In 2021 I recently launched my newest product: It's called open3ABox and it's a raspberry pi with open3A pre-installed which I deliver to my customers who have not the technical skills for their own server but don't want a cloud version either. It's fully remote managed and monitored by me
This would be an interesting model for quite a few services. It reminds me of Ubiquity's cloud key. I wish some government grant contractors would try it.
This has been a usual business model for larger vendors (and servers): selling appliances. Google also did it (I think it was for intranet search), it was also one of the story threads in the Silicon Valley sitcom (see "the box").
When I launched my first startup, I also did something similar. Though we were selling a service: we'd deliver it as a 'box' (my co-founder actually called it 'the box' - before SV was aired :) ). It was in 2011, and we didn't have the RasPi back then so we used something called the SheevaPlug [1] . It didn't have a display port, which we'd needed later on, but it was great for plug'n'play'n'forget installation. (Actually one of these is still running at one of our first customers, even though the backing service has been shut down ~5 years ago. Probably nobody knows any more what it's doing and they just think 'better not touch'.)
It's the easiest and most logical way to deliver some of the software/services. It mostly depends on whether it's something you want to interact with on your own machine (and a single machine) or whether you want to have it always running and/or multiple people to access it.
In our case it wasn't the point. It was more about the plug and play (literally, since it was a background music service) vs "install and then keep it running all the time". We had a local competitor and funny enough they pitched themselves with saying "you don't need any special hardware". I.e. they didn't get that it was indeed a feature.
Yup. That raspberry pi with stuff on it is a clever way of addressing a wider market. :-)
If you’re clever or worried about business continuity you can learn from the practices of some enterprise it providers and add built in self checks, call home, and even charge for preventative maintenance. For example, “We noticed your dongle is overheating / having flash issues / whatever and not running optimally. Here’s a replacement.” Or - “we noticed that your dongle hasn’t been used in a while. Is it ok?”
Besides, depending on the reliability of the available internet connection, it might be also useful (and easy) to add an embedded mobile connection as a fail over.
I know a guy who had some issues for that reason. The quality of the customer's LAN was extremely poor, but the customer (out of ignorance, bad faith or both, it wasn't clear) always blamed his software.
Every single time the RPi comes up in an HN thread, someone mentions the reliability of SD cards. The truth is:
1) Regular SD cards were never designed to be OS volumes, of course they're going to fail when used for that. Buy better SD cards, like ones with high write endurance.
2) RPi 4 does not need to boot off SD card. It can boot from any USB drive of your choosing, or over Ethernet.
I don't know if I've mentioned this on HN before, but my brother works for an oil services company, and they have deployed hundreds of RPis across sea and land rigs, mostly in the middle east. The land rigs are mobile, and as you can imagine, the middle of a desert in Oman is a pretty hostile environment. Despite this, they haven't had even a single failure across all these devices in over 5 years. Not one - and they boot from SD cards!
The stuff running on the RPis isn't very write heavy, and the cases are only lightly ruggedised (I forget the brand, but they are consumer gear, nothing fancy), and I forget what brand the SD cards are - but this is why I roll my eyes every time this is mentioned on HN (which is every time RPi is mentioned on HN). I really wonder what fraction of people repeating this reliability claim even have an RPi.
While I am not one of those commenting on such issues except for your prompt–my experience with RPi 1 & 2 has been that they tended to eat sd cards for breakfast. Either needed reimaging or broke the sd cards for good. Had this at happen in at least eight instances. Especially, but not exclusively during unexpected power loss. Which tends to happen in both experimental and production environments, unless you take great care.
Younger generations have not had these issues for me. While I assigned that to my experience, usually reducing logging to sd card, booting off of USB and fewer unexpected power losses, it may simply not be an issue any more.
> Especially, but not exclusively during unexpected power loss
Though in my experience as a technician installing 2.5" consumer grade / entry level Kingston/ADATA SSD to several clients, this is what generally will kill NAND flash devices, it's not an exclusive phenomenon to uSD cards.
I have a few running RPi's on premises for years. Ranging from v1 to now v4, certainly the only uSD 3 failures I have had has been with the early models and reliability went up with...... just a No-break power source. Just that.
It seems a lot of people think a sudden power loss it's what's only dangerous for electronics and NAND flash devices but for devices that are highly sensitive to browning down power rails (specially those first v1 raspis) any unstable power source is a rave party from which is hard to get out unscathed.
One of the first things I bought for my Raspberry was a battery hat, it’s great. When the power goes out, it keeps on trucking. I would love to add a solar panel or wind turbine as an extra power source.
Yeah! That has been my idea for a long time! When thought about it, I began looking into devices that can output DC and charge a backup battery but with a variety of input power sources, Solar as main source and line AC as backup. Didn't get that many practical search results.
But it seems what I was looking for are boat chargers. They're meant to provide energy through solar/battery and charge at the same time while parked on a deck. Didn't followed it up though.
Heh, it's nothing so fancy. There are a bunch of different types of land rig: some small ones come apart and get stuffed in the back of vans/lorries, others sit on a trailer, and some are self-propelled[0] [1].
Of course, it's not just 1 piece of equipment that moves around it's people, tech etc - some land rigs are almost semi-nomadic, with the whole camp moving around.
It's much easier to buy industrial [1] and high endurance [2] microSD cards now. SanDisk/WD started selling them to the public due to the popularity of dashcams that record continuously. No more buying cards on digikey from a manufacturer you'd never heard of for 10x the price.
I haven't seen reports of these particular cards being counterfeited yet, but still... you probably shouldn't buy them from Amazon...
I definitely had this issue with the first generation Raspberry Pi. It wasn't just a corrupted filesystem. The SD card was completely ruined. When I started over, I followed instructions to make the file system readonly, turn off the tmpfs, turn off atime, etc. And never had another issue. Eventually I replaced the Pi with a newer one and haven't had any problems even though the file system is read/write. I think this issue may have affected the earlier models more, or maybe SD cards are better now.
I brought it up because it was being sold as an appliance type device with invoice data on it, to be sold to probably non-technical customers. Not just as a random gripe. I did reply, after finding that specific product page, with an update that she is shipping it with a real drive.
You can boot the RPI off of an SSD nowadays, or boot off an SD card with the root file system on an SSD.
I also used to be concerned about persisting data on a RPIs because of the SD card problem.
But this setup is quite comparable to a standard Linux box with no replication. From there you can setup ZFS if you care to, or be satisfied with daily backups to the cloud.
I poked around and found her product page for the Rpi device, and she does couple it with a 120GB SSD and two USB sticks for backup. https://www.open3a.de/page-open3ABox
Also as this is managed solution, I would offer encrypted offsite "cloud" storage.
Any part of the box fails? Send over a new one the next day which will automatically pull all saved data once the login/password is typed on the setup page.
I'd probably lean the other way. I'd build that so that you could say
"Any part of the box fails? Send over a new one then next day then plug one of the USB sticks in and it'll automatically pull the encrypted saved data from itonce the login/password is entered."
If people are choosing a local box instead of her hosted offering, cloud backup might be a deterrent rather than a feature. For the ultra paranoid you could even sell them a spare which they can keep on-hand to swap in and get back invoicing immediately.
I thin I'd prefer a cold spare to a hot spare. There's probably more change of failure happening at around the same time if a pair have been running as replicas or one as a hot spare. A 15 min invoicing downtime while you unbox and boot the cold spare and restore from the usb stick from the failed one - is probably not as big a deal as the risk of one of your replication pair going bad and possibly corrupting the other, or having the similar runtime secondary fail around the same time as the primary.
I wonder if you still need to go through expensive UL and other testing before being able to market such product? The RPi has an integrator programme, but still there are potentially large fees to pay which makes whole thing not so attractive unless you are going to wing it and hope nobody will check.
"I have a free version of open3A which is as useful as possible without any limits but of course it is missing advanced functionality. This version gets full support by me via phone and email."
I think that providing support for free version is somewhat unique, however it does make sense - the longer people use her software the more likely they purchase add-on or subscription.
It depends on customer base.
This is B2B solution so I assume when she picks up the phone the caller is someone who values own time.
That way she can hear about frequent needs of users who don't buy the thing when it lacks some essential feature, also could upsell existing extensions or the boxed version. Customers often have no idea of potential the software offers.
I do this because I'm in it for the long run. Sure, maybe it won't pay off, but my "first directive" is, to get people to use my open3A. If they've put all their data in it and miss some feature in the future it is more probable that they will just buy it from me instead of going through the hassle of moving to another solution. If they have a good support experience that just gives them a better feeling with my software.
I think you've hit a really nice market niche too. If you get a support call it's from someone having difficulty extracting money from someone else because invoicing isn't working. So long as you solve that problem for them they'll associate your software as being directly valuable to their bottom line, and that'll make them much more likely to agree to pay money for it.
I suspect that approach wouldn't work nearly so well if the connection between the software you're selling and the money rolling in to their bank account wasn't quite so obvious. I probably wouldn't try such a generous free version of, say, wiki software or document management or backups - things that are way too easy to consider as "cost centres"...
On the flip side, you can get very angry customers calling you and saying your broken software is preventing them from making money, or even worse, losing money. When I worked for a niche shopify like business this made for not fun emergencies. Even less fun if we made their POS not work.
Things that I like about her account: it is sounds like a modest success story with an end that is within reach of more people and places more emphasis on the value of work instead of getting rich quick. The part about her product being open source will also appeal to a certain audience.
I made a great deal of money for a few years providing training and support for the founders of a popular mature open source project.
There's no customer success team for open source software, I don't care how good the community is. A significant chunk of the money charged for my services went back to the founders to continue their work. This is a fantastic model for open source.
I encourage more people to connect with the founders of popular projects and arrange a system whereby you can offer training and support on their behalf and in their name (obviously they should vet you). I'm happy to discuss the particulars of this, including how to sell training and support, how to handle contracts, logistics, all of it. I know this business well and I think it is a net good for all involved. Email is in by bio.
This makes sense. I am working with dask and it will become harder to keep this running in our “enterprise” aws setup as it’s open source with no vetted credible support company behind.
> In 2021 I recently launched my newest product: It's called open3ABox and it's a raspberry pi with open3A pre-installed which I deliver to my customers who have not the technical skills for their own server but don't want a cloud version either. It's fully remote managed and monitored by me more steady income, yay
When people object to cloud (SaaS really), I tend to think it's about what you could variously describe as ownership, control, privacy, and security. They want to be the only ones who can access their data. They want updates to happen on their schedule. If you want the developer to manage and monitor your installation, why not use a hosted version?
Another reason is bandwidth, but I wouldn't expect that to be a significant consideration for invoicing software.
There are plenty of cases where I want to own a thing, but make someone else responsible for managing it. And if they fail or go away, I want to know that I can hire someone else to manage it instead.
If the app is hosted entirely in the cloud, _everything_ is gone if the provider pulls the plug suddenly. If the app is hosted on a device that I own and the provider goes away, it will probably still keep working for a while. Worst case, I still at least have the option of hiring someone to crack it open and extract the data to import someone else.
This is such an important concept that it even has its own field of study and practice called "business continuity." Many business have legal agreements with customers and partners _requiring_ this.
It's a given that you should have backups of your business data, no matter if you're using a hosted installation or a local one. With backups, if the hosted provider pulls the plug, you don't lose _everything_. You may be scrambling to set up the replacement but you have your data, and in this case you'd also have the source code, so you'll survive.
And keep in mind that "Raspberry Pi fails" is a more common scenario than "provider goes out of business", so from the perspective of minimizing the scramble, that's the one I'd be more concerned about.
A bit more about backups: for something truly important, you should have an offline copy, in case a malicious party compromises credentials that can be used to overwrite both the primary and the backup. I don't think you should depend on the vendor backing up your data. Some things you just have to do yourself, unfortunately.
Another commenter mentions the setup involves a Pi with an SSD and two USB sticks. It might be configured so you're required to switch usb sticks for consecutive backups, so you'd always have at least your second most recent backup completely offline - or even have the system ensure there's only a backup usb stick instead while the backup is running (and either unmount it of nag you to take it out when the backup is done).
> Worst case, I still at least have the option of hiring someone to crack it open and extract the data to import someone else.
Even that worst "single person provider got hit by a bus" case is already somewhat mitigated here - since the software is open source.
I'm guessing she's likely set this up so anyone with physical access and appropriate credentials (which the client has by default) and linux experience, could manage/maintain the RasPi box and/or migrate everything to a self hosted version on a more "regular" linux box.
My thoughts exactly--Having a fleet of client-side machinery open to the Internet sounds like a larger overall risk footprint than having one hosted solution. I'm guessing a bit part of this is just customer psychology and lack of education.
Every open3ABox has an open websocket connection to my server. I do the monitoring over this connection and for updates and support I tell the box over the websocket connection to forward a port via ssh to my server. The port will be automatically closed by the open3ABox after three hours.
This means no constantly open port and an encrypted connection where only my server is allowed to do a remote function execution (get monitoring values, open port, etc.) on the box.
That is very clever, I like it. Especially dependency on proven and simple technology. VPN swarm like e.g. ZeroTier which I was thinking about would be too complex and thus harder to maintain.
I sell my MIT open source Video Hub App for $5 ($3.50 goes to a cost-effective charity - it's charityware). Over the 3 years it's resulted in over $9000 donated to protect people from malaria.
I would love to build charity ware to help offset some of the ethically questionable things I do, but I was wondering how did you choose a cause to donate toward? Did you know someone personally who perished from malaria? There’s so many things that can be donated to I don’t know how to pick one or evaluate where donations would even be most effective.
I focus on cost-effectiveness of charities. Thankfully I can rely on the 10+ years of full-time research by a great team at GiveWell. The charity I chose is Against Malaria Foundation which is the top-rated charity by GiveWell:
ps - I also, for 10 years now, give at least 10% of my income (aside from this project) to cost-effective charities as per my pledge through Giving What We Canhttps://www.givingwhatwecan.org/ -- this is one of many initiatives that fall under the umbrella of EA (Effective Altruism) https://www.effectivealtruism.org/
A particularly cutting piece I like to remember is:
"But here’s the thing. You can’t help Uber build Greyball during the day, or help Palantir design databases to round up immigrants as your main gig, and then buy ethics offsets by doing a non-profit side hustle. We need you to work ethically during that day job much more than we need you working with that non-profit." -- https://deardesignstudent.com/ethics-cant-be-a-side-hustle-b...
He's outspoken and hard lined and uncomfortable to listen to. But he's probably right as well.
If that’s the case then I simply won’t do anything at all and focus on my day job.
But I don’t think that’s the case, because I think doing something is still better than nothing, and for some people ethics offsets can help soothe their weary souls.
I use givewell.org to find charities. From their home page:
"We search for the charities that save or improve lives the most per dollar."
They appear to be pretty transparent about how they choose charities to recommend. I don't want to misrepresent them, so please check out their site if you want more details.
Donating money is an act of self-expression. Do learn about effective altruism, cost-effectiveness, impact, etc. but know that it will ultimately reflect your values. Donate to African wildlife if you're fascinated by lions and zebras.
I donate to Wikipedia and the archive.org. I practice rational ignorance: I estimate that the costs of learning more about effective charity are far above the costs of doing it wrong. Maybe Wikipedia uses the money to create more and more small-fry side-projects (Wiki-maps, wiki-this, wiki-that). Maybe it funds Wikifeet, which is thoroughly weird. I don't care -- Wikipedia is one of the greatest accomplishments of H. sapiens sapiens.
(Malaria is still a big problem, and it's so cheaply improved upon -- if that touches your heart, go for it!)
Effective altruism isn't opposed to your values. It's about achieving your values as much as possible, given resource constraints. If your values are different from most EAs, then you'll have a different criterion for "effectiveness".
Effective altruism is a value. A practicing Catholic may find the most effective interventions to be against their religion. A less strict Christian may feel that effectiveness overrules religious directives. In any case, you're operating under your values.
Altruism is simply a concern for others. In broad sense it can mean that you care whether others get more value (according to either receivers' opinion or your opinion about values).
"Effective" just means you don't want to waste money or time on values not important (according to either receivers' opinion or your opinion).
The fact that Givewell chooses certain values (the rational ones) and Christianity slightly different values is orthogonal to the concept of altruism.
Even if I believed in Flying Spaghetti Monster I could care whether others have a steady supply of macaroni. This makes me an altruist in my book. And I could act effectively about it. But I wouldn't complain about Givewell in that case.
And that's why I don't like conflating rationalism with effective altruism. It's just another case of emotional loading of a phrase.
"Rationality" is similar to "effectiveness", in that it's value-neutral. The existing movement named "rationalism", of course, is made of people who have particular values.
Efforts work best when they are focused on helping with a problem that you have direct experience with.
I think the long term large impact of pushing back against these ethically questionable things, even at the expense of your long term career earnings potential, would have a better result for society.
If you can't push back on that stuff internally, consider publicizing the behaviors and starting a conversation around them.
Don't just dump money into a charity to assauge your conscience.
Efforts work best when they are focused on cost-effective interventions, not things you have direct experience with.
Just about 100% of the US population have no experience with malaria. Yet it costs about $2 to provide a insecticide-treated net that protects on average 2 people for 2-3 years from malaria (while they sleep -- a common time for malaria transmission). There is arguably nothing you can do with $2 of resources in the US that can do as much good as this.
So, please focus on cost-effective charities with a proven track record, that use evidence-based methods to help individuals, and do it in a transparent way (so you know what's happening when you donate). To make it easier, start with GiveWell - an independent charity evaluator: https://www.givewell.org/charities/top-charities
I would point out that only funding projects that can easily measure and quantify results will rule out a lot of important projects. If you are going to donate, then you should do it responsibly. Using an independent non-profit to evaluate your potential recipients is a way to do that, and getting direct experience with the non-profit is another.
You seem to have missed my point: Doing evil things for money and then donating some of that money to charity is generally worse than not doing the evil things in the first place.
Then, it's possible that nets are being distributed by evil people who make their victims kneel for hours before getting help. (This is extreme, but it could involve things diametrically opposed to your values; maybe Islam is being spread in traditional animistic societies[0], destroying traditional culture; maybe they're micro-chipping these people.) Cost-effectiveness is a good metric, but if you know nothing about what's involved in curing malaria...
Exactly the reason everyone should do research before giving to charity. Since unlike products you buy, which you can test out and even return, charitable donations provide you with no feedback, you must research charities.
The great news is GiveWell has been doing this for over a decade (full time!) and has excellent recommendations.
It's not "free" in the sense that there's a download button for it. 99.9% of the people wouldn't be readily able to build the app from source.
Given I've spent 3 years building it, I feel comfortable selling it for this price. When I first released the app I didn't have the source code available; so it's more like a "commercial product" with the source code available if anyone is interested.
Oh I see,
yes I was a little curious that product source code is available and I wonder why people are still paying for the product but you just made it clear with your answer
I've never had the experience of pricing a product, but my intuition tells me this could be a win. We occasionally see articles on HN that describe how to increase prices without losing your audience.
Perhaps there are others here that can offer feedback and advice.
Research and experiment. If you do embark on this, a postmortem write-up with your learnings would be a great read.
Best of luck with whatever your plans are. It's a cool app!
Thank you! For the reference, until I released version 3.0.0 (last November) the price was $3.50 (and all of it went to charity). The number of sales didn't take a hit - but it coincided with some publicity and major improvements to the app.
Just purchased 2 copies cause I am lazy building it from source & cause charity, why not!
Tested the demo about 1 hour ago and I was impressed. Very good UI and fast scanning, although on the icons are a bit on the small size for my taste but excellent otherwise.
Thank you! In the settings (scroll to the bottom) there is a "-" and "+" between "reset zoom" button. That will help you adjust icon size and text across the app. Great for a 4K TV.
I use https://chec.io/ checkout process (a service) which uses PayPal or Stripe for processing payment (it allows more payment types but these are the only two I use).
You should buy this guy’s application, but also keep in mind you can put Jellyfin on any Mac/Linux/Windows box and connect to it locally from your web browser. Obviously you’d also have to move any video you want to watch offline to your travel computer, but that’s true for any offline viewing.
You know, that kind of thinking is usually what deters me from building something, but I've come to realize that I (or HN crowd for that matter) is my customer.
A quick glance at the Plex site vs his shows a different appeal. One is a "Free Movies & TV" something, while the other is "Like YouTube for videos on your computer"
I hope this doesn't come across the wrong way :-) I'm not picking on you or on plex or anything... I'm just wanted to point out how the thinking patter of "but you can do that with [enter FOSS name here]" has been often paralyzing for me.
The key feature I wanted for VHA was the ability to scroll through thumbnails without having to be connected to hard drive where videos reside. This is particularly great when you have many external hard drives and/or remote volumes but just want to see if you have a particular video already.
With my app, clicking opens the video with your default video player. At the moment you cannot stream to another device (though it's a feature I'm hoping to add in one day).
It's right there in bold: the customer is provided with the source code of the extension when they purchase it. So long as the user is free to study, modify, and distribute this source code, then it's FOSS.
> Given that the main software is AGPL, the extensions would also be open source.
This is not necessarily true. If you are the sole copyright owner, you can have your main product be AGPL and sell proprietary extensions; there's no reason why you need to enforce your copyright against yourself. Alternatively, your combined product could be under a proprietary license that is not the AGPL.
Please correct me if I'm wrong but this is not how I understand the meaning of "open source software".
It sounds rather like customers get source access. Do they have the right to sell the source code or re-release it in any way by following an open source license?
( https://opensource.org/licenses )
P.S. I'm not criticizing your business model or anyone elses.
You can download [1] the latest release of open3a to find not only the PHP source code, but also an AGPL license. This isn't open contribution software (no public Gitlab project to do pull requests and such) but the source code itself seems perfectly open source.
Even still, open source licenses may be used to sell software for which the source code is not available before purchase. For example, the Apache 2.0 license can be used for this; it protects users of altered versions of the source code from patent infringement lawsuits and forces the Apache license to be passed on to the end users of the modified work. It doesn't forbid throwing the source onto a repository somewhere, of course, so the source doesn't remain closed for long, but I can imagine many businesses wouldn't want to sell their technical support to a company that published their source code, and businesses are generally wary of using software without any form of support.
There's various ways people use the term "open source" and I think in general people mean "software that's available publicly for free" when they use it, but some of the open source licenses allow for some propietary-like behaviour while using them.
What's to prevent someone from putting it up on GitHub? Of course the customers are buying support too, and OP could probably make a copyright takedown if the name and logos are used as-is, but it sounds somewhat risky. There again I haven't built a successful business like this, so what do I know :-)
Very little, indeed. However, just a blob of source without any updates or progress isn't very useful. I doubt many companies will buy software and take it upon themselves to maintain a public repository of someone else's source code. There's no profit to be made in that.
The copyright itself couldn't be used to take the code down, because the open license allows the customer to do exactly that.
Theoretically, a customer can buy the software, fork it, and turn it into an open source fork. Without the support contract to receive updates, though, I doubt that'll be very useful in the end.
At worst, a competitor buys your software and uses your own software against you by analysing, publishing and extending it, and selling support contracts in your market. However, I strongly doubt there's much money to be made that way.
I'm no businessman either so I wouldn't know what brings companies to make software like that. I think these licenses were born in an era of offline, compiled blobs that received updates every month at the most, whereas modern software development is much more focused on freemium and SaaS.
> It sounds rather like customers get source access.
Technically, you could provide binaries and a GPL license, then provide source code when verified customers (eg they send their receipt/license number with their request) ask for it.
IANAL, but as far as I can tell, there's nothing in GPL that says you can't sell the software and operate this way. If your customers hand out the binaries to third parties, that's on them to provide the GPL and source code, not you. And of course, they could sell, re-release, etc, but anyone else could come and do the same to them.
It's risky, to be sure, and it feels "wrong" only because we've become conditioned to the status quo of so-called "intellectual property". Frankly, I would love if I could write open source software for a living, but there's a big fear of letting go of a steady paycheck (and benefits!), but that has more to do with entrepreneurship fears than software licenses.
That's the business model of grsecurity (selling security patches for the linux kernel). They have an additional clause that if you re-sell/re-release the patches, you lose access to future patches. It's controversial.
As far as I can tell it is AGPL licensed PHP code, you can download the code, run it, and modify/fork it freely. Code is open source, but it is not developed in the open.
The article doesn't mention GPL. It's unlikely that this code is GPL-licensed. Moreover, yeah, probably the customer can modify the code, but can they resell it or share it with someone else for free? If not, it's not open source.
From "The Open Source Definition"[1]:
> The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale.
“I’m contradicting the author without validating my claim. And it’s super easy to validate my claim, but I just didn’t. When confronted, I complain that it takes greater than 10 seconds to verify my claim.”
This is curious behavior. There’s lots of incorrect and misleading articles. But I try to bring up questions only when exhausting reasonable investigations.
1. There is no link in the article to the zip file.
2. Searching for open3A in duckduckgo brings me to a page that spits out PHP errors and doesn't give me anything.
3. The only way that I now know where the zip file is, is because another commenter linked to it.
4. We've seen companies disguise something as open-source, when it wasn't.
5. Open source is commonly hard-to-sell.
So no, it wasn't 10 seconds to verify and the author didn't make it particularly easy to do so. My doubts are completely natural, given past news in "open-source". Are you commenting in bad faith?
I searched for “open3A” via Google (not ddg, but if I got errors on ddg, I would try “!open3a”) and the first hit is a German site. I don’t speak German, but I saw the download link [0] and downloaded the first zip and viewed the license.
I spent more time downloading the 4mb zip than clicking on stuff.
It’s not the author’s job to make answering my questions easy. It is my job to not make easily verifiable claims without trying.
I’ve dealt with lots of projects that are crappy about licenses and frequently have to download the tarball to look for licenses, just to check if I can actually use.
The author could make this easier, but she didn’t. That doesn’t mean I should go into attack mode because other people make bad claims. (And I suppose I give up after 10 seconds and don’t want to stick around for 20 seconds)
I also noticed that author doesn’t even link to her project. Maybe it’s because her project is in German and the blog is English. But I’d rather have more posts like this with whatever time the author can spend, than wait for it to sit in draft while unimportant details are finally added.
Thanks, I thought it was kind of refreshing how you weren’t linking to your site and liked to see content that didn’t just seem like seo or a sales pitch.
There is a trail of links from the article that will bring you to the download. Click on the author's name to see their profile, click on the project to see the project's profile, click on the link to the project website, then click on the link to the downloads page. While the trail is a bit much, it is important to keep in mind the article was an account of the author's experiences and it published on a portal for indie developers. A direct link may not have been seen as appropriate given the context.
While I agree with companies misrepresenting their products as open source as being a problem and believe the AGPL should have been mentioned, I do not see how the point about open source being hard to sell as being relevant. Not only are there are success stories in the world of open source, but the author made their success sound modest.
Basicaly you are just explaining that you've just done a very quick search. Fact that Duckduckgo doesn't gives the right answer an the first page is not an excuse. Actually, DDG printed a lots of comparison pages of business application for me, so I changed my search string, tried elsewhere, searched on indiehackers.com where she writed the post. This is more completely natural that becoming suspicious from nothing.
BTW typing only "open3A" in DDG gaves me the right answers all on the first page.
> Please correct me if I'm wrong but this is not how I understand the meaning of "open source software".
So you've made the assumption that it's distributed under a source access only license, but instead of verifying that assumption, you're asking others to correct the conclusions you draw from it.
I've found I do this, but the reason I tend to (especially in technical conversations) is to try and establish a shared vocabulary. Often times I find that I understand the words people are saying but not enough of the context. Injecting an example of my own helps anchor the conversation for me and keeps the exchange of ideas going.
I didn't realize until you said it, but yes, I do this for technical discussions too. Sometimes I've volunteered to write up a description of an issue on which I'm knowledgeable but not an expert, and when it comes to write it up, I realize there are subtleties about the situation that I didn't understand. So I just make my best guess as to what I think the situation might be, and post it to people who are the experts, knowing they'll correct any mistakes. It is indeed a much more effective way of getting someone to explain something than going back and forth with questions.
Some of my non-geek friends in a friend circle with quite a few geeks of different flavours call this "geek butt sniffing".
I've been accused of it often, when I meet someone new (who's a geek) and we do what in my head is the "geek subject matter negotiation", where each side narrows down domain expertise and experience by doing a breadth first tree search across all shared geek-domains, followed by a depth first search down the tree paths with significant crossover.
One recovering-geek friend says we're going "Pshhhkkkkkkrrrrkakingkakingkakingtshchchchchchchchcch" at each other before deciding on a conversation topic and speed...
This book [1] by a former FBI interrogator calls this technique "empathetic presumption". You'll hear it used by some of the must successful interviewers like David Letterman and Howard Stern.
Though most open source licensed projects allow anyone to come along and access the source, the strict interpretation of the GPL for instance, is that those rights are only extended to customers/users of the software. Those customers are perfectly within their rights to distribute it openly in turn - but as I understand it, neither the the copywrite holder(s) of the source nor the providers transmitting a GPL project to an end user are obligated to provide a copy to any person who asks. Only that particular user who was provided the binary.
Even though OSI clearly defines what "open source" means, it is sometimes (often even?) used as a synonym for "source available", as opposed to "free software" (which is the term that FSF promotes).
I'm not saying which term is better, just explaining why "open source" might not be objectively wrong in this case.
> Even though OSI clearly defines what "open source" means, it is sometimes (often even?) used as a synonym for "source available"
Where do they define this? In the OSI definition it doesn't mention having the source available for everyone, only that whoever has the program should be able to get the source[0]. I do believe it doesn't follow "open source" the development model where development is in the open and anyone can contribute.
I doubt there's anybody who uses the term "open source" that didn't just read it in the latest issue of CTO Monthly who'd argue against code under the AGPL being "clearly open source".
Being on Github doesn't make a project open source. Having a way for other people to easily contribute doesn't make a project open source. But being licensed under AGPL 100% does make a project open source.
This seems like an interesting business-model, charge for the open source software because it is worth the money for your customers, and nobody could do the same as cheaply, and because you fly under the radar.
But assume profits are increasing and competitors arise. Then what would you do? How would you compete with them? Would you try to make the publicly distributed software less maintainable by for instance reducing the amount of documentation that comes with it?
You might have multiple versions of your source-code, some with comments and some without. You could then choose whether to distribute the version with code-comments or one without.
You might go further and apply some kind of "minifier" to your source making it harder to understand and thus modify.
As far as I understand it GPL gives rights to the users of the software but puts few if any restrictions on the provider of the software. So would it therefore make sense to distribute (only) a minified version of your source-code? That would make it easier for you to compete against your competition.
I wonder how much benefit there was from open sourcing the project: in other words, how many contributors helped out, or how many customers would refuse to buy it when it's not open source.
Asking this because sometimes I also wonder if I should open source my project, but I have my doubts on how much you can gain from it (apart from the nice feeling of contributing to open source ;))
> I wonder how much benefit there was from open sourcing the project: in other words, how many contributors helped out, or how many customers would refuse to buy it when it's not open source.
Contributors is easy to judge, but the second bit is not. It includes people you'll never even hear from.
For me, the big question I ask is basically "What are the chances this software becomes unavailable in the future and what's my escape plan?" These two weigh against each other -- if it's a non-critical tool and the plan is "go back to doing it the old way, with near zero business impact" then I don't really care about the chances it disappears a whole lot. If it's "Start a several-months migration effort while the business is crippled" then suddenly that first bit becomes incredibly important.
I consider chances a small (especially one-person) company disappears is fairly high. Same for a VC-funded startup (along with the chances they kill or pivot away from the product, which is effectively the same thing).
Open source means it never really becomes "unavailable": It might be costly (eg if I have to fund maintenance on my own) but it still provides low risk of crippling my business.
When I'm considering new software, the non-OSS stuff run by small companies just naturally goes to the bottom of the list for exactly this reason. If I go with something higher up on that list, that company won't even know they were being considered, let alone why I didn't pick them.
I'm wondering, if someone sends me code to include in my project, how can I be sure they are the rightful copyright owners of that piece of code? Also what kind of legal liability it might put me in if I then publish that code as open source?
She doesn't mention when it started paying her all her bills exactly but the cloud version started in 2013 and the CD from 2010 so presumably it's been her full time living for at least most of a decade. Even if it all comes apart tomorrow that's still a pretty good run for any single product/sole proprietor-ish small business.
Just wondering here, is there any way to protect oneself from that type of situation while at the same time keeping the source code open? Obviously, the name and logo are trademarked, but a third party could rebrand the program while using the same underlying source code.
The advanced features seem to be a good protection. Also the cost ist quite low, if you competing in the same market could you offer the service cheaper? I guess not. Moreover it is critical software for small businesses, I think many would pay for long term support on the original software...
Under the GPL, a competitor can certainly take the code, rebrand it, and sell it as their own but they are required to provide the full source code of whatever "borrowed" GPL code they distribute to the end user. This ensures that the source (and whatever changes/additions are made) cannot be taken and locked up by someone else, which is possible with more permissive licenses like the BSD and MIT licenses.
Open source == no protection. You rely on the morals of your customers. At any time somebody bigger than you can take your free source, modify it, make it better because they have already a base and sell it as closed proprietary software and you can't do anything about it.
This is not true for all open source licenses. Copyleft licenses such as the GPL and its variants prevent this.
Someone can distribute your software instead of you and thereby lock you out of any profits there, especially if they undercut your price (in the limit case they can distribute your paid software for free), but certain open source licenses prevent retroactive locking as proprietary software.
I don't see that happening. They would have to offer support for the new product and most of my marketing is word of mouth nowadays. Should work out just fine ;)
I wonder if they would do better with an English version of their website? I was looking for something exactly like this early last year and I found no mention of it (and googling in English doesn't bring it up now either).
I thought this would be about the repository maintainers of obscure but used dependencies, who then that sell to random passerbys who then make the dependency malicious
Because I would like to read about that experience
[revision] In the comments section, following the article, she notes the extensions are open source, distributed when purchased. The license used for these extensions is not specified.
This is a bit confusing to me. They sell the plugins, but also the plugins are licensed that a customer can redistribute them to other customers legally?
At first it sounded like 'open core' with the plugins not being open source, but if the plugins are open source too... I guess people pay for them, priced modestly, just for the convenience and support?
>If someone wants advanced features, I have a shop!
In my shop the users can buy many of the extensions I have developed over the years. The prices are reasonable and start at 20€ (~$24) up to around 80€ (~$96) or so. The price contains updates for this extension for one year which means the next two versions.
Yep, that makes sense, except as far as semantics, there would be nothing "bootleg" about it -- if they are licensed AGPL, that means anyone who gets it has a license to redistribute it to others under the same license, all totally above the board and legal. Right? That's something the AGPL license, that the author has chosen, gives you the right to do.
I think this kind of mismatch stays under the radar when the stakes are pretty low, they probably aren't making tons of money off of this. If they were, someone else might try to get into the game. And if the pricing of the extension was a lot higher, more would probably use it (entirely legally) without paying.
Following the recent events, wait until multinational corporation x comes, repackages your software as a managed solution, hosted on their infrastructure and resells it through their channels.
See my comment as a snarky reply to the recent HN threads about the aws/elastic debate, not as a serious contribution.
Although on a more serious note, I can clearly remember self appointed knights of FOSS claiming on those threads that AGPL is bad because it harms adoption.
I see it more as a form of protection against corporate exploitation, apparently OP does too.
Online invoicing is hardly an area unexplored by large corporate SaaS companies. The world is a big place and it seems he's found a niche he can make money in.
ITT: People who didn't read the article, argue how GPL would make this business model impossible, not realizing code in the article is AGPL licensed. smh, I expected better from HN.
The trouble with comments like this is that they make the thread even worse by amplifying what they're complaining about (and adding a layer of meta on top).
It's much better to dampen bad stuff by downvoting/flagging it and/or amplify good stuff by contributing interesting things.
The demo site is in German; a language selector is not obviously findable.
It’s also excruciatingly slow to load! “Let the software speak for itself” - well, it did - if I were evaluating invoicing software I’d go look elsewhere mainly based on this very poor first impression. Could certainly use some optimization / speed up.
The site feels rather snappy to me. The backend is powered by PHP; most pages load in 100-200 ms, which is very reasonable. I've certainly used much, much slower software, especially for business purposes.
Maybe the demo site is suffering from whatever the hacker news equivalent of slashdotting is, or the host might not be well-connected to the internet outside Europe.
The target market is probably Germany. The post mentions amount of money in euros, but never other currencies used in English-speaking countries. It make sense to not internationalize the website if the product doesn’t fit the international market (I bet invoices have different legal requirements everywhere).
Yeah, from the comments on the blog: "The German market would be Germany, Switzerland and Austria. That's over a hundred million people. Works for me "
The "blog" article is in English because it's posted in an English speaking community (who are presumably more interested in the story than the software itself).
It's "promoted" on HN by someone other than the author, it seems.
found the site and app to be very snappy with a connection from England. Might give more understanding to your experience if you added some context, location, internet speed ect.
This would be an interesting model for quite a few services. It reminds me of Ubiquity's cloud key. I wish some government grant contractors would try it.