's the value of your time. Rather than spend that money to the OSS, give that many hours of your time.
So, let's say your per-hour value is $30, and you would pay $900 a year for a given software product. That's 30 hours of labor you could give back to that OSS product.
What those who want activist courts fear is rule by the people.
The FOSS world has never really solved their issues with money, IMO. No, don't tell me about Red Hat and services and all that junk. Those are the exceptions and quoting them doesn't address the central issue.
FOSS is simply a forcing mechanism for accelerating the trend of commoditization. Yet the practitioners of FOSS are mostly there because the ideology speaks to them somehow. For some it is the appeal of like-minded community. For some it is the appeal of low friction, low barrier software availability. For some it is the ideals of freedom. Some believe it solves problems with customer lock-in.
Look at who FOSS practitioners typically aren't. They typically aren't suits. They typically aren't money people. They typically aren't power players and people in it for status and ego. FOSS ideals tend to speak to nerds and technocrats.
Yet failing to directly address the issues of money, income, and economic sustainability mean that FOSS lacks the normal feedback signals the market provides to companies. How do you even know what FOSS projects are popular? In the corporate world you can use metrics like revenue and profitability and growth.
Here's an example. How many times have you heard of a project that just... kind of... languished? How did you find out? How many times have you heard of important FOSS projects that weren't getting the support they needed to keep going? Does it seem reasonable to you that critical foundational FOSS services might collapse because of a lack of support?
I know what the standard FOSS answers to those questions are. What I'm suggesting is that the standard FOSS responses fall short. They just aren't good enough. I'm not suggesting any specific solution, just pointing out that the FOSS world is stuck with pat answers to long-standing problems. That suggests that the pat answers are failing you.