I was astonished by amount of people who have strong opinions on quality of log4j ... and apparently don't know what logging library does, don't know why projects use libraries and generally don't seem to know much about development ... while writing in development forums.
- training purposes to better yourself
- as a showcase or to build up your reputation to get hired
- because you have a niche need in your personal life that no one else already solved
None of those reasons are invalidated by big corporations using open-source without paying back.
Honestly I was a bit struck when a friend looked at my github and said it was a nice portfolio. The material view never hit me at all: my github is a product purely of what I've wasted/spent time on for fun, not to make a profile. :)
I'm not a fan of the trend I've seen where GitHub is treated as a portfolio- I once had a hiring manager I worked with tell me I should delete a few of my GitHub projects, as they made me appear "amateurish." I WAS an amateur! And I don't want to feel like I need to to hide random things I've tinkered with just to impress others. As a result, I know those who have multiple GitHub accts, one for fun personal stuff and one for showing off to potential employers.
Or, you could do every bit of work as if it were for a vital infrastructure project.
That’s what I do. Even my “farting around” projects have a lot of polish. I write everything I do as if it will ship.
I find it establishes great work habits and personal integrity, and my GH ids (I have a personal one, and a couple of org ones) make outstanding portfolios[0].
Not to worry, though. My experience, is that potential employers never look at at GH portfolios. Instead, they rely on leetcode tests to evaluate applicants.
It really depends what your goals are. I often have a problem I want to solve in my personal life, and not very much time. (Ex: code that makes the figures for a blog post.) So I write quickly, doing the minimum to get it done.
I would never do that in a work context, because the environment there is so different, but it's often the right trade-off for things I'm doing for fun.
(And I still make all the code open source because, well, it might be useful to someone even in the state it's in)
Absolutely. I don't make any value judgements at all. I am quite aware that my own workflow is not for everyone, and is not inherently "better," in any way.
I do a lot of self-discipline "tricks," in order to enforce a certain habitual workflow, and this is one of them.
Many folks get far more done than I do, using very different techniques. I just enjoy the process and the Craft, as much as I do the end result.
One significant advantage, for me, is that I never have to worry about cleaning the house before the boss comes over for tea.
If that's what you want to do and what you have the personal time for, that's fantastic. For others, being obligated to reach that level of polish means a ton of code will simply never happen.
I'd liken it to an artist's sketchbook. If every piece is required to have the appearance of a master work, lest you be judged by it, then the sketches must remain private or else be destroyed (which they often were). But the masterpieces don't jump to the canvas without sketches. Forgo one, forgo the other. And an artist's sketches often have an elegance that's lost in the translation to a finished piece. I see similar parallels in the rough line art for animation, and certainly in an architect's studies. Not all of it is destined to be finished, either, but such work is often prized regardless.
So why (aside from fearing for our careers) should we be afraid to share?
Some code is inherently low-stakes. Some code will only ever be useful, even to the public, for a few months. Sometimes I just want to express an idea, where the proof of concept matters far more than making something shippable, which might imply strapping it down to a particular platform or ecosystem where no one outside those walls is likely to see it.
Even on the job, there's a time and place for the quick & dirty script, where anything more would be an over-engineered waste of time.
Back to the artist analogy, the best advice for maintaining a good portfolio is edit, edit, edit. Constantly be looking to remove work, leaving only your best, as you'll be judged by the worst. Does that model really work for GitHub? If everyone started withdrawing work they were no longer satisfied with, we'd all be worse off, if not actively harmed. So that's where I believe my artist analogy ought to end.
As an artist (by training. I don't really do that much, these days), I can relate.
I used to have a big Strathmore sketchbook, that I took with me, everywhere, and, whenever I had the time, I would practice in it. I have old photos of me, with it. I was fairly scruffy-looking [still are -Ed.], and the sketchbook was sort of my "brand." My classmates used to call me "Puff," because I liked drawing dragons.
It got to the point, where even my rough sketches would be as good as finished works.
I work surprisingly quickly. I can generally spin up a full-fat native swift app, App Store-ready, in a couple of days. I do that frequently for my test harnesses (but I prefer taking more time, for the apps I actually plan to release).
I never really warmed to Boris Valleho's work (he used to hang in a gallery that I had work in, and I met him), but I have to admit, that guy can draw.
Look up his sketches. He used to make a lot of money, selling them, so there's a lot of them out there. The gallery that I mentioned, had a big rack of his castoffs, selling for hundreds of dollars. They sold like hotcakes. He was that gallery's star (I, on the other hand, was chopped liver).
> It got to the point, where even my rough sketches would be as good as finished works.
Hah, I feel like I understand more where you're coming from with that. I was the opposite, seeking to get my finished works to feel more like my rough sketches.
> I never really warmed to Boris Valleho's work (he used to hang in a gallery that I had work in, and I met him), but I have to admit, that guy can draw.
That he can draw is undeniable indeed. There are a few artists whose sketch work reaches that level of refinement almost immediately. Others get there after years of study and practice. Still others don't see that at as a goal at all for that stage of their process, and others still would see it as an antithesis to what they're after. Looking at Valleho's finished work, I can at least understand how his sketches are in service to that sort of end state.
Compare, perhaps, to some Rennaisance-era sketches. Typically far rougher compared to the finished works, but hardly less impressive. I'd suggest there's a great difference in what they were interested in: matters of anatomy, gesture, and composition. Of course, they were also inventing and rediscovering knowledge that modern artists have far easier access to. There's an interesting dichotomy in that some destroyed their sketch work, while others had far less interest in actually finishing anything.
I've forgotten an appalling degree of art history, so I can't readily name names, but as far as finished works go, I had a fondness for painters using relatively minimalist brush strokes, with each application of paint exactly the right color in exactly the right place.
I prefer art to be a lot “rougher” than Valleho’s work, but had a difficult time, doing it, myself; which was one factor in my eventual retreat from art.
I find this materialistic view depressing. Not everything worth doing is ultimately about selling your lifetime to the highest bidder. Some things are just worth doing intrinsically. Like, fixing a bug that affects a high number of people. Or solving a problem just for the fun of it.
Yes, and there are some great take-aways that I didn't know I would get when starting, like connecting to very smart people and learning a lot, as well as being accepted as one (maybe) in the community of those.
But as a continuous activity, over years, what exactly is in it for maintainers to get up in the morning and trade their remaining lease on life for value to be consumed by rich leeches?
The entire post your responding to is explaining what is wrong "this line of thinking" and while you may disagree you don't really argue, you just assert.
Eh... regardless of how it's generally used, I think "leech" implies a parasite that is actively harming a host. Generally users who don't contribute aren't directly _benefitting_ the author, but they generally aren't harming the author either.
After several years of hard work a prior open source project that grew to immense popularity got me employment a few times. It wasn’t the actual project, code, or capabilities that meant anything. The only thing appealing about that project was it’s popularity.
Nobody ever looked at the code, except people interested in submitting pull requests. If you think a prospective employer will take the time to analyze the code you are either applying for an exceptional specialized position or completely mistaken.
Work on open source because you like to solve tough problems, want to grow as a developer, or because you just want to build some interesting product. Don’t kid yourself into thinking the code will immediately solve some business interest.
> Someone who managed to make significant contributions to Linux or LLVM for example might be better than the average joe.
which leads to people who want to use this mechanism to claim credit in projects they don't actually have contributions in, and because the employer doesn't actually look at the code, they cannot tell.
I recall a while ago where someone would contribute a skeleton README or some random typo fixes to many different project, and using that to make their claim to fame.
So i reject the idea that employers should use open source contributions as a metric without closely examining what those contributions are.
There will always be people that lie or embelish what they did. One of the big reasons for technical interviews is to assess how much of what the candidate claims is true.
> Someone who managed to make significant contributions to Linux or LLVM for example might be better than the average joe.
Specifically, may be better at navigating the politics of organisations. Which is a key skill at many employers - likely equal to or more important than technical skill as one ascends through the ranks.
A part of my job is to review CVs and select candidates to interview for my team. The first thing I do is check to see if they have a github account, and if they do I check their projects. Anything that looks relevant gets a quick inspection. It makes difference to whether they get an interview, and it makes for some topics of discussion during the interview. It confirms for me that the candidate is in fact actually interested in the field, and shows be the porential quality of their work.
If you think nobody ever looks at your public code, you're wrong. It's just like wearing a bathing suit at the beach or pool: people look.
Perhaps it’s because I write JavaScript. Interviews in JavaScript, at least this year, are leet code for backend and strangely the Node API never seems to come up. The front end is islands of declarative logic in React. That’s it.
GitHub and LinkedIn profiles only serve to reinforce the job experience printed on the resume.
Writing the software and releasing it with a non-foss license might be a better fit for such a person. Free for personal use? Sell it for a modest fee? Put the source on github without allowing people to modify it? Many possibilities.
Many also make money with open source software, for example a classic approach seems to be to offer consulting services around your product, or hosting.
WordPress and ElasticSearch come to mind, both made a lot of money.
You also get people adding to your product for free.
I agree with this, plus the "it's fun" reason others have mentioned.
I started work on my canvas library (licence: MIT) 8 years ago mainly so I'd have something to showcase to potential employers. It worked: the reason I finally managed to land a job as a web developer was because someone took time to check out the library and decided the work I'd put in was worth them taking a risk on an older new entrant.
Since that time I've continued to develop the library to help me deepen my knowledge of all things canvas. Especially since I started to look at ways to make canvas elements more responsive, and more accessible. But the main reason is just the joy I get from using it to create pretty demos and animations - the library scratches a creative itch.
I got used to the idea that I'll never be rich a long time ago. Good friends are more important than money.
Define "worth". We were never in it for the money. I maintained Dia for 8 years and never saw a penny. If you don't like your FOSS project being used by evil capitalist megacorps, put an anti-commercial license on it.
Right, you cut to the heart of things. There is a licensing "race to the bottom" happening. Which makes sense from the demand side (of course people want free). But where does the supply side come from?
Why does the floor keep constantly dropping? Who are these developers, always willing to do more for less?
In my experience:
* Some of it: people who open source their hobby projects. The personal upside of investing resources into open source is fun & practice.
* A lot of it: academia. Universities have an infinite supply of indentured labour in students and postgrads. The personal upside is grades and graduation. The institutional upside is publishing and grant money.
* Lately: large enterprises. These have the resources to throw high quality engineering behind their open source projects (unlike the universities, where quality has always been a struggle, due to tremendous "developer" churn and different incentives). The personal upside is salary; the business upside is $$$ via "commoditize your complements". Added bonus: open source serves as an HR tactic too.
Put together, the demand for the "race to the bottom" is there and so is the supply. And so it happens. The machinery behind "If you don't do it (with a permissive license), someone else will".
I also see what you're describing, but I see it as a good thing. This is software available for me or anyone else to use for anything we want. This has many benefits, including that it makes everything else just a bit cheaper because it can depend on standard widely used components.
But I haven't stated my preference, one way or another :-)
The "bottom" judgement in "race to the bottom" was quoted from the OP.
For what it's worth, I personally contribute or have contributed to open source in all three forms that I identified. And exactly for the incentives listed.
The FOSS that was imagined by Stallman, where end-users could actually use FOSS products in their everyday lives, is not possible under capitalism. So what you have instead is effectively a network of semi-public property primarily for industry use. But, just as anything else that industry cannot turn for a profit, FOSS is and will always be in the lowest of priorities, if a priority at all. Cheers to Stallman, but at this point the future of FOSS will have more to gain from the work of Karl Marx.
Is CurlFtpFS still developed? Last time I considered using it it looked abandoned and there was some regression from years ago which supposedly made it really slow. I think rclone offers pretty much the same functionality and more?
For average end-users, “use a linux based operating system” alone comprises a mountain of barriers, but most are rarely even approached because they’re preempted by lack of reliable hardware support and lack of support for staple applications like Word, Excel, and Photoshop.
Is this still true? The latest version of Ubuntu will run fine on most laptops that Windows will run on, and LibreOffice provides an equivalent to MS-Office. I'm not sure about Photoshop because I don't use an image editor, but in the Open Source world there's Gimp, Krita and Pinta for example.
It is getting easier. There was a time when I, as an "IT professional", dared not use Linux for the unbearable amount of pain that I would experience in wifi drivers, screen resolutions and support, et c. It is absolutely, objectively getting easier to use the linux ecosystem.
End users have no problem -using- a Linux computer. My 75+ year old mom uses it and can do everything she wants. Mostly things she wants to do are web-based. A Chromebook would probably be fine for her too.
No, she didn't install it herself. But she never installed Windows her self too. And yes I had to fiddle a bit with Wine to get her online bridge (the card game) program working.
For older people things like W11 upgrade being pushed is hell. They click a button that popped up without knowing what it will do and if everything goes well the desktop has changed and the don't know where to click anymore.
If the upgrade doesn't go well they are entirely lost.
Just installed Chromium instead of Chrome on my linux workstation. Heck, you can even deploy your own private cloud locally with FOSS.
It's all a spectrum, with free learning material everywhere. Yes, some of thr licenses and agreements are less free, but in truth, never before have so much been available. You can break that golden cage. What you put attention on matters.
It's not so much generosity, but a social matter of course that people help each other. It's nice to be appreciated. But one usually also benefits from the help of others and shows them appreciation. It actually only becomes generous when you give far more than you receive. As an open source developer, I receive at least as much as I give.
Although I agree with many of the sources of frustration mentioned in the article, there is a way:
For most software projects, there should be a way to buy a commercial support license.
For many, such a license should be required for use in any org which is over X employees. Even if not enforced, this way a conscientious dev can justify for paying for the license.
In addition, for some of the deeper "plumbing" projects, that cannot be really charged for independently, they can included in the licensing of some of the projects that use them, as a clause for certain types of orgs, etc.
Something like - using X also requires a license for log4j of $50/yr - where that could even be a pittance, but included in many projects that benefit.
This will make the software much more reliable, while actually giving a basis for open source devs to have the funds to support themselves, feel self worth, and pay for a lawyer to protect their IP for things like TikTok's move.
As an open source coder, I theoretically love the above, but don't know what license, how to set it up, or how to handle the contracting and payment. In addition, I don't know how to justify my commitment - what exactly am I promising and how.
Nonetheless, if someone like Gitlab were to deal with figuring out the technical steps of the licensing and payments, you bet that I would be happy to move my code off GitHub for it (well, my code is already off GitHub, but whatever), and I bet many others would follow suit.
> As an open source coder, I theoretically love the above
The above is not open source, it's a pretty common free (gratis) for limited use, paid for other use commercial/proprietary license of the type tons of non-open-source software uses. (E.g., Visual Studio.)
It is most certainly Open Source, in that the source is open.
In the case where a support contract is available, but not required, it is no less free than any other free software, but there is at least a chance that it might be bankrolled, as well as the projection that this is a professional project.
Even where the support is required, it is my understanding of RHS that that won't impede on the title free, since the usage is not what you are paying for. But there we are quibbling semantics ;)
But the GP wrote: “For many, such a license should be required for use in any org which is over X employees” emphasis mine. If this requirement comes from a clause in the license then it violates the open source definition https://opensource.org/osd because it imposes a restriction on the use of the software.
IANL, and am always willing to learn. What clause does this violate exactly?
I would guess that you mean one of the following, but I do not see any violation:
> 8. "not depend on the program's being part of a particular software distribution."
> 9. "restrictions on other software that is distributed along with the licensed software. "
> 6. "restrict the program from being used in a business, or from being used for genetic research"
In addition, that is the "The Open Source Definition", but the phrase "open source" cannot be copyrighted (there is legal precedent, IIRC with Lindows) .
According to the DoD, Open Source Software means "software for which the human-readable source code is available for use, study, re-use, modification, enhancement, and re-distribution by the users of such software" [0]
In practice, there are many "Open Source" licenses that allow paid licensing [2]. The most well known competitor, FOSS, only slightly differentiates itself with the phrase "Open Software" and openly allows fees.
Let us first agree on what we are arguing. You proposed that:
> For most software projects, there should be a way to buy a commercial support license.
> For many, such a license should be required for use in any org which is over X employees.
I interpret this to mean that: You impose in the license of the software that if you are an organization over X employees, you are not entitled to use and distribute the software under that license instead you must hold the commercial license or you must in addition to the normal license hold the commercial support license.
In the first case(where the normal license grant does not apply to sufficiently sized orgs) I believe you impose a restriction of use on the software in a specific field of endeavor in contradiction with section 6. in the OSD.
In my view it is clear that if you require an additional commercial support license for some users but not everybody you violate section 7. as the rights to the program is restricted for some parties (orgs with over X employees only has those rights if they also acquire a commercial support license):
“7. Distribution of License
The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties.“
Now it might very well be that you had another mechanism in mind for imposing your requirement of “Orgs over X employees must hold a commercial support license”. In that case it might very well be a different mechanism in the definition that conflicts with your mechanism, but I cannot see how you can achieve your aim of imposing a requirement on usage of the software for some users without contradicting the spirit of the open source definition which says that you must grant the same rights to all users of your software.
I cannot find in your link [2] what you mean by the phrase: “In practice, there are many "Open Source" licenses that allow paid licensing [2]”. Usually when people speak of paid support licensing for open source (or free software) that is an OPTIONAL support license or a separate commercial license(see the QT license options) that you acquire the software under, and it does not conflict with either free software or open source software. My opposition is only your stipulation that the commercial license be required for some users of the software, and it is this requirement part that I claim conflicts with the Open Source Definition. Note that it is perfectly valid to charge people to obtain your open source software from you, but you are not allowed to impose restrictions on their ability to redistribute that software (including source) to others for free, hence this is probably not the solution you are looking for?
Note that both the FSF, OSI and DoD (in your own link) agree that in practice the Open Source Definition and Free Software Definition are equivalent. So if you believe your license is open source but not free software, then you are very probably wrong.
A software license that prohibits use by individuals or groups (of any size) who do not pay a fee would violate section 5 of the Open Source Definition:
> 5. No Discrimination Against Persons or Groups
> The license must not discriminate against any person or group of persons.
It's okay to charge for open source software, but for software to be open source, the license cannot discriminate against users who do not pay the developer. This means:
- If someone pays for open source software, the license cannot require the user to make any additional payments. This prevents the developer from imposing a recurring fee to use the same version of the software via the license, but the developer is still free to charge for future software releases.
- If someone pays for open source software and then shares it with other people, the license cannot require the people who use copies of the software to pay the developer.
Software releases under your proposed license would be source-available, but not open source. As a sibling comment mentions, the DoD FAQ you linked describes the Open Source Definition as 1 of 2 "industry review processes" that a software license should pass to be considered open source.
Stephan Kinsella (who's a patent lawyer) uses an example of some clueless person writing a book and in one of the pages he says, "If you possess this book for more than a minute you are obligated to pay me $1000 per month", and he puts this book on a park bench waiting for someone to pick it up. He later tries to sue the person who picked up the book for not paying their due.
Kinsella uses this example to illustrate how some people have no idea how contracts work.
Is it 'worth' working on? That's a function of what I deem worthwhile, which no one else can really answer for me. 'Anymore' implies that it used to be better, which may be true, but I'm inclined to think I may have changed even more than the ecosystem. My time was worth less in the past, so it may have been a valuable use of time (valuable as a term leading back to the first point) than currently. Is there still value in working on FOSS? Yes. Is it worth it to you, or me, or any certain person? Maybe. Is it changing, likely for the worse? I think so, and the examples in the article are concerning.
The most important thing of FOSS has always been about ensuring an alternative to closed source. This provides people with leverage in negotiation with the corporations and states in a way they simply would not have without it. Beyond this, It provides a pathway for a much quicker evolution of the products, something actually driven by the most driven users, instead of corporates approved. Writing this on firefox on linux I'd say its working and has done, and will keep doing great good.
Nice theory. Sadly the reality is we have very little leverage against the huge corporations which have been helped to their monopoly status on the back of open source software.
Consider how much less influence people would have without it. Microsoft has been forced to backtrack on customer exploitative shit multiple times due to the very real threat that it would lead to linux getting a huge boost.
Without a functional Linux Desktops for users, there is no doubt to my mind the windows app store wouldn't be the only way to install apps on windows and there would be no way to sell an app that installed on windows without paying microsoft the standard 30% of total sales. The recent fight between steam and microsoft illustrates this perfectly. But they have tried every few years, claiming anti virus, child protection, anti piracy, convenience, anti spyware, anti ransomware, and well its always been the pro microsoft profit in reality ... But they lost each time, because each time too many of its users just threatened to move to linux. This is essentially the only reason you can install, run, and develop apps on windows without everystep including microsoft fees and licenses today.
Look at how stagnant and shitty matlab used to be, and its exorbitant priced to understand what happens when FOSS fails to provide. The niche matlab used is the, at the time, almost non-existent overlap between FOSS programmers good at both GUI UX, tutorial writing, and math. This changed with the FOSS python, numpy, scipy, matplotlib, and pytorch projects.
Matlab has gotten extremely much better in the last few years, and its mostly because they finally got competition, they have also started to rapidly drop their effective prices for new users, but its too little too late, and it will never return to the stagnant cashcow it used to be. Matlab was is a troll sitting on a shitty toll bridge while both trying to destroy similar bridges and maintaining its own toll bridge as little as possible. In the last decade FOSS mortally wounded it in passing.
Inversely reduced FOSS influence predicts exploitation. as shown by how astonishingly bad the walled gardens of consoles and phones are. They have gotten away with being astonishingly shit, mostly because FOSS was intentionally and successfully made too hard to use on them.
But these are just visible examples. The great effect of FOSS has never been what it brings about, it is in what it prevents from occurring in the first place, and that, by definition, will never be easily visible.
Software is eating the world and it's mostly through proprietary licensing models. But this doesn't mean that the fight is lost. In fact quite the opposite: it means that FLOSS is more needed than ever. Generally, when a new area opens for software, proprietary software usually has a massive head start, but once the area becomes more well understood, FLOSS products emerge, and often they steal the show of the proprietary competitors, at least in the long run.
In the areas FOSS was able to get a footing, it usually remained. Web browsers have been trending towards the open core model for example, same goes for compilers, most of which are FLOSS. On the server, the GNU/Linux platform is the most commonly used one. Same goes for embedded applications including Android.
Does this translate to end user freedoms? Sadly, in many instances it doesn't. But I think it's still worth fighting for freedom, even if the only reachable audience is other freedom loving enthusiasts instead of the broad majority of people.
> I have written licenses to make GitHub hesitate before using my code as input to Copilot
Microsoft has claimed that consuming code for Copilot is fair use, and therefore does not require permission from the copyright owner, so how would a license—an offer of permission under limited terms—impact that at all?
> But even if I solidify the licenses, what stops GitHub from ignoring them by claiming that their Terms of Service allows them to use my code?
Well, the fact that arguing the ToS would be a retreat from their position that they don't need permission in the first place, whether or not the code is hosted on GitHub.
Yeah, the license does not matter because if the fair use argument does not hold then Copilot would violate even very permissive licenses like MIT since Copilot does not do attribution.
Are you asking the wrong person? I personally believe their fair use argument is both morally wrong and legally dubious (but I am not a lawyer). But my only point which I bothered to make in my comment above was that if they violate licenses (which I suspect they do, but am not sure of) they violate all licenses except outliers like WTFPL. So picking a licens which does not permit Copilot is trivial (assuming copyright law restricts things like Copilot).
It was more of a general question. Copilot seems to be software to undermine FOSS, and fits in a general pattern ie. the purchasing of github, VSCode (I'm learning Doom Emacs now). It's all the same things as the past 3 decades though. Nothing new, just new rat traps.
I hate to be contrarian but I can't understand what the point of this article is. It's a bit meandering and quite cynical.
For example, I agree that the company behind MuseScore has exhibited some bad behavior that is worth discussing, but their attempt to introduce opt-in telemetry to Audacity is difficult to classify as adding "spyware."
Also, the article meanders through a lot of different points that have very little in common other than being cynical. For some reason, it starts talking about stuff that isn't related to open source. It also talks about a lot of different issues regarding open source. I don't understand what the overarching message is, except for something along the lines of "all software development sucks."
The conclusion also strikes me as a little bit dramatic too:
> I’m stuck between a rock and a hard place. If I make Rig Open Source, it could very well do more harm than good, regardless of whether I get paid! And if I don’t, it won’t get used anyway.
1. I don't understand why it's likely to do more harm than good, or by what measure. How does this tie into previous examples? How do you expect it to be "exploited"?
2. It doesn't seem to approach the completely valid question of why developers don't like using closed-source tools.
3. It seems to imply that the mere act of releasing software should entail some kind of payday or recognition, but that doesn't make any sense. I agree open source is undervalued, but so are a lot of things. Ask people who draw if they feel like their skill is valued appropriately; it's not. The reason why businesses are able to make money off of software is because they don't just write software, they also sell it. Even if you're trying to live off of donations, you still have to "sell" it. Look at how well-branded successful projects like Blender and Krita are! And a lot of projects use the "progress report" blogging format similar to the one successfully used by dolphin-emu to engage with the community. It's a lot of non-programming work.
I don't mean to devalue anyone. I can just about guarantee that if you do the selfless job of putting quality open source into the world, it will never, ever be paid at market rate. But that's the price you pay for being able to do whatever you want. An artist, 99.99% of the time, cannot make money creating whatever they like; most would probably only ever find serious success in graphic design. I think open source is a wonderful asset and has produced some amazing artifacts for us to enjoy that have done enormous good for the world. Can you even quantify the amount of good done by having a robust production-ready operating system used by everyone from budding geeks in gradeschool to production servers at Fortune 500 companies?
I hope you find whatever you are looking for, and I don't like being dismissive. But I urge people to see the non-cynical side of this.
> Also, the article meanders through a lot of different points that have very little in common other than being cynical. For some reason, it starts talking about stuff that isn't related to open source. It also talks about a lot of different issues regarding open source. I don't understand what the overarching message is, except for something along the lines of "all software development sucks."
I agree that it meanders, but I don't think I'm cynical, just discouraged.
The real point of the post was to ask the question in the title, explain why I am feeling that way, and ask people to contact me (the last line), which they have!
> I don't understand why it's likely to do more harm than good, or by what measure. How does this tie into previous examples? How do you expect it to be "exploited"?
Rig is a build system, which means that if companies steal it and modify it, they could conceivably make it insert a backdoor into every piece of software it builds. (See Ken Thompson's "Trusting Trust".) That is an enormous potential harm, at least in my opinion.
> It doesn't seem to approach the completely valid question of why developers don't like using closed-source tools.
You're right, and I honestly think there's no problem not liking closed-source tools. I just happen to think it's hypocritical to want Open Source, but push closed-source on end users that don't know better.
> It seems to imply that the mere act of releasing software should entail some kind of payday or recognition, but that doesn't make any sense.
This is not what I meant, sorry. It's more that I want my software to do more good than bad, and I'm not sure it would.
> But I urge people to see the non-cynical side of this.
As a fresh CompSci graduate, is it worth it/valuable to try and work on OSS; or am I more likely to just get in the way? If so, what are some good resources for getting started?
Absolutely. There is infinite work to do, lots of it impactful, lots that can lead to jobs working on open source, and lots that definitely will not but is really needed. As a newcomer to OSS, you might want to try one of the paid OSS internship programs like GSoC or Outreachy, if done in the right area those often lead to jobs at open source companies. Outside of paid work, the best way to get involved is to use OSS and fix any issues you find in the tools you use. I've worked on everything from the Linux kernel to Windows hex editors that way. Many projects will have pages about how to help out, for example I've included Debian's below.
Thr biggest risk is that your pull requests will be ignored. You won't be in a way at all. Even very good pull requests are often ignored for reasons unrelated to quality. Don't do anything big before you are reasonably sure the project will process your commit.
Surf through projects to find ones that seem to be interested in contributions. Red flags are many ignored unresolved pull requests or too much hostility in project.
Some projects have issues labeled with "beginner friendly" or some such. Have a look there and try to fix something. If it turns 9ut to be boring, move onto another project.
It can be. Firstly if you are very passionate about something it can be a good way to learn about it or even end up pushing the state of the art in some cases, so it can be worthwhile as any hobby is.
But also a lot of companies take it quite seriously now so it can be good for your resume particularly if you are not in the industry yet and want more experience or some references of your prior work. So it can be worthwhile even if you aren't completely passionate about it to the extend you would be content to always do it as an unpaid hobby.
It's not good to assume you will make money directly on your own project or some niche project, but there are lots of established projects which are in demand in the industry and you would be able to make money working on them. I work on the Linux kernel which I started as a hobby and I've been able to take my skills between several different companies and continue working on the same software (although different areas) which has been good for me.
Not to say you can't get transferable skills or relevant experience working on proprietary software and some may prefer the challenge or variety of working on different code bases at different jobs. So proprietary software is pretty on-par in those respects. There are a lot of areas where proprietary software is ahead too so if you want to work cutting edge software in a particular area, open source might not be the best option for you.
As far as getting started, start with working out what you are interested in and want to work on.
that's the wrong question to ask - the first question to ask is whether you have some aspect of a project that you enjoy working on (or have a project of your own that you enjoy working on).
If your goal is to put your name in a well known project for marketing purposes, then i'd say you have the wrong goal for doing OSS.
I find thins point of view equally absurd as all the abuse on maintenners of Foss.
It is standard for production code to rely on third party libraries. Not just standard, but the opposite is considered bad thing - you are not supposed to implement everything from scratch. If you do, you will end up with more bugs and issues. There is nothing, absolutely nothing in development last 30 years that would say "it is bad to use open source libraries".
Yep. Log4Shell and Heartbleed were nasty security bugs, but imagine living in a world where every single software shop wrote their own logging libraries or SSL libraries. 99% of them would have far worse vulnerabilities. It would be like '90s php cowboy coding.
Funnily enough that would make the world more secure since a security problem found in one logging library might not be a security problem in another logging library. So you have thousands of firewalls instead of a single point of failure (the shared library). Making it very expensive for the attacker.
Where did I say you should develop everything from scratch? I'm talking about auditing, updating, sharing revenue with the main FOSS software you use.. Being responsible with your software to minimize attack vectors.
Using third party libraries in production libraries, regardless of its license, means you audit, vet, and test as much as possible the consequences of bringing in the library. And going through the same process every time you update the library. "Who does that?" Good software engineers do that.
That is just not a thing that would be expected or normal. Not for run of the mill commercial software
It would also be irrational. The rare security issue like this is kot a good enough reason for such massive undertaking. You manage risks, you are not supposed to act purely out of fear.
> Good software engineers do that.
The amount of effort required would necessitate management sign up for this. And they won't, because it is not rational thing to do for majority of software.
That should possibly be something that is added directly to the licenses, you can take my product free of charge, but if you want changes you have to pay me at this rate. Put contact details and an expiry date on the deal so people can't get jacked up with very old prices on very old versions. That would also encourage people to keep thier 3rd party inclusions up to date. I don't think that would pass muster as an OSS license but maybe a built in support contract should be a feature of the licenses, one that earns people proper money that makes OSS a model that supports maintainers.
The problem here is having any care for platforms such as twitter, tik tok, github. These problems are the same issues they were 20 years ago, and why FSF states it's about Freedom.
It is, even if I don't contribute super-regularly I primarily fix issues that bothers me in XFCE as well as Mate.
That of course will also benefit others and I feel my time is well spent.
Working with different code bases is also great practice and one always learn something new.
Not sure if it's good analogy but consider playing music.
You practice your favourite instrument and post it on the tube. Worth it.
You get to know people with similar style and taste so you jam together. Worth it.
You guys stream the sessions on Twitch and got fans. Release EPs on bandcamp. But it starts to take too much personal time away from you. Worth it?
But the fans want it! You'll have to decide. Sometimes you work for months on an album. People cheer on the live stream, but not a lot of income from selling the art. Worth it?
It's not, but it's not what the author is talking about. He's mostly talking that FOSS is a thankless job creating artifacts that will get appropriated by some greedy corporation.
Appropriated generally means taking without the authority to do so, which isn't true with free software. It can also mean to take exclusive control of, which somewhat works with further changes being proprietary.
Groups breaking the license is relatively uncommon, and even now it's possible that tiktok will rectify the violation. I didn't get the feeling you were focusing on license violators with your comment, but if you were I guess either definition works.
Yes, absolutely. Selfish personal reasons to work on open source might include not wanting to run unseen software, being able to take your work to subsequent engagements, community network effects including new features, maintainership, translations, issue reporting and resolutions. Moral reasons might include contributing to tools that are available to all. Commercial reasons might include not being vendor-locked, ensuring there is no secret DRM system, ensuring that code and files can be accessed and modified far in to the future even if you lose a decade/team/team member/compiled binary/compilation toolchain, etc.
For me open source is like math. You don't work on math so that people will thank you for working on math. You don't expect people using math you developed contributing back to math or paying you. You get paid however you managed to organize getting paid. And work on the math for the math and nothing else.
If you have other expectations maybe you'll find other endeavours more fulfilling. Which is sad but it is what it is.
You don't need to maintain anything, you can just drop it and go do something else if you prefer. Maybe someone will pick it up. Maybe noone. If you maintain something you chose to maintain it. You have no obligation to continue maintaining it.
Most of the value is in the maintenance. In responsiveness to changing demand. I bet all the valuable FOSS software you can think of today is maintained.
i think is usefully because is maintained, most of the time when you search for project you search for trust and being continues maintained is key proxy for that, ins't the only one openbox is trustworthy(the last update is some years ago) but is trustworthy in part because you have a long record of doesn't having problems.
Some software does. Most probably wouldn’t if the author could be convinced to stop when it was done.
Personally, I’ve shipped several open source libraries that are still in use in lots of places despite me not having added a commit in over 10 years. They do the thing, don’t do anything else, don’t depend on other stuff, and thus don’t have a lot of surface to attack.
Imagine if the log4j guys had built their thing to spit out logfiles, then stopped before adding the bit where it can execute arbitrary code. I’m sure there was a version early on that did that. And I bet that version would still work perfectly well today. It was finished.
A late youth hobby of mine was being active in a coding community that wasn't open source, it was "lost source": based around a piece of freeware that was literally lost to a local storage hardware malfunction. But it had an API and a decade of stability (as in lack of API change, not lack of crashing unfortunately) and that caused an amazing amount of creativity, cooperation and so.
Perhaps this is an inherent weakness of open source: it's always easier to accept one more feature PR than committing to an API that remains sufficiently stable for that feature to happen in an isolated module.
I'm not saying that its always better to strive for the API instead of inclusion, it's a weakness as much as it is a strength, but chances are many situations where separation would have been better will be missed. It's a cultural bias.
> Most probably wouldn’t if the author could be convinced to stop when it was done.
It's nice to view software as something that can be done. I cringe when people look at activity on commits and think that if there isn't continuous activity, the project is dead. Maybe, but it might also be complete.
My most successful open source project in terms of adoption (it's packaged in nearly every distro) is one that is done. I wrote it about 10 years ago and other than one small bugfix it hasn't seen any activity since. It's useful, it's complete, nothing more to do.
Considering most software written in the 20th century no longer works in a modern environment, I feel like having to go several lifetimes back kind of proves the point.
Maybe that’s the problem we need to be addressing. More and more these days I find myself frustrated using modern software when old unmaintained software had already solved the problem.
We consider it a novelty when a writer like George RR Martin still uses WordStar on an old DOS machine [1]. Maybe it shouldn’t be a novelty. Maybe it should be the normal thing to do.
It’s utterly at odds with a consumer culture though. People don’t seem to want well-made things that last a lifetime. They want shiny disposable crap.
They are not always paid for developing math. Sometimes they are paid for teaching math, sometimes for applying math. And they are developing it on the side.
You can easily draw parallels to open source where you can easily make a living out of teaching how to use open source software and components and applying open source software at your job. Most people are not paid to develop open source software or for applying or teaching about open software they themselves developed. Very few do. Same with math.
Having had teachers on the family, including my mum, I kindly disagree in regards to math.
Having bought several books from open source projects as means to try to help the authors, I am quite aware how little it brings home to keep a sustainable life.
By the "documentation style of math" I assume you mean the emphasis on giving precise definitions and providing elegant and crystal-clear explanations. :)
The blog is really mixed up and conflates different issues.
It uses a tiny set of not representative examples to validate a conclusion the author has already come to.
I totally agree that some people and companies take advantage of what others do for free, but that is not new and would be true if you said the same about the relationship between employees and employers or similar. It’s also true that when people go above and beyond someone somewhere could blame or take advantage of the extra those people gave - again not new and totally possible in any scenario or market. We’ve all been there and bought the T-Shirt. The author has expectation mismatch, perhaps taking a break and then making a final decision is best.
283 comments
[ 3.7 ms ] story [ 77.6 ms ] threadIt's awful the way log4j is being treated. I just don't think anything has changed.
Sadly, that's the way all FLOSS gets treated. I saw this exact same sentence when heartbleed came out with just the project name changed.
I don't think that anti-commercialisation clauses in the license will fix anything, though.
- It's a lot of fun
- It's addictive
Honestly I was a bit struck when a friend looked at my github and said it was a nice portfolio. The material view never hit me at all: my github is a product purely of what I've wasted/spent time on for fun, not to make a profile. :)
That’s what I do. Even my “farting around” projects have a lot of polish. I write everything I do as if it will ship.
I find it establishes great work habits and personal integrity, and my GH ids (I have a personal one, and a couple of org ones) make outstanding portfolios[0].
Not to worry, though. My experience, is that potential employers never look at at GH portfolios. Instead, they rely on leetcode tests to evaluate applicants.
[0] https://github.com/ChrisMarshallNY
I would never do that in a work context, because the environment there is so different, but it's often the right trade-off for things I'm doing for fun.
(And I still make all the code open source because, well, it might be useful to someone even in the state it's in)
I do a lot of self-discipline "tricks," in order to enforce a certain habitual workflow, and this is one of them.
Many folks get far more done than I do, using very different techniques. I just enjoy the process and the Craft, as much as I do the end result.
One significant advantage, for me, is that I never have to worry about cleaning the house before the boss comes over for tea.
I'd liken it to an artist's sketchbook. If every piece is required to have the appearance of a master work, lest you be judged by it, then the sketches must remain private or else be destroyed (which they often were). But the masterpieces don't jump to the canvas without sketches. Forgo one, forgo the other. And an artist's sketches often have an elegance that's lost in the translation to a finished piece. I see similar parallels in the rough line art for animation, and certainly in an architect's studies. Not all of it is destined to be finished, either, but such work is often prized regardless.
So why (aside from fearing for our careers) should we be afraid to share?
Some code is inherently low-stakes. Some code will only ever be useful, even to the public, for a few months. Sometimes I just want to express an idea, where the proof of concept matters far more than making something shippable, which might imply strapping it down to a particular platform or ecosystem where no one outside those walls is likely to see it.
Even on the job, there's a time and place for the quick & dirty script, where anything more would be an over-engineered waste of time.
Back to the artist analogy, the best advice for maintaining a good portfolio is edit, edit, edit. Constantly be looking to remove work, leaving only your best, as you'll be judged by the worst. Does that model really work for GitHub? If everyone started withdrawing work they were no longer satisfied with, we'd all be worse off, if not actively harmed. So that's where I believe my artist analogy ought to end.
I used to have a big Strathmore sketchbook, that I took with me, everywhere, and, whenever I had the time, I would practice in it. I have old photos of me, with it. I was fairly scruffy-looking [still are -Ed.], and the sketchbook was sort of my "brand." My classmates used to call me "Puff," because I liked drawing dragons.
It got to the point, where even my rough sketches would be as good as finished works.
The same goes with my code. For example, when I start writing code, I habitually add a headerdoc comment, almost immediately. I write about that here: https://littlegreenviper.com/miscellany/leaving-a-legacy/
I work surprisingly quickly. I can generally spin up a full-fat native swift app, App Store-ready, in a couple of days. I do that frequently for my test harnesses (but I prefer taking more time, for the apps I actually plan to release).
I never really warmed to Boris Valleho's work (he used to hang in a gallery that I had work in, and I met him), but I have to admit, that guy can draw.
Look up his sketches. He used to make a lot of money, selling them, so there's a lot of them out there. The gallery that I mentioned, had a big rack of his castoffs, selling for hundreds of dollars. They sold like hotcakes. He was that gallery's star (I, on the other hand, was chopped liver).
Here's a few of his marketed drawings, but his sketches are almost as good: https://www.borisjulie.com/product-category/prints/boris-pri...
Hah, I feel like I understand more where you're coming from with that. I was the opposite, seeking to get my finished works to feel more like my rough sketches.
> I never really warmed to Boris Valleho's work (he used to hang in a gallery that I had work in, and I met him), but I have to admit, that guy can draw.
That he can draw is undeniable indeed. There are a few artists whose sketch work reaches that level of refinement almost immediately. Others get there after years of study and practice. Still others don't see that at as a goal at all for that stage of their process, and others still would see it as an antithesis to what they're after. Looking at Valleho's finished work, I can at least understand how his sketches are in service to that sort of end state.
Compare, perhaps, to some Rennaisance-era sketches. Typically far rougher compared to the finished works, but hardly less impressive. I'd suggest there's a great difference in what they were interested in: matters of anatomy, gesture, and composition. Of course, they were also inventing and rediscovering knowledge that modern artists have far easier access to. There's an interesting dichotomy in that some destroyed their sketch work, while others had far less interest in actually finishing anything.
I've forgotten an appalling degree of art history, so I can't readily name names, but as far as finished works go, I had a fondness for painters using relatively minimalist brush strokes, with each application of paint exactly the right color in exactly the right place.
I prefer art to be a lot “rougher” than Valleho’s work, but had a difficult time, doing it, myself; which was one factor in my eventual retreat from art.
But as a continuous activity, over years, what exactly is in it for maintainers to get up in the morning and trade their remaining lease on life for value to be consumed by rich leeches?
They need to for their own needs.
It provides them with some other benefit.
Myth of the rational maintainer, if you will.
In real life, people get (mentally) stuck into suboptimal situations where leaving would make them happier all the friggin' time.
Bad jobs they should have quit. Bad partners they should have broken up with.
Why not bad open-source projects they should have stopped maintaining?
What's so wrong with this line of thinking?
What was enjoyable, becomes grunt work, like making the full set of unit tests for features users want, but you don't actually use yourself.
Whatever this handwavy 'other benefit' was, stops being beneficial.
But they're still paying the opportunity cost, sitting down as the older, greyer, burnt out maintainer while others get the benefit from their work.
The fact that you consider users to be “leeches” means you’re missing the point of open source.
https://en.m.wikipedia.org/wiki/Leech_(computing)
Contributors are not leeching the work.
Users who don't contribute are though, especially when they suck down developer time with issues.
You're not in a position to judge my understanding of FOSS because the word 'leech' makes you uncomfortable.
After several years of hard work a prior open source project that grew to immense popularity got me employment a few times. It wasn’t the actual project, code, or capabilities that meant anything. The only thing appealing about that project was it’s popularity.
Nobody ever looked at the code, except people interested in submitting pull requests. If you think a prospective employer will take the time to analyze the code you are either applying for an exceptional specialized position or completely mistaken.
Work on open source because you like to solve tough problems, want to grow as a developer, or because you just want to build some interesting product. Don’t kid yourself into thinking the code will immediately solve some business interest.
Instead they'll just look at whether you contributed to big projects.
Someone who managed to make significant contributions to Linux or LLVM for example might be better than the average joe.
which leads to people who want to use this mechanism to claim credit in projects they don't actually have contributions in, and because the employer doesn't actually look at the code, they cannot tell.
I recall a while ago where someone would contribute a skeleton README or some random typo fixes to many different project, and using that to make their claim to fame.
So i reject the idea that employers should use open source contributions as a metric without closely examining what those contributions are.
Specifically, may be better at navigating the politics of organisations. Which is a key skill at many employers - likely equal to or more important than technical skill as one ascends through the ranks.
If you think nobody ever looks at your public code, you're wrong. It's just like wearing a bathing suit at the beach or pool: people look.
GitHub and LinkedIn profiles only serve to reinforce the job experience printed on the resume.
WordPress and ElasticSearch come to mind, both made a lot of money.
You also get people adding to your product for free.
I started work on my canvas library (licence: MIT) 8 years ago mainly so I'd have something to showcase to potential employers. It worked: the reason I finally managed to land a job as a web developer was because someone took time to check out the library and decided the work I'd put in was worth them taking a risk on an older new entrant.
Since that time I've continued to develop the library to help me deepen my knowledge of all things canvas. Especially since I started to look at ways to make canvas elements more responsive, and more accessible. But the main reason is just the joy I get from using it to create pretty demos and animations - the library scratches a creative itch.
I got used to the idea that I'll never be rich a long time ago. Good friends are more important than money.
Why does the floor keep constantly dropping? Who are these developers, always willing to do more for less?
In my experience:
* Some of it: people who open source their hobby projects. The personal upside of investing resources into open source is fun & practice.
* A lot of it: academia. Universities have an infinite supply of indentured labour in students and postgrads. The personal upside is grades and graduation. The institutional upside is publishing and grant money.
* Lately: large enterprises. These have the resources to throw high quality engineering behind their open source projects (unlike the universities, where quality has always been a struggle, due to tremendous "developer" churn and different incentives). The personal upside is salary; the business upside is $$$ via "commoditize your complements". Added bonus: open source serves as an HR tactic too.
Put together, the demand for the "race to the bottom" is there and so is the supply. And so it happens. The machinery behind "If you don't do it (with a permissive license), someone else will".
The "bottom" judgement in "race to the bottom" was quoted from the OP.
For what it's worth, I personally contribute or have contributed to open source in all three forms that I identified. And exactly for the incentives listed.
I have to disagree. Use a Linux based operating system, self-host your internet services at home, use google free android, or do a subset of that.
Its all open source and works locally.
For average end-users, “use a linux based operating system” alone comprises a mountain of barriers, but most are rarely even approached because they’re preempted by lack of reliable hardware support and lack of support for staple applications like Word, Excel, and Photoshop.
It's all a spectrum, with free learning material everywhere. Yes, some of thr licenses and agreements are less free, but in truth, never before have so much been available. You can break that golden cage. What you put attention on matters.
The motivation is not money, but to provide a benefit to society or to the people in the immediate vicinity, i.e. to be helpful and to be appreciated.
For most software projects, there should be a way to buy a commercial support license.
For many, such a license should be required for use in any org which is over X employees. Even if not enforced, this way a conscientious dev can justify for paying for the license.
In addition, for some of the deeper "plumbing" projects, that cannot be really charged for independently, they can included in the licensing of some of the projects that use them, as a clause for certain types of orgs, etc.
Something like - using X also requires a license for log4j of $50/yr - where that could even be a pittance, but included in many projects that benefit.
This will make the software much more reliable, while actually giving a basis for open source devs to have the funds to support themselves, feel self worth, and pay for a lawyer to protect their IP for things like TikTok's move.
As an open source coder, I theoretically love the above, but don't know what license, how to set it up, or how to handle the contracting and payment. In addition, I don't know how to justify my commitment - what exactly am I promising and how.
Nonetheless, if someone like Gitlab were to deal with figuring out the technical steps of the licensing and payments, you bet that I would be happy to move my code off GitHub for it (well, my code is already off GitHub, but whatever), and I bet many others would follow suit.
github.com/openfare/openfare
At least promise, if but a dull glimmer of hope...
The up-and-coming generation of developers have grown up exposed to millionaire content creators. They might start wondering about their cut.
The above is not open source, it's a pretty common free (gratis) for limited use, paid for other use commercial/proprietary license of the type tons of non-open-source software uses. (E.g., Visual Studio.)
In the case where a support contract is available, but not required, it is no less free than any other free software, but there is at least a chance that it might be bankrolled, as well as the projection that this is a professional project.
Even where the support is required, it is my understanding of RHS that that won't impede on the title free, since the usage is not what you are paying for. But there we are quibbling semantics ;)
I would guess that you mean one of the following, but I do not see any violation:
> 8. "not depend on the program's being part of a particular software distribution."
> 9. "restrictions on other software that is distributed along with the licensed software. "
> 6. "restrict the program from being used in a business, or from being used for genetic research"
In addition, that is the "The Open Source Definition", but the phrase "open source" cannot be copyrighted (there is legal precedent, IIRC with Lindows) .
According to the DoD, Open Source Software means "software for which the human-readable source code is available for use, study, re-use, modification, enhancement, and re-distribution by the users of such software" [0]
In practice, there are many "Open Source" licenses that allow paid licensing [2]. The most well known competitor, FOSS, only slightly differentiates itself with the phrase "Open Software" and openly allows fees.
[0]: https://dodcio.defense.gov/Open-Source-Software-FAQ/#q-what-... [2]: https://en.wikipedia.org/wiki/Comparison_of_free_and_open-so...
> For most software projects, there should be a way to buy a commercial support license.
> For many, such a license should be required for use in any org which is over X employees.
I interpret this to mean that: You impose in the license of the software that if you are an organization over X employees, you are not entitled to use and distribute the software under that license instead you must hold the commercial license or you must in addition to the normal license hold the commercial support license.
In the first case(where the normal license grant does not apply to sufficiently sized orgs) I believe you impose a restriction of use on the software in a specific field of endeavor in contradiction with section 6. in the OSD.
In my view it is clear that if you require an additional commercial support license for some users but not everybody you violate section 7. as the rights to the program is restricted for some parties (orgs with over X employees only has those rights if they also acquire a commercial support license):
“7. Distribution of License
The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties.“
Now it might very well be that you had another mechanism in mind for imposing your requirement of “Orgs over X employees must hold a commercial support license”. In that case it might very well be a different mechanism in the definition that conflicts with your mechanism, but I cannot see how you can achieve your aim of imposing a requirement on usage of the software for some users without contradicting the spirit of the open source definition which says that you must grant the same rights to all users of your software.
I cannot find in your link [2] what you mean by the phrase: “In practice, there are many "Open Source" licenses that allow paid licensing [2]”. Usually when people speak of paid support licensing for open source (or free software) that is an OPTIONAL support license or a separate commercial license(see the QT license options) that you acquire the software under, and it does not conflict with either free software or open source software. My opposition is only your stipulation that the commercial license be required for some users of the software, and it is this requirement part that I claim conflicts with the Open Source Definition. Note that it is perfectly valid to charge people to obtain your open source software from you, but you are not allowed to impose restrictions on their ability to redistribute that software (including source) to others for free, hence this is probably not the solution you are looking for?
> 5. No Discrimination Against Persons or Groups
> The license must not discriminate against any person or group of persons.
It's okay to charge for open source software, but for software to be open source, the license cannot discriminate against users who do not pay the developer. This means:
- If someone pays for open source software, the license cannot require the user to make any additional payments. This prevents the developer from imposing a recurring fee to use the same version of the software via the license, but the developer is still free to charge for future software releases.
- If someone pays for open source software and then shares it with other people, the license cannot require the people who use copies of the software to pay the developer.
Software releases under your proposed license would be source-available, but not open source. As a sibling comment mentions, the DoD FAQ you linked describes the Open Source Definition as 1 of 2 "industry review processes" that a software license should pass to be considered open source.
Kinsella uses this example to illustrate how some people have no idea how contracts work.
The most important thing of FOSS has always been about ensuring an alternative to closed source. This provides people with leverage in negotiation with the corporations and states in a way they simply would not have without it. Beyond this, It provides a pathway for a much quicker evolution of the products, something actually driven by the most driven users, instead of corporates approved. Writing this on firefox on linux I'd say its working and has done, and will keep doing great good.
Without a functional Linux Desktops for users, there is no doubt to my mind the windows app store wouldn't be the only way to install apps on windows and there would be no way to sell an app that installed on windows without paying microsoft the standard 30% of total sales. The recent fight between steam and microsoft illustrates this perfectly. But they have tried every few years, claiming anti virus, child protection, anti piracy, convenience, anti spyware, anti ransomware, and well its always been the pro microsoft profit in reality ... But they lost each time, because each time too many of its users just threatened to move to linux. This is essentially the only reason you can install, run, and develop apps on windows without everystep including microsoft fees and licenses today.
Look at how stagnant and shitty matlab used to be, and its exorbitant priced to understand what happens when FOSS fails to provide. The niche matlab used is the, at the time, almost non-existent overlap between FOSS programmers good at both GUI UX, tutorial writing, and math. This changed with the FOSS python, numpy, scipy, matplotlib, and pytorch projects. Matlab has gotten extremely much better in the last few years, and its mostly because they finally got competition, they have also started to rapidly drop their effective prices for new users, but its too little too late, and it will never return to the stagnant cashcow it used to be. Matlab was is a troll sitting on a shitty toll bridge while both trying to destroy similar bridges and maintaining its own toll bridge as little as possible. In the last decade FOSS mortally wounded it in passing.
Inversely reduced FOSS influence predicts exploitation. as shown by how astonishingly bad the walled gardens of consoles and phones are. They have gotten away with being astonishingly shit, mostly because FOSS was intentionally and successfully made too hard to use on them.
But these are just visible examples. The great effect of FOSS has never been what it brings about, it is in what it prevents from occurring in the first place, and that, by definition, will never be easily visible.
In the areas FOSS was able to get a footing, it usually remained. Web browsers have been trending towards the open core model for example, same goes for compilers, most of which are FLOSS. On the server, the GNU/Linux platform is the most commonly used one. Same goes for embedded applications including Android.
Does this translate to end user freedoms? Sadly, in many instances it doesn't. But I think it's still worth fighting for freedom, even if the only reachable audience is other freedom loving enthusiasts instead of the broad majority of people.
Microsoft has claimed that consuming code for Copilot is fair use, and therefore does not require permission from the copyright owner, so how would a license—an offer of permission under limited terms—impact that at all?
> But even if I solidify the licenses, what stops GitHub from ignoring them by claiming that their Terms of Service allows them to use my code?
Well, the fact that arguing the ToS would be a retreat from their position that they don't need permission in the first place, whether or not the code is hosted on GitHub.
For example, I agree that the company behind MuseScore has exhibited some bad behavior that is worth discussing, but their attempt to introduce opt-in telemetry to Audacity is difficult to classify as adding "spyware."
Also, the article meanders through a lot of different points that have very little in common other than being cynical. For some reason, it starts talking about stuff that isn't related to open source. It also talks about a lot of different issues regarding open source. I don't understand what the overarching message is, except for something along the lines of "all software development sucks."
The conclusion also strikes me as a little bit dramatic too:
> I’m stuck between a rock and a hard place. If I make Rig Open Source, it could very well do more harm than good, regardless of whether I get paid! And if I don’t, it won’t get used anyway.
1. I don't understand why it's likely to do more harm than good, or by what measure. How does this tie into previous examples? How do you expect it to be "exploited"?
2. It doesn't seem to approach the completely valid question of why developers don't like using closed-source tools.
3. It seems to imply that the mere act of releasing software should entail some kind of payday or recognition, but that doesn't make any sense. I agree open source is undervalued, but so are a lot of things. Ask people who draw if they feel like their skill is valued appropriately; it's not. The reason why businesses are able to make money off of software is because they don't just write software, they also sell it. Even if you're trying to live off of donations, you still have to "sell" it. Look at how well-branded successful projects like Blender and Krita are! And a lot of projects use the "progress report" blogging format similar to the one successfully used by dolphin-emu to engage with the community. It's a lot of non-programming work.
I don't mean to devalue anyone. I can just about guarantee that if you do the selfless job of putting quality open source into the world, it will never, ever be paid at market rate. But that's the price you pay for being able to do whatever you want. An artist, 99.99% of the time, cannot make money creating whatever they like; most would probably only ever find serious success in graphic design. I think open source is a wonderful asset and has produced some amazing artifacts for us to enjoy that have done enormous good for the world. Can you even quantify the amount of good done by having a robust production-ready operating system used by everyone from budding geeks in gradeschool to production servers at Fortune 500 companies?
I hope you find whatever you are looking for, and I don't like being dismissive. But I urge people to see the non-cynical side of this.
> Also, the article meanders through a lot of different points that have very little in common other than being cynical. For some reason, it starts talking about stuff that isn't related to open source. It also talks about a lot of different issues regarding open source. I don't understand what the overarching message is, except for something along the lines of "all software development sucks."
I agree that it meanders, but I don't think I'm cynical, just discouraged.
The real point of the post was to ask the question in the title, explain why I am feeling that way, and ask people to contact me (the last line), which they have!
> I don't understand why it's likely to do more harm than good, or by what measure. How does this tie into previous examples? How do you expect it to be "exploited"?
Rig is a build system, which means that if companies steal it and modify it, they could conceivably make it insert a backdoor into every piece of software it builds. (See Ken Thompson's "Trusting Trust".) That is an enormous potential harm, at least in my opinion.
> It doesn't seem to approach the completely valid question of why developers don't like using closed-source tools.
You're right, and I honestly think there's no problem not liking closed-source tools. I just happen to think it's hypocritical to want Open Source, but push closed-source on end users that don't know better.
> It seems to imply that the mere act of releasing software should entail some kind of payday or recognition, but that doesn't make any sense.
This is not what I meant, sorry. It's more that I want my software to do more good than bad, and I'm not sure it would.
> But I urge people to see the non-cynical side of this.
Me too.
https://www.fossjobs.net/ https://github.com/fossjobs/fossjobs/wiki/Resources#internsh... https://www.debian.org/intro/help
Surf through projects to find ones that seem to be interested in contributions. Red flags are many ignored unresolved pull requests or too much hostility in project.
Some projects have issues labeled with "beginner friendly" or some such. Have a look there and try to fix something. If it turns 9ut to be boring, move onto another project.
But also a lot of companies take it quite seriously now so it can be good for your resume particularly if you are not in the industry yet and want more experience or some references of your prior work. So it can be worthwhile even if you aren't completely passionate about it to the extend you would be content to always do it as an unpaid hobby.
It's not good to assume you will make money directly on your own project or some niche project, but there are lots of established projects which are in demand in the industry and you would be able to make money working on them. I work on the Linux kernel which I started as a hobby and I've been able to take my skills between several different companies and continue working on the same software (although different areas) which has been good for me.
Not to say you can't get transferable skills or relevant experience working on proprietary software and some may prefer the challenge or variety of working on different code bases at different jobs. So proprietary software is pretty on-par in those respects. There are a lot of areas where proprietary software is ahead too so if you want to work cutting edge software in a particular area, open source might not be the best option for you.
As far as getting started, start with working out what you are interested in and want to work on.
that's the wrong question to ask - the first question to ask is whether you have some aspect of a project that you enjoy working on (or have a project of your own that you enjoy working on).
If your goal is to put your name in a well known project for marketing purposes, then i'd say you have the wrong goal for doing OSS.
It is standard for production code to rely on third party libraries. Not just standard, but the opposite is considered bad thing - you are not supposed to implement everything from scratch. If you do, you will end up with more bugs and issues. There is nothing, absolutely nothing in development last 30 years that would say "it is bad to use open source libraries".
But no, it was not all that kuch prevalent. Instead, people wrote their own almost everything.
It would also be irrational. The rare security issue like this is kot a good enough reason for such massive undertaking. You manage risks, you are not supposed to act purely out of fear.
> Good software engineers do that.
The amount of effort required would necessitate management sign up for this. And they won't, because it is not rational thing to do for majority of software.
[1] https://github.com/admin-ch
[2] https://github.com/SRGSSR
Working with different code bases is also great practice and one always learn something new.
You practice your favourite instrument and post it on the tube. Worth it.
You get to know people with similar style and taste so you jam together. Worth it.
You guys stream the sessions on Twitch and got fans. Release EPs on bandcamp. But it starts to take too much personal time away from you. Worth it?
But the fans want it! You'll have to decide. Sometimes you work for months on an album. People cheer on the live stream, but not a lot of income from selling the art. Worth it?
Pick your RUNLEVEL. :)
This is a good analogy.
I guess it's still different from what I meant because while making music does not really do harm, software can in the wrong hands.
(Okay, music can still do wrong in the wrong hands, but the scale of harm from software is far bigger.)
I thought the use was fine.
If you have other expectations maybe you'll find other endeavours more fulfilling. Which is sad but it is what it is.
So for many, it is not the same.
The choice people make doesn't change the expectations of others.
Personally, I’ve shipped several open source libraries that are still in use in lots of places despite me not having added a commit in over 10 years. They do the thing, don’t do anything else, don’t depend on other stuff, and thus don’t have a lot of surface to attack.
Imagine if the log4j guys had built their thing to spit out logfiles, then stopped before adding the bit where it can execute arbitrary code. I’m sure there was a version early on that did that. And I bet that version would still work perfectly well today. It was finished.
It just needed somebody to not unfinish it.
A late youth hobby of mine was being active in a coding community that wasn't open source, it was "lost source": based around a piece of freeware that was literally lost to a local storage hardware malfunction. But it had an API and a decade of stability (as in lack of API change, not lack of crashing unfortunately) and that caused an amazing amount of creativity, cooperation and so.
Perhaps this is an inherent weakness of open source: it's always easier to accept one more feature PR than committing to an API that remains sufficiently stable for that feature to happen in an isolated module.
I'm not saying that its always better to strive for the API instead of inclusion, it's a weakness as much as it is a strength, but chances are many situations where separation would have been better will be missed. It's a cultural bias.
It's nice to view software as something that can be done. I cringe when people look at activity on commits and think that if there isn't continuous activity, the project is dead. Maybe, but it might also be complete.
My most successful open source project in terms of adoption (it's packaged in nearly every distro) is one that is done. I wrote it about 10 years ago and other than one small bugfix it hasn't seen any activity since. It's useful, it's complete, nothing more to do.
Maybe that’s the problem we need to be addressing. More and more these days I find myself frustrated using modern software when old unmaintained software had already solved the problem.
We consider it a novelty when a writer like George RR Martin still uses WordStar on an old DOS machine [1]. Maybe it shouldn’t be a novelty. Maybe it should be the normal thing to do.
It’s utterly at odds with a consumer culture though. People don’t seem to want well-made things that last a lifetime. They want shiny disposable crap.
[1] https://youtu.be/X5REM-3nWHg
Also they tend to buy their tools.
Having bought several books from open source projects as means to try to help the authors, I am quite aware how little it brings home to keep a sustainable life.