SBOM (Software Bill of Materials) are slowly becoming ubiquitus around the world due to regulation.
I want to be able to aggregate all SBOMs within my company, have a small tool that scans my machine and creates a SBOM for all Open Source tools I use (e.g. Firefox, VLC etc.), uploads that to my corporate registry.
This data is then submitted to a donation aggregator which analyzes those SBOMs and distributes my monthly donation across all those projects.
It is so hard dealing with those individual donor portals and various forms to donate to foundations et. al.
If this whole project could be run as a non-profit foundation itself that'd be perfect.
I think the devil is in the details. As others have pointed out, this would drastically change the incentive structure of OSS. You would attract actors whose entire purpose would be to get listed on as many SBOMs as possible to maximize their revenue potential. I'm envisioning a world of `padLeft` controversies.
That is to say, I don't think a pure "frequency of use" metric is sufficient to fairly distribute such a pool. And if you have a large and growing pool of available money then the incentive to game the distribution scheme becomes more attractive than making truly awesome software. And I very much doubt that we have any reliable ways of aligning such a money distribution scheme with the goal of creating amazing software.
I wonder if it would be enough to just recursively pay out to each dependency.
You pick a % to keep and a % to pass along to each of your your dependencies, and then they split up that % that you passed along to them, so on and so forth.
Of course people could choose to pass 0% along to their dependencies. But that seems fine; people can adjust and just not send greedy projects a very big split.
Trying to enforce some fairness on the outside will probably just result in silly behavior from greedy people (ie, if every project gets an equal split out and somebody doesn’t want to hand any money down to their dependencies, then they can just create a bunch of tiny projects to dilute their out-split).
Depends on how you do the accounting. "Well, you don't use padLeft, but 15 packages you depend on do, and 68 packages tjat those packages depend on do... Altogether you're looking at 348 instances of padLeft."
If there were a metric that would make each instance of padLeft worth a tiny amount of money (for such a tiny library), that sounds like a reasonable outcome to me.
A trivial way to exploit this kind of system, I think, would be to write LegitimatelyUsefulLibrary, then write 1,000 PadLeft projects, and make LegitimatelyUsefulLibrary depend on all of them.
Since you are the one marking the dependency of LegitimatelyUsefulLibrary on your PadLeft projects, you can game the metrics however you’d like when making it.
But why would I, as a developer, use such a library? It would cut me out of profits unnecessarily. In fact when I’m picking my dependencies I will deliberately avoid those that take a larger slice of the pie than is worth it for me.
If I remember the story correctly the padLeft dev was actually pretty notorious for submitting patches to open source projects that 'coincidentally' added dependencies on his code.
Only enumerate and pay for top-level tools and dependencies, none of which are probably padLeft. Those downstream recipients can further "pay it forward" to their top-level dependencies. Everyone has an incentive to not pull in superfluous bullshit so they can hold onto as much of their pitance as possible.
thanks.dev does this. I think I saw GitHub Sponsors also started (or will start?) doing something like this, but I'm not sure on the details off-hand.
But yeah, I've argued for this a long time as well: who is going to look up 100 to 2,000 dependencies and see if they accept donations and set that up and cancel when you stop using it, add new ones when you start using them (and many will be transitive deps, so you have to check if it changed every month or something), etc. etc.
You just want to give one organisation $500/month or whatever and let them sort it out. You don't even need SBOMs, just start by sending them your go.mod or package.json or Cargo.toml or Gemfile or whatever.
That the FSF and OSI are doing basically nothing in this regard is why I have trouble taking either organisation serious.
I tried to sign up (as a maintainer) and I never heard back from them. Tidelift also does a lot of other stuff; my impression is they want to have a "curated list" of packages (Or something? I find Tidelift confusing) which is fine I guess, but not really a general solution.
I have made a simple CLI utility[0] with this purpose in mind. It scans your entire filesystem for README.md and FUNDING.yml files for a set of donation/sponsor links and tag it with the associated repo (No HTTP calls, just the assumption that most repos link their support URL in either of these files). The output is a CSV sheet containing the open-source dependencies/libraries you use in your system that accepts donations.
I have plans to expand/plug this into a donation aggregator platform like you mentioned if time permits. But if there is an existing effort for the same, I am happy to contribute. :)
Hey this is pretty great, and the code is so simple. I guess it only works if you have the sources checked out somewhere, which isn't the case for all build tooling and package managers, but I could see an extended version of this that hooks into the standard package managers to fetch the required information to complete the report.
If you can also hook into an accounting system (eg plaintextaccounting.org) then you could also calculate the whole dollar amounts to donate as some percentage of income from the product.
Don't take this the wrong way but corporate are such prima donnas!
I got flashbacks from my tiny startup days when corporate went to procurement companies which wanted specific terms and mode of payment. And after all the infrastructure was in place... they basically spent no money!
The SBOM idea exists in various forms. Few need it and few use it.
If somebody wants to pay money, they will figure out a way. If they want to invent an excuse they will find one.
> If somebody wants to pay money, they will figure out a way. If they want to invent an excuse they will find one.
I think this is just not true. Reducing friction will increase participation.
I make donations to many organizations currently. I would donate to more, but it's a hassle to identify them and determine what/how I want to donate. It's just not a top priority for me, for better or worse. But if I could click a button right now and 5x my donations with the trust that they were supporting what I wanted them to, I'd do it!
edit: Also, this is a reminder to me that everything is a choice and I could be spending my time setting up donations instead of commenting on HN...
> Don't take this the wrong way but corporate are such prima donnas!
Not taking it the wrong way, you're right :)
> I got flashbacks from my tiny startup days when corporate went to procurement companies which wanted specific terms and mode of payment. And after all the infrastructure was in place... they basically spent no money!
Yep, that's painful but I count it as the cost of doing business.
If I jump through these hoops and my competition doesn't it sets me apart.
If only 1 in 10 then spent money so be it.
> The SBOM idea exists in various forms. Few need it and few use it.
True today.
Not true tomorrow.
Software development will become a highly regulated industry.
This is my prediction at least.
> If somebody wants to pay money, they will figure out a way. If they want to invent an excuse they will find one.
All of your engineers get 5,10 votes for important libraries they use. The vote history is aggregated, and voting is twice a year. For every N votes we send $100 to that project. That way you’re not cutting little checks, and you have a finite number of projects you have to hunt down funding contacts and charitable status for.
Due to aggregation across votes, all the projects that perpetually come in 10th to 20th place get paid every year or two, and first place is likely to see a little more money each year. $300 in June and $400 in December for instance.
Not just in billing, but also in implementation cost and general overhead. I actively avoid buying anything which requires talking to a salesperson to get basic service info; ideally one has something like the Cloudflare self-service model with enterprise upgrades. I know someone currently paying >$800k/yr to Cloudflare who started out a couple years ago with a $200/mo plan.
But then you have to waste a salesguy's time generating a quote for a product that I'm not likely to purchase. I hate doing that. I'm basically stealing from them just because I'm trying to shop around for the best product. I'm calling salesguys and giving all of them my information and getting several different quotes, but I'm only going to execute on one of them. And now they're spamming my inbox every time their company does something even though I've never bought anything from them.
2) Write up what you want, and email ALL the companies you want a quote from... CCing them all in the same email.
Make sure to indicate a close date for them "and all other possible bidders" to submit by.
Now they all know who their competitors are, AND, they know there could be other, extra competitors, AND they know to price as competitively as possible.
The sales people at the other end, and the company, will know if they want to "waste their time or not".
This works well with car dealers too. If you want the best price on a specific make and model with specific options, send to the 10 dealers in a 2 hour drive radius.
I'm sorry I don't understand. The alternative was to have a basic price for the product or service on their website that a person could look up.
Maybe if I'm some big bulk buyer and think I can get a better deal by talking to the salesguy then I'll do that. But if I'm some small fry buying like 1 or 2 of the things I know they aren't going to give me a break, but I still have to go through the "contact the sales person, they call you back, you explain what you want, they generate a quote within 5-7 business days that is good for 30 days after being generated, you end up not buying the thing for whatever reason" rigamarole.
Sidenote: I've never had a vendor balk at me using an "expired" quote to buy something. Our purchasing process never proceeds within 30 days, but turns out the prices don't change either. It is very common to be executing on a quote that's 6 months old.
> I want to be able to aggregate all SBOMs within my company, have a small tool that scans my machine and creates a SBOM for all Open Source tools I use (e.g. Firefox, VLC etc.), uploads that to my corporate registry.
Then your boss will come and ask WTF do you use VLC for when all the videos are on the web, also some default media player comes with your OS and by the way, you are not supposed to watch videos during your work day.
Wild, I should be more appreciative that I have Steam on my work laptop and have played Slay The Spire during deploys with management on the call commenting on my game.
I think the idea here is more like “donate $1000/mo, have it distributed across the projects” rather than, say, “donate $10 to each project in the list.”
Not quite the same thing, but the Optimism Collective runs a program called Retroactive Public Goods Funding that sort of works like this: https://www.optimism.io/retropgf
A round is currently active and dependencies are encouraged to sign up. Quite literally millions worth of crypto up for grabs for the ecosystem's dependencies on a recurring basis. Frequency is about twice per year right now but I think the goal is to get to at least once per quarter.
(Disclaimer: I work for a company called OP Labs which does work for the Optimism Collective)
(And yes, it's a crypto project, but I'm hoping the common goal of constructing systems that can sustainably fund open source software might bridge the HN gap)
I've been toying with an idea of some kind of "Spotify for OSS" kinda thing - where software authors can make their binaries available, provided you have an active subscription (with the Spotify for OSS service).
Funds are then distributed based on usage (trackable at the package registry).
The idea being corporates buy a single license per head, rather than dealing with lots of donations etc.
Probably lots of reasons it wouldn't work, but it's a fun thought experiment.
This seems like an easy way for people to accidentally change the nature of their projects from a personal hobby/community type thing to something more like a customer service type relationship, which brings a bunch of expectations regarding fitness and merchantability.
It's a good idea but that would mean companies now have to pay. And they don't like it. (unless is for useless shit nobody cares about that doesnt make your job easier, they got loads for that)
Adding a "pay upstream" feature to it would probably be minimal incremental effort. Someone is already supposed to pay the third-party auditors, after all.
You need to audit the places it’s being donated to. Do they actually spend it on making the software you depend on better and paying the people making the software. Or is it a Processing Foundation situation https://news.ycombinator.com/item?id=37760363
I was also disappointed to see them using a KDE account for donations. I like KDE but i'm pretty sure there's tons of krita users who do not use kde, me included.
Found that there is a Krita on liberapay, which i much prefer as platform, but who knows if that's official or not, since it's not linked on this thread's link.
KDE is a community of developers that makes various software products, including Krita - that's why there's a KDE account involved here, since KDE makes Krita :-)
Many of those software projects available even for commercial systems like Windows and Mac OS, and of course the various free software environments. Those users are all equally important, so there's no conflict there.
Let's say I want to make sure to donate to ALL open source projects I use in my company. Those in my builds as well as those used on our computers that are not build dependencies (e.g. Firefox, vim, Linux, ...).
How do I do that today?
I collect a list of that software and contact hundreds of individual people and organizations, figure out the donation processes, fill out forms, transfer money etc.
I want this to be automated.
I want this automation to build upon existing standards.
This proposal would lead (I suspect) to "enshittification" of the supply chain as people wrangled to be larger portions of the dependency/payment tree, eh?
Part of what makes FOSS work at all is that the motivation is not profit but benefit.
The more infrastructure built to fund a cause, the lower the percentage of the money actually funding people on the ground doing the work. This is often true of charities. OTOH there will be more money, and maybe some of the people actually doing the work can actually make a living doing so.
same for news and blogs ... pay $10 per month, get paywall access, browser tracks what you read and distributes to authors. open source version of Apple news that actually supports local news and indies without extracting a giant additional vig.
At my workplace a common theme is that folks that use a piece of software heavily as part of their job use the big professional tools both because it is worth paying more for a better tool considering how much value they get out of it, and because it aids in collaborating for everyone to use the same tools.
People who only use a tool occasionally are the ones using Paint.net, Krita, Inkspace, Audacity, etc. Part of that is to save money, but a much bigger part is that it's too much hassle to go through procurement when it isn't absolutely necessary. More hours would be spent paying for the tool then would be spent using it.
That makes it a hard sell to get corporate donations. From the corporate perspective, the tool is completely off their radar because their employees are using it to intentionally bypass corporate bureaucracy.
Absolutely. But sometimes the best in class tool is open source (see: ffmpeg), resulting in a win-win-win for the accounting department, for the developer freed from bureaucracy, and for open source as a whole. It would be nice to live in a world where this was the case more often.
> From the corporate perspective, the tool is completely off their radar because their employees are using it to intentionally bypass corporate bureaucracy.
If something is priced cheaply enough to be paid for out of pocket by an "individual contributor," but for a work purpose, that's a big deal.
The bigger takeaway is that all seemingly B2B software is still B2C in disguise.
On the other hand, the kind, smart people making Krita aren't in it to run a sales pipeline. Like even if the diehard, nonparticipating libertarian rationalists are right, if it's true that every person on Earth would happily be a billionaire, most people think sales isn't fun or meaningful.
If you want to make the world more meaningful in your own way, I appreciate that the limit of fundraising to that goal is donations.
Don't get me wrong, I love Krita. I used it for years and I wrote ~30+ bug reports. It's a positive thing -- I won't bother reporting bugs to Adobe cause I know they don't care, unlike Krita devs.
However every time I need to collaborate with someone else, they use Photoshop. They use .psd like it's an interchangeable format[1]. Out of 10+ artists I've only seen one who doesn't use PS, and it's not Krita.
Not to detract from raincole's point, and this is not relevant at all to their problem, but just a general reminder that in many ways Krita is not a direct competitor to Photoshop unless you're using Photoshop as a digital painting tool -- and if you are, I would argue that Krita is arguably a better product in multiple ways.
I think that Photoshop is an image manipulator first and foremost, and Krita is a tool for drawing/painting and maybe doing some light traditional animation (although even that is not its primary focus).
I think that CSP, Procreate, etc... are more direct competitors to Krita. Photoshop is a competitor to Gimp.
Again, does not change anything about raincole's comment, and I don't think that raincole was suggesting that they were direct competitors. It's just that whenever Photosohp and Krita get mentioned in the same sentence I feel like the assumption from many readers is that they're trying to do the same things, and I would personally say that I think they're separate categories of software. There are things that Photosohp does that Krita doesn't want to do and will probably never support, because it's a painting app, not an image manipulation app.
I feel this pain. Photoshop is such a massive beast and really doesn't do anything for me that other programs don't. It's just too ubiquitous to work around without literally budgeting in your hours for having to work around it. -_-
I highly doubt if Krita has the man power to do this. They've been developing a new text system for more than one year. The new text system isn't designed to be compatible with Photoshop.
And even if it is, rendering text just like Photoshop is just a tiny step towards rendering everything like Photoshop.
When I moved from web dev to game dev, the second most surprising thing I found is how much this industry depends on proprietary solutions compared to web dev.
The most surprising thing is how little professional people get paid, again compared to web dev.
> The most surprising thing is how little professional people get paid, again compared to web dev.
They pay less because they can - there are many more highly motivated people who dream of making video games than there are open spots.
People are less highly motivated who dream about making Another Corporate CRUD App 2.0 (this time with Firefox support), and there are a lot more job openings.
Not too surprising. It's built into gaming's history to work on and release a game purely woth in house tech. And then submit it to a proprietary console maker for a "seal of quality" (or what used to be that). And then other important tools (especially for artists, but a lot for programmibg) served this same mentality as AAA development grew. Support was more important than anything else as tools became more comple, and these studios weren't used to sharing to begin with.
The phenomenon of open source tools being able to even be considered by professional development is a very recent phenomenon (in the grand scheme of things). But for programmers it's still difficult because console support is so important and still extremely closed down.
Perfect example of something that most people will think of as "not necessary", but a whole industry will understand as close to, if not outright, a deal-breaker!
It would be really cool to have some kind of open source community that developed these kinds of "usage specific" plugins across multiple open-source projects, to kind of patch in that functionality where it's missing. Some people to work on ever-evolving interfaces for the supported applications, and then some other people to write plugins that provided these features, progressively enhanced, based on those interfaces.
It would be a gargantuan effort, though, and you would just end up with a plugin soup without careful moderation (even more effort; and easy to go awry!) so c'est la vie!
What industry? I am involved in the game and illustration industry, and work with mostly eastern studios. I have seen a 90% CSP usage rate, with the last 10% mostly being procreate users. Photoshop is in usage to the same degree as Paint Tool Sai and I have never seen a Krita user.
Because just like the most "open source app reading/writing proprietary format" scenarios, it doesn't do it perfectly.
Even if you simply import a .psd and re-export it again as-is, it will still break things like smart objects and layer blending options.
It's not Krita's fault: .psd is not an interchangeable format. Implementing .psd support perfectly is basically implementing the whole PS itself. It's all the artists' "fault". But it doesn't change the fact that using Krita makes my days difficult.
And PSD is notoriously complicated. I remember reading some rant by an open source developer and there were things along the lines of different endianness in the same file.
It’s a 30+ year old format that went to multiple transitions. I don’t envy the poor soul that has to reverse engineer it.
And I believe .psd is still the only "raw" common format for artistic drawing, right?
I've once seen a .psd that won't display correctly in neither Ps or CSP, supposedly because it was exported from something else. That didn't seem like a fun situation.
I don't ever really collaborate, so I had come to comment that I recently switched to Krita and have really been enjoying it. Between Krita, Gimp, and Blender once I swap some fonts in places I can drop my Adobe sub which has at least been dropped to the minimum package.
I switched because it seems like it's important to use and support open source tools wherever possible, proprietary software is feeling more and more hostile to the user. I'm redirecting the money I was spending on Adobe products to open source donations.
What kind of work do you do? The primary use case for Krita is digital painting, where a lot of artists use CSP/Procreate and typical pipelines allow certain freedom of choice. I used to work with 2D artists, and perfect PS compatibility was a deal breaker everywhere except for digital painting.
If interchangeable format means non-proprietary then Krita's .kra is one. If it means a format designed to be used as interchangeable format then .ora.
Perhaps it's a just me, but I've never met someone who uses Affinity Photo as their main digital painting app. The one artist who doesn't use PS actually uses Clip Studio Paint.
I'm not saying it's not a great app (I'm not familiar with it enough to judge it). But if I'm not using an open source one, I'd use the industry standard one.
I'm not a real artist. I do programmer art for game jams, MVPs, UI mockups, etc. I always liked Affinity Designer on iPad for that. It's got nice Apple Pencil support, it was inexpensive, and it works with other file formats pretty well.
Last time they had a sale on their "Universal" bundle, which got you Mac, Windows and iPad licenses for all their products for $100, I had just received some illustrator files that I wanted to work with on my desktop and decided to go ahead and pick that up.
I now find myself using Photo and Designer instead of Krita/Gimp and Inkscape, because I'm more efficient with it as a non-expert user and because the .psd and .ai interop is better.
I need to deal with one of those two file types approximately 0.75 times a month, so the industry standard one feels eye-wateringly expensive. But a one-time $100 fee for a less frustrating experience than the open source ones offered felt worthwhile to me. And they've grown on me to the point that I pick them up when I need to make something for a game jam, not just when I need the interop.
I am a pro artist. Most of my artist friends who don't use Photoshop either use Clip Studio or Procreate. In general the Clip/Procreate split corresponds strongly to whether or not they do a lot of comics.
There's a handful of other programs that one or two of my friends use but absolutely zero of my friends have talked about using Affinity Photo.
Krita is also sold as a paid version (store version [0]) for a one time fee (never goes on sale). So unlike most open source projects it might have a more steady income already. I don't know anything about their sales numbers but according to SteamSpy they are in the 100-200k range [1] and that's one store only not counting MS and Epic.
I was actually arguing for a long time that more open source projects should do the same. Be on digital stores and sell the application for a one time fee.
Krita is also evidence that this model can work in some limited instances even though the program is completely monetarily free in every sense of the word. It's not "free after X months", it's not "free but you pay for premium features" -- it's just a free download, but you can buy it in a store. There are only two reasons to buy Krita through Steam:
1. You want to support Krita
2. You want Steam to handle updating/launching
And it turns out that's enough for them to get some sales. People underestimate how often users will either take the path of least resistance or purchase something just to be nice. Typically when we run into this kind of behavior it's negative, for example the struggle to try and get ordinary people to install ad blockers. But it's nice with Krita to see that human instinct more positively leveraged.
Minor suggestion: I understand that for organizational purposes and clarity it might make sense to have them separate, but I suspect merging those stats together on this page might be better for the project overall?
I suspect (but don't have evidence for this) that sponsorship tends to snowball -- corporations become more likely to sponsor products that are already being sponsored; and the harm from users thinking that the project has "enough" funding might be outweighed from the benefits of users and orgs thinking, "it's normal to sponsor Krita, we're not doing something weird or experimental by jumping on the bandwagon."
Again, just an instinct though, I could be wrong, and I get that this page being part of a larger existing funding platform might make including direct sponsors more contentious or inappropriate.
This way, corporations and business users can pay to get the latest version and features just like commercial software, while the hobbyist community still gets a relative recent and feature-full release they can use for free, has source available and is guaranteed to become fully GPL code in 3-5 years.
The traditional open source economic models (support and customization, services etc.) simply do not work for professional software with a large number of non-programmer users. A commercial license would allow these clients to pull resources together to allow software to be written, and eventually released as open source for the benefit of all - and they are the most interested in this because they don't want to get locked in.
This seems thankfully unlikely for Krita given its origins in the KDE project, which for example has the KDE Free Qt Foundation as a poison pill should Qt attempt such a move.
If I'm not mistaken, that's pretty similar to the reasoning behind BSL, which is even more "open" than "eventually open" - code is source available, anyone who isn't a competitor can use it however they want outside of competition, and in a fixed amount of time (max 4 years) the code becomes truly and entirely free to be used however one wants, including competition.
No it ain't, those are just an attempt to pass something closed source off as open source.
At least, I haven't seen the authors give their blessing to a
fork of the old version of their software, beyond the text of the license itself. Maybe it hasn't been long enough, but it soon should be.
Why would the blessing matter, if the source is available and really licensed under a real open license after the exclusivity period? Why would the original authors give their blessing to a free competitor that aims to drive paying users away?
Perhaps you approach this a bit too dogmatically. The objective for me as a user is to have good quality software, with source available, in a competitive market that does not lock me in - because it allows other free or commercial spin-offs with low entry barriers.
If we can't ever accept something that does not pass the Stallman purity test - even if it means open source programmers in some niches should starve - what we end up in those niches is binary blobs filled with spyware. And due to network effects (see the above .PSD discussion), we soon find ourselves forced to swallow the blob because it's the only real option.
Another approach is to allow free non-commercial use, and to charge for commercial licenses. There are licenses that grant all the rights that non-commercial users want, but still require businesses to pay.
But that's no longer open source, and offers no protection to the users against lock in. All it takes is some change of leadership or VC funding and the permissive license will be abandoned in favor of a proprietary revenue-maximizing model. Human nature and all.
What is needed is a non-repudiable commitment from the vendor that the software will be fully open source, and a business incentive for them to continue developing the commercial version; they have a few years to monetize any new features, and to continue making money they need to continue bugfixing and creating other desirable new features, as opposed to just milking the lock-in cow.
Both the PolyForm Noncommercial License and the Prosperity Public License are irrevocable. There is no lock-in. Everyone gets the code, just like with an OSI-approved "open source" license.
Dual commercial/non-commercial licensing like this is a simple way to require commercial users to fund the further development and maintenance of the software.
They are irrevocable, but they also disallow commercial redistribution of modified copies - in perpetuity.
This means that when the original vendor changes new versions of the software to a draconic proprietary license (as is their right as the full owner of the copyright), the community can't fork an older version and keep it up to date and distribute that; they can just use older versions until they become obsolete, incompatible, accumulate security holes etc. They are locked in to the vendor is they need those same features going forward.
The commercial license typically grants the right to sublicense the software as part of a larger piece of software that can be sold commercially.
Both commercial and non-commercial users can copy, modify, and redistribute modified and unmodified copies. Again, there is no lock-in.
There's little incentive for the developers to switch from dual commercial/non-commercial licensing of the source code to only distributing compiled executables. The whole point of choosing the dual licensing model is that it's more attractive to customers. You wouldn't want to use such a model if you were trying to keep trade secrets, but in such a case you wouldn't consider using an open source license either.
> Both commercial and non-commercial users can copy, modify, and redistribute modified and unmodified copies.
I don't follow. Both examples you provided explicitly forbid commercial redistribution:
The Prosperity Public License 3.0.0
license allows you to use *and share this software for noncommercial purposes for free* and to try this software for commercial purposes for thirty days
[no other distribution allowances are made in the rest of the license]
PolyForm Noncommercial License 1.0.0
Your license to distribute covers distributing the software with changes and new works permitted by *Changes and New Works License*.
Changes and New Works License: The licensor grants you an additional copyright license to make changes and new works based on the software *for any permitted purpose*.
[Complete list of permitted purposes]
"Any noncommercial purpose" ; "Personal use ... without any anticipated commercial application"; "Noncommercial Organizations"
So both licenses disallow distribution if done for a commercial purpose. Do you mean to say that you can dual license, under such a non-commercial license and also under an open license, that allows commercial distribution? But then, how would you discourage commercial users from simply downloading and using the open source version? We're back to the service model of financing open source.
Those are examples of non-commercial licenses, licenses that grant rights, free of charge, but restrict commercial use of software.
When I say dual licensing, I am referring to the business model of offering software for free under a non-commercial license, and charging for commercial usage rights. Kyle E. Mitchell calls this Free-and-Paid Dual Licensing.
To use such a business model you also need a commercial license. There's no one-size-fits-all solution, and it's normally something that requires input from a legal professional. Kyle has made a couple of recent efforts to improve things.
The PolyForm Project also has other licenses. For example, the PolyForm Small Business License allows free use in organizations with fewer than 100 individuals and less than 1,000,000 USD in annual revenue.
I agree, but in this particular case i have to ask... how many companies are actually USING Krita? My impression is that the vast majority of places that need software like that use Adobe Photoshop/Illustrator, or Affinity Photo/Designer.
Not only that they use privative products - it's that people think about Krita as an alternative to Photoshop, as Krita is intended for digital painting rather than general raster image manipulation. Hence narrowing the target of Krita to a much smaller audience.
Probably not many if you don't count small individual art studios - the mobile gacha game industry(and anime animation to some extent) don't standardize art styles and pipeline art production as done in American movie and comic industries, but relies on intimate collaborations with external, individual artists for creative components.
So they mostly only import (Krita-exported) PSD into Ps, or even if Krita was used professionally on the floor by employed artists, choice of tools would be up to artist's discretion and might not become a corporate talking point in the way, say, what Maya or Lightwave debate would be.
Maybe OnlyFans/Patreon could throw a million or two for couple years...? But Krita is not the first choice across the board, and creators on those platform don't seem too concerned with CSP/Procreate subscriptions, so that might be a difficult path too?
In a corporate setting, it will help if open source software has easy deployment configurations to track usage and ensure vulnerable versions are not lurking somewhere. Firefox for instance has this.
> It won't. The only real workaround right now is to simultaneously launch SaaS alongside the FOSS project and monetize that heavily.
It can work. Paying for software is already a normal part of doing business, make this work to your advantage. For example:
- In the budgeting process just add a line item for the FOSS software you're using and put a number on it that's lower than the proprietary alternative.
- If you're already using the software (like Krita in this case), tell whoever is in charge of the purse strings how much time, effort, and money the software has saved the company and ask them to make a one-off or recurring payment to the project that's lower than the alternative. You'll be surprised how often they say yes (as long as they can get a receipt)
That's because many corporate "donations" are not so much a donation as a way of soft-buying a feature.
It's hard for businesses hyperfocused on short-term gains to understand a long-term value of, for example, supporting an alternative for an industry-dominating Adobe toolkit. But the value is there.
Long-term value that's hard to define doesn't translate well to stock price especially when any investment also helps competitors who aren't investing anything into the project.
Khara threw a bag of pachinko money in Blender's face to make the last Evangelion film work, and it was fine. I guess that was a rare occurrence that they desperately and so purely needed a tool they can hand to broke freelancers without frantically searching for keygens, but it can totally happen when incentives are right.
The problem here to me is that Krita is simply a mess.
Krita is supposedly part of the KDE project, which is committed to switching to wayland, but has 0 wayland support. In practice, that means that if you use other input devices they can have bugs that make it unusable.
So it's Linux story is weak. A very bad start for a KDE app...but at least maybe on Windows it works well.
Well the problem then is it does the classic blender thing of having non standard shortcuts and usage modes, except unlike blender it does so for literally no reason. Buttons in most of these programs, for certain classes of operations are standardized, and Krita just works differently for the fun of it. No justifications, just "spend a long time changing it if you want it different."
The icons are also incredibly ugly and people get defensive about them. The QT thememing is fine, but the actual icons for brushes and the like look amateurish at best and really brings down the cohesiveness of the program.
Certain tools are also abysmal to use. The text tool is a joke. Then you have certain operations being incredibly slow.
I have worked as a professional artist for years. People here really seem to be implying photoshop is the "big dog" in the space, but this simply isn't true. I see far more CSP users than Photoshop users and among my coworkers and haven't used photoshop for anything but some post processing for years. Krita then needs to compete with CSP, and Procreate (which has gotten huge recently.) To be frank, it doesn't. CSP works mediocorely with Wine but because the input problems don't exist that exist with Krita I have taken to using that on Linux ironically because I use KDE. Krita is basically a non option for me at this point and has me considering making a GPU accelerated open source drawing app instead of suffering this current atrocious landscape.
I don't have a huge amount of experience with Krita's Wayland performance because the situation on Wayland is still sub-optimal for art in general. Tablet support has gotten much better, but configuration per-app or tied to the desktop environment still seems to be a big issue. The idea that my tablet configuration might stop working if I switch off of a desktop environment is kind of a non-starter to me. It stinks because I really want to use Wayland, but even as recently as a month ago I tried to see if I could make the switch and couldn't.
Truthfully, if someone has a lot of money to dump around, devoting a few full-time developers or dropping cash on https://github.com/OpenTabletDriver/OpenTabletDriver would probably go a long way towards encouraging Wayland adoption from artists.
As far as I can tell the issue is not that Wayland can't do tablet control on the same level as X11, it's that the tools built around those capabilities still seem immature. OpenTabletDriver looks very promising but seems to have limited device support, limited in no small part by what tablets the devs have access to (my Cintiq 32 is unlikely to get added any time soon because it is no longer being sold and was expensive and uncommon when it was on the market -- which probably means I should try to do it, but it's been tough to find the time).
The NVIDIA situation is also a problem, but there's nothing anyone can do about that other than yell at NVIDIA more.
----
> The text tool is a joke.
The text tool should see considerable improvement soon; the entire text engine got rewritten in the last release, the devs just only had time to get it to feature parity with the existing tools.
I'm willing to deal with the Linuxisms of being on Linux (wayland having bad tablet support and controls, I agree with you!) but the fact that on top of that Krita works particularly bad on KDE's default setup, whereas using CSP with Wine is a better experience is absurdity to me.
Krita has issues with X too. Using X11/libinput touchpad: pinch-to-zoom doesn't work in Krita but does work in KDE's ms paint clone Kolourpaint.
I've also found Krita to be unsatisfactory for drawing pixel art. Select the pixel art brush and set it to be 3px wide, then draw a rectangle with the rectangle tool. This creates a rectangle with inexplicably jagged edges (http://0x0.st/HWyi.jpg). Turn off sharpness for the brush and try again, it seems to work now but selecting the background color with the similar color selection tool will reveal that the jagged edges are still present but very faint (http://0x0.st/HWyz.jpg). All of this happens with a 3px brush but not a 2px brush. It's bizarre. I suppose most digital painters don't notice/care about this, but it's a deal breaker for me.
I dislike the Krita icons as well. I would like colorful icons so my eyes can scan them quickly but some halfwit designer got it in their head that all the icons should be monochrome and there doesn't seem to be any way I can choose or create other icon themes.
I really want to like Krita, but it just doesn't work with me. All I really want is "MS Paint but with layers" but that's evidently too much to ask on Linux. I've tried more than a dozen painting programs and they're all disappointing.
Thanks for the Aseprite suggestion, I initially overlooked it due to the license and neglected to reconsider it after exhausting my FOSS options. This is indeed pretty good.
It always feels like open source enthusiasts would never pay for something themselves, but expect that their boss will for some reason. What would your boss get by paying that he/she isn't already getting for free?
It would help if the projects had some option to purchase a license or subscription, even if the application is open source. Lots of employees have a company credit card and the authorization to use it for small productivity purchases. But it would have to be a business expense that is easy to file, not a donation.
If their text editor wasn't a UX disaster, I'd have moved to Krita. It's so bad and it drags down the whole program. The devs acknowledge it's not great, but have not done anything to make it good enough.
Yep it does stick out. A big dialog box obscuring the view. Type a font size in the box, and if it loses focus it will reset to the original font size.
Is that 1 developer of $17k / month? (So a $204k annual salary?)
Or, does it mean 5 developers for $17k / month (i.e. a $40k annual salary?)
If it's the latter, I'm highly concerned.
Even in countries like India salaries like $60k USD (INR 50 lakh) has become a bare minimum for software engineers who are even the least bit talented...
For a really good software developer in India, you'd have to pay circa $180k USD (INR 1.5 cr), which is still a massive discount compared to the US, since in the US that person would probably make around $350k.
> as long as you’re not talking about silicon valley salaries, which most Americans aren’t
Since WFH became more common, high salaries have spread across the US. Several members of my team are earning $250k to $400k (depending on their level), and are scattered across the US, and many are living super-LCOL cities. For example, one guy (who makes over $350k) lives in Utah, and around the start of COVID he bought a large house with a lot land surrounding it, for (to him) a measly $270k.
> There are also definitely juniors in the US making $60k (and probably even less).
Nobody should be making that little in the US. $120k is the minimum for a software engineer in the US, regardless of location. If a SWE is earning less than six figures in the US, they're certainly being swindled.
Wow that whole comment suggests you're SF/SV-based.
180k is top pay for a dev in most of America. 50-60k is entry-level pay for a dev in most of America. 350k is really uncommon outside of your bubble.
Are you really suggesting Indians make as much and even more? Then why are companies offshoring to them when they could just hire local juniors for the same price?
You can find "engineers" in India who'll accept $6k / year. But, with a few exceptions, most of these $6k/year engineers are really quite terrible at what they do, and their English communication skills are...to put it lightly... not good.
I've dealt with a contractor who hired such engineers. I remember the team, which I think had around 10 people (but I don't recall the exact size). There was 1 guy, who was basically a 10X engineer, and pulled the weight of most of his team/division. He wrote/delivered most of the working code, while there were around 9 others on his team who contributed very little (mostly terribly buggy code which he had to fix).
Yea, they were paying each person on the team $6k (the manager–who was pretty much useless -- was probably earning like $12k), and they were spending around $60k to $70k in total on this 10-person team. But–they could have pretty much just fired the entire team except for the one guy who was producing most of the code, and gotten the same (or better results). He would've been happier, and he wouldn't been dragged down by all those other nearly-non-contributing folks.
(For what it was worth, I talked to this guy (who was from Rajasthan), and suggested that he find a better job that paid better and valued his skills better. And I even offered to recommend him, and help him find a job abroad with a company that'd sponsor a visa for him; but he turned down my offer–he was actually, quite bizarrely, worried about some form of retaliation, if he left that contractor/team. It was strange indeed...)
Of course, if you want to find a software engineer in India who can actually deliver results (and communicate well in English), you should be willing to pay them at least $60k USD (INR 50 lakh) / year. Any less, and you'll basically "get what you pay for" unless you luck out and land some talented engineer who doesn't know his skills' worth.
Fwiw, $60k USD is still a quite cheaper than the US (a 50% discount), since I'd say in the US, the bare minimum for a software engineer today stands at around $120k USD.
That's a life changing income in some parts of the world, and a pittance for skilled knowledge work in others. I hope it's going towards someone in the former, and making the local market for tech talent that bit more competitive.
Alternatively they've been completely skewed by the profit margins of the big software companies, where it turns out they print money regardless of how high payroll gets. As supporting evidence, VC funded startups pay less than said software companies.
It's interesting that Europe has abjectly failed to produce anything like Google or Meta. I'm not sure what the underlying reason for that is.
> It's interesting that Europe has abjectly failed to produce anything like Google or Meta. I'm not sure what the underlying reason for that is.
There isn't a singular reason, it's a complex combination. Btw I'd like to preface this to say I'm not sure most Europeans actually want a Google or a Meta, there is aversion to "too big to fail" companies in most sectors.
* investment money - VCs bet on tons of stupid things with the hope of some of them making it. Many a crappy business model has received hundreds of millions of investments to try and make it, and companies spend years chasing growth on the back of those investments without worrying about profitability. Investment in the EU is usually more conservative and grounded in reality - a business model of "we'll give it away at a loss for 10 years to get lots of market share and then increase prices to capture the market" simply won't fly here.
* "Europe" isn't a single market in most important senses of that word. Each EU country has it's own language (okay there's some overlap like Czech and Slovak, Belgium and France/Netherlands, Ireland and UK before Brexit, but generally), laws, regulations. A single business can't just immediately serve the whole of the EU without doing due diligence, translations, checking what regulations might apply for them, etc. That means that the size of the potential market is limited from the start without extra investment. A French startup can only sell in France until they figure out what is needed to sell in the Spanish market, translate websites/products, hire support people that speak Spanish, etc. etc. etc. There are tons of good quality decently successful European startups, but most stay within one or a few countries. Exceptions are purely digital companies such as Spotify who can afford to sell all around the world with relatively few hurdles.
* Regulations and common decency/fear - over here, a business model of "we'll fake sell medical devices" or "we'll trick people into giving us all their movements/desires/internet history and sell that to whoever wants it" will hardly fly. Not that there aren't unscrupulous people here, there are, but it'd be harder to get investment and talent to work for you.
* Better... I'm going to go with social safety net, but that's only a part of it. Over here, people are generally more content and know they have things to fall back on, including retirement. FIRE (Financial Independence, Retire Early), "grind mindset", "hustle mindset" and similar are quite rare here. People prioritise other things than work, don't live to work, and don't measure themselves (only) on work. So hustling to hit big and become massive is much more rarely seen as a good or desired thing.
People often deride the EU for "lacking innovation", but IMO that's flat out wrong - those people use wrong measurements (lack of massive tech giants) to define innovation. There are tons of European startups and scaleups and mittelstands and b2b companies of all sizes that are successful and innovative. They're just not "infinite growth" global behemots, but.. do they need to be? Is that the thing that ultimately matters?
> tons of European startups and scaleups and mittelstands and b2b companies of all sizes that are successful and innovative. They're just not "infinite growth" global behemots
If their business has no economies of scale, no. If it does, they won’t survive without subsidies.
At a certain point, subsidising a low-scale domestic replica of an efficient international option breaks due to (a) the internet and consumer choice or (b) cost.
If the market was theoretical and all things were absolutely equal, yes, maybe, but that's not how things work in the real world.
For a good example, Walmart failed miserably in Germany because they failed to understand the local market in any way. You can have a successful regional chain of supermarkets without it needing to become Walmart-scale. Just being local, having a strong local presence and understanding of the market, and having local costs can be a massive advantage. A Bulgarian startup has economies of local labour costs that can trump the economies of scale of Google. Spotify are quite successful even if their competitors (Apple, Google, Amazon) are massive. Not to mention there are big market segments where economies of scale across markets simply do not apply. Legalstart, a startup doing "law services online" for small and medium enterprises in France cannot apply pretty much anything to any other country due to the different legal systems. If there was some massive behemoth in that space globally, Legalstart still wouldn't have an "economies of scale" disadvantage.
There are a lot of businesses that are great for a small shop and will make a lot of money, but they have no potential to grow larger. Those businesses are not a domestic replica of some efficient international option as there never will be an international option. If you to become a billionaire you have to start one of those international businesses, but if you are content with a million you can get that on a much smaller local company and you don't have to deal with investors at all.
Software does lend itself to international options more than other fields as the upfront costs are high and ongoing costs are low. (compare to plumbers where you can start a company with a van and a fittings, but you have to pay the plumbers you hire every year - by the time you pay the plumbers and the office workers to schedule them there isn't much $ left over)
Economies of scale can plateau, yes. In those cases I’d argue there’s a niche for a medium-sized company. (Most law is in this category.) But if there are further economies of scale, the company that seizes the worldwide market will simply have lower costs and more R&D capital to work with.
> the company that seizes the worldwide market will simply have lower costs
Not necessarily. Let's imagine a company that does budgeting and bank account centralisation, sold as a SaaS. A global company has to work on integrations with banks all around the world, data privacy regulations all around the world, translations including in right to left languages, fun stuff like UPI in India, cash payments to a machine in Japan, currency conversions etc. Meanwhile a Bulgarian startup in that space only needs to interface with the 15 local banks and use EU-mandated APIs that make their lives easier (all integrations are the same), and provide only one language, one currency. They don't need employees policies for 50 different countries, with local HR and legal departments/subcontractors everywhere. Not to mention layers of management to scale.
Do you still think the global company will have lower costs?
> A global company has to work on integrations with banks all around the world, data privacy regulations all around the world, translations including in right to left languages, fun stuff like UPI in India, cash payments to a machine in Japan, currency conversions etc. Meanwhile a Bulgarian startup in that space only needs to interface with the 15 local banks and use EU-mandated APIs
You're describing a system with economies of scale, up to a point, followed by negative economies of scale. That's my argument: this is a good business for a European company to dominate.
I would argue that many of the big tech companies have also been subsidised rather than being efficient. It has just been private investors rather than governments (and it feels like we are starting to see the end of that).
Great developers in India make more than Great developers in Europe in my experience. (India has a lot of okay developers who don't make very much, but if you want someone great you will pay more) some of this is Europe culture makes potentially great engineers limit themselves to good - they refuse promotions to great, and they refuse to officially mentor younger engineers (they do mentor but in ways where they don't get credit for as credit would them them a promotion). As such it is difficult to have great engineers leading the project and without that leadership you can't have a project at all.
With 3,000 Euro / month you can roughly employ someone making 2,400 Euro / month pre-tax (gross) in Germany. That's supermarket cashier money.
And only if you pinch pennies (there's just a ~100 Euro margin here after unavoidable costs). The rule of thumb in Germany is that an employee is going to cost you roughly 1.7x their gross salary: that'd be wages of 1,700 Euro / month.
The latter is going to pay for 1/4th of a decent software developer - and even then you're better promising more than 30 paid vacation days among other benefits.
Many open source projects have people working for free and spending a lot of time on that. Even really low wages may enable more people to do this.
I spend a lot of time on developing StreetComplete, got paid only for small part of that.
And I would be able to spend more time on that and willing even with relatively small funds.
I think that many people would be willing to take significant pay cut to work on project chosen by them.
For reference, 3000 €/month would be a low salary in Poland for a programmer but really good overall. I would take it if I would be paid for OpenStreetMap development.
The problem is that commercial company might have 20 full-time developers and resources to use third-party services, and they compete with Krita. Can Krita stay competitive enough to attract more funders and users? If they can't, userbase (mostly because of the AI) will shift more towards commercial products, and over long period, Krita will die. I hope that won't happen.
This looks like a really neat project… But on the homepage it does say, Intel is a gold corporate sponsor? Look, I don’t have a horse in the race, but that is kind of silly :)
They must have pulled out recently enough that they haven't had time to update that image. On https://fund.krita.org/ (which is where the image links to) Intel is not listed on any of the tiers.
ASIFA isn't a studio, it's a non-profit that exists to "promote and encourage the art and craft of animation", to quote their about page. Their most notable effort is putting on the yearly Annie awards.
LibreOffice nearly got a Tyson Tan mascot called Libbie the Cyber Oryx. She was silently eliminated from the initial round of votes, in favor of a bunch of half-assed attempts that included two barely modified Duolingo owls. This perceived slight of what had been assumed to be a democratic process caused such a dustup that LibreOffice decided it didn't want a mascot anymore.
I didn't think you meant that literally, but after paging through a few tens of google image search results for "krita samples", it seems the only thing Krita is actually used by people for is fantasy art.
Compare to "corel painter samples" where the 2nd thumbnail is a fairly impressive Audrey Hepburn rendition
Can't remember the last time I saw output of the style from the first search result being used to sell pretty much anything
In case my comment sounded a bit harsh, no offense intended && taken at my side - I mean, it's an industry of its own and a rapidly exploding one, so there are enough reasons couple lesser known industry standard software exists.
I like Krita's development ethos, but I really can't use the product at all. If I want software that doesn't respect my intentions, but provides the kitchen sink for functionality, I can find that better represented and supported in Adobe, Paint.Net, Paint Tool Sai; and those are just the raster comparisons. I honestly can't wait until design tools figure out what year it is and start developing blue-sky versions that work with multiple devices and accounts, simultaneously, to provide honed experiences for specific project work. I can't say I blame the lack of corporate sponsors, because I wouldn't - as an organization - find utility in the product.
That said, it's still a shame! Seems like there would be someone out there with similar interests. I hope this post, or whatever else, helps evangelize this as a problem!
>to provide honed experiences for specific project work
You need someone to lead that charge first. And that someone needs to understand each format and likely pay some programmer for a long time to make and more importantly, polish, such a feature. Open source is notoriously weak at polishing, so payment seems inevitable to keeop interest.
When you are considering support for multiple devices you multiply said effort. Stylus vs touch screen controls are a different set of UX if you want it to be polished.
It would implement features specific to and invaluable for whatever I'm intending to work on, in such a way that I would feel like trying to do it any other way would be wasting my own time.
For an example, Clip Studio Paint - a tool unabashedly designed for and advertised to comic artists - has a design concept of a 'comic panel'. This lets you drag out a panel, instead of an arbitrary shape that you will use AS a panel. The panel, also an arbitrary shape, comes with functionality like "bleed" which allows you to continue drawing outside of the panel, but will truncate that content when you de-select the panel. It includes concepts like "path rendered borders" so that you can do weird stuff with borders that you wouldn't want to do with an arbitrary shape (like have characters break through them).
So, you end up with a nice little feature that can ABSOLUTELY be recreated in other programs. Nothing in that "panel" feature couldn't be done with a series of steps and possibly some macros in other applications. The problem is, it's all of that setup (wasting my time) instead of just having the feature available because it's a well-known process with well-known problems. These are the people who are best suited to know what good processes look like, and can build the best kinds of tools for those well-known processes. Of course, they have to keep up to date, but that's any software in any industry.
Just to head off any assumption that I prefer CSP or something, I will say that they fall woefully behind on other stuff that is not comic related (understandable because of their history, but still a hindrance to me using it). That aside, a separate example is that every single drawing program should have the ability for you to move "tool settings" onto another device. No question. I should be able to work from my tablet, and pick colors on my phone. Or work from my desktop and change brushes or sizes or store values from one project, while I open the next desktop tab for a different project, all on my second screen. As far as I know, none of them do this.
The overall point being "We've designed apps to work with data like a computer uses that data. I would like it if we started designing apps that work with data however they have to in order for humans to work with 'concepts' in whichever way they understand those concepts (to the best of their ability, which is pretty able these days)."
SBOM (Software Bill of Materials) are slowly becoming ubiquitus around the world due to regulation.
I want to be able to aggregate all SBOMs within my company, have a small tool that scans my machine and creates a SBOM for all Open Source tools I use (e.g. Firefox, VLC etc.), uploads that to my corporate registry.
This data is then submitted to a donation aggregator which analyzes those SBOMs and distributes my monthly donation across all those projects.
It is so hard dealing with those individual donor portals and various forms to donate to foundations et. al.
If this whole project could be run as a non-profit foundation itself that'd be perfect.