Sad to see this—libjpeg-turbo is great! I once built it into an iOS project to allow reading & writing of giant JPEGs when the first party API used too much RAM.
Being a commercial product is hard.
Having customers, supporting them, etc is very hard. Most can't sustain themselves either. Especially when competing with open source.
Every time I read about "criminal underfunding" of open source, it comes off as people wanting to be able to capture some of the value of being commercial without any of the cost. Being open source means more people use your software. But they owe you nothing at all for that. Enough value to pay themselves to work on it is not a small amount of value, and most commercial software doesn't make it there either.
If you want people to pay then be paid software. Otherwise you often just want a contract with terms nobody wants to pay you for. There is nothing abnormal about that, and it's certainly not "criminal underfunding".
I'm sorry it's not as easy as people want it to be, but it never was - this isn't new, and it not likely to be anytime soon.
The main difference now seems to be how many more people feel their users should have greater responsibility than they require of them.
That's one of the things that often makes your product popular though.
This is the whole point of modern open source: to be able to exploit others for their works, without them having any recourse for compensation or entanglement when you make lots of money derived from their labor. It’s a technologist’s libertarian dream come true. It’s also a primary cause of burnout in open source developers — but that doesn’t matter, because there will always be more open source developers to exploit, so long as they believe in open source strongly enough.
I think the idea that creators should not get paid is the issue here. It’s much more generic than open source. Another example of the same issue is how creators receive nothing for exploitation of their works by VC-funded AI companies. In both cases, the same imbalance between creators (who get nothing) and exploiters (who get billions of dollars of revenue) exists.
They could just not do it. Spend your time more wisely. If you git commit, you've lost your leverage. Don't go write a labor politics blog post about how you're enslaved for writing C for free.
Open source is labor politics. Copyleft is shorthand for “I labor to create this work for the commons, and all who modify my work must adhere to my labor politics by sharing their modifications with the commons.” It’s designed specifically to counteract commercial exploitation of labor while denying the commons their modified works. Without labor politics, there would be no GPL, no AGPL, no Sharealike.
(Ironically, my single sentence license above would be more likely to win a court challenge than the GPL/AGPL, while also being more resilient to new methodologies and less vulnerable to loopholes; however, it’s incompatible with the “legal contracts should not depend on human judgment calls” viewpoint that’s popular in technical circles.
We don't have to speculate about whether the GPL would stand a court challenge as it has been tested in court many times in multiple jurisdictions.[1]
As an aside, the reason I don't think your statement would work is you don't have the ability to unilaterally bind other people by a statement you make without their agreement (ie you saying something is not a contract, because that is by definition an agreement between parties). For that reason I'm pretty sure your "all who modify my work must ..." subclause would have no legal force.
The mechanism that copyleft licenses use is to grant rights to the user provided that the user adheres to the terms. That's something you can do, because it's up to you to grant whatever rights you want to grant and it's in your gift to set conditions on those grants. If users don't accept the terms of the license, they don't get granted the rights and therefore they are prevented from using or distributing the software by normal copyright law.
I don't think that's the issue at hand here. If you give away your work for free, then you shouldn't expect others to pay for it. Depending on the charity of others isn't a great business model.
Projects and organizations that do get a large portion of their funding from donations usually need to spend a lot of time marketing and evangelizing to get those donations. A solo open source developer probably doesn't have the time to do that, plus write the software itself.
No, that's nonsense. The point of a price is to set expectations with regards to the obligations of both parties to avoid arguments after a transaction is complete. You say "give me $X and I'll give you this thing" and I can accept it, negotiate, or reject it. We both understand that this is a commercial transaction, that I'm supposed to give you money when you give me the thing, and that if I run into problems that you're supposed to give me support.
If you just give me something without setting a price then it's not a commercial transaction and I don't have an obligation to pay nor do you have an obligation to support the good or service you sold to me. Or do you believe that every time someone gave you a present actually you were supposed to pay the gift-giver based on the value of the present?
It's not an obligation on any person in particular, but someone that gives lots of genuinely useful gifts should get gifts back. Is that a controversial take?
Though when you mention support, that's one route to improving the situation. It seems like most companies are unwilling to buy pure support, even though most of what they actually want is support. If paying for pure support was more normalized it would be very helpful to open source.
You're not talking about gifts, you're talking about a gift economy. If we lived in a pre-monetary society, we could use loose accounting to keep track of debts. I get fish from the fisherman, and in exchange I help fix his boat when needed. The village doctor heals everyone, and in exchange he gets stuff he needs from everyone. Someone can slack for a bit, but they do it for too long they'll accrue too high a debt and people will no longer give them things.
Well, we don't live in a pre-monetary society and we don't use loose accounting, except with people we're close with and who we can trust.
I'm saying they deserve value back even outside of a gift economy.
In a monetary economy, contracts don't fit every situation, and someone deciding they don't want to make people pay for valuable code shouldn't ruin their ability to use that code as a "day job". We need to figure out better methods to reward useful work, as a society.
Or, we need to pay everyone a universal basic income, so that they don’t need to take revenue into account when choosing what value to contribute to society.
> If you want people to pay then be paid software.
It seems like source available type licenses (e.g., Kyle Mitchell's Big Time license: https://bigtimelicense.com/ ) are a reasonable middle ground for being paid software without giving up many of the benefits of open source.
I'm hoping there's a notable uptick in adoption of licenses like these.
They're not reasonable at all. They deceive users and leach off of the good name of open source while preventing any actual open source projects from incorporating any of their code. I'm hoping there's a notable drop in adoption of licenses like them.
> They deceive users and leach off of the good name of open source
How do they do that if they don't call themselves open source (or "Open Source (TM)" if you prefer) in the first place?
Regardless, something needs to be done about the sustainability gap in open source other than writing messages like what's linked. The inability of your project to incorporate someone else's code shouldn't consign the rest of us to not have the benefits of access to that someone else's code outside of a proprietary binary.
> How do they do that if they don't call themselves open source (or "Open Source (TM)" if you prefer) in the first place?
First of all, some of them DO call themselves that even though they unambiguously aren't. And even for the ones that don't, they usually try to sound as similar as possible to it and downplay the differences.
> Regardless, something needs to be done about the sustainability gap in open source other than writing messages like what's linked.
That feels like the politician's fallacy. We need to do something, and switching to fauxpen source is something, but that doesn't mean we need to switch to fauxpen source.
> The inability of your project to incorporate someone else's code shouldn't consign the rest of us to not have the benefits of access to that someone else's code outside of a proprietary binary.
It's not just one project that can't. If a given bit of code isn't open source, then NO open source projects can incorporate it.
> First of all, some of them DO call themselves that even though they unambiguously aren't. And even for the ones that don't, they usually try to sound as similar as possible to it and downplay the differences.
There was understandably uproar about things like the "Commons Clause" and similar attempts to retrofit obligations to pay onto open source licenses. I have no disagreement with rejecting these as misrepresentations of open source. But if no such misrepresentation takes place, this line of objection is bogus. I gave an example of one license that does not misrepresent itself in such a way. I'm sure there are others and if not, attempts should perhaps be made to develop others, just as we have multiple open source licenses available.
>> Regardless, something needs to be done about the sustainability gap in open source other than writing messages like what's linked.
> That feels like the politician's fallacy. We need to do something, and switching to fauxpen source is something, but that doesn't mean we need to switch to fauxpen source.
I regret my phrasing, "something needs to be done," which does indeed sound like a politician. So let me rephrase. There is an axis, with proprietary secret source code and FOSS anchoring the ends. This axis is a good proxy for monetizability, but the axis itself is about freedom. With secret source, no user gets any benefit from the source. Source available, is, to me, a genuinely constructive attempt to address the need for developers to be compensated, while still giving users many of the benefits of access to the source.
I don't think source available is going to be something we "switch to" so much as, if some developers need income from the code they put out there, this is a far more user-centric option than telling everyone to download binaries for platforms they may or may not use and submit themselves to intrusive license checks. If you want to get a job at a RedHat or Collabora or try to have your employer cover your open source time instead, more power to you, source available certainly doesn't stand in the way of that.
> It's not just one project that can't. If a given bit of code isn't open source, then NO open source projects can incorporate it.
Open source projects have no hope of incorporating secret source software either. At least with source available, users can look at the code, make changes, build it themselves, and if they fit whatever "gratis" criteria are a part of the license, they don't have to pay either.
>> It seems like source available type licenses (e.g., Kyle Mitchell's Big Time license: https://bigtimelicense.com/ ) are a reasonable middle ground for being paid software without giving up many of the benefits of open source
> They're not reasonable at all. They deceive users and leach off of the good name of open source
I disagree. Source available licenses are reasonable, but not “a middle ground for being paid software without giving up many of the benefits of open source”.
It’s a license that allows small entities to use a binary for free, and promises larger companies to give “fair, reasonable and nondiscriminatory terms” (I guess that’s in the license to ‘guarantee’ smaller companies they will be able to get such a license and that they will be able to afford it. IANAL, but I think the “nondiscriminatory” guarantees the former, but “fair and reasonable” doesn’t fully guarantee the latter)
We probably need better, consistent terminology for different types of "not all the freedoms of open source but not proprietary secret source either", the way "open source" means something very specific.
The Wikipedia page you cited opens with "Source-available software is software released through a source code distribution model that includes arrangements where the source can be viewed, and in some cases modified, but without necessarily meeting the criteria to be called open-source."
So by this definition, "source available" is a superset of FOSS, but not specific enough to imply what the user can and can't do with the source code. It makes sense to name classes of license within the "source available" umbrella that spell out what freedoms are restricted/preserved.
The Big Time license is not specific as to whether the covered software is provided in source or binary form, and is easily applied to source code distributions. Probably the reason I associated this license with "source available" is the primary license author is a prominent U.S. lawyer involved with open source and I'm pretty confident it is written to be applicable to source code even if it is not explicit about it. Similarly, the BSD license doesn't require that the license be attached to source code - one could release binary-only software under the BSD license.
They are very reasonable and they solve a real problem. A big corp won’t use a library from a tiny 1-5 person shop if when they get acquired or go under the library dies and all they ever got was binaries. A source available license solves this because the big corp knows they can maintain the library themselves in that case.
In my own case, I write every one of my projects as if it were supported, released, commercial software. I wrote shipping, commercial software for my entire career, and got in the habit. It isn’t that much fun. Lots of boring bits, in writing high-Quality, release-grade, software.
That said, thank Cthulhu that I don’t depend on it for a living.
I’m pretty much my only customer. I write software that I want, and use it in almost everything I write. I also archive projects and apps that I am no longer actively supporting.
I don’t really care whether or not anyone else uses it. In fact, the fewer, the better.
- of course, building a successful commercial software (company) is a lot of work
- but if you manage to create a commercial software that reach even a fraction of libjpeg-turbo's success, you'd get very rich, with lots and lots of zeros on your bank account, and a family free from material problems for decades to come.
- nobody, including the author, claim that he should be rich. We just think that it's a pity that he's not able to make decent money, despite creating tremendous value to very profitable companies (and making an much easier job to thousands of developers far less skilled than he is, while still making multiple times his paycheck).
>but if you manage to create a commercial software that reach even a fraction of libjpeg-turbo's success, you'd get very rich, with lots and lots of zeros on your bank account, and a family free from material problems for decades to come.
This is a non sequitur, given that libjpeg-turbo has reached libjpeg-turbo's success and its author is not several times very rich. It is unfortunately very possible to create a product that's very popular and that takes a lot of effort to work on, but which most people are not willing to spend any money on.
Maintaining open-source software requires time. There is an opportunity cost, and people (unfortunately) need to feed their families, pay their rent, and so on. The problem here is that the developer faces a choice: continue working on a piece of software that makes things better for thousands (or tens of thousands) of companies and individuals, or put that time towards something that benefits him and his family directly and ensures that they can continue to survive and thrive in a capital-based society.
If he moved libjpeg-turbo to paid software (not that I expect that's possible) then I'm sure a lot of companies would pay for it, and a lot of open-source projects (or smaller companies) would be forced to stop using it. That's not good for anyone (except the developer).
I think the thing to consider is this: if everyone who's ever saved at least two dollars on time, bandwidth, CPU power consumption, cloud compute costs, or any other factor gave him one of those dollars, he'd be set for life. He could make libjpeg-turbo his full-time job indefinitely.
He's not asking for a six-figure salary, but it's difficult to look at a project that you're spending time and effort on that's saving other people such huge amounts of money and compare that to the meagre amounts anyone is willing to contribute for it and to consider that a worthwhile tradeoff.
In the end, he's making that choice: he's going to spend time doing something else. He doesn't come across as feeling entitled (his argument that open-source software should be more funded/appreciated than it is doesn't seem to be in debate), he's just faced with a choice and he's letting people know ahead of time what choice he made.
Not to leap at defending Google or any other disproportionate OSS consumer, but the moment you apply this logic consistently, those costs add up to > revenue in most scenarios I could imagine. There is a way to make it sustainable, but it’s not likely to be a voluntary action by any individual actor.
Google is one of the three companies explicitly listed in the message as sponsoring the general fund of this library. What did it get them? Just people like you complaining that they aren't donating more.
Why not at least complain about the large tech companies that aren't sponsoring at all, or only sponsoring specific project work?
[0] From https://libjpeg-turbo.org/About/Sponsors it looks like a bunch of companies have sponsored specific projects, but from the message it sounds like these projects have been basically underbid by the library maintainer, and that's been part of the problem.
Ideally, every developer in every large co would be given some budget to spread sponsorship money around as they saw fit—ask your manager to make it happen. Note that they may be able to register this as a marketing expense, which may be more favorable to your accounting department.
(I use this library in PhotoStructure via Sharp and libvips, so I just started sponsoring it)
> Ideally, every developer in every large co would be given some budget to spread sponsorship money around as they saw fit
If I'm not mistaken, there is a ton of overhead ensuring that the money doesn't directly benefit any of the employees themselves. There are all sorts of regulations around how things like gifts and donations are accounted for, taxed and so forth. Then, you also wade into territory of graft, bribes and so on (employees of company A funneling money into open source project B, which is worked on by employees of potential customer C).
How can you help? If every individual developer who used libjpeg-turbo on a regular basis donated just $5-10/month to the project through GitHub Sponsors (https://github.com/sponsors/libjpeg-turbo), we'd have a healthy amount of general funding.
I've tried that in the past and had a hard time doing so. I managed to get the company to sponsor projects like sidekiq because there were some benefits in doing so (even if we actually never used the enterprise benefits) but I haven't been able to convince them to donate any money. They'd just tell me that they don't see any benefits in doing so.
I end up donating with my own money to opensource projects I value but I don't have enough money to properly fund all projects I would like.
meanwhile a hedge-fund manager somewhere probably just paid themselves 10s of millions for having some sneaky trading/M&A/roll-up idea and executing it.
I'm torn on this. On one hand I do agree and lament that many foundational open source products are underfunded to the detriment of its users.
But like I say when a for-profit corporation complains and blames outside forces when they have trouble with their finances: it is not our responsibility to make your business model work.
If you want to get paid a certain amount to write software, donations are often not a reliable way to do that. As much as I am an open-source advocate, dual licensing and requiring payments for commercial use seems like a better path to stable income, assuming others believe your software is worth the price.
A lot of open source authors know that of course, but still, they choose the begging-for-donations / appeals-to-corporate-funding route once their project becomes popular.
Dual licensing and requiring payments for commercial use comes with risk as companies could flock to alternatives or forks, but at the end of the day, is the better model as it establishes expectations upfront and makes it clear that one fully stands behind one's product.
I'm sorry but I have no sympathy. I turn down real jobs to work on my hobby. Why won't anybody pay me??
What does he expect to happen? I really don't get it. If you like to work on opensource. Sure, do your thing. But if the benefit in CV building and personal satisfaction are not enough, why don't you stop doing it?
Whether you know it or not, you have used libjpeg-turbo. In fact you are probably using it every day, it's just behind the scenes, just like openssl is.
These projects deserve funding, if at least from giants like facebook & co.
one wonders what possible harm could come from leaving image decompression buffer faults from maliciously crafted jpegs in popular browsers and software unattended.
> one wonders what possible harm could come from leaving image decompression buffer faults from maliciously crafted jpegs in popular browsers and software unattended
This is yet another reason a switch to a memory-safe language like unsafe-free Rust is highly imperative.
...at which point the code written in C will suffer from BOTH categories of bug, while code written in any language whose compiler guarantees memory safety will not.
Guaranteeing memory safety isn't just an overhyped benefit meaningful only to Rust fanboys. It is also one important reason why much code is written in Java, Python, or JavaScript. It is a valuable property for any language to have.
I think you might need to define what exactly you mean by "memory safe".
There is an entire class of bugs common to C and C++ that absolutely never happen in JVM languages, CLR languages, Rust, etc. This particular class of bugs of bugs never happen by design, because the language design simply does not permit them to occur ever.¹
¹ I am obviously of course excluding bugs/exploits/unintentional-loopholes here that are in the JVM or CLR, or in the Rust compiler itself, that permit a program to "break out of its box", so to speak.
This is a super-well-known issue with reference counting in general. It would be something to deal with anywhere one uses reference counting exclusively. For example, this is a problem in Swift as well: https://docs.swift.org/swift-book/documentation/the-swift-pr...
Does that mean Swift is unsafe? No.
All this does is create the potential for a memory leak. Which is nowhere close to being in the same category as a buffer overflow exploit.
Also, I suppose one could write a garbage-collected pointer library for Rust, which adds cycle detection (and auto-deletion) on top of ARC.
While I think the move to safer code through Rust and other alternatives is a nice breath of fresh air, I doubt you can get these kinds of optimization without using unsafe code in Rust. These optimized implementations often require some kind of safety-bypassing memory modifications to work as efficiently ad they do.
Oh wow, I didn't realize there were mountains of Assembly in there. If this is the case, I'd say: let's put libraries like this Docker-like containers (in their processes with their own address space), and use mmap/etc-based highly-efficient IPC to interact with them.
With all the hyper-optimized assembly in there, it's probably still more efficient even with the container penalty (which, tbh, is close to zero on Linux these days).
For this work we don't need a general purpose language like Rust.
WUFFS is a special purpose language for Wrangling Untrusted File Formats Safely:
WUFFS pays a high price (loss of generality) for a valuable reward (compile time assurance of memory safety, very high performance) and it makes no sense for people to hand roll this sort of software in C when they should use WUFFS.
Wow, WUFFS is amazing. I wonder if a hypothetical new/future general-purposes language could have a non-Turing-complete subset within it with WUFFS-like guarantees.
You can think of it as a job application being broadcast.
His software is clearly valued, but companies take 3rd-party dependencies for granted because they're just there and can be used for free. There are things a company can do to replenish the ecosystem: Give time or money to maintain projects they depend on.
> if the benefit in CV building and personal satisfaction are not enough, why don't you stop doing it?
I'm afraid you don't understand the basic premise:
He is not (primarily) doing open source to promote his CV.
He is (presumably) doing open source for ideology and lifestyle: because it provides a good work environment where you work on exactly what you want, provides value that scales beyond what a single company can create (but is otherwise somewhat harder to measure), and provides value to the global, general public, which is not something people with day jobs can claim as easily.
My brother in law is an artist. He paints beautiful pictures and writes a comic book. His lifestyle choice appears to be fulfilling for him. He also doesn't own a car or a house. Choices have consequences. Different than OP, he doesn't complain about it.
> Is your brother's art present on billions of machines?
That alone does not entitle anyone to payment. All you're entitled to - as per license - is to have the license reproduced in full on some "About > Licenses" page.
Anything else is underpants-gnome level of magical thinking:
I have artist friends, some receive private and state grants, others only survive on teaching and selling art. They do sometimes complain about how hard life is without money, but it’s a choice.
If an artist said “I’m going to quit art if the world doesn’t pay me”, surely most people would just say, “good luck with that.”
If someone’s art piece contained a bug that broke a company’s industrial build pipeline, and all funding for improving the art piece was gone the next 15 months, I’m sure that company would consider donating.
There isn’t a principal difference between art and software here. It is the nature of companies that rely on open source that is not well understood here, causing criticism and questions.
This is a friendly reminder that anyone interested in a 3.1 release in the foreseeable future should cough up. :-)
Their "hobby" saves huge corporations large amounts of money. I don't understand how it's not obvious that they should chip in comparatively small amounts of money to make sure that the project stays updated and secure.
Why bother funding open source at all, it's not like it's the foundation of the entire worlds infrastructure or anything.
Haha. That's the point. Everything would still work if no open source existed. Tech would just be far more centralized in the hands of a few companies who have all the software libraries. Progress and development of tech would be far slower. But the world would keep turning just fine. Open source exists only because of the programmers' love for programming, desire of attention and the desire to benefit other people's lives. Open source software mostly starts out as a surrogate activity. No company needs to fund individual open source devs. They'll go with whatever at hand, it doesn't matter, sometimes even hiring someone to continue the open source project the original dev abandoned cause lack of funding.
Your real job is made easier by low paid people like him, if not you'd be forced to spend time to (badly) re-implementing the JPEG standard.
Just because "it helps the CV" doesn't mean that's an end goal in itself in the long run, and once a library is popular the implications (security issues!) of non-maintenance is far higher even if it started out as a "fun" project.
Just wanted to post the same xkcd, then I thought someone already might have, and my suspicion was correct. I guess most here have already seen it at one time or other, but maybe some haven't yet...
"open source" doesn't automatically mean it's a hobby project done in the free time for no compensation. sure, most projects are developed in this fashion but the concepts are only incidentially correlated.
working on open source software is and can be a "real" job. the only difference to closed source software is that the source code is open - nothing else (simplified).
if you want your hair cut, pay the hairdresser. if you're interested in the continued development of the project, pay the author. it's as simple as that.
in this case there's not enough funding so the project is discontinued. doesn't get more professional and non-hobbyist than that.
This would work if the OSI wouldn't vehemently oppose usecase-based restrictions for open source. I think more people should say "it's forbidden to use it for <list things like LLMs, social media, etc.>, if you want to use it, buy a licence from me"
Right now, those corporations just steal the code and sponsor the OSI's gatekeeping.
> working on open source software is and can be a "real" job. the only difference to closed source software is that the source code is open - nothing else (simplified).
That is no small difference. In particular the business is completely different and if you want to make a living out of it, you should plan your job accordingly: find an employer that pays you to write the software, make a business around support for the software, open a twitch/YouTube channel and monetize it, etc., but asking people (or worse corporations) that have the right to use something for free to pay for it doesn't look to me like the best course of action.
> if you want your hair cut, pay the hairdresser. if you're interested in the continued development of the project, pay the author. it's as simple as that.
If you offer to cut the hair for free, you shouldn't complain that rich people don't pay for your services, and the "but everybody comes to me" is not a good enough reason, especially when being free is one of the motivations.
Ah yes, but I am not complaining about that, and I can understand that the author doesn't want to work anymore on the project.
What I am complaining about is the assumption that people using open source software have to contribute to the authors, expecially if they have plenty of money. Open source is not about that. If that is the expectation, a different type of license is probably better suited.
So, because it's open source, he can't ask for a salary and do some marketing to get funding?
What entitles you to decide that this guy doesn't have the right to try to monetise his project?
The author chose a BSD-style license that has no problem with use in proprietary software. It's too late to do something like a dual AGPL and commercial license (unless some amazing new features are added), as it's already in widespread commercial use.
Possibly. Switching to GPL would probably mean that chromium can no longer use it (I think they use it currently, but I'm not 100% sure). Then they could switch to an other permissively licensed jpeg library that is maintained (is there any?), roll their own (probably forking an old version), or persuade the author to consider licensing new versions permissively (hopefully with some money).
But the existing version under the permissive license already exists, and everyone can keep using it or even fork it. The only way a change to a more restrictive license could work is if there were really compelling features only available in that version.
In the end, it's not the individuals who are greedy to the extreme. Instead, it's the companies that are pathologically greedy to the point of killing off what they need to survive.
These companies could throw $10k or more at their FLOSS constituents to thank them. And more most of the companies we're talking here, is a rounding error of a rounding error. But, most don't cause there is no 'need' to.
Why build a community when you can just use people up?
Even that won't be guaranteed to work. Bash is forever stuck on an ancient version on macOS, because Apple doesn't want to touch GPLv3 code. At some point they switched to zsh for the default shell.
The really compelling feature will come along, and it'll be to take advantage of the acceleration capability of a new instruction set or CPU that doesn't exist yet. He could quite happily say "4.0 will be GPL or email-for-commercial-terms" safe in the knowledge that such an update will be needed. Unfortunately it sounds like it's about 5 years too late for him.
Software development is the process of pure creation. It shouldn't be debased with the language of resource scarcity. A weekend spent hacking on simd assembly optimizations is not a loss of labor resources. Why write code if not for the pleasure of it? No open source developer should ever apologize to his fans for delaying a release because some Apparatchik at Microsoft refused to sign his binary. Open source is not the service industry for schemers and penny-pinching money men. If you're too nice to those people then you'll just end up as cynical and burnt out as them. DRC should consider backpacking or possibly couchsurfing, then come back to libjpeg-turbo after a year with a clear mind.
Open source is EXTREMELY HARMFUL to the non-owning/entrepreneuring class: Big business can built their billion dollar companies on open source, while the developers lose out: Without open source, companies would have to hire more devs to implement solutions, or they would have to pay external devs money for their solutions. This would also foster competition between different solution offerings.
It's very unfortunate that software engineers, especially the good ones able to create libraries used by pretty much everyone, seem to lack the drive to monetize their work and instead accept payment through GitHub stars, likes and prayers.
> The testament for its effectiveness is the visceral revulsion it evokes from "entrepreneur" types.
Exactly. It is interesting to me that GP uses the word "open source" while entirely missing the point of free software [1], and how copyleft licenses were designed to resist corporations taking from the commons without contributing back from the start.
> “Free” and “open” are rivals for mindshare. Free software and open source are different ideas but, in most people's way of looking at software, they compete for the same conceptual slot. When people become habituated to saying and thinking “open source,” that is an obstacle to their grasping the free software movement's philosophy and thinking about it. If they have already come to associate us and our software with the word “open,” we may need to shock them intellectually before they recognize that we stand for something else. Any activity that promotes the word “open” tends to extend the curtain that hides the ideas of the free software movement.
a) the non-commercial usage is restricted, so there's a reason to buy a commercial license, and
b) The copyright is assigned to a singular person or entity so there's no confusion as the recipient of money.
Sadly both of these things conflict with Open Source either definitionally ("no restrictions on use") or in spirit ("single copyright holder/CLA means no or an exploited community").
Strongly agree with your first part, but with the second part, it's not always a lack of drive. I have a ~3k stars github project, and tried fairly hard to monetize it (even took VC money at one point), but without any success.
I realized that monetizing is mostly about selling, which I'm simply not good at (probably because I hate it). Telling open source developers to simply get more hustle isn't really a solution.
A big open source project isn't even good for your career. In my experience, recruiters don't care at all.
I am very glad I get to use open-source software at no cost. There are profiteers, sure, but I believe in the end open-source software will be more beneficial for society as a whole as it is much easier to reuse code.
You're looking at open source from the production side, but have you thought about the consumption side? I'm old enough to remember when Sun Microsystems expected you to pay for a C compiler.
Imagine trying to write Javascript when every package you import incurs a license fee.
> This would also foster competition between different solution offerings
In practice, it seems not to work out that way: the nadir was probably the early 90s, when Microsoft had killed off all the competing PC operating systems and Jobs had yet to return to Apple.
It's pretty simple. Developing and sharing open source work is paid hobby at best. There is almost no other rewards, even to try improving one's employability is hazardous at best. Always have, always is. This a cause a lot of frustration to people that expected anything else, but it's true to most non-economically motivated work.
It's done, or should be done, by people that want to build things they like and share it. Any other use is just some kind of hidden or not so welcome motive, and seen for what it is. Billion dollars companies or not.
Rather than one or two good, open, reference implementations everyone uses you'd rather have multiple proprietary solutions? That seems worse for people who want to learn from a commons of knowledge and hugely inefficient and a waste of time.
I can see an argument for copyleft style licenses for this stuff (though I fundamentally disagree with them, freedom based on copyright that requires police and courts to enforce isn't free) but you appear to be arguing for completely closed solutions, though I assume I'm misunderstanding?
What a peculiar comment on this article in particular. The author mentions right in the article that they run several open source project as a business venture, placing them squarely in the entrepreneuring class. It's just that libjpeg-turbo doesn't seem to be very successful from a monetization standpoint.
> It's very unfortunate that software engineers, especially the good ones able to create libraries used by pretty much everyone, seem to lack the drive to monetize their work
It seems quite obvious to me that most open source libraries are used by pretty much everyone because they are free to use. Personal projects rapidly become unfeasibly expensive if you need to pay even just a few bucks for 30-50 dependencies each, and businesses have procurement procedures around purchases that tremendously inflate the real cost of purchasing something. "Free" is the only price at which such friction is avoided, and so is the only price at which software spreads to large amounts of users.
There are probably a ton of projects that depend on libjpeg-turbo, but the first thing that comes to mind are browser vendors. It's probably fair to say that most jpegs are viewed in web browsers. They should really just chip in, or even formally employ the author to just continue working on this library.
FWIW, Mozilla has been maintaining their own fork for quite a while now[1]
But AFAIK most Linux Distros have been using libjpeg-turbo as a drop-in replacement for libjpeg, after some drama in ~2010 where libjpeg came under new management, decided to break ABI/API several times over and add incompatible, non-standard format extensions[2].
> add incompatible, non-standard format extensions
and change the down-/upsampling algorithm for images with chroma subsampling such that it tends to introduce additional artefacts, because when decoding e.g. a classic 4:2:0 subsampled image (i.e. chroma resolution is half the luma resolution both horizontally and vertically), each subsampled 8x8 chroma block is now upscaled individually to 16x16 for the final image, which can and does introduce additional artefacts at the boundaries between each 16x16 px block in the final image. But the current libjpeg maintainer insists on that new algorithm because it is mathematically more beauftiful…
>> But the current libjpeg maintainer insists on that new algorithm because it is mathematically more beauftiful…
Ugh. That always has to take a backseat to functionality and usefulness. Well, if you want to serve users and not just yourself.
I'm still in the thinking phase of a major rewrite of a big piece of code that will make it bug-free, but it will likely be very ugly due to a large number of cases/variations to handle. I'll spend a little more time looking for an elegant simplification, but it has to be done one way or the other to fix the ecisting bugs.
Supposedly the advantage is that the new scaling algorithm (via a Discrete Cosine Transform) is perfectly reversible (other than the data loss by introduced by the initial downscaling of course) – in practice I found that looking at the whole compression/decompression pipeline, a current libjpeg (using DCT scaling) still takes a number of iterations of repeated compression and decompression to converge to a stable image, i.e. not really different from both an older version of libjpeg itself, respectively libjpeg-turbo (both of which still use bilinear scaling or something like that for subsampling).
The additional artefacts between subsampling blocks introduced by DCT scaling on the other hand were clearly visible if you knew to look for them. (They're admittedly not super-massive, but under certain circumstances they are noticeable, which is how I stumbled across that topic in the first place – it turned out when I finally switched to a current version of my favourite image editor, it had in the mean time upgraded from an older libjpeg version to a newer version that was using DCT scaling. Thankfully the authors of that editor were actually willing to switch to libjpeg-turbo – somewhat ironically without the real "turbo" bits because they couldn't get the assembler bits working with their build system, so not much of a speed-up, but at least it got rid of the decoding artefacts for subsampled images.)
Interesting, however I found this in the mozjpeg readme:
> MozJPEG is a patch for libjpeg-turbo. Please send pull requests to libjpeg-turbo if the changes aren't specific to newly-added MozJPEG-only compression code. This project aims to keep differences with libjpeg-turbo minimal, so whenever possible, improvements and bug fixes should go there first.
So they still rely on upstream development of libjpeg-turbo. Unless the readme is out of date and they don't bother syncing with libjpeg-turbo now.
Right, it's not a proper fork. It's actually just a static set of patches that improve the compression ratio in libjpeg-turbo but can't be upstreamed, for reasons.
For a library like libjpeg-turbo, it's probably best that it stays in maintenance mode.
I mean... it's JPG. It's the traditional lossy image format that everyone's been using since forever, and that hasn't received any changes. It also shouldn't receive any changes, as its big advantage is its compatibility. If you want something better, you'd use other formats like avif.
I'm all for paying open source maintainers, and this guy should receive money so he can continue to fix bugs and do other minor maintenance work. But I don't see why there should be new features in the default jpg library.
This isn't the default jpeg library. That's libjpeg. In this case, the `jpeg` bit isn't as interesting as the `-turbo` bit. Keeping up with the fastest way to implement JPEG on new architectures and CPUs is worthwhile.
That's entirely fair, but also worth pointing out that (according to the google groups post) libjpeg-turbo doesn't implement all of the standard. To be even more fair, I don't know if libjpeg does either.
the email lists many reasons to continue libjpeg-turbo development which are still relevant if a new (let's say better for the sake of argument) image standard exists:
> expanding SIMD coverage to new algorithms or instruction sets or CPU architectures, supporting less popular new platforms, improving the APIs, hardening security, improving fuzzer coverage, enhancing the build system, improving automation, etc
There is no stigma to being a parasite so that’s what people do, with justifications as above. Just because it isn’t legally required doesn’t mean it is ethical to not do it.
It's not being a parasite if the author willingly chooses to give his work away for free. It is also not the tragedy of the commons, since the tragedy of the commons refers to consuming a finite resource. A software library is not a finite resource since it can be copied indefinitely.
This is the author choosing to work for free (which is fine), wanting to get paid (which is fine, and I do suggest he does charge for his software), and this thread making up an alleged ethical obligation to pay for something which has a price tag of zero.
Dung[1] beetles are not parasites - they simply take what is given freely, and without cost or injury to the producer. If an animal attempted to get beetles to pay for dung, it may run into competitive challenges.
1. Not a commentary on the quality if F/OSS, which I love.
Open source developers are not being paid. They published under licenses that allow zero cost and businesses won't pay.
If you want to write open source code for living, you have to find a business model that works. In this case, it is even under permissive license.
* code freeze - code is under open source license only a certain time after commit/release. Maybe add "support", aka you get security fixes in timely manner.
* open core - put some features behind commericial door.
* go ImageSharp way of split license. That one is fun, because MS deprecated/killed (throws exceptions on attempt to use) official image/font library and that was was intended replacement. Rather blatant offloading of costs.
It’s not just companies though, it’s people. Lower costs win, factoring in quality which is just another way of saying “how many replacements of this cheap thing do I need before it’s with buying this expensive thing”.
If you want to write OSS for a living get good at writing grant proposals. There's money out there, but you have to know where it is and you have to ask for it.
146 comments
[ 1.8 ms ] story [ 189 ms ] threadBeing a commercial product is hard. Having customers, supporting them, etc is very hard. Most can't sustain themselves either. Especially when competing with open source.
Every time I read about "criminal underfunding" of open source, it comes off as people wanting to be able to capture some of the value of being commercial without any of the cost. Being open source means more people use your software. But they owe you nothing at all for that. Enough value to pay themselves to work on it is not a small amount of value, and most commercial software doesn't make it there either.
If you want people to pay then be paid software. Otherwise you often just want a contract with terms nobody wants to pay you for. There is nothing abnormal about that, and it's certainly not "criminal underfunding".
I'm sorry it's not as easy as people want it to be, but it never was - this isn't new, and it not likely to be anytime soon.
The main difference now seems to be how many more people feel their users should have greater responsibility than they require of them. That's one of the things that often makes your product popular though.
(Ironically, my single sentence license above would be more likely to win a court challenge than the GPL/AGPL, while also being more resilient to new methodologies and less vulnerable to loopholes; however, it’s incompatible with the “legal contracts should not depend on human judgment calls” viewpoint that’s popular in technical circles.
As an aside, the reason I don't think your statement would work is you don't have the ability to unilaterally bind other people by a statement you make without their agreement (ie you saying something is not a contract, because that is by definition an agreement between parties). For that reason I'm pretty sure your "all who modify my work must ..." subclause would have no legal force.
The mechanism that copyleft licenses use is to grant rights to the user provided that the user adheres to the terms. That's something you can do, because it's up to you to grant whatever rights you want to grant and it's in your gift to set conditions on those grants. If users don't accept the terms of the license, they don't get granted the rights and therefore they are prevented from using or distributing the software by normal copyright law.
[1] eg check out http://gpl-violations.org/news/ or https://sfconservancy.org/news/2019/apr/02/vmware-no-appeal/ etc
Projects and organizations that do get a large portion of their funding from donations usually need to spend a lot of time marketing and evangelizing to get those donations. A solo open source developer probably doesn't have the time to do that, plus write the software itself.
It can be "on them" and also bad that it works this way.
If you just give me something without setting a price then it's not a commercial transaction and I don't have an obligation to pay nor do you have an obligation to support the good or service you sold to me. Or do you believe that every time someone gave you a present actually you were supposed to pay the gift-giver based on the value of the present?
Though when you mention support, that's one route to improving the situation. It seems like most companies are unwilling to buy pure support, even though most of what they actually want is support. If paying for pure support was more normalized it would be very helpful to open source.
Well, we don't live in a pre-monetary society and we don't use loose accounting, except with people we're close with and who we can trust.
In a monetary economy, contracts don't fit every situation, and someone deciding they don't want to make people pay for valuable code shouldn't ruin their ability to use that code as a "day job". We need to figure out better methods to reward useful work, as a society.
It seems like source available type licenses (e.g., Kyle Mitchell's Big Time license: https://bigtimelicense.com/ ) are a reasonable middle ground for being paid software without giving up many of the benefits of open source.
I'm hoping there's a notable uptick in adoption of licenses like these.
How do they do that if they don't call themselves open source (or "Open Source (TM)" if you prefer) in the first place?
Regardless, something needs to be done about the sustainability gap in open source other than writing messages like what's linked. The inability of your project to incorporate someone else's code shouldn't consign the rest of us to not have the benefits of access to that someone else's code outside of a proprietary binary.
First of all, some of them DO call themselves that even though they unambiguously aren't. And even for the ones that don't, they usually try to sound as similar as possible to it and downplay the differences.
> Regardless, something needs to be done about the sustainability gap in open source other than writing messages like what's linked.
That feels like the politician's fallacy. We need to do something, and switching to fauxpen source is something, but that doesn't mean we need to switch to fauxpen source.
> The inability of your project to incorporate someone else's code shouldn't consign the rest of us to not have the benefits of access to that someone else's code outside of a proprietary binary.
It's not just one project that can't. If a given bit of code isn't open source, then NO open source projects can incorporate it.
There was understandably uproar about things like the "Commons Clause" and similar attempts to retrofit obligations to pay onto open source licenses. I have no disagreement with rejecting these as misrepresentations of open source. But if no such misrepresentation takes place, this line of objection is bogus. I gave an example of one license that does not misrepresent itself in such a way. I'm sure there are others and if not, attempts should perhaps be made to develop others, just as we have multiple open source licenses available.
>> Regardless, something needs to be done about the sustainability gap in open source other than writing messages like what's linked.
> That feels like the politician's fallacy. We need to do something, and switching to fauxpen source is something, but that doesn't mean we need to switch to fauxpen source.
I regret my phrasing, "something needs to be done," which does indeed sound like a politician. So let me rephrase. There is an axis, with proprietary secret source code and FOSS anchoring the ends. This axis is a good proxy for monetizability, but the axis itself is about freedom. With secret source, no user gets any benefit from the source. Source available, is, to me, a genuinely constructive attempt to address the need for developers to be compensated, while still giving users many of the benefits of access to the source.
I don't think source available is going to be something we "switch to" so much as, if some developers need income from the code they put out there, this is a far more user-centric option than telling everyone to download binaries for platforms they may or may not use and submit themselves to intrusive license checks. If you want to get a job at a RedHat or Collabora or try to have your employer cover your open source time instead, more power to you, source available certainly doesn't stand in the way of that.
> It's not just one project that can't. If a given bit of code isn't open source, then NO open source projects can incorporate it.
Open source projects have no hope of incorporating secret source software either. At least with source available, users can look at the code, make changes, build it themselves, and if they fit whatever "gratis" criteria are a part of the license, they don't have to pay either.
> They're not reasonable at all. They deceive users and leach off of the good name of open source
I disagree. Source available licenses are reasonable, but not “a middle ground for being paid software without giving up many of the benefits of open source”.
Reading the https://bigtimelicense.com/ and https://bigtimelicense.com/versions/2.0.1, though, I don’t think that’s a source available license. It doesn’t mention source code at all.
It’s a license that allows small entities to use a binary for free, and promises larger companies to give “fair, reasonable and nondiscriminatory terms” (I guess that’s in the license to ‘guarantee’ smaller companies they will be able to get such a license and that they will be able to afford it. IANAL, but I think the “nondiscriminatory” guarantees the former, but “fair and reasonable” doesn’t fully guarantee the latter)
“Source available” is more or less the reverse: it guarantees you can view the source, but doesn’t necessarily give you the right to modify or even compile it (https://en.wikipedia.org/wiki/Source-available_software)
The Wikipedia page you cited opens with "Source-available software is software released through a source code distribution model that includes arrangements where the source can be viewed, and in some cases modified, but without necessarily meeting the criteria to be called open-source."
So by this definition, "source available" is a superset of FOSS, but not specific enough to imply what the user can and can't do with the source code. It makes sense to name classes of license within the "source available" umbrella that spell out what freedoms are restricted/preserved.
The Big Time license is not specific as to whether the covered software is provided in source or binary form, and is easily applied to source code distributions. Probably the reason I associated this license with "source available" is the primary license author is a prominent U.S. lawyer involved with open source and I'm pretty confident it is written to be applicable to source code even if it is not explicit about it. Similarly, the BSD license doesn't require that the license be attached to source code - one could release binary-only software under the BSD license.
In my own case, I write every one of my projects as if it were supported, released, commercial software. I wrote shipping, commercial software for my entire career, and got in the habit. It isn’t that much fun. Lots of boring bits, in writing high-Quality, release-grade, software.
That said, thank Cthulhu that I don’t depend on it for a living.
I’m pretty much my only customer. I write software that I want, and use it in almost everything I write. I also archive projects and apps that I am no longer actively supporting.
I don’t really care whether or not anyone else uses it. In fact, the fewer, the better.
- of course, building a successful commercial software (company) is a lot of work
- but if you manage to create a commercial software that reach even a fraction of libjpeg-turbo's success, you'd get very rich, with lots and lots of zeros on your bank account, and a family free from material problems for decades to come.
- nobody, including the author, claim that he should be rich. We just think that it's a pity that he's not able to make decent money, despite creating tremendous value to very profitable companies (and making an much easier job to thousands of developers far less skilled than he is, while still making multiple times his paycheck).
This is a non sequitur, given that libjpeg-turbo has reached libjpeg-turbo's success and its author is not several times very rich. It is unfortunately very possible to create a product that's very popular and that takes a lot of effort to work on, but which most people are not willing to spend any money on.
I'm afraid you must suffer from some reading impairment, as I explicitly said this (now with the emphasis added):
> if you manage to create a commercial software that reach even a fraction of libjpeg-turbo's success.
Maintaining open-source software requires time. There is an opportunity cost, and people (unfortunately) need to feed their families, pay their rent, and so on. The problem here is that the developer faces a choice: continue working on a piece of software that makes things better for thousands (or tens of thousands) of companies and individuals, or put that time towards something that benefits him and his family directly and ensures that they can continue to survive and thrive in a capital-based society.
If he moved libjpeg-turbo to paid software (not that I expect that's possible) then I'm sure a lot of companies would pay for it, and a lot of open-source projects (or smaller companies) would be forced to stop using it. That's not good for anyone (except the developer).
I think the thing to consider is this: if everyone who's ever saved at least two dollars on time, bandwidth, CPU power consumption, cloud compute costs, or any other factor gave him one of those dollars, he'd be set for life. He could make libjpeg-turbo his full-time job indefinitely.
He's not asking for a six-figure salary, but it's difficult to look at a project that you're spending time and effort on that's saving other people such huge amounts of money and compare that to the meagre amounts anyone is willing to contribute for it and to consider that a worthwhile tradeoff.
In the end, he's making that choice: he's going to spend time doing something else. He doesn't come across as feeling entitled (his argument that open-source software should be more funded/appreciated than it is doesn't seem to be in debate), he's just faced with a choice and he's letting people know ahead of time what choice he made.
Why not at least complain about the large tech companies that aren't sponsoring at all, or only sponsoring specific project work?
[0] From https://libjpeg-turbo.org/About/Sponsors it looks like a bunch of companies have sponsored specific projects, but from the message it sounds like these projects have been basically underbid by the library maintainer, and that's been part of the problem.
https://github.com/sponsors/libjpeg-turbo
Ideally, every developer in every large co would be given some budget to spread sponsorship money around as they saw fit—ask your manager to make it happen. Note that they may be able to register this as a marketing expense, which may be more favorable to your accounting department.
(I use this library in PhotoStructure via Sharp and libvips, so I just started sponsoring it)
If I'm not mistaken, there is a ton of overhead ensuring that the money doesn't directly benefit any of the employees themselves. There are all sorts of regulations around how things like gifts and donations are accounted for, taxed and so forth. Then, you also wade into territory of graft, bribes and so on (employees of company A funneling money into open source project B, which is worked on by employees of potential customer C).
I end up donating with my own money to opensource projects I value but I don't have enough money to properly fund all projects I would like.
But like I say when a for-profit corporation complains and blames outside forces when they have trouble with their finances: it is not our responsibility to make your business model work.
If you want to get paid a certain amount to write software, donations are often not a reliable way to do that. As much as I am an open-source advocate, dual licensing and requiring payments for commercial use seems like a better path to stable income, assuming others believe your software is worth the price.
Dual licensing and requiring payments for commercial use comes with risk as companies could flock to alternatives or forks, but at the end of the day, is the better model as it establishes expectations upfront and makes it clear that one fully stands behind one's product.
What does he expect to happen? I really don't get it. If you like to work on opensource. Sure, do your thing. But if the benefit in CV building and personal satisfaction are not enough, why don't you stop doing it?
These projects deserve funding, if at least from giants like facebook & co.
Absolutely.
Looking at:
https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/...
one wonders what possible harm could come from leaving image decompression buffer faults from maliciously crafted jpegs in popular browsers and software unattended.
This is yet another reason a switch to a memory-safe language like unsafe-free Rust is highly imperative.
Guaranteeing memory safety isn't just an overhyped benefit meaningful only to Rust fanboys. It is also one important reason why much code is written in Java, Python, or JavaScript. It is a valuable property for any language to have.
The 100% certainty you use to claim it's absolutely memory safe is the essence of the problem with the rust fanboys.
There is an entire class of bugs common to C and C++ that absolutely never happen in JVM languages, CLR languages, Rust, etc. This particular class of bugs of bugs never happen by design, because the language design simply does not permit them to occur ever.¹
¹ I am obviously of course excluding bugs/exploits/unintentional-loopholes here that are in the JVM or CLR, or in the Rust compiler itself, that permit a program to "break out of its box", so to speak.
Does that mean Swift is unsafe? No.
All this does is create the potential for a memory leak. Which is nowhere close to being in the same category as a buffer overflow exploit.
Also, I suppose one could write a garbage-collected pointer library for Rust, which adds cycle detection (and auto-deletion) on top of ARC.
There's a reason https://github.com/libjpeg-turbo/libjpeg-turbo/tree/main/sim... is filled with assembly files with conditional loading.
With all the hyper-optimized assembly in there, it's probably still more efficient even with the container penalty (which, tbh, is close to zero on Linux these days).
WUFFS is a special purpose language for Wrangling Untrusted File Formats Safely:
WUFFS pays a high price (loss of generality) for a valuable reward (compile time assurance of memory safety, very high performance) and it makes no sense for people to hand roll this sort of software in C when they should use WUFFS.
https://github.com/google/wuffs
To get paid for doing open source.
This is a plea for increased funding.
You can think of it as a job application being broadcast.
His software is clearly valued, but companies take 3rd-party dependencies for granted because they're just there and can be used for free. There are things a company can do to replenish the ecosystem: Give time or money to maintain projects they depend on.
> if the benefit in CV building and personal satisfaction are not enough, why don't you stop doing it?
I'm afraid you don't understand the basic premise:
He is not (primarily) doing open source to promote his CV.
He is (presumably) doing open source for ideology and lifestyle: because it provides a good work environment where you work on exactly what you want, provides value that scales beyond what a single company can create (but is otherwise somewhat harder to measure), and provides value to the global, general public, which is not something people with day jobs can claim as easily.
Out of curiosity. You know, apples and oranges.
That alone does not entitle anyone to payment. All you're entitled to - as per license - is to have the license reproduced in full on some "About > Licenses" page.
Anything else is underpants-gnome level of magical thinking:
1. Author FL/OSS package
2. Package get wildly popular
3. ???
4. Profits
If an artist said “I’m going to quit art if the world doesn’t pay me”, surely most people would just say, “good luck with that.”
If someone’s art piece contained a bug that broke a company’s industrial build pipeline, and all funding for improving the art piece was gone the next 15 months, I’m sure that company would consider donating.
There isn’t a principal difference between art and software here. It is the nature of companies that rely on open source that is not well understood here, causing criticism and questions.
This is a friendly reminder that anyone interested in a 3.1 release in the foreseeable future should cough up. :-)
I really don’t see the complaining.
Their "hobby" saves huge corporations large amounts of money. I don't understand how it's not obvious that they should chip in comparatively small amounts of money to make sure that the project stays updated and secure.
Why bother funding open source at all, it's not like it's the foundation of the entire worlds infrastructure or anything.
Just because "it helps the CV" doesn't mean that's an end goal in itself in the long run, and once a library is popular the implications (security issues!) of non-maintenance is far higher even if it started out as a "fun" project.
This xkcd illustrates it perfectly, https://xkcd.com/2347/
working on open source software is and can be a "real" job. the only difference to closed source software is that the source code is open - nothing else (simplified).
if you want your hair cut, pay the hairdresser. if you're interested in the continued development of the project, pay the author. it's as simple as that.
in this case there's not enough funding so the project is discontinued. doesn't get more professional and non-hobbyist than that.
Right now, those corporations just steal the code and sponsor the OSI's gatekeeping.
That is no small difference. In particular the business is completely different and if you want to make a living out of it, you should plan your job accordingly: find an employer that pays you to write the software, make a business around support for the software, open a twitch/YouTube channel and monetize it, etc., but asking people (or worse corporations) that have the right to use something for free to pay for it doesn't look to me like the best course of action.
> if you want your hair cut, pay the hairdresser. if you're interested in the continued development of the project, pay the author. it's as simple as that.
If you offer to cut the hair for free, you shouldn't complain that rich people don't pay for your services, and the "but everybody comes to me" is not a good enough reason, especially when being free is one of the motivations.
You also should not complain when the hairdresser stops offering free haircuts.
What I am complaining about is the assumption that people using open source software have to contribute to the authors, expecially if they have plenty of money. Open source is not about that. If that is the expectation, a different type of license is probably better suited.
So it's less of a complaint and more of well meaning advise that he too should work for pay.
Err, this is him announcing that he's stopping doing it.
These companies could throw $10k or more at their FLOSS constituents to thank them. And more most of the companies we're talking here, is a rounding error of a rounding error. But, most don't cause there is no 'need' to.
Why build a community when you can just use people up?
Businesses aren't going to pay unless they are mandated to, because why would they otherwise?
"using the Lesser GPL permits use of the library in proprietary programs"
so it's going to be OK even in BSD and other permissive licenses.
Ask a pornstar the same question...but not about code.
It's very unfortunate that software engineers, especially the good ones able to create libraries used by pretty much everyone, seem to lack the drive to monetize their work and instead accept payment through GitHub stars, likes and prayers.
Exactly. It is interesting to me that GP uses the word "open source" while entirely missing the point of free software [1], and how copyleft licenses were designed to resist corporations taking from the commons without contributing back from the start.
> “Free” and “open” are rivals for mindshare. Free software and open source are different ideas but, in most people's way of looking at software, they compete for the same conceptual slot. When people become habituated to saying and thinking “open source,” that is an obstacle to their grasping the free software movement's philosophy and thinking about it. If they have already come to associate us and our software with the word “open,” we may need to shock them intellectually before they recognize that we stand for something else. Any activity that promotes the word “open” tends to extend the curtain that hides the ideas of the free software movement.
[1] https://www.gnu.org/philosophy/open-source-misses-the-point....
a) the non-commercial usage is restricted, so there's a reason to buy a commercial license, and
b) The copyright is assigned to a singular person or entity so there's no confusion as the recipient of money.
Sadly both of these things conflict with Open Source either definitionally ("no restrictions on use") or in spirit ("single copyright holder/CLA means no or an exploited community").
I realized that monetizing is mostly about selling, which I'm simply not good at (probably because I hate it). Telling open source developers to simply get more hustle isn't really a solution.
A big open source project isn't even good for your career. In my experience, recruiters don't care at all.
I am very glad I get to use open-source software at no cost. There are profiteers, sure, but I believe in the end open-source software will be more beneficial for society as a whole as it is much easier to reuse code.
Imagine trying to write Javascript when every package you import incurs a license fee.
> This would also foster competition between different solution offerings
In practice, it seems not to work out that way: the nadir was probably the early 90s, when Microsoft had killed off all the competing PC operating systems and Jobs had yet to return to Apple.
It's done, or should be done, by people that want to build things they like and share it. Any other use is just some kind of hidden or not so welcome motive, and seen for what it is. Billion dollars companies or not.
Rather than one or two good, open, reference implementations everyone uses you'd rather have multiple proprietary solutions? That seems worse for people who want to learn from a commons of knowledge and hugely inefficient and a waste of time.
I can see an argument for copyleft style licenses for this stuff (though I fundamentally disagree with them, freedom based on copyright that requires police and courts to enforce isn't free) but you appear to be arguing for completely closed solutions, though I assume I'm misunderstanding?
> It's very unfortunate that software engineers, especially the good ones able to create libraries used by pretty much everyone, seem to lack the drive to monetize their work
It seems quite obvious to me that most open source libraries are used by pretty much everyone because they are free to use. Personal projects rapidly become unfeasibly expensive if you need to pay even just a few bucks for 30-50 dependencies each, and businesses have procurement procedures around purchases that tremendously inflate the real cost of purchasing something. "Free" is the only price at which such friction is avoided, and so is the only price at which software spreads to large amounts of users.
I don’t think software is different enough from music to make a difference.
But AFAIK most Linux Distros have been using libjpeg-turbo as a drop-in replacement for libjpeg, after some drama in ~2010 where libjpeg came under new management, decided to break ABI/API several times over and add incompatible, non-standard format extensions[2].
[1] https://github.com/mozilla/mozjpeg
[2] https://en.wikipedia.org/wiki/Libjpeg#History
and change the down-/upsampling algorithm for images with chroma subsampling such that it tends to introduce additional artefacts, because when decoding e.g. a classic 4:2:0 subsampled image (i.e. chroma resolution is half the luma resolution both horizontally and vertically), each subsampled 8x8 chroma block is now upscaled individually to 16x16 for the final image, which can and does introduce additional artefacts at the boundaries between each 16x16 px block in the final image. But the current libjpeg maintainer insists on that new algorithm because it is mathematically more beauftiful…
Ugh. That always has to take a backseat to functionality and usefulness. Well, if you want to serve users and not just yourself.
I'm still in the thinking phase of a major rewrite of a big piece of code that will make it bug-free, but it will likely be very ugly due to a large number of cases/variations to handle. I'll spend a little more time looking for an elegant simplification, but it has to be done one way or the other to fix the ecisting bugs.
The additional artefacts between subsampling blocks introduced by DCT scaling on the other hand were clearly visible if you knew to look for them. (They're admittedly not super-massive, but under certain circumstances they are noticeable, which is how I stumbled across that topic in the first place – it turned out when I finally switched to a current version of my favourite image editor, it had in the mean time upgraded from an older libjpeg version to a newer version that was using DCT scaling. Thankfully the authors of that editor were actually willing to switch to libjpeg-turbo – somewhat ironically without the real "turbo" bits because they couldn't get the assembler bits working with their build system, so not much of a speed-up, but at least it got rid of the decoding artefacts for subsampled images.)
> MozJPEG is a patch for libjpeg-turbo. Please send pull requests to libjpeg-turbo if the changes aren't specific to newly-added MozJPEG-only compression code. This project aims to keep differences with libjpeg-turbo minimal, so whenever possible, improvements and bug fixes should go there first.
So they still rely on upstream development of libjpeg-turbo. Unless the readme is out of date and they don't bother syncing with libjpeg-turbo now.
Mozilla has sponsored libjpeg-turbo in the past: https://libjpeg-turbo.org/About/Sponsors
I mean... it's JPG. It's the traditional lossy image format that everyone's been using since forever, and that hasn't received any changes. It also shouldn't receive any changes, as its big advantage is its compatibility. If you want something better, you'd use other formats like avif.
I'm all for paying open source maintainers, and this guy should receive money so he can continue to fix bugs and do other minor maintenance work. But I don't see why there should be new features in the default jpg library.
> In 2019, libjpeg-turbo became the ISO and ITU endorsed reference implementation for the JPEG format. [13]
The paragraph that follows might help to clarify why this happened.
> expanding SIMD coverage to new algorithms or instruction sets or CPU architectures, supporting less popular new platforms, improving the APIs, hardening security, improving fuzzer coverage, enhancing the build system, improving automation, etc
By releasing this library at no charge, the author is valuing his software at zero dollars. Downstream users accept his offer.
There is no story here.
There is no stigma to being a parasite so that’s what people do, with justifications as above. Just because it isn’t legally required doesn’t mean it is ethical to not do it.
This is the author choosing to work for free (which is fine), wanting to get paid (which is fine, and I do suggest he does charge for his software), and this thread making up an alleged ethical obligation to pay for something which has a price tag of zero.
1. Not a commentary on the quality if F/OSS, which I love.
If funding suddenly materializes for this developer as a result of this email, will you search for a bug in your worldview?
If you want to write open source code for living, you have to find a business model that works. In this case, it is even under permissive license.
* code freeze - code is under open source license only a certain time after commit/release. Maybe add "support", aka you get security fixes in timely manner.
* open core - put some features behind commericial door.
* go ImageSharp way of split license. That one is fun, because MS deprecated/killed (throws exceptions on attempt to use) official image/font library and that was was intended replacement. Rather blatant offloading of costs.
This has been rehashed several time (core-js recently https://github.com/zloirock/core-js/blob/master/docs/2023-02...).
The gist of it is: Companies are not going to pay if they don't have to. That is the reality and it's not going to change. Plan accordingly.
https://nlnet.nl/news/2023/20230401-call.html
If you want to write OSS for a living get good at writing grant proposals. There's money out there, but you have to know where it is and you have to ask for it.