> Now is the perfect time for Open Source maintainers to become legible to the big companies that depend on them—and that want to get more out of them—and send them five-to-six figure invoices.
Well, this is exactly what I've been doing around VideoLAN (VLC, x264) and FFmpeg for the last few years. In order to do that, I've created 2 official companies Videolabs and FFlabs (besides the non-profit orgs) and I've gone through all the hoops to get paid (PO, billing, invoices, registering to large companies is a lot of paperwork, tbh, but well..) and we try and bill small to large companies that depends on those projects.
And FFmpeg and x264 are the core of the online video.
So I did exactly what Filippo is saying we should do.
But the result is really not impressive. Seriously, asking for money for support from those companies feels like we're pulling the nails, even if their full business depends on it. Getting 30-50k$ from those companies for support for one year can be very challenging, long or leading to nowhere at all.
So, large SV companies and startup should also start agreeing to pay for open source, when it's the core of the tech.
> So, large SV companies and startup should also start agreeing to pay for open source, when it's the core of the tech.
Companies usually have a reason to keep their expenses low. Sometimes they are a public company with fiscal responsibilities. A startup will only have so much runway and is likely trying to reduce expenses.
Given this situation, why will they pay for what they can get for free?
It seems like you haven't quite got the concept of open source. If everybody consumes and nobody contributes, how long will that last?
A while back I bought a cheap robot vacuum. Their scheduling feature didn't meet my needs, so I reverse-engineered the protocol and open-sourced a cron-friendly CLI tool and a library so people could do other things with it: https://github.com/wpietri/sucks
Honestly, this was a mistake on my part. It was a demanding audience of home-automation hobbyists mostly without programming skills. The company was thoroughly unhelpful. When my vacuum finally broke, I was relieved, as I had a good excuse for trying to hand off the project. Nobody stepped up, so I shut it down. I just ran out of interest in doing free work to support a company worth billions.
I really admire the community spirit of open source But it's not sustainable if companies making their money off it keep depending on the niceness and generosity of others without giving back enough to keep them happy, healthy, productive people.
It seems like you haven't quite got the concept of open source.
Making something open source is about granting freedoms for users of that thing. One of those freedoms is usually "you owe nothing and can do with it what you wish: sell it, fork it, modify it" in exchange for "the author provides no guarantees and is not liable for this software".
Open source authors that expect some benefactor to appear and sprinkle money so that they can quit their day job and work on their hobby full time are, for lack of a better term, delusional.
The default is that no one will use your thing, no one will contribute, no one will fund you, etc.
> "you owe nothing and can do with it what you wish: sell it, fork it, modify it" in exchange for "the author provides no guarantees and is not liable for this software".
I do have some open-source code out there where people have been mostly pleasant and reasonable. It's targeted at developers in particular niches and they do act mostly as you describe.
But once it shifts from a peer relationship to a producer/consumer relationship, things can easily get ugly. Ugly in a way that drives people out of open source and keeps people from open-sourcing useful code. You appear to be fine with that. But if anybody's delusional here, it's the people who expect to keep taking from open-source software without worrying about its sustainability.
> Log4j maintainers have been working sleeplessly on mitigation measures; fixes, docs, CVE, replies to inquiries, etc. Yet nothing is stopping people to bash us, for work we aren't paid for, for a feature we all dislike yet needed to keep due to backward compatibility concerns.
Why don't they 'resolve' the security issue by removing the feature and then set up a bug bounty for backporting fixes to the shitty feature? Then the companies that depend on it will actually be on the hook for once.
Too much collateral damage for downstream F/OSS? Too unseemly a move, in a moment of ‘crisis’?
So your proposed solution is for the open source maintainers to release a hotfix build and to put up their own money to host a bug bounty program so someone else can fix it?
Commenting may work if the issue has one or two large backers that can independently be vetted to be trustworthy. But if there are several dozen small backers, having to track them all down after closing the issue seems less than ideal.
I can't think of anyone I've ever met that started an open-source project expecting it to become their day job in short order.
When your project blows up and mints a herd of new gazillionaires, yes, it's reasonable to ask those companies to fund what is now an important community project.
Anybody that says "nope, their money, they do what they want" is spouting the same flavor of dipshittery as "free speech only means the government can't censor, private companies are free to do what they want".
Technically correct and functionally disastrous. Societies worth living in can and do not endure this behavior for long.
Americans used to understand this. Know why there are schools all over the country named after Andrew Carnegie? Because that ruthless capitalist mercenary, after crushing every one of his competitors to dust, invested a large chunk of his fortune on infrastructure for national wealth that would propel another three generations.
I think the point is that while it would be awesome to just have everyone pay open source maintainers what they can afford to when they use their project, in practice relying on people's (or worse, companies') good will is a losing strategy. It seem wildly unrealistic to just expect that everyone will just naturally give back to open source in a meaningful way absent any actual incentives or requirements, and even if it did start happening there would be nothing the situation from returning to the way it was before. I think most of the arguments you'll see against the idea of "just give back to open source maintainers even though you aren't required to" aren't skeptical of the idea that people should be compensated for their work, but just skeptical that peer pressure is the only thing needed to turn the current open source model into one where all maintainers are fairly compensated.
You are absolutely right. The naivety of most open source developers when it comes to understanding how people/companies/markets work is jaw dropping. If you ask people to pay $0 for your work then that is exactly what they will pay. Wishing for things to be different is a waste of time. Accept how the world works and act accordingly.
That isn't "the world". It's a relatively small set of people in a relatively small chunk of history that see themselves as entitled to make endless profit without ever worrying about where that comes from or who it hurts. It's not a sustainable mindset, so it never lasts.
Look at the shift in attitudes toward the environment in the last 100 years as an example. There was a point where executives thought it absolutely fine to pollute wildly. That consequences were for the little people. Through a mix of culture change and improved regulation, that has changed, and it continues to change.
> It's a relatively small set of people in a relatively small chunk of history
I think it’s a fairly large chunk of history (e.g. all the time humans were a thing) that this applies to. The fact that it weren’t executives but kings, queens and nobles thinking this way doesn’t really change much.
It’s not even necessarily malicious, but you really don’t want to think about the fact your life is so comfortable at the expense of other people.
I agree with your general point, but Kings and Queens absolutely had to consider other people.
Specifically, most rulers had some kind of patronage network where they gave out 'gifts' like land, or the right to collect taxes, in return for loyalty. Princes did not generally just sit on a huge pile of money, like a dragon. If they wanted to go to war or build a palace, they had raise taxes, which meant concessions to their power.
Anyway, slightly off-topic! Still, the analogy holds - you don't get to be a prince of the internet without the work of a lot of minor nobles.
Historically, leadership was tightly bound to productive land, because that's what everybody needed to survive. Your "nobles" could in the long term only be as successful as the people they ruled over, and the feedback loops there weren't long ones. Were there sometimes bad nobles and bad kings? Sure. But overall, the badness was limited because harming the "infrastructure" of the day, land and people, was felt quickly by people higher up the hierarchy. Sustainability was a must.
That's distinct from modern capitalism in the age of industry and information technology, because the portability of wealth and the long feedback loops mean executives can get quite rich in unsustainable situations. The elevation of an IGMFY ideology to become the dominant view of the moneyed was only recently possible because for most of history one couldn't escape the consequences like people can now.
You haven't worked enough shit jobs if you think that un-"moneyed" plebs aren't similarly willing to fuck someone else over if it means they have the opportunity to three-quarters-ass their work and leave the rest to a coworker who they are on a first-name basis with and is otherwise friendly to them.
"IDGAF, it's not me" and "ask for forgiveness, not permission" is not in any sense a minority viewpoint. Even people who insist they don't follow those creeds have the issue of being, more often than not, unreliable narrators of their own actions—not to mention: economically irrational in ways that extend to the economics of non-monetary, give-and-take systems.
Which world are you talking about? History is full of people exploiting other people. Mention any period of history where people were not trying their damn hardest to exploit other people?
What are you talking about? You are the one that's making the following claim:
> That isn't "the world". It's a relatively small set of people in a relatively small chunk of history that see themselves as entitled to make endless profit ...
Which is a claim that can't be proven either way since you are talking about how people in all of history was thinking. In other words, you are making a claim that is just wishful thinking.
You're largely correct, but I'm not speaking about peer pressure.
'Tis the season, so we've been listening to a lot of Christmas carols.
One of my favorites is Good King Wenceslas, which concludes with the verse: "Therefore, Christian men, be sure, wealth or rank possessing, Ye who now will bless the poor, shall yourselves find blessing."
Charity used to be a behavioral expectation in the West. Charity is not "giving money to somebody else so they can do charity on your behalf" nor is it "paying taxes to fund social programs". Charity is you, directly, investing your resources in your community, with no expectation of return.
Today, this assumption no longer holds. The result is the current state of open source, which needs to figure out a license that extracts value from players big enough to pay it, without punishing upstarts into oblivion (and thus forming a protective moat for existing large players).
Some percentage of net revenue share strikes me as the right sort of license, with sensible caps and/or some sort of shared pooling mechanism.
>Charity is not "giving money to somebody else so they can do charity on your behalf" nor is it "paying taxes to fund social programs". Charity is you, directly, investing your resources in your community, with no expectation of return.
Can you give some concrete examples? Because I can't tell what distinction you are trying to define, at all.
In which bucket would you put:
1) Giving money to a local hospital
2) Volunteering with a non-profit organization
3) Giving cash to a wandering schizophrenic
4) Buying lunch for someone who's been holding up a cardboard sign at an off-ramp
5) Giving money to the United Way through paycheck deductions.
6) Giving money to an organization that funds research into a disease
7) Giving money to a local organization that gives grants and loans to disadvantaged people to start small businesses.
8) *Lending* money to a local non-profit that gives loans to disadvantaged people to start small businesses.
9) Giving money to a local food bank.
10) Donating blood to the Red Cross
11) Giving money to the Red Cross
Some projects use a copyleft license like the GPL or AGPL by default but also sell their product under another license to parties that want to avoid copyleft. This way the product is FOSS but companies that want to use it in their proprietary software have to pay.
> When your project blows up and mints a herd of new gazillionaires, yes, it's reasonable to ask those companies to fund what is now an important community project.
You never need an excuse to ask, but neither side should feel compelled. The transaction is already complete.
Once you give something away, it doesn't matter if someone else gets rich off it. You gave it away. You're not, and shouldn't feel, entitled to anything.
If this bothers you, maybe you shouldn't have given it away for free?
> Anybody that says "nope, their money, they do what they want" is spouting the same flavor of dipshittery as "free speech only means the government can't censor, private companies are free to do what they want".
I don't know how to respond to this. This statement seems entirely paradoxical to me. Yes, it is their money, and they can do whatever they want. And also you accurately describe how free speech applies to private enterprises. Why are you so bothered by this?
There is a question of morality, sure, but that's a fruitless conversation to have. It's one thing to wish the world were different, but another to be angry with people who live in this world. Does this make me a person who merely spouts dipshittery?
You seem to acknowledge that the world is a certain a way, but feel shocked to find, and subsequently rebel against the idea that yes, it is actually that way. I don't understand this at all.
I for one appreciate that this site and others are moderated and restrict and remove posts containing hate speech. I imagine that the majority of readers and contributors would agree with me.
> Americans used to understand this. Know why there are schools all over the country named after Andrew Carnegie?
Perhaps it's because I, and the rest of the world, are not American, but I can't say I've ever given a moment of thought to the names of schools in your country, or Carnegie for that matter.
Perhaps America's fetish for capitalism is at the root of these divides. If you want to get paid and work on open source software full time, I can't think of a better way than under some form of universal basic income, but your capitalist infatuations make that unlikely. Charity is not the solution.
I've long known people who modified cars. Sometimes they did it as a business. Sometimes they helped friends out. Sometimes the work was on nights and weekends. The car manufacturer never had a responsibility to support them. They never had to support people in forums. Anything they did was their choice. Sometimes as a business and sometimes volunteering.
You didn't have to open source that work. Once it was out there, you didn't need to provide support.
Doing volunteer work and hoping for generosity from companies isn't working.
>> You didn't have to open source that work. Once it was out there, you didn't need to provide support.
That's true. The problems brought up in the article all stem from companies relying on open source and then getting into trouble when there are problems with it. They would pay if they had to.
The core problem is that everyone wants something for nothing. Sure companies appreciate that they can get billions of dollars worth of infrastructure software for free. Individuals appreciate that they can get useful software for free (though many don't care if it's FLOSS or illegally obtains commercial). People will take what they can, and pay for what they must. Open source is sometimes better than commercial, and even if the developers were paid industry rates it would be much cheaper because companies charge rent for software - not for development.
It is not a problem. It just is how humans function. So act accordingly. Trying to change how humans work is a waste of times. You are fighting millions of years of evolution. Good luck with that. Try not to be bitter when you fail.
That is one of those evo-psych just-so stories. American corporate culture in the late 20th/early 21st century is not representative of all humans at all times.
I get that it's the dominant experience for you, but please don't confuse that with some sort of deep evolutionary imperative. One of the things that distinguishes humans as a species is how extremely social, how extremely cooperative we are. See, for example, E. O. Wilson's "The Social Conquest of the Earth" for more on where we fit in evolutionarily.
I agree with most of what you are saying. Groups cooperate internally and go to war with other groups externally. However that has nothing to do with my point. I am basically making an economic statement about how modern companies work.
No, you made a claim about "how humans function" over "millions of years of evolution". I guess you're abandoning that claim now? If so, maybe do it honestly.
No not at all. My comment was a reply to your argument:
> One of the things that distinguishes humans as a species is how extremely social, how extremely cooperative we are
Where I point out that what you are saying is not true in general. But it is true within a group (say a company) and not between groups (say between companies and OSS maintainers). Groups that corporate well within the group have an evolutionary advantage fighting other groups.
However I am not sure what the point is you are trying to make? My original point is that corporations/people don't throw $ at OSS maintainers for the work they do and expect them to maintain it for $0. That's a clear objective fact. So either treat your OSS project as a business and get paid to do your work or accept that outcome and stop complaining.
Again, you made a claim about the evolved nature of humanity. It seems like you can't back it up. Bluster all you want, but if you can't come up with actual citations, I think we're done here.
Sorry, what makes you think you're telling me something I didn't know? Do you honestly think I was somehow compelled to release the code? Do you think I was expecting the open source police would kick down my door if I didn't provide support?
> reverse-engineered the protocol and open-sourced ... free work
oof, I know that feeling - that sadness that comes with the realization that the manufacturer could have saved you so much trouble but chose not to... which you then rewarded with free labor and promotion. I got it every time I disassembled binary blobs in order to get hardware to work with anything beyond Windows. For a long time there wasn't much of an alternative, but that isn't really the case anymore. Setting up a new openpower system was a very strange experience, reverse-engineering wasn't even an option - the manufacturer provided schematics for the board and a wiki directing you to the source code for every bit of firmware (including the ring -3 processor).
My sympathies! It sounds like you got much deeper than I did.
I don't regret trying it once. It's possible, after all, that the manufacturer would have said, "Look, there's demand for an open protocol, just like some engineers have been saying. Let's take on that work ourselves." And honestly, they could have gotten away with some very modest support of the project: occasional discussions with engineers and enough free hardware that we could test new builds. But no shits were given on their part, so I also don't regret shutting the project down.
I'm glad to hear things are getting better in some spaces. Let's hope it keeps going that way!
IMO, I think the golden age of completely FOSS apps (no open core) is ending/has ended as users expect more features and apps struggle to meet demands without effective monetization. I think open source will always have a place for libraries and tools, but end user applications will either become open core or no longer open source.
I think the exact opposite. All of my open source tools in 2021 are of extraordinarily higher quality than they were 10 years ago.
All I see with the FOSS ecosystem is it picking up steam at an extraordinary pace from 2005. Postgres in particular has absolutely dominated its incumbents in recent times, an insane reversal from the situation at the turn of the millennium.
There's a guarantee of correctness, availability of auditability, and a tide of slow, iterative improvements.
The key is supply and demand.
Open source software is often not a trailblazer. Open source is often reactive to a need, and punctuated by a demand for quality, bad treatment by the commercial incumbent, and constant iterative improvement.
See the pattern of so many technologies, Docker following VM ware, open source databases following Oracle (1980s Oracle was a real pioneer).
Open source has always and will continue to be a slow rolling borg that chases commercial software. Projects will never be rushed, but the benefits of an open base has time and time again crushed closed source incumbents.
> I think open source will always have a place for libraries and tools, but end user applications will either become open core or no longer open source.
Very sad if this ever comes to pass. It's a world in which I would never have learned about computers or decided to work with them. I think it makes more sense to charge big companies but keep software free and libre for individuals.
(I don't think this future will happen though: I think it's based on a deep misunderstanding of what drives FOSS developers to do what they do).
Shouldn’t Open Source be considered the 8th wonder of the world?
- OSS allowed an entire industry to flourish,
- It has had so many contributions that it is easily the category which is the biggest benevolence of the world, and possibly the biggest achievement of humanity,
- It allowed the entire world to go securely on the internet (launch a Debian and it’s secure and up to very high professional standards without effort, try doing that in the legal field),
- Its results are permanent. In 2100, documents written in Office 365 or Adobe will be lost, but they’ll be able to recompile LibreOffice, Chrome (at least Webkit) or Wordpress. Benefits of OSS accrue over time, as opposed to closed-source software which is sold under closed license and DRM.
> Its results are permanent. In 2100, documents written in Office 365 or Adobe will be lost, but they’ll be able to recompile LibreOffice, Chrome (at least Webkit) or Wordpress. Benefits of OSS accrue over time, as opposed to closed-source software which is sold under closed license and DRM.
In practice, I think that only entirely cloud based ecosystems will be lost to time. As long as the requisite hardware can be emulated and there is an archived version of a local viewer, it's possible to interpret a closed source format document. People already do it with WordStar and retro games.
Entirely possible. Although I suspect more libraries and tools will go that way as well. Note that mine was in theory a library/tool. And the examples mentioned in the blog post were similarly infrastructural.
Most of us work at such high levels of abstraction we couldn't even name all our dependencies. Which in effect makes us the same sort of consumers app users are: expecting a lot out but not putting anything in.
I think mobile was a reprieve for commercial software and UX specialists and the increasingly negative comments on new OS versions indicate it is close to done like desktop.
For every user that likes a change there are 19 that prefer the flow they already learned to stay exactly the same and at least half are looking for exploitive attempts to modify their behavior in anything a publisher changes.
Those aren't the only answers. The notion that people only respond to direct incentives is incorrect and ahistorical. It's a convenient dogma for the selfish to promote, but I don't have to take it seriously at all.
Another perfectly good option is for tech people to build strong cultural expectations that people and companies who benefit from a commons should help keep it healthy. Which is what's happening right here in this discussion, so you could be part of that solution if you wanted.
How has the strategy of "companies should just be nicer" worked for things like minimum wage, health insurance, workers rights, ect... It's getting to the point of insanity (in my opinion) that people keep thinking this is going to magically appear if they ask for it. It arguably flies in the faces of thousands of years (or millions if you count pre-humans) of evolution.
At the least people suggesting this should acknowledge that this kind of society has possibly never existing in this entire universe on the scale they want it to exist (larger then dunbar(ish) number tribes). The onus is on them to build a path towards this new kind of society instead of just throwing the ideal out into the ether and expecting it to just magically appear.
I'm not suggesting it's magic. Indeed, what I specifically said was that we should work to build strong cultural expectations. Which are very much necessary in all the cases you name.
That's not because they just had some good feelings. It's because people expect them to be at least slightly non-awful. We can accomplish something similar here. If programmers start insisting that companies take open-source funding seriously, it will happen. Not quickly and not easily. But if people start taking action (e.g., turning down jobs when companies are parasites on the open-source ecosystem), things will change.
Yes and no. A lot of that spending is done with a monetary incentive in mind. Companies aren’t completely devoid of understanding that there is a certain breaking point where being shitty can have financial consequences. They aren’t doing it out of the goodness of their hearts, not predominantly anyways. They can use charitable contributions to project a public persona (earned or not) of being good, for the purposes of increasing/maintaining business. They can do it as a smokescreen/cover for other scandals for the same reason.
Is that a good thing? Yes.
Is it enough? Not even close.
The culture needs to change sure, but the change of culture that needs to happen seems effectively impossible unless companies are dragged into it kicking and screaming through organized labor efforts or government oversight/regulation. Those are both of course highly polarized political issues and that aspect of culture sure isn’t getting better either.
I think the quicker, sadder, and easier change is that a lot of Open Source projects just aren’t going to get started like they used to, and are going to have increasingly restricted licenses with stratified feature sets. We’re definitely seeing more of the “Taking my ball and going home” approach by small developers with tiny open source packages these days and it’s sad but also hard to blame them for. Even worse there are an increasing number of groups who attempt to buy projects for sometimes stupid money for the explicit purpose of using them as a Trojan horse to ship malware. They’re preying on the same people who have become incredibly cynical about the whole thing and that’s dangerous for everybody.
What do you think underlies most of the changes via "organized labor action or government oversight/regulation"? People understanding that things should be different, which is a cultural change.
The history of the minimum wage isn't that some bureaucrat mandated it and then everybody said, "Gosh, that's a good idea, let's keep it." There was a long period of advocacy for it, a period of persuading people that it was the right thing to do. That was the ground in which all the work for the change grew.
Today, software developers are the key labor force for this change, and we aren't organized. So in practice, the first work we have to do is to persuade the bulk of programmers that it's part of their professional duty to make sure their employers support the open-source projects that their businesses depend on.
Companies will do it if we insist. In the grand scheme of things, it isn't even much money, not compared to what they're paying programmers in salary, benefits, and cushy amenities.
Good luck with that. I for one am not holding my breath. Meanwhile, perhaps accept the world for what it is and act accordingly? Just make the companies pay for it by licensing the code correctly. It isn’t rocket science.
Oh? Shame nobody's ever tried that. But since you've had a brand new idea that you're sure will solve the problem, how about you take a swing at it? Show us how easy it is.
Where did I say it was a brand new idea? Where did I say it would be easy? Starting a business is hard. I founded and ran my own succesful business so I know how hard it is. I am not sure what your point is?
My point is that you're trivializing the problems and insulting all of the people who have been trying to make it work for decades. I too have started successful businesses. What I learned from that was to respect the people doing the actual work, rather than to run around arrogantly blustering, "It isn't rocket science."
You are attacking a point I am not making. My point is that some OSS maintainers don't understand that they have to think about their work as a business if they want to see any $ thrown their way. That's the part that isn't rocket science. I agree with you that actually doing it is hard. My message is to stop whining that companies/people don't give them $ out of the kindness of their hearts and instead accept it and either treat their work as a business or accept that they will get very little gratitude or $ in return. The idea that OSS maintainers are special snowflakes that can work on whatever they feel like and the world automatically owns them something in return is childish.
This notion that one has to think about it as a business is just false. That is one way to do it, but open source funding happens other ways too. Your attitude that anybody must be an idiot if they want to solve in a way incongruent with your hypercapitalist fantasies is both rude and ignorant. If anybody's being childish here, it's the person treating them as "whining".
> tech people [need] to build strong cultural expectations that people and companies who benefit from a commons should help keep it healthy
Agreed on this, but the "and companies" thing is a total red herring. Two things to note: even though you mention "people and companies", it's incredibly clear from popular sentiment that the conception held by most people of the problem/solution comes down to the latter (companies) and not the former (people). Focusing on companies at all—let alone allowing it to occupy a majority share of one's focus—is a huge mistake. Depersonalized abstract entities like companies are almost entirely immune to whatever methods of persuasion people have in mind here. Gay rights only just became kosher to "take a stand" on, and even then it's invariably limited to being trotted out as a vehicle for the most empty and self-serving marketing horseshit and other corporate speak that anyone should expect to come out of these institutions. Cultural pressure for open source by way of shaming companies doesn't stand a chance; it has to come down to people.
I've brought up the subject before: why do we rake companies over the coals for their inaction, but ignore the individuals? It's worth reflecting on the relationship between a company and its employees.
A company, no matter how many layers of management are involved, delegates some problem to an employee. That employee surveys the lay of the land and then elects to use some tech that is available from the commons towards solving the problem. In turn, they are rewarded by their employer in both tangibles and intangibles that are considered proportionate to the achievement and budgeted accordingly. Thus, that person is, in a very real way, converting the labor of others into personal gain—in the form of wealth, career prospects/advancement, and personal stature in wider society.
Why is it easy to frame a company as the perpetrator and hard to say anything about any given developer who benefited from this (and did not share)? Because it's uncomfortable, since it's too personal? That might make sense if we were talking about, say, a custodian with limited career prospects just doing their best to keep their head above water and provide for their family already, but that tends not to be the case where software development is involved. The implication here is clear. (Forget, for now, the prior argument I just made about effectiveness for a moment and feel free to focus just on the fairness aspect here, if it uncomplicates things.) If there's any appropriate allocation of social pressure to be meted out—resulting in social expectations to be met—then it needs to come in the form of beliefs like, "hey, if as part of your employment you are singlehandedly making something like twice the US national average of an entire household, and you're not giving away at _least_ 10% of your salary to the people who made that possible, then you're kind of a piece of shit." Is that a stand that people are willing to make, though?
It's acceptable to disagree with this, but to understand why you feel it's justified to defend the individuals involved means that you have everything you need to understand why there is no movement on the problem. Perennially and impotently opining that companies need to quit screwing around and do something already is a ridiculous strategy.
I don't think that releasing that tool was a mistake. The mistake was worrying about providing support for it, beyond what you needed it to do.
This is the same as the poor log4j devs, getting bashed and still trying their best effort to please everybody.
Lost and lots of open source authors release some work to the open, and then start to worry about everybody's opinions and complaints. But that's a very unhealthy thing to do, IMO.
In essence, this is your own garage project and you've taken it out to the street for people to enjoy or admire. You should care about people's complaints as many f*cks as stacks of money they are putting on your table. Anything else, will end up deteriorating your mental health, one way or the other.
It seems like you haven’t quite got the concept of capitalism and how humans and markets actually work. If you give away your work for $0 then the value of your work is $0. Yes a tiny minority may want to pay more than that to make themselves feel morally superior or to virtue signal their goodness. But most won’t. Accept it and act accordingly: make companies pay to use your work and sue the companies that fail to comply with the licence conditions. It isn’t rocket science.
> If you give away your work for $0 then the value of your work is $0.
I should've been paying my mother market rates. After all, she and my father have been running at a loss for this whole "family" enterprise.
IMO, open source is (or should be seen as) more of a "friends and family doing favours for each other" kind of human activity. Some people do it for the sheer joy of it, share without expectation of more than a "thank you" (at max), and calling their work valueless is just crass marketism.
You are not getting my point. I am reacting to the OSS maintainers that get upset when the intrinsic value of their work doesn't automatically convert to market value ($ in their pockets). My point is to stop blaming the world and instead put a market value on their work for corporations.
Can you please stop posting in the flamewar style to HN? You've been it a lot in these threads. I'm afraid it's repetitive and it lowers the quality of the discussion.
I am surprised you would see my comments as engaging in a flamewar dang. If you look at my comment history it should be clear that I in general don’t do that. Perhaps also take into consideration the many upvotes my comments have received. However I acknowledge that I might have been a bit more snarky in my comments than was strictly necessary to get my point across.
This is a classic mistake of people worship at the church of Econ 101: confusing price with value. Our system depends entirely upon things that are priced at $0 but are valued much higher. If you actually spend your life only doing things you are paid in cash for, I truly pity you. And in fact I can help you out by reminding you that you aren't getting paid for posting here, so you are morally obligated to stop doing it.
No you are not getting my point. OSS code often has a high intrinsic value (it is useful) and $0 market value (you pay $0 for it). The problem is that OSS maintainers often mistake the two. They seems to think that the world should automatically give the work they do a high $0 market value because of its intrinsic value. But that is not how it works.
> If you actually spend your life only doing things you are paid in cash ...
> And in fact I can help you out by reminding you ...
Hahaha I love it when people get all passive aggressive :) It should be obvious to you that the fact that I am writing this, without getting paid for it, show that I don't spend my life only doing things I am paid for. You might want to look into the Econ idea of Utility Value. It has nothing to do with $.
> Companies usually have a reason to keep their expenses low
No they don’t. That’s why they keep plowing billions into cloud infra and gazillion of saas products. They have an excuse when they think they can get it for free anyway like is the case with OSS but not an actual reason
If you want people to travel (because them travelling is good for business) you probably don’t want them to be stiff and unproductive after a long flight, and you don’t want to make the experience so unpleasant that they won’t want to travel.
That's a good question! However I am not sure what that has to do with what I am saying? People pay for over priced luxury goods all the time. There are psychological reasons for that (signaling wealth among other things).
If you look at the commenter's other messages, you seem very much to be making their point for them. The thing that they are advocating for is what you seem to be trying to, through snark, give them an education on.
No one makes coach tickets available for free and then asks people to pay after the fact. Certainly no one would do that and then complain that the system is broken because nobody is paying. People, on the whole, do not behave in a way that's compatible with that kind of thing, and the expected outcome there matches the outcome that we see today with (un)-sustainable open source.
My point is that the evidence is in and clearly companies/people don't do that. And some OSS maintainers then get all upset and throw their toys around because people don't behave as they expect. My answer is: Grow up. Accept the world as it is. And act accordingly.
It costs me $0 to walk to work but i pay for transportation because it gets me there faster and more comfortably. You just are looking at cost too narrowly.
I don't understand your argument at all. Companies and people in general only pay for things they have to pay for. So if you ask for $0 that is exactly what they will pay. It is not a difficult point I am making.
Let's assume that I did decide to walk to work for $0. Even though the cost is free, I may have to pay for better walking shoes. Additionally, I may have to buy a umbrella to prevent getting rained on. I also may want to think about the safety and security of the streets that I walk down. And lastly, I may after some time walking, have a foot/leg injury that requires either medical attention or physical therapy. My point is that even though the cost was $0 up-front there is additional costs that show up because of my prior decision to walk. These indirect/future costs need to be considered especially as a business deciding to utilize OSS for some operational need.
In a way, you should evaluate each OSS tool/library as if it was a business which further corroborates the blog post's point.
> Public companies also have accounts for goodwill in their books, don't they?
I've worked for multiple public companies and have yet to see this. I have seen different models. For example, when they want a feature in an open source project they may contract with maintainers to pay for work. Or, they may have a maintainer for a project on staff.
> Also, I'd even say that depending on volunteers for everything when you aren't in dire straits isn't to responsible.
Responsible to whom?
People choose to be volunteers. Being a volunteer and hoping for hand outs from companies it's working out well for most folks. Maybe it's time to look at other ways of doing things.
Note, I'm not suggesting what the right way to do things is. I'm just looking at how people are doing things. Expecting them to behave differently isn't likely going to bring about a change in them.
That's how it is most of the time but I don't see how you can say it's "supposed to" be that way. It's pathological. Essentially it's a form of group sociopathy.
Most farms are also commercial and most of them still feed their cows and paint their barns even though in the very short abd short term it doesn't matter.
Edit: Same goes for basic politeness or being customer friendly. Can be very good for the stock price long term even if it doesn't matter in this quarters result.
> It is like that, because economic system is designed to work that way.
"Designed" is probably putting it too strongly. But however you characterize the process that got it that way, people did it, and people can change it with enough effort. In fact it is constantly changing, and each of us can decide the direction we are going to push it, and how hard.
"And friends, they may thinks it's a movement." — Arlo Guthrie, Alice's Restaurant Massacree
There were economists articles literally claiming this is good and pushing for reforms to that effect. Neoliberslism is literally theory that claims the companies should seek profit and only profit and then everything else will be good.
You can certainly make the case that the proposed reforms were designed, but to claim that for the economy as a whole would require that all such proposals were adopted with no changes, and that no changes to the economy that weren't in those proposals happened.
The neoliberal faction certainly has had an outsized influence (funny how proposals that the 0.1% want done end up getting a lot of positive attention more often than not), but even so, the economy as a whole is the result of a lot of political compromise and dealmaking, not to mention undirected evolution.
well actually they ARE providing value for shareholders by using opensource products instead of wasting thousands of human hours for reinventing the wheel.
I was responding to the parent comment not the article. The article makes great point. It essentially talks about a services and support business around open source. Some have been doing this for decades.
When you have contracts and support at a cost you aren't doing the work for free. The article is talking about running open source like a business rather than a volunteer situation. That means, you're not doing everything for free.
This comment is pretty disingenuous. (I personally found it a bit obnoxious.)
The person you're responding to made it very clear that they were responding to your conclusion that "large SV companies and startup should also start agreeing to pay for open source, when it's the core of the tech". The fact that you have support and services available isn't a "gotcha!" that refutes the point they are making, which is that given that there is also a zero-cost "product" available, then (unsurprisingly) prospective customers prefer that one instead.
In strictly economic terms, it rarely makes sense for all but the largest users of some upstream project, putting that proposition squarely in tragedy-of-the-commons territory: it’s better to hope for others to support it.
That applies even to existing sponsorships, however. Their existence thus points at more than cold-blooded short-term business interests being at play here. While corporations are in theory seeking only shareholder value, corporations happen to be (made up of) people, who are capable of altruism, and should be encouraged to use it. Just because US capitalism has managed to build a not-entirely-failing system on unadulterated selfishness does not turn that mindset into a virtue, or even reality: as far as I can tell, the dominant reason for sponsorship is that some person with a bit of authority likes the idea.
They may consider it good for marketing, or recruitment, or to secure their supply chain, or just morally called for, or they want to be the fat cat at this years TINYTEC-CON. If you asked them, they’ll give you a reason that totally makes sense for a business and has little to do with reality. And, no, nobody ever got sued or fired for these decisions. So go ahead, do it! You got all the left-padding you needed, it’s right to pad their wallet in return.
Companies routinely make investments to guarantee their future revenue.
Sometimes they could keep hiring for cheap a provider for one of their core needs, but choose to pay much more to have an exclusive contract and guarantee the provider doesn’t get scooped or goes under.
There can be any rationale applied to paying more money than the minimum they could get away with.
What you say is nonsense.
Companies will try to pay as little as possible to make more profit. They won't pay you more than you can make them.
Employees will try to get paid as much as possible. They won't work for something they can't live on.
All is good and dandy.
If employees are not getting paid, they'll go and do something else (like another job or growing food themselves) or steal and starve if there are no jobs or resources. They would never work for free because they can't live without eating.
> They would never work for free because they can't live without eating.
Except, slavery. Sure, the master pays as little as they can to keep the person alive, but staying alive is about the only good thing they get out of life.
> and I've gone through all the hoops to get paid (PO, billing, invoices, registering to large companies is a lot of paperwork, tbh, but well..) and we try and bill small to large companies that depends on those projects.
I see an opportunity to create a "create-a-company"-as-a-service, to help tons of other maintainers to do this with ease.
Although being capable of sending a bill is part of the problem, I suspect a bigger problem is getting your bill in front of someone who has the budget, the mandate and the inclination to pay it.
A lot of companies have a lot more controls on purchasing than they do on employee salaries. So a manager who has ten $100k developers reporting to them might only have $10k they can spend at their own discretion.
And the unix philosophy of having many small tools and libraries means practically nobody is _just_ using one open source product. So even if you can get your bill to someone with a million dollars to spend, if they have to share it between 1000 open source projects it's not going to go very far.
Why not just have an intermediate company that handles the donation/support aspects? I mean, we already have Open Collective: https://opencollective.com/ and for other content creators the likes of Patreon also work out nicely.
Two examples, off the top of my head:
1) Here's how Open Collective looks, for jMonkeyEngine (a lovely Java game engine that's also a bit underfunded and underutilized): https://opencollective.com/jmonkeyengine
Why would large enterprises not just use a tool like that, if they already use the likes of AWS or other IaaS/PaaS/SaaS offerings?
But i definitely agree that a lot of open source is underfunded and as a consequence many can't work on it full time or even every day, because things are dire financially otherwise: https://staltz.com/software-below-the-poverty-line.html
It feels to me that perhaps the solution here is to have something like a bot on GitHub/GitLab, that adds a comment to issues: "If you'd like to express to the maintainers how important this issue is and draw more attention to it, then submit a payment here: ... Payments so far: ... (possibly with messages by supporters)"
Most people don't care about Open Collective or GitHub Sponsors or whatever, they just want to make feature requests or bug reports. If their attention is captured and the ability to make their own request/report more visible is offered to them as a part of that process, maybe things would be a bit better? I've definitely heard the sentiment expressed that micropayments have the potential to improve how we interact with others on the web in some ways, i'm just not sure how viable that is.
> But! Maintainers need to be legible to the big company department that approves and processes those invoices. Think about it: no company pays their law firm on Patreon. You'd be amazed how much harder it is to explain "what the fuck is an open collective?" for a $10k donation, compared to paying a $100k invoice to an LLC that filed a W-9 or W-8BEN and takes payment through ACH. The trick is that you can easily incorporate a pass-through US LLC and open a business account for it even if you're not a US citizen, it's not rocket science.
And yet, these companies basically pay monthly to AWS, which isn't all that different on a conceptual level. Needing a LLC just to receive donations of any sort is ridiculous, why can't these companies just be more humane, instead of drown the idea of doing anything good into needless bureaucracy?
Why not change the license to a revenue share agreement with a cap on total amount of revenue?
For example, if a company uses ffmpeg on their products and product generates a yearly revenue of 1m then they will pay you 1k.
Current open source agreements do nothing to help smaller companies or the maintainers and honestly I find it stupid and destructive.
Charge larger companies more depending on their revenue and let small size companies with less revenue basically use it for free. Isn’t this more ethical than letting FAANG use these software for free?
I really don't understand this mentality. This is what we've all been fighting for since the 90s. A free (as in beer) and open stack of software that anyone can pull off the shelf and use.
So many commercial platforms rely not just on ffmpeg and vlc but also on nginx, php, python, nodejs, linux, mariadb, and everything else you can imagine. We also pay for some very niche things that are simply not available from the open source community.
If my company was liable to have to pay out for each one of these projects we would be bled dry and our business would no longer be profitable. A bunch of people would also lose their jobs in the process.
At my company we have revenue sharing so the idea of having to cut out a piece of the pie for an open source project would not be popular among staff. Most of them aren't even in tech.
"If my company was liable to have to pay out for each one of these projects we would be bled dry and our business would no longer be profitable. A bunch of people would also lose their jobs in the process. At my company we have revenue sharing so the idea of having to cut out a piece of the pie for an open source project would not be popular among staff. Most of them aren't even in tech."
As a small business owner I understand this perspective, but if you expand it out it becomes transparently exploitative. "If my company was liable to pay for employees' health insurance, we would be bled dry and our business would no longer be profitable." I pay 25-35% of my income every year via taxes, if I didn't have to do that my profit margins would increase. It's not hard to find someone who claims they're being "bled dry" by taxes. Egress and ingress bandwidth is expensive, imagine if you didn't have to pay for it? Companies like Walmart are able to offer low prices in part because taxpayers fund them by providing food stamps and welfare to their employees.
At the end of the day the stuff you rely on costs SOMEONE money, if you're not paying for it, someone else is paying for it with their time and possibly money. If you can't do business profitably after paying for the stuff you use, your business is already insolvent and someone else is funding it for you.
> If my company was liable to have to pay out for each one of these projects we would be bled dry and our business would no longer be profitable.
Unfortunately, building a business on a limited resource that is -currently- "free," is not a particularly wise decision.
VideoLAN and ffmpeg are amazing tools, but a lot of folks have made a lot of money on wrappers (some of which, are eye-wateringly expensive). I'd be unsurprised to find a number of license violations in some of these wrappers.
History is filled with examples of people making money on resources that are not sustainable. These folks make a lot of money, until they wipe out the resources.
If my company was liable to have to pay out for each one of these projects we would be bled dry and our business would no longer be profitable.
To put that another way, your profit is derived entirely from arbitraging the value of open source software for your customers. If you were actually paying what the software is worth to you there'd be no money left. Effectively, you are taking some of the value of the work done by open source developers and keeping it for yourself rather than passing it on (that's not a criticism btw, it's how practically every "supplying goods" type business works.)
That's very unfortunate. You're not really creating much value, so I imagine your business is too small for anyone to worry about. In the case of something like YouTube that clearly that isn't the case though; they create far more value from the open source software they use. YouTube absolutely could afford to pay a fair fee for what they use. If nothing else, it protects YouTube from a problem like the log4j issue this conversation has arisen from.
The math probably doesn't check out. Paying 0.1% (1e-3) revenue for a core business dependency is a no-brainer (if you have reasonable margins). When you go from dozen to hundreds, you will not only bleed dry, you will be paying more than a fair share of what is needed to sustain/develop the dependencies.
When your software is used by billions (1e9), a adequate/fair share may be around 0.00001% (1e-7) with huge variability, but try paying 2c for your favorite logging library, 3c for gcc, 1c for task manager, 0.1c for a tool you never heard of ...
It's not even shared infrastructure like roads, since software is durable and the cost of use (and copy) is zero. Free and open source software is like science and technology. Like the modern wheel, candle, and cooking.
Plus some folks are tweaking and fine tuning it from time to time to be compatible with road 5.2 and with axle 3.1 and so on.
GitLab uses a delayed release (open core). Paying customers get the features first and months/years later they get into the free tier.
Open source developers can still release things to everyone for free. Seems fair to say that companies derive value from open source in proportion to their scale. How about a $1m value generated threshold before it's considered impolite for a company to not at least give a little something back?
Ultimately these tools have already been released for free so asking for a rent seeking style payment after the fact is a little bit like sour grapes. What stops me from just forking the project? Really nothing. If anything open source maintainers that want to get paid should look into a model that mirrors the bug bounty programs. Have bounties for features. Generally these projects only really need security updates.
Is it "sour grapes" if I bring a big dish to a potluck to share and I get mildly irritated if someone walks over and takes the whole thing to their table, ensuring nobody else gets any of it? Is it fine if a crowd of strangers shows up to my potluck without bringing anything, takes all the food, and leaves? Should I be able to go to a food-bank-for-the-poor and walk out with a big crate full of food since it's free?
At some point you have to recognize that a lot of our society operates on the expectation that people will behave in accordance with norms so that we don't have to bake every single thing down into extreme rules and have them enforced by armed goons. You're certainly free to ignore norms and do whatever benefits you the most at expense of others, but if other people did that to you constantly you'd probably end up pretty grumpy. There are lots of ways you can inconvenience someone without breaking the law.
Personally, I gave away a very useful free software package for ~4 years that I maintained solo, and multiple corporations repackaged it to sell to people without ever contributing fixes. Then when I stopped maintaining it for free, they all sent me emails offering to sponsor it (at pathetic rates). Seems like my free labor was worth something after all!
It's not a potluck, though. There is no meritocracy, even if you believe there is one.
Instead you brought your big dish to a food stall on a street corner that has the sign "FREE FOOD" in large font. Folks of all backgrounds, shapes and sizes show up and soon your food is gone.
If after that, instead of feeling warm and fuzzy that you did the world a solid, you wonder if any of those patrons were wealthy and could afford to pay for what you gave away for free, then maybe next time you should put a price tag on it.
I mean it's true that once the code is published it's out there. So if you are only interested in the code up to a certain cutoff date I don't think you need to pay.
But that's not how people use them- people commit to a solution not only because it works today but also because they are likely going to keep using it for the foreseeable future. It's the maintenance that is the costly part. Maintaining a library is a lot more involved than producing it and then vanishing w/o a trace.
Ultimately somebody publishing and maintaining a good library is a positive externality for society. It's like giving kids a good education- it helps everyone. So big corporations relying upon open source w/o putting their money up to help allow the actual 'boots on the ground,' so to speak, get the job done, is kind of like getting a good free education as a kid, making a ton of money as a grownup, and refusing to pay teachers along the way.
Most of the open source tools used could be forked and used as is with no need to change them for years. Sure you could say they need security updates but I could also just silo off that stuff from anything important.
In those cases they could take the tool as is and incorporate it into their workflow..make local changes or not.
The problem happens when you want to maintain your version with the current version (for security / features) or push those local changes to the project so you can stop maintaining. At that point you have to assign local resources or hope your patches are accepted which takes usually requires a relationship.
Perhaps the better way to get paid is to include a small and well-throttled cryptocurrency miner in the library you are open-sourcing, as a require-to-run part of the license.
No invoicing, no approvals, it runs, you get paid in fairly direct proportion to the actual run time. This might actually be a real use-case, not that I think about it (of course, then there will be a war to strip it out, violating the license, etc.)
It aint going to happen, have you read some of the contracts linked to opensource, it will be a minority who make money from it. For example, I could use opensource internally, add features to it but I dont have to submit those changes back to the main source for others to use. Not only that who is going to police it? Its not like there is some magic open source police who will police my computer is there?!?
So sure whilst the statement is true that Open Source runs most of the internet, the companies using it like Facebook or Google are not under any legal obligation to submit any changes back to the public domain for the greater good under some of those contracts. Even MS has some API's which come very close to mirroring Open Source functionality which makes me question MS is this legal!
Open Source is just naïve charity, much like the UK Govt exploited the charity of the public by helping along a Weekly 8pm clap for NHS workers on a Thursday night during Covid Lockdowns. A weekly clap aint going to pay the bills and the rich will say anything to get out of handing over money. Hard lesson but its the truth, they would spend on PR Image control than pay bills IMO.
So sorry, Open Source is something people can practice on and not get paid for except in a consulting role at best.
> For example, I could use opensource internally, add features to it but I dont have to submit those changes back to the main source for others to use. Not only that who is going to police it? Its not like there is some magic open source police who will police my computer is there?!?
There is nothing to police. You making changes and not releasing them is perfectly within your rights. You can even distribute binaries with your changes legally.
> So sure whilst the statement is true that Open Source runs most of the internet, the companies using it like Facebook or Google are not under any legal obligation to submit any changes back to the public domain for the greater good under some of those contracts.
That depends. Both named companies have a global ban for anything using the AGPL license family. Except from that, you might be right that they aren't obligated to distribute their changes. You might find, however, that they do so anyways. It's much easier to merge your changes upstream than to maintain an internal fork indefinetly. And by merging the changes upstream everyone else profits.
You seem to have a very warped view of what open source software and free software is about, and what rights the users may have or not have.
My point is this, if the OSS remuneration situation were better would we have seen HeartBleed or other CVE's?
There are a lot of falsehoods in the OSS domain, like its better for security.
https://www.cvedetails.com/top-50-product-cvssscore-distribu...
Just looking at paid out Bug Bounties gives you an idea of how hard it is to get appropriate levels of remuneration as a vendors own bug bounty is outbid.
So whilst the call to arms to get paid for OSS submissions is noble, its still a flawed business model for most "professional" maintainers. I know there is a culture at Uni's to maintain OSS but they dont have the experience which we see in the quality of the code output.
You're saying that they should make their software proprietary to solve the problem of FOSS maintenance. That's forgetting the implicit requirement that it should remain FOSS.
I don't believe there's any requirement that it should remain FOSS. In fact the situation provides a strong argument that FOSS is missing a key piece as it is currently conceived.
It is really not that hard with the right licensing.
Offer your FOSS project with the meanest anti-corporation license you can find (AGPL?) which is not going to bother your user base but it is going to be a major hurdle for any corporation and then offer the software with a corporate friendly license for 100.000 / year.
Not if you only change the license of the encompassing project, and leave the license of the sub-projects intact. Corporations are too addicted to plug-and-play software to be switching away to those sub-projects; also they'd lose the benefit of the maintenance (you could choose a new license once you maintain parts of the code).
You need a proper "asshole" in such organizations that will go and threaten complete lack of support if the bill isn't paid. Of course there is a lot more detail in such negotiations, but the fact is that he/she will be facing similar "assholes" from the side of the copros. The entire thing is essentially just a game of standard capitalism. You have to know how to play that game, though.
FFmpeg should be able to pull multiple $M per year easily from all the major corporations that use it. For comparison, $1M is the total yearly cost of ~3 average engineers at FAANGs. And most, if not all of them, use FFmpeg quite seriously.
> That's the point, they don't pay, and they don't get support. But they still complain
You've put your finger on the core of the issue with FiloSottile's suggestion. The problem is that to sell something to a big corporation, you need to have something tangible you can sell. What you have are enormous pieces of widely used software, being given away for free. Many companies are going to take that and run with it, and forgo a support contract entirely. You may argue that they want support when there's an issue, but the truth is they're happy enough with the status quo and just complaining a lot.
In FiloSottile's model, a corporation needs to use your software for something specific, but also expects to need changes to it or prioritized issue support and approaches you; you send them an invoice with five zeroes on it as a bill for your services and they are heavily incentivized to pay for it.
Unfortunately that's not the reality for 99.9% of open source maintainers, a figure that includes most creators of popular software like VLC. I've personally contributed to a bunch of projects and maintain some of my own, but it's a hobby. As far as I know no corporations are even using any of them. Figuring out some software niche that no one yet has a product it, building it, and waiting for a corporation to swoop in and drop me a six figure yearly check cannot be a career strategy.
Would it be unethical to refuse to fix bugs reported by employees of large corporations, unless those corporations pay a support contract or contribute a patch themselves?
2) When funding is low, big scary exclamation marks all over the place
3) Include a bulleted list of doomsday scenarios showing what could happen to YOU if a bug/vulnerability is found
4) Add a picture of a sad kitten or crying baby for good measure
Now just subscribe all of the non-tech business people at organizations that use FFMPEG, and wait for them to panic. (Make sure that they need to call you to unsubscribe from the newsletter, especially if they work at the New York Times)
Note "yearly cost". Between administrative and organizational overhead, taxes, benefits, etc, typically only 50% of that cost is actually taken home as employee-visible salary [1] (which the employee then pays income taxes on...). $175k is still a healthy salary especially when compared to other locales, but it's not the $333k that is easy to presume based on GP's comment.
[1]: From what I've seen this ~50% number seems to be pretty close to the mark across virtually all industries and jobs. I.e. it's pretty safe to assume that the total cost to your employer to retain you is around double your take home pay.
It doesn't seem like that 50% number would just keep scaling with salary. There is a cap on payroll tax [1], administration stuff around administering health, vacation, etc. doesn't change that much, office space.. maybe so with things like the Apple spaceship ($5 billion with capabilities for 12,000 employees; amortized over 25 years would be $16,000 per employee so I wouldn't think so).
Thanks for sharing, Couldn't have asked for someone with better authority for an open-source project vital for both business and end-users; Payments from the latter can be excused as they're largely poor but we need better ways to make the greedy corporations pay.
Many open-source project maintainers wouldn't go to the length of setting up companies like you've done, The paper work and compliance don't cut slack for building an open-source product.
Perhaps there's a need-gap for services which maintain those for open-source projects and acts as a middle-men between the maintainers and the Account Payable of companies?
Would following an open core model work better, like it has for Hashicorp, Sidekiq, Tailwind, etc? Also, would focusing more on the low 4 figures result in more revenue? I feel the crowd sensitive to open source has that kind of spending authority, but once you get into the enterprise amounts, it's out of our reach to effect change.
At Enterprise levels there is no excuse to be using open source software and not paying some amount to get support. Boo!!! Booo!!! To anyone in an Enterprise that exploits FOSS without diverting funds to it. https://youtu.be/74GdZs2Ilk4
I don't think it matters much that you didn't start the projects, you are the one who is responsible for them now. That is the part that counts.
If the project improves by making a difficult change then that is still your choice to make. Sure some people will complain, but there is always someone that complains when things change.
That could work if the cost per sale were sufficiently low. But unless companies set up some sort of low-overhead system for putting that kind of money into open-source projects, I can't see it working. From what I hear, most devs can't just say, "We use project X a lot, so I'm going to fill out their web form right now and expense a $1k annual donation."
Those projects aren't donation-based. They are open core (they have an upgraded version that builds upon the open source version, adding desired value that is worth paying for)
Throwing money at some outside parties will not ensure that your in-house developers aren't carelessly in including snippets of code from the wild into your product.
That's interesting hey. Just imagine though, how does a company define what is "the core of the tech" and imagine the arguments in meetings between legal and engineering defining those terms.
The way this industry has evolved is a complete dumpster fire, where the dudes that glue the pieces together are paid 10X the value the dudes that actually built the hard part!
Wasn't there some YC company that was trying to act as a sales agent/middle-entity for this kind of situation? If not YC, they at least were on HN at one point.
Yeah my problem with Filippo’s perspective is companies aren’t delivering what they promise either.
It’s not as if altruistic motives, are what drives big corp.
Open source often originates in big corp; k8s, Rust, and all the ML … none of them are exactly wart free or blowing minds as promised. Just the next evolution of a big corp financed mess from the 90s.
The response to big corp complaints is they get what they pay for. And since austerity for the masses, all your agency are belong to us, fuck big corp
I'm an open source author and maintainer of a somewhat-popular python package[0] (~1M downloads/month) that I've maintained for over 10 years. I don't recall ever receiving a donation. I am still maintaining it, but I just don't have time to add the improvements that it needs to keep up with the ecosystem (asyncio, for example). If organizations who use it got together and chipped in some non-negligible amount, I would be much more serious about keeping up with it, but $0, or $5-20/month, is just not realistic incentive to compete with other priorities in my life. I don't know the answer, but that's my thought process.
First, I don't use it, but thanks. (I know, being a maintainer is a thankless job, but I'm a rebel.) Second, the OP addresses this issue directly. He's talking about "making OSS maintenance legible" (emphasis mine) to BigCorps via 5-6 figure invoices "on letterhead".
It's a grand idea, and I hope it works. The path to not working is too achingly obvious though. Budgets are always tight (even if you're Apple and you have to artificially make money feel tight). What corp officer with budgetary discretion is going to greenlight a 5-6 figure payment to someone who's not doing work directly for the company? I think the key here is that that person is going to have to a) be principled, and b) smart about selling it, by emphasizing the fact that the changes were beneficial to our company, and leave out the fact that those changes were beneficial to every company. It wouldn't hurt if BigCorp got a measurable recruitment bump from it, too.
If I could figure out for certain which big companies were using my software, I might try the invoice idea for fun. I expect it would be ignored, but I would send it anyways to prove the idea one way or the other.
Big companies don't just pay random invoices;* you need to indicate what project and account (usually IDs from their CRM). So it would merely be chucked out.
* In really big companies it's possible for admins to buy routine stuff below a threshold just to save on paperwork. So there's a scam in which someone sends out a bunch of $100 invoices for "printer paper" -- account payable assumes the department code was left off by the vendor but it seems legit so they pay it. Seems like a hard way to collect money.
It's called a Purchase to Pay system - whoever makes an order supplies a Purchase Order number from their internal system, which the supplier will reference on their invoice so the accounts team can look it up before paying it.
In terms HN would understand, it's a stateful firewall for invoices that prevents paying orders that didn't originate from your company.
If you hosted the package/library yourself instead of in closed silos/package repos, you could directly check the IPs of whoever regularly pulls your stuff.
We all opted for centralized package repos though, so now only they know. And they’re not telling us.
Just another “free” opportunity lost to centralization, I guess.
> We all opted for centralized package repos though, so now only they know. And they’re not telling us.
I'm sympathetic to the view, but there really are some things that are better centralizing. Reducing code into binaries is something that a "fair" 3rd party is going to be better at than the 1st party. Why? The 3rd party central source is (presumably) mechanically cloning and building, whereas the 1st party is doing much much more. Effectively the 3rd party offers a better guarantee to the end user that this binary corresponds to that particular source.
Also, the Way to measure who's using your code is to put runtime telemetry in there. Distasteful, but so common now with every kind of software, it's crazy. Yes, even OSS CLI programs phone home now (heck, ohmyzsh phones home every time I open a terminal!). For a generic server library, you'd add a check to make sure it's the most recent version and print that out to stdout on startup.
See, it's not user hostile it's to keep them informed of updates! /s
The answer is to use a license that require companies to pay. If you ask for $0 then people will gladly pay you $0. It is naive to expect anything else.
Oh, wow. I've used this before. I think the python community needs to work out how to make it easier for us to identify and donate to maintainers. When I pip install, I never get a donate here: some url. When I npm install, I do (arguably too much). Anyhow, sh is handy. Thanks!
I really don't think there's an answer. The ideal form of Free Software is just people sharing their solutions out into the world. We should just be thankful that you've decided to share it rather than keeping it private. If people thought a customer service relationship was something they needed from you, they'd pay you enough for you to start a company based on this.
I would be pretty skeptical of projects that try to keep up with the ecosystem, if they are adding things just to keep up (rather than because they need them). The fundamental advantage of Free Software is that the people writing it are doing the ultimate dogfooding. A Free Software project that is adding functionality they don't need is no better than a company in terms of knowing what "customers" want or how to evaluate whether they did it right.
I maintain a much, much smaller PHP library[0] (~1-2k downloads/month), and I've made a few thousand dollars in sponsorships, donations, and paid improvements to the library over the past year. I don't try all that hard to solicit donations, but I do have a donate button and a request for people to sponsor the library right near the top of the README. I noticed you don't have any visible donate button -- I'm guessing if you added one, and a little blurb about why people might want to donate, you'd up your donations quite a bit.
Good for you. The welfare queen megacorps have been too comfortable expecting handouts like open source charity work and public bailouts. Open source software has served the elite executive class while leaving working people to depend on anti-freedom proprietary offerings. I am sick of watching it go down like that. The never-ending data leaks, dark patterns, lock-in strategies, and attacks on encryption and freedom of speech, are all exacerbated by this tendency to yield the commons to the ruling class. If open source doesn’t serve working people, I don’t care a lick for it anymore. Cheers to Stallman and all, but this is where his proposals fell short.
it serves everyone. it's technology. free intellectual "property". free and open innovations.
obviously these tools amplify their user's productivity. corps are organized to be economically productive, hence they benefit enormously from free power tools.
hobbists benefit too, but since their productivity is low they benefit relatively little in terms of economic surplus.
(sure, I might do my taxes using free software, but my taxes are also trivial, two lines and that's it. sure, I might whip up a blog/website using free software to share stuff with people, but again it's economic productivity is already zero, it doesn't matter if now it's a technologically amazing site.
and sure, I work as a freelancer using these free tools, but again my productivity is very limited compared to, relative to the systems I work on for corps.)
the solution is probably a mix of a bit of wealth tax and consumption taxes.
No idea whether it would help but clearly staying exactly
> I've maintained for over 10 years. I don't recall ever receiving a donation. I am still maintaining it, but I just don't have time to add the improvements that it needs to keep up with the ecosystem (asyncio, for example). If organizations who use it got together and chipped in some non-negligible amount, I would be much more serious about keeping up with it, but $0, or $5-20/month, is just not realistic incentive to compete with other priorities in my life.
may be a good idea.
Even if that would not help this project then making people aware about problem in general would help.
Once upon a time, the best way to get a software job was to demonstrate your ability to build useful open source projects. 10 years ago the Principal Engineers I would work with had super sized open source portfolio's which leant them both credibility and experience building products people liked. Junior devs would search (sometimes in vain) for issues where they could contribute a few PRs
Now the best way to get a job is leet code, leet code, and more leet code. Rather than spending <5 hours a week working with real code and producing real value on open source projects - most career minded engineers will simply focus on leetcode.
Not many people patch esoteric software that's been around for 10+ years because it's particularly fun or because there is specific business value in it.
> Now the best way to get a job is leet code, leet code, and more leet code. Rather than spending <5 hours a week working with real code and producing real value on open source projects - most career minded engineers will simply focus on leetcode.
Maybe more broadly: The only way to prove that you're good at X, is to do X well. An artist is only as good as his portfolio. The same is true for all creative jobs.
I'm thinking that these proxies (see all attempts at standardised testing) are a disease of our time.
I'm not sure I fully agree. Doing open source doesn't mean you do it well. You have no sense of how quickly, efficiently and independently they managed to achieve it. I'd much rather hear from prior experience, and probe about situations and scenarios they were in, projects and problems they contributed too, and hear the story of how they went about it, how long it took them, what they did in the face of setbacks and pressure, etc.
I have seen first hand developer that are just okay or below average successfully deliver on open source, because you have infinite time, no constraints, no stress and get to choose exactly what you do or contribute. But in a work environment they struggle, given ambiguous problems they struggle, given time constraints they struggle, given changing needs and demands they struggle, working within a team they struggle, given something outside their area of knowledge they struggle, etc.
This might sound weird, but I find every time someone publishes or contributes open source, they are stealing value from me, because it is one less thing that a company will need me to implement, build and maintain for them, instead they'll now expect me to simply use the existing free of charge open source one.
Not only does it feel like I'm stolen value, open source work tends to be the most interesting, and as more and more is done and offered for free, my work becomes less and less interesting, and the job becomes more about connecting and configuring all these open source systems together.
Needing to contribute free work in open source before getting a job therefore sounds like the biggest of scams to me.
I guess in the same way that public libraries steal value from book publishers and public education steals value from private tutors. Also, how rainwater steals value from bottled water companies, fresh air steals value from air filter vendors, and sunlight steals value from the electric company.
Libraries still pay for each copy of a book, and in some countries royalties are paid out each time the book is borrowed. The library is not allowed to make additional copies of a book and borrow them either. Public education pays its teachers.
But overall I'm not in disagreement with you, you could say open source is done as part of the greater good and advancement of technology and computer science, and not for personal capital gain. That also means that it isn't meant to be a sustainable career path, or job that you can do full time though.
This is just the broken window fallacy. Hobbyists giving away schematics for unbreakable windows are not stealing from your window repair business.
Yes, having open source competition means you'll have to either build a superior product that customers are willing to pay for, or find another niche. That's a good thing.
Good has many dimensions. I'm saying that as a developer, FOSS means people don't need to pay you to build those things, only to use them, and that's why FOSS developers themselves don't get properly compensated, because they chose to build it for free.
You could say FOSS is a good thing if you talked about computing progress, or barrier of entry for a startup wanting to build an app, or as a great source of example to learn from, etc.
As for your comparison, I don't think it holds, because very rarely are FOSS contributors hobbyists, most of them are professionals. So it is much more akin to a professional window engineer giving away free schematics for unbreakable windows, which means that companies manufacturing unbreakable windows no longer need to pay a professional window engineer to make schematics for them.
I can understand the perspective. But it goes both ways: Aren't you (and I) 'stealing'? How much do you use open source, as a developer and as a user - and just to post his message: try enmuerating all the open source that goes into it.
> How much do you use open source, as a developer and as a user
As a user I agree, things would probably be more expensive if nothing was open source. But as a developer, I disagree, my employer would simply need to pay for the stuff I use, or they'd pay me or another developer to build them one. And this is precisely what the article argues, that companies should pay for it. If there wasn't any open source logging library, the maintainer could either work for a company that offers a paid one, start his own company, or work for a company that pays him to maintain one for them.
> But as a developer, I disagree, my employer would simply need to pay for the stuff I use, or they'd pay me or another developer to build them one.
Good point, but you would have a much smaller industry and platform without FOSS, and there is no way you could build all the libraries, tools, etc., yourself. Even FAANG depends on FOSS. If everything had to be paid for and professionally developed, licensed, etc., there would be much less around, and nobody could fork and innovate - there's a reason people develop and use FOSS.
I think that's the counterargument, and I can imagine it being true, but I also think we just don't know. Maybe there'd be just as much advancement but more developers would be properly compensated. It's hard to say exactly what would have happened because we're talking an alternate history.
Lowering the barrier to entry by being able to leverage a lot of free stuff probably helps make the industry bigger in having more startups, but I also can't say for sure there wouldn't be more jobs or higher paid jobs otherwise.
In the end, I'm not trying to push to end FOSS, but I'm trying to bring to front the contradiction I'm seeing of people wanting FOSS but also wanting FOSS developers paid a full wage. It seems fundamentally at odds, if you want people working on logging libraries to be paid full wages, stop making FOSS logging libraries.
> I think that's the counterargument, and I can imagine it being true, but I also think we just don't know. Maybe there'd be just as much advancement but more developers would be properly compensated. It's hard to say exactly what would have happened because we're talking an alternate history.
Yes, valid and important point. We could look at how other industries develop. Software + Internet is especially condusive to 'free' products. Other industries must at least share knowledge, which arguably is embedded in FOSS software.
> I'm seeing of people wanting FOSS but also wanting FOSS developers paid a full wage. It seems fundamentally at odds, if you want people working on logging libraries to be paid full wages, stop making FOSS logging libraries.
We benefit far more than we can repay, but "stealing" is too strong. It's what the author who adopted an open source license explicitly intended to allow.
That's a good point. We as developers trying to make a living doing it are competing with an ever-expanding sea of OSS. And therefore we'd be mad to contribute to it, for free even.
On the other hand, from the viewpoint of all of humanity, it is great that there exists a huge amount of software that is useable by everyone for free.
I'd wager companies hire based on leetcode because it's efficient from an administerial perspective. It can be easily automated and helps weed out a greater number of poor candidates than good ones. It's easier for an interviewer to pull out a set of pre-written questions than look through a github repo and ask pointed questions.
Too much of what we do, from education (standardized tests) to banning of users in places like YouTube, is centered on efficiency or administration. Aim for the center of the bell curve, ignore the collateral damage and reach those target metrics, as the mantra goes.
It'll get much worse before it gets better, if it ever does.
Companies use Leetcode because it tests for the 2 things that are required to become a successful developer, above average critical thinking skills and willingness to spend hundreds of hours improving. Companies figure if you have those two things they can make you into a decent developer, figuring out if someone is already a good developer is much harder.
Or does it test for someone who in the hope of passing these tests will spend hundreds of hours dedicated to pointless exercises that produce no real value?
If by harder, you mean sitting down and having a real conversation, then yes, I suppose it's harder.
Edit: Value is a poor word here, now that I think about it. Let's say mostly pointless activities that generally don't apply to work they'll be doing with that skill. It's like playing baseball to practice for tennis.
That's a rather negative view, considering that much of software by and large is about replicating paper based processes with far less human effort involved.
It's fair to describe software engineers as a profession of the professionally lazy. "This takes too long to do, therefore I code."
I think it's better to reinterpret the problem based on what Leetcode does well, and try to invent something that does it better.
The old world of make some giant Github project a company might appreciate, or might ignore entirely, holds little attraction to me at this point.
I don't know if that is objectively true. There are numerous small companies who will leetcode every candidate. Then there are Google and Microsoft and the other bigs who hire thousands of people every week, where the best way to get hired is to have a Ph.D and get referred by insiders.
Mediocre candidates getting leetcoded by mediocre companies may be a highly visible pattern but on industry scale I am not convinced it is the dominant mode.
I don't think there was ever such time. Only a tiny minority of developers ever has open source projects and some companies even actively discouraged that.
Moreover, with industry moving towards agile, having project and developing in a company are massively different kind of work.
The alternative to what we have now is not going to be a healthy OSS community. The alternative is going to be big companies insourcing more of their libraries.
The only reason why OSS has seen the up-pick it has is because major companies profit from it. Microsoft didn’t embrace open source because it had a change or morals, it embraced open source because it started making so much more money from enterprise orgs switching to Azure compared to selling us licenses for on-prem alternatives. Facebook and Google don’t share their massive front end-libraries and extensive tools because they are nice, they do so because it helps them dictate web-development and being able to on-board new hires who are already familiar with their tech.
If anything, I think it’s more likely that we are going to see a big player pick up a NPM alternative and make sharing packages much harder. I think the fact that no one has done this, should tell you all about how little the enterprise industry worries about the status que.
I don’t think it’s necessarily healthy, and I sympathise with OSS maintainers who don’t get paid for their work, but I don’t think it’s a massive issue either. The OSS world is still better than it ever was, and your tech stack isn’t actually in danger if you review that code you use.
The welfare queen megacorps have been too comfortable expecting handouts like open source charity work and public bailouts. Open source software has served the elite executive class while leaving working people to depend on anti-freedom proprietary offerings. I am sick of watching it go down like that. The never-ending data leaks, dark patterns, lock-in strategies, and attacks on encryption and freedom of speech, are all exacerbated by this tendency to yield the commons to the ruling class. If open source doesn’t serve working people, I don’t care a lick for it anymore. Cheers to Stallman and all, but this is where his proposals fell short.
Where the GNU project always fell short in my opinion was that it thought there was a difference between free to use and free as in beer.
There was an abundance of people who predicted where the internet would head once big corporations got into it. There is an entire genre of cyberpunk authors who did after all, and I guess Stallman gets credit for trying to stop it, but it always comes down to money.
It’s very easy to fool yourself into thinking differently, but the harsh truth is that everything you do for money is being weighed and evaluated by someone in the management chain whom, at the very least, considers if you’re worth your cost, every three months.
I just don’t see how OSS is supposed to have changed in that regard. Maybe it was more ideological when it was mainly paid for by academia, but someone still paid for it, and considering how much OSS has improved in the wake of corporate capitalism taking over, academia don’t appear to have paid enough.
That’s easy for me to say of course, I have no solutions, but I still think we’re better off now than ever.
Reviewing code is the elephant in the room. Filosotile -perhaps out of ignorance or disconnect- fails to mention that the vast majority of open source projects (log4j being a great recent example) are absolute shit. Nobody should be building anything on top, nevermind giving the maintainers more money.
In-house development, software BOMs, rising of standards and multiple rounds of code review are the processes that the industry is shifting towards and for good reason.
I would be fascinated to see your evidence that in-house code is any better on average than open-source code.
I haven't done a lot of consulting lately, so I haven't seen much in-house code in the last few years. But my experience is that the average in-house codebase is worse. And that makes sense from the incentives. Open-source projects that want more than one contributor need to be approachable enough that people join in. Whereas with most in-house code, people commit to working on it without ever seeing it. Switching to work on another open-source project is easy; switching to another job is hard. Open-source authors get to decide when to release; in-house code is generally driven by execs. And so on.
... keeps resulting in shit code, too! There's no evidence standards of quality are rising. In my own extremely limited view of in-house software -- i.e. my own professional experience -- code quality is crap, standard quality practices are very low and actually worse than in FOSS projects (I've seen someone mention more than once that "this crap PR simply wouldn't fly if this were an open source project, it's so bad nobody would want to review it!"), absolutely dumb bugs keep hitting production, and people think of automated testing as "that thing we don't want to do".
In-house code is just code you don't know is garbage because you cannot look at the code.
I didn’t say in-house code was good, but it does keep you from being exploited by things like what recently happened with NPM.
Companies genuinely don’t care about the software they use, as long as it works and isn’t hacked. This is especially true in non-tech enterprise. At my former place they still had hundreds of ASP Webforms with custom in-house ASP libraries that were utter shit, but they worked.
What I’m postulating is that this is the alternative to the current status que.
I’d personally love for NPM to review their packages, or for a big player like Microsoft to step in and make a more limited platform with reviews, but I just don’t think anyone is going to be willing to pay for it.
I think I’m too senior to believe in non-shit software.
I work in non tech enterprise. You’d think that things like the ransomware scandals, GDPR, the increased risk-awareness would have improved the business processes or management awareness or all the things are “corporate digital maturity” but the pressure to get things done fast with minimal resources has frankly never been higher.
In that environment we’re always going to have shit-software. If anything I agree with you, which is why I said that I thought that the current status quo was the best ever.
Every engineering-driven fintech company I know of (having myself worked there or having friends who work there) is doubling down on every single one of the processes I mentioned.
Yeah, and that is about 0.1% of total amount of software assembled and deployed in the world. It is like saying all my friends drink Evian water so that's the way we handle clean drinking water shortage in the world.
.gif){kind=link}
Well, this is exactly what I've been doing around VideoLAN (VLC, x264) and FFmpeg for the last few years. In order to do that, I've created 2 official companies Videolabs and FFlabs (besides the non-profit orgs) and I've gone through all the hoops to get paid (PO, billing, invoices, registering to large companies is a lot of paperwork, tbh, but well..) and we try and bill small to large companies that depends on those projects.
And FFmpeg and x264 are the core of the online video.
So I did exactly what Filippo is saying we should do.
But the result is really not impressive. Seriously, asking for money for support from those companies feels like we're pulling the nails, even if their full business depends on it. Getting 30-50k$ from those companies for support for one year can be very challenging, long or leading to nowhere at all.
So, large SV companies and startup should also start agreeing to pay for open source, when it's the core of the tech.