On July 27, we reached out to Bountysource in response to a complaint we
received from a user. During our investigation and discussions with members of
your team, we found that your organization does not have a mechanism for
responding to removal requests from users, which is required by our Terms of
Service. Specifically, Bountysource does not "respond promptly to complaints,
removal requests, and 'do not contact' requests from GitHub or GitHub Users."
Over two months later, you have not made any changes to your platform in
response to our requests.
Therefore, we have suspended your application until you create a process for
actively responding to all personal information removal requests, including
those related to projects and issues. In order for us to remove the
suspension, we would ask to see two things:
1. Confirmation from you that you have a process in place for responding to
takedown requests about all areas of your website.
2. Inclusion of a public notice to your users stating how to request the
removal of information. That notice can be included in your documentation or
other legal notices.
Once you have that process and public notice in place, we'll be happy to
review your site and consider lifting the suspension.
“On July 27, we reached out to Bountysource in response to a complaint we received from a user. During our investigation and discussions with members of your team, we found that your organization does not have a mechanism for responding to removal requests from users, which is required by our Terms of Service. Specifically, Bountysource does not 'respond promptly to complaints, removal requests, and do not contact requests from GitHub or GitHub Users.' Over two months later, you have not made any changes to your platform in response to our requests.
Therefore, we have suspended your application until you create a process for actively responding to all personal information removal requests, including those related to projects and issues. In order for us to remove the suspension, we would ask to see two things:
1. Confirmation from you that you have a process in place for responding to takedown requests about all areas of your website.
2. Inclusion of a public notice to your users stating how to request the removal of information. That notice can be included in your documentation or other legal notices.
Once you have that process and public notice in place, we'll be happy to review your site and consider lifting the suspension.”
[1] Please don’t use CODE-SNIPPET formatting to quote text, it is unreadable on mobile.
But if short lines are readable on one screen, surely short lines are also readable on another screen, right? It's not like eyes depend on the width of the screen, just on the width of the line.
Using short lines on a screen too wide leads to wasted screen space, usually people dislike that, it interrupts the reading flow.
Same for too wide lines.
The ideal length of a line is somewhere between 50 and 70 characters.
Readable != Good Writing
This is not an issue if you don't use codeblocks, the browser is then free to reflow the text as necessary. If you use codeblocks the browser cannot reflow (by default) and you make the entire UX worse.
At the cost of making it hard to read on desktops, yes. Or you could just, you know, use the leading > style and not have to worry about it the more...
As someone who does not want BountySource involved in their open source projects, I applaud GitHub for this move. IMO BountySource is a borderline bad actor. It was a pain in the ass to get them to remove my projects from their platform and then they only "sort of" did.
To which MadcapJake responded "Would you care to elaborate", and you responded "I did, in my original comment, immediately following the accusation." I assumed that meant you had made some other comment earlier that explains your complaint in more detail. Did you mean by that that you had just edited your original comment?
I'd really like to hear some more detail. I've not heard of BountySource before today, I thought you could go into detail on what you had to do to get your stuff off their site and whatnot.
>what you had to do to get your stuff off their site and whatnot.
File GitHub issues that went nowhere, then follow up with a dragged out email thread which ended in bounties being disabled but my projects still showing up on their site.
Can you elaborate (via an edit, because probably HN won't let you post new replies now), on why you want bountysource to not be involved with your project at all? The desire to not have them involved is what we thought you meant by "bad actor", and we didn't realise that by "bad actor" you meant that they wouldn't remove you when you asked.
Sure. I didn't want them in my projects for reasons that varied from project to project. Sometimes it was that I did not want money involved in the culture of some of my smaller projects. At other times it was because the overhead of dealing with bounties would be counterproductive to the project, since it was likely to lead to low-value contributions that fulfill a bounty but are not up to the level of quality that the project demands of its contributions. "What do you mean you won't accept this patch? It was paid for by a dozen users!" For one of my projects, we have an internal bounty program which I am more effectively able to exercise a greater degree of control over and make the terms more clear about upfront.
None of this is why a bad actor, it's just why it's a bad fit for my projects (and to be honest, many others). Why they're a "borderline bad actor" is what I said earlier:
>It was a pain in the ass to get them to remove my projects from their platform and then they only "sort of" did.
I could also clarify that BountySource is opt-out: by default they're accepting bounties for projects that did not agree to having a bounty program.
Since reading comprehension is apparently a challenge:
Accusation
> IMO BountySource is a borderline bad actor.
Elaboration
> It was a pain in the ass to get them to remove my projects from their platform and then they only "sort of" did.
Sir_Cmpwn has no further obligation to elaborate even further on the detail given, though there might be a benefit to explaining what "'sort of' did" means.
Elaboration is more of a quantitative thing than qualitative, though. It's always possible to elaborate further, and there's no harm in asking to do so. And I found that his further elaboration was helpful:
"I could also clarify that BountySource is opt-out: by default they're accepting bounties for projects that did not agree to having a bounty program."
I originally assumed you had to register your project on BountySource, and they were just making it difficult to de-register something that had already been added.
Making this thing opt-out only, and apparently making opting out difficult, is really bad behavior, and I completely agree with his characterization.
Straight from the comments: “Even with a $25 bounty attached to it, nothing is happening”
That is why I detest BountySource. FOSS users already have a ridiculous feeling of entitlement. Let them “sponsor” a bug fix at one-one-hundredth the going rate, and that obnoxious sense of entitlement gets dialed up to eleven.
Let's bring in corporate practices / scrum-agile. How about a maintainer would estimate cost of implementing the feature (say $2500) and then we do a mini kickstarter and wait until 1000 people pledge $2.50 or a big user offers $2.5k
disclaimer: my personal politics / ideology
It's really unfair to the community (society) when corporation use FOSS in production and still claim 100% of the profit is theirs only.
EDIT: getting downvoted but no comments. Can someone counter argument?
The difficulty with moving to realistic cost estimates for open source software is partially that people aren't willing to put up a fair wage for many bugs/features and that open source developers often don't have the flexibility to address things immediately.
Consider what happens when the funding doesn't reach the desired amount? Does the fundraising stay open frustrating users without the functionality and users who have already chipped in? Does the developer lower the amount and get it taken care of? Is development sustainable when a funding goal is missed? Are donations going to be repeatedly available when discussing fine grained technical issues (a subset of the userbase is likely affected by each issue)?
Even if a project obtains funding, unless you have a team of people working on the software as their job it is difficult to predict how long it will take to implement something. Non-FLOSS work/life will end up taking priority in an unpredictable fashion and that would frustrate both the donors as well as the developer who doesn't have enough available hours to address problems that users are willing to pay for.
Some projects have gone the route of fixing the time issue by fixing the problem and holding the new code hostage, however that can result in a lot of frustration if funding doesn't go smoothly. The users will think "Why don't they just release the functionality, it's done already?" "Why do they even need the money if they already did it?". The developer will think "Why did I waste my time doing XYZ? Not many people see to care."
All and all, users currently don't expect to regularly fund FLOSS and this makes it difficult for FLOSS to consider a by-the-feature funding method a reliable technique. (some projects may have some success, but in general funding FLOSS is a difficult unsolved problem)
(per the downvotes, they seem to be used in a "I disagree" sense rather than a "this doesn't contribute to the discussion sense" IMO)
I am not claiming the "kickstarter" model is the final solution, rather an attempt at starting the discussion / process of iterating towards the correct one.
If you need a guarantee for a feature / bug being handled within a timeframe you can do multiple things depending on criticality of the FOSS
- develop / patch it yourself. and contribute or fork the project and maintain internally.
- purchase paid support (see RedHat, SpringSource, MySQL)
- have your employees contribute to the FOSS as part of their normal duties effectively building your own expertise
- other
Something like BountySource existing is a proof there is a need for other models to "motivate" community into putting more effort into FOSS.
What I am advocating is to attempt implementing "value based pricing". Right now a lot of projects are started by someone in their "spare time" and being abandoned because there is no easy way to reward the author.
Your points are valid but these are exactly of the type that should be solved by market (money). Features hold different value for different users. In the low end we just live with bugs / missing functionality and in the high end you see $200/h consulting gigs.
(per downvotes: let's keep this a discussion board where we agree / disagree by words rather than like / dislike).
I guess the major issue I have with "value based pricing" is when a project is still evolving and most people would would traditionally have a better short-term option via a non-open tool. This would drive any funding opportunities from FLOSS work which may be significantly more beneficial in a more long term view. This might be just the behavior to expect, however.
Per the discussion on funding models, my favorite source for background is the research work which the (mostly dormant) snowdrift.coop project has done:
I honestly think FOSS is one of the biggest problems in IT. It sounds weird, but hear me out. Beware, kind of a rant coming.
The reason I think it is one of the biggest problems is it devalues developers and the development process. We created a system in which we make software look like it's so simple you can just have it.
Look at your development toolchain and then think about how many of the major components are free. Things that you rely on heavily. In PHP, we have composer, it's great nearly every PHP developer will use it at least once a week. They created a service that will improve the reliability and reduce the dependency on Github. They offer it for $10 a month per user. Nearly everyone said it was too expensive and didn't bring any value to be worth $10 a month for something they will constantly use. Especially on CI.
If the development community literally doesn't value the cost of software, why would anyone else?
The average person, if they want to create a website, will end up using something free such as WordPress to create and maintain their website for free. They can get lots of extensions for free and will nearly always be able to do everything they want for free. Now, why would you if you're the average person who wants a company website think $3,000 is a reasonable price. You can literally make a website yourself and just pay for hosting. You may think this is hyperbole, but how many Web Agencies have serious problems with people not paying compared to car mechanics?
Many people will not spend $5 on a very good, very professional, high-end iPhone app because it's too expensive. Again, where this come from? The number of people who just created free apps and put them up on App Store. I know people who don't pay for any apps on their phones.
So in conclusion, we have a general disappreciation for software. We have many multi-million if not multi-billion dollar applications that are built nearly all of free open source applications. Software that we really need to do our jobs and we have zero warranty on. Think about this for a minute some of these companies using these libraries, etc probably wouldn't hire someone to wire their building if it didn't have a warranty. But the libraries underpinning their software is free, so if that is free, why would you pay your developers that much money. Think about it, for a highly skilled profession, we are at the low end of the pay scale. Accountants, engineers, etc generally all seem to get paid more. Why? Because of FOSS.
As a capitalist, while I mostly agree with your complaints, you can't just dismiss the positives of FOSS has, especially on those of us that don't want to break the $ barrier to learn or get into things.
This sounds like starving-artist syndrome. At least I know all that code I give away I treat like art and do it for fun. Sure it might help people, and sure people might give themselves false expectations based on it, but that's neither the industry's nor the artist's fault. Your mistake, when lamenting pay scale, is comparing to highly skilled professions which I no longer consider trivial software development to be (but some is, sure).
> especially on those of us that don't want to break the $ barrier to learn or get into things.
This could be solved with "developer licenses" whereas you can use it for free if you aren't using it for commercial reasons. I use such licenses on hobby projects in non-tech areas. But once I start using and making money, I also get some support. I want this on all dev tools. I suspect the quality of our tools and libraries would increase massive.
To your original comment, they just won't get used while restrictionless alternatives exist. I for one don't want this on all dev tools, because I don't want to provide support on the things I give out for free (which may make it one of those "restrictionless alternatives" I mentioned). Rather, I go the complete other direction and make caveats like non-support and potential stagnation clear. I treat things differently though if it is code core to my business, but the ancillary code itself is not my business.
Isn't the barrier to entry much lower than any of the professions you mentioned?
Many professions have professional certifications that artificially limits the supply and drives up their prices. (Professional Engineer, CPA, Bar exams, etc.)
> Many professions have professional certifications that artificially limits the supply and drives up their prices.
We're literally in a profession where companies hire teams of recruiters to get developers. Majority of companies are looking for developers constantly. Whereas with the other professions, there are no supply problems, in fact, there are too many people becoming qualified that people have trouble getting jobs. Also, we have the barrier to entry the y don't have, the serious lack of junior positions, a massive demand for mid/senior positions.
Supply and demand, says we should be getting paid more. In realitiy, I get paid pretty well compared to my friends in other fields, but I am aware of the serious discrepancy in salaries.
But mainly my main gripe is there is no real support provided for major parts of my toolchain because we just give it away. Companies are literally struggling to come up with good software because everyone expects it for free.
I think the disconnect is that those teams of recruiters are trying to get experienced developers, not just someone who can sling some code together.
A lot of FOSS starts as an amateur's project and buds into the full scale projects we see while the maintainers are also growing as software engineers with the project. People start FOSS projects and give them away because the initial market value tends to be negligible until the project has had time to mature and be fleshed out. Something like Linux had almost zero market value years into the project, its still just a "toy" to the market.
Just the way I see things, but I can understand your viewpoint as well.
I did not know the concept of "professional engineer" (I am from Europe).
We just have engineers, which in practical terms does not mean much, just that you finished a school which is entitled to give you such a title. Then hopefully you are educated enough to sign off that bridge.
I read about Professional Engineers but I do not understand how different it is from "experienced engineer". It surely cannot be the exam, or otherwise the other engineers would be "Amateur Engineers" without any rezl use?
It's easier to get a high-paying job as a software engineer, than as an accountant or other type of engineer. There are a lot more software jobs out there, and they pay a lot for someone with just a year or two of experience.
As a software engineer, I depend on thousands of separate components: tools, libraries, docs, etc. Trying to fairly decide how much each is financially worth is not worth the time and effort. Open source enables amazing efficiencies here, it removes all the friction of figuring out how to commercially license and pay for all of these infinitely-reusable zero-marginal-cost components.
The shift you need is one to your philosophy of work. Don't work on open-source software which isn't rewarding to you. Don't feel bad about the projects that don't get the financial support they need. Just be appreciative of the huge amount of extremely useful and valuable open source software available, find a job doing what someone else is willing to pay you a lot for, and reserve the right to work on an open source project or two in your free time, only to the extent that you are truly interested in doing so.
Just like with artists (and most professions really), no one owes you for the work you want to do, you probably won't make enough money that way - but you can make good money by finding what people are willing to pay you to do. And you can still do what you want on the side.
52 comments
[ 3.0 ms ] story [ 96.2 ms ] threadhttps://signal.org/blog/bithub/
Bitcoin still has a lot of friction which would lower the potential income of OSS developers.
I would rather prefer something which can accept atleast a Bank transfer...
“On July 27, we reached out to Bountysource in response to a complaint we received from a user. During our investigation and discussions with members of your team, we found that your organization does not have a mechanism for responding to removal requests from users, which is required by our Terms of Service. Specifically, Bountysource does not 'respond promptly to complaints, removal requests, and do not contact requests from GitHub or GitHub Users.' Over two months later, you have not made any changes to your platform in response to our requests.
Therefore, we have suspended your application until you create a process for actively responding to all personal information removal requests, including those related to projects and issues. In order for us to remove the suspension, we would ask to see two things:
1. Confirmation from you that you have a process in place for responding to takedown requests about all areas of your website.
2. Inclusion of a public notice to your users stating how to request the removal of information. That notice can be included in your documentation or other legal notices.
Once you have that process and public notice in place, we'll be happy to review your site and consider lifting the suspension.”
[1] Please don’t use CODE-SNIPPET formatting to quote text, it is unreadable on mobile.
I don't use mobile, can you show us what does it look like? Is there a maximum width that works?
HN doesn't offer a lot of markup and indenting text for monospacing is about the only tool that they offer for code snippets.
https://i.imgur.com/6Zw2fyr_d.jpg?maxwidth=640&shape=thumb&f...
At 25 character columns it will also look rather awful on desktop or widescreen monitors.
Borrowing from email etiquette I find using > arrows to be most indicative of quotes, although HN sometimes eats newlines for breakfast.
Same for too wide lines.
The ideal length of a line is somewhere between 50 and 70 characters.
Readable != Good Writing
This is not an issue if you don't use codeblocks, the browser is then free to reflow the text as necessary. If you use codeblocks the browser cannot reflow (by default) and you make the entire UX worse.
The HN format captures the most important parts of MD; italics, code and ALL CAPS.
https://news.ycombinator.com/item?id=15747940
I'd really like to hear some more detail. I've not heard of BountySource before today, I thought you could go into detail on what you had to do to get your stuff off their site and whatnot.
>what you had to do to get your stuff off their site and whatnot.
File GitHub issues that went nowhere, then follow up with a dragged out email thread which ended in bounties being disabled but my projects still showing up on their site.
None of this is why a bad actor, it's just why it's a bad fit for my projects (and to be honest, many others). Why they're a "borderline bad actor" is what I said earlier:
>It was a pain in the ass to get them to remove my projects from their platform and then they only "sort of" did.
I could also clarify that BountySource is opt-out: by default they're accepting bounties for projects that did not agree to having a bounty program.
Accusation
> IMO BountySource is a borderline bad actor.
Elaboration
> It was a pain in the ass to get them to remove my projects from their platform and then they only "sort of" did.
Sir_Cmpwn has no further obligation to elaborate even further on the detail given, though there might be a benefit to explaining what "'sort of' did" means.
Edit: looks like he did here anyway -- https://news.ycombinator.com/item?id=15748433
"I could also clarify that BountySource is opt-out: by default they're accepting bounties for projects that did not agree to having a bounty program."
I originally assumed you had to register your project on BountySource, and they were just making it difficult to de-register something that had already been added.
Making this thing opt-out only, and apparently making opting out difficult, is really bad behavior, and I completely agree with his characterization.
That is why I detest BountySource. FOSS users already have a ridiculous feeling of entitlement. Let them “sponsor” a bug fix at one-one-hundredth the going rate, and that obnoxious sense of entitlement gets dialed up to eleven.
disclaimer: my personal politics / ideology It's really unfair to the community (society) when corporation use FOSS in production and still claim 100% of the profit is theirs only.
EDIT: getting downvoted but no comments. Can someone counter argument?
Consider what happens when the funding doesn't reach the desired amount? Does the fundraising stay open frustrating users without the functionality and users who have already chipped in? Does the developer lower the amount and get it taken care of? Is development sustainable when a funding goal is missed? Are donations going to be repeatedly available when discussing fine grained technical issues (a subset of the userbase is likely affected by each issue)?
Even if a project obtains funding, unless you have a team of people working on the software as their job it is difficult to predict how long it will take to implement something. Non-FLOSS work/life will end up taking priority in an unpredictable fashion and that would frustrate both the donors as well as the developer who doesn't have enough available hours to address problems that users are willing to pay for.
Some projects have gone the route of fixing the time issue by fixing the problem and holding the new code hostage, however that can result in a lot of frustration if funding doesn't go smoothly. The users will think "Why don't they just release the functionality, it's done already?" "Why do they even need the money if they already did it?". The developer will think "Why did I waste my time doing XYZ? Not many people see to care."
All and all, users currently don't expect to regularly fund FLOSS and this makes it difficult for FLOSS to consider a by-the-feature funding method a reliable technique. (some projects may have some success, but in general funding FLOSS is a difficult unsolved problem)
(per the downvotes, they seem to be used in a "I disagree" sense rather than a "this doesn't contribute to the discussion sense" IMO)
If you need a guarantee for a feature / bug being handled within a timeframe you can do multiple things depending on criticality of the FOSS - develop / patch it yourself. and contribute or fork the project and maintain internally. - purchase paid support (see RedHat, SpringSource, MySQL) - have your employees contribute to the FOSS as part of their normal duties effectively building your own expertise - other
Something like BountySource existing is a proof there is a need for other models to "motivate" community into putting more effort into FOSS.
What I am advocating is to attempt implementing "value based pricing". Right now a lot of projects are started by someone in their "spare time" and being abandoned because there is no easy way to reward the author.
Your points are valid but these are exactly of the type that should be solved by market (money). Features hold different value for different users. In the low end we just live with bugs / missing functionality and in the high end you see $200/h consulting gigs.
(per downvotes: let's keep this a discussion board where we agree / disagree by words rather than like / dislike).
Per the discussion on funding models, my favorite source for background is the research work which the (mostly dormant) snowdrift.coop project has done:
https://wiki.snowdrift.coop/market-research/other-crowdfundi... and https://wiki.snowdrift.coop/market-research/history/software give you an idea on the other funding options out there which focus on spreading the cost across the users (similar to how many users were intended to make a bounty in bountysource grow). Each one has its own pitfalls.
The reason I think it is one of the biggest problems is it devalues developers and the development process. We created a system in which we make software look like it's so simple you can just have it.
Look at your development toolchain and then think about how many of the major components are free. Things that you rely on heavily. In PHP, we have composer, it's great nearly every PHP developer will use it at least once a week. They created a service that will improve the reliability and reduce the dependency on Github. They offer it for $10 a month per user. Nearly everyone said it was too expensive and didn't bring any value to be worth $10 a month for something they will constantly use. Especially on CI.
If the development community literally doesn't value the cost of software, why would anyone else?
The average person, if they want to create a website, will end up using something free such as WordPress to create and maintain their website for free. They can get lots of extensions for free and will nearly always be able to do everything they want for free. Now, why would you if you're the average person who wants a company website think $3,000 is a reasonable price. You can literally make a website yourself and just pay for hosting. You may think this is hyperbole, but how many Web Agencies have serious problems with people not paying compared to car mechanics?
Many people will not spend $5 on a very good, very professional, high-end iPhone app because it's too expensive. Again, where this come from? The number of people who just created free apps and put them up on App Store. I know people who don't pay for any apps on their phones.
So in conclusion, we have a general disappreciation for software. We have many multi-million if not multi-billion dollar applications that are built nearly all of free open source applications. Software that we really need to do our jobs and we have zero warranty on. Think about this for a minute some of these companies using these libraries, etc probably wouldn't hire someone to wire their building if it didn't have a warranty. But the libraries underpinning their software is free, so if that is free, why would you pay your developers that much money. Think about it, for a highly skilled profession, we are at the low end of the pay scale. Accountants, engineers, etc generally all seem to get paid more. Why? Because of FOSS.
This sounds like starving-artist syndrome. At least I know all that code I give away I treat like art and do it for fun. Sure it might help people, and sure people might give themselves false expectations based on it, but that's neither the industry's nor the artist's fault. Your mistake, when lamenting pay scale, is comparing to highly skilled professions which I no longer consider trivial software development to be (but some is, sure).
This could be solved with "developer licenses" whereas you can use it for free if you aren't using it for commercial reasons. I use such licenses on hobby projects in non-tech areas. But once I start using and making money, I also get some support. I want this on all dev tools. I suspect the quality of our tools and libraries would increase massive.
Many professions have professional certifications that artificially limits the supply and drives up their prices. (Professional Engineer, CPA, Bar exams, etc.)
We're literally in a profession where companies hire teams of recruiters to get developers. Majority of companies are looking for developers constantly. Whereas with the other professions, there are no supply problems, in fact, there are too many people becoming qualified that people have trouble getting jobs. Also, we have the barrier to entry the y don't have, the serious lack of junior positions, a massive demand for mid/senior positions.
Supply and demand, says we should be getting paid more. In realitiy, I get paid pretty well compared to my friends in other fields, but I am aware of the serious discrepancy in salaries.
But mainly my main gripe is there is no real support provided for major parts of my toolchain because we just give it away. Companies are literally struggling to come up with good software because everyone expects it for free.
A lot of FOSS starts as an amateur's project and buds into the full scale projects we see while the maintainers are also growing as software engineers with the project. People start FOSS projects and give them away because the initial market value tends to be negligible until the project has had time to mature and be fleshed out. Something like Linux had almost zero market value years into the project, its still just a "toy" to the market.
Just the way I see things, but I can understand your viewpoint as well.
I read about Professional Engineers but I do not understand how different it is from "experienced engineer". It surely cannot be the exam, or otherwise the other engineers would be "Amateur Engineers" without any rezl use?
As a software engineer, I depend on thousands of separate components: tools, libraries, docs, etc. Trying to fairly decide how much each is financially worth is not worth the time and effort. Open source enables amazing efficiencies here, it removes all the friction of figuring out how to commercially license and pay for all of these infinitely-reusable zero-marginal-cost components.
The shift you need is one to your philosophy of work. Don't work on open-source software which isn't rewarding to you. Don't feel bad about the projects that don't get the financial support they need. Just be appreciative of the huge amount of extremely useful and valuable open source software available, find a job doing what someone else is willing to pay you a lot for, and reserve the right to work on an open source project or two in your free time, only to the extent that you are truly interested in doing so.
Just like with artists (and most professions really), no one owes you for the work you want to do, you probably won't make enough money that way - but you can make good money by finding what people are willing to pay you to do. And you can still do what you want on the side.
Not to mention that OAUTH itself is crap (https://hueniverse.com/oauth-2-0-and-the-road-to-hell-8eec45...), and should be avoided.