Hacker News new | past | comments | ask | show | jobs | submit login
NPM Bans Terminal Ads (zdnet.com)
424 points by slovenlyrobot 80 days ago | hide | past | web | favorite | 353 comments



While I don't particularly like the idea of stuffing ads into npm logs, I don't have the same visceral negative reaction that many people have in these HN threads on this topic.

The overwhelming majority of the people complaining about this are well-paid tech workers writing code for well-funded companies that profit off of open source code without providing any reciprocal value to the open source projects in return. (Of course, that statement isn't true for 100% of companies, but I'd guess that less than 10% of companies using open source code donate back to the open source projects they use)

Something about this whole debate makes me a bit uneasy.

You have people working mostly for free, developing open-source, FREE code that provides incredible value to the for-profit companies that use the open source code to generate (sometimes) massive amounts of revenue.

Given the amount of value open source provides to for-profit companies (with the open source maintainers rarely getting any reciprocal value from the companies that profit off them), why is it so alarming to think that these maintainers might think of a clever idea like this to make a couple thousand bucks?

I'm not arguing that npm install logs should be packed full of ads (it shouldn't).

But instead of attacking the guy for trying, I really wish the discussion were focussed on how the community of open-source consumers can contribute back to the open source ecosystem in a way that promotes the sustainability of the projects and community.


>, why is it so alarming to think that these maintainers might think of a clever idea like this to make a couple thousand bucks? [...] But instead of attacking the guy for trying, I really wish the discussion were focussed on how the community of open-source consumers can contribute back to the open source ecosystem

You're (possibly unintentionally) distorting/diverting the issue. Nobody is criticizing open source maintainers for trying to get funding in an abstract sense. (We can all agree open source maintainers need income.) However, if the concrete implementation of trying to get money is unwanted and unexpected ads, then the correct focus of discussion is the criticism of that ad delivery method. The succinct version of this is: "The ends do _not_ justify the means."

As hypothetical examples...

- If Pi-Hole maintainers get the "clever" idea to get funding by changing "doubleclick.net" from returning "127.0.0.1" to the ip address for "BuyPiholeTShirts.com", people are going to criticize that "ad". It doesn't matter if Pi-Hole volunteers "deserve" more money, the correct focus of criticism/discussion is the sneaky ip redirect.

- If the maintainer of d3 Javascript library (https://github.com/d3/d3) decides to embed advertising such as "Try LINODE for 30 days!" in "README.md" and inside the source code comments of every js file, the correct focus of discussion is those ads and not whether the maintainer needs money.

The methods of soliciting funds do matter.

So far, socially acceptable ways seem to be Patreon, or getting hired by FAANG, or grants, etc. The "clever ideas" like NPM console ads are not socially acceptable.


This is an unfair go at the poster. He said "I'm not arguing that npm install logs should be packed full of ads (it shouldn't)."

That's clear as can be. He's asking the same question I am, how do we get sufficient funding for these projects. Re your patreon suggestion, I thought we recently had an article where someone got little to nothing on that.

> or getting hired by FAANG

So one way to support foss software is to get hired by a closed source company. Kind of defeats your point.

This is the problem right here, "I want but I'm not personally going to pay". We get ads (funding model of the modern web) or foss remains underfunded while non-foss companies get the cash they need. The problem is human nature. And yes, I've personally opened my wallet for them, and will again.


>This is an unfair go at the poster. He said "I'm not arguing that npm install logs should be packed full of ads (it shouldn't)." That's clear as can be.

Please reread my reply to OP carefully and notice I did not say he endorsed NPM ads. Instead, I specifically disagreed with his suggestion to redirect the discussion away from the NPM ads to the general topic of open-source funding.

>He's asking the same question I am, how do we get sufficient funding for these projects.

To be clear, that's a different question and I wasn't even attempting to answer it. I mentioned funding like Patreon as examples of social acceptability and not as examples of income sustainability.

>Kind of defeats your point.

My point was a narrow one : others are criticizing the unwelcome ad solicitation and that's a correct area of focus.

The other question of how to get sustainable open-source funding is also an important topic -- but that doesn't mean it forbids discussion of unacceptable spam/ads. They can be 2 parallel discussions.


you said

> However, if the concrete implementation of trying to get money is unwanted and unexpected ads, then the correct focus of discussion is the criticism of that ad delivery method

But he'd already said, prior to that

> I'm not arguing that npm install logs should be packed full of ads (it shouldn't).

He'd already said no to them; you're both in agreement. There's nothing to argue about.

Having agreed that nobody wants ads, the next step is to determine how to not have them (and their nastier big sibling, telemetry and malware, which will follow) by providing funding.

(edited for brevity)


Please stop having "you said he said" discussions. If someone clarifies their position that they meant to say something else than you read, please accept it in good faith and don't see this as an invitation to hark back to their previous messages.

This comment is not aimed at you specifically, but everyone in this comment thread who engages in this pointless arguing.


You’re missing the point and illustrating it further. The comment was garbage because it derailed the entire discussion around terminal ads to try to direct it to FOSS funding.

It doesn’t matter if they both agree that text ads are bad. It’s basically a “think of the children” derailment except it’s “think of the poor foss dev”.


I think you are making an extremely valid point; i often see the same “think of the children” argument made when discussing advertising and the web. Likewise, no one is saying websites shouldn’t have an income.


If you're only talking about how you don't like the solution; and refuse to talk about the underlying problem; you're going to keep seeing the bad solution again and again and again.

Here everyone says they don't like ads; and then are shocked that people want to talk about why ads are showing up and what to do about that.


Ads show up regardless of funding. Cut the bullshit. Look at how many ads are on cable television and even pay for news websites.


> That's clear as can be. He's asking the same question I am, how do we get sufficient funding for these projects.

We don't. Only a fool would expect to make a living wage giving something away for free.

From the beginning FOSS has been either interested individuals or employees at corporations with a vested interest. There's no reason we should expect that John Q Developer independently working on a bunch of NPM modules to be compensated by the world at large.


> There's no reason we should expect that John Q Developer independently working on a bunch of NPM modules to be compensated by the world at large.

With all due respect, I feel this is a lack of imagination. We could have said the same thing about soup kitchens, or basic income, or social welfare, or anything else that doesn't cleanly draw profit.

So yes, it doesn't work. At least not until we demand it does and distort the legal, social, and cultural frameworks around it.

As one solitary example, what about a shift to using copyfarleft licensing that only allows MIT-level freedom to nonprofits and co-operatives, while for-profit orgs pay fees instead of just leeching. This has the added bonus of shifting benefit to platform cooperatives, which governments are already starting to ideologically favour as we all see the gleaming metal edge of platform capitalism.

There are a hundred more options if we believe building the commons is better than milking it dry.


> With all due respect, I feel this is a lack of imagination. We could have said the same thing about soup kitchens, or basic income, or social welfare, or anything else that doesn't cleanly draw profit.

Those are all driven by charity for the destitute. It’s not meant to be a patronage paid to starving artists. On the contrary the able bodied are expected to not draw from that well if they can provide for themselves so that more remains for the truly deserving.

> So yes, it doesn't work. At least not until we demand it does and distort the legal, social, and cultural frameworks around it. As one solitary example, what about a shift to using copyfarleft licensing that only allows MIT-level freedom to nonprofits and co-operatives, while for-profit orgs pay fees instead of just leeching. This has the added bonus of shifting benefit to platform cooperatives, which governments are already starting to ideologically favour as we all see the gleaming metal edge of platform capitalism.

There’s no such thing as partial BSD style licensing. You’re either all the way there or you’re not. Favored status to non profits is no different than discriminating from “evil” usage.

I’m not saying one can’t do that, just that there’s no half measures. I make it a point to contribute to BSD style software that I actually use and explicitly do not contribute to “shared source” bullshit.

> There are a hundred more options if we believe building the commons is better than milking it dry.

I don’t see anything going dry. The system has worked fine till now. What’s changed is the unrealistic expectation of hand outs for something you’ve already agreed to give away for free.


I would like to disagree with your point on basic income. It’s usually called _universal_ basic income. Precisely to clarify that it is not a “charity for the destitute”, it is absolutely meant to be for everyone.

And for the larger discussion on building the commons I happen to think UBI is an important component. Focusing on the amateur work being done by the civil society at least, an UBI could be precisely the thing needed to free up time for cultivating the commons.

Now, granted, most UBI proponents do argue from a solidarity angle, and do think of it as some kind of charity. But I’ll offer an alternative view point. To me UBI is the foundation from which private property can be justified. Locke argued that commons, such as land, can only be taken as property when there is no contention, which is clearly not the case for anything having a market value. The just way to solve that conflict could be for the owner to simply pay the market value in rent to the commons, as compensation for the exclusive rights. Such payments could be divided as as an UBI. And I suspect it would also result i a pretty handsome amount. Enough to fund a few open source projects at least.


> I would like to disagree with your point on basic income. It’s usually called _universal_ basic income. Precisely to clarify that it is not a “charity for the destitute”, it is absolutely meant to be for everyone.

In the credible UBI plans I've seen, the income is Universal in the sense that "everyone gets a check", but in practice that income is paid for by those with middle or higher incomes, such that for many earners that "income" is a net tax (or neutral). "Charity for the destitute" is a bit hyperbolic, but its absolutely income supplementation for the less well off at the expense of those better off.


In case it was missed. My take in UBI outlined above would avoid this. Even better, I’m hopeful we could abolish all forms of income tax.


Since when are FAANG companies considered to be closed source? Have any of them snatched up maintainers to continue development behind closed doors?

There are examples of large corporations hiring maintainers to work on open source and keep those projects open source. I believe pypi is an example of that.


I am fairly certain that Apple has hired people who previously worked on permissively-licensed projects to work on the closed-source fork.


I'd like to see that backed up, really. There are certainly criticisms to be made of how Apple has handled their open source projects (slow to update and push out new releases, not great at cooperating with upstream projects when Apple has forked them, typically cryptic Apple communication practices). But if Apple has taken open source projects, created closed-source forks of them, and hired original developers of and/or major contributors to the original open source project to maintain and develop the closed source fork without contributing back to the open source original, none of them immediately come to mind.


I got direct quotes from Apple employees about how their employment has banned them from doing anything related to GPLv3 code in their free time, specifically GCC.

I don't want to mention them in a public website in case that gets them in trouble.


That doesn't surprise me. The GPL, especially v3 and AGPL, are specific weird cases at a lot of companies -- sometimes because they want the freedom to close of forks, but often because they're convinced the GPL/AGPL could "poison" their work and force them to open previously closed source. (This turned out to be a problem for us at RethinkDB, which was AGPL-licensed.)


Well, depending on the employee, it would make sense. Apple funded a large part of clang/llvm, which many assume was specifically to avoid a GPL compiler. You'd hate to accidentally pollute a BSD(-ish) project with GPL code, if your primary purpose for funding the project is to avoid GPL code. Not that anyone would purposefully do such a thing, but it would be important for Apple to even avoid the appearance of anything like that.


Apple certainly hires people from their open source projects and keeps closed-source forks. Most of the changes make their way back to their original projects, though, but the caveat is that this only seems to happen if the project is used heavily outside of Apple and after the feature has "shipped" (which may be a while after the code was actually written).


I remember finding an article on HN about a developer for FreeBSD going to work on Mac OS[1], before returning to work in open source. Isn't the Mac OS user space an example of what you describe?

[1] https://www.wired.com/2013/08/jordan-hubbard/


I don't think I'd say it is, no, because Hubbard wasn't hired to work on a closed-source fork of FreeBSD at Apple but rather as an engineering manager. AFAIK, Apple did not make any closed forks of major BSD-related work.


They've certainly hired people to work on open-source projects and keep them open-source (e.g., LLVM, CUPS). What closed-source forks have they made?


Apple keeps internal forks of projects where they can do so legally; it helps them prevent leaks and lets them add new features quicker. These changes often do end up getting merged back in, but this is usually after they have shipped.


Since always? Their core business is developing proprietary software. It's impossible to git clone and say, fix any of the popular complaints.

You might be confused because they build on top of a Free foundation, and do contribute changes back to those layers. But the bulk of their activity is plainly closed, especially the software directly associated with their brands.


I agree with the sentiment that shady things shouldn't be excused because "I'm an open source developer and I need money". You have a point there.

Although:

> decides to embed advertising such as "Try LINODE for 30 days!" in "README.md"

Are you trying to say that this is also not acceptable? Our company sponsors a few open source npm projects, and all of the projects we sponsor have our logo in the README.md - is that really not socially acceptable?


> Are you trying to say that this is also not acceptable?

Not OP but I think it's acceptable. I'm happy to see my favourite free (as in freedom) projects' developers being supported. If someone doesn't like it and if it's truly free software then anyone can fork it to remove that ad and we don't have a problem. That's how free software works, if you can't, then it's not free software. If one just won't fork and opposes what a free software project does then that's just entitlement.


>we sponsor have our logo in the README.md - is that really not socially acceptable?

In the d3 example I tried to exaggerate the hypothetical intrusiveness of ads by embedding it in all the js source files.

In your specific case, if nobody is complaining about your ad inside of a single "README.md", I'm going to presume it's "acceptable".


There is a difference between a company logo and "Try Company PRODUCT for 30 days!"

I imagine the latter comes with a link, perhaps even a tracking one, to sign up for the service.


Not OP, but I still think that's acceptable. README.md is one of a very small number of places that open source developers can reach their users. Most of the time I only read it once, so if there's an ad there, or a link to their other products, as long as it's not a GIF and they didn't find some way to embed a tracker in README.md, I'm cool with it.

It's about as relevant as advertising gets, and it's not coming from a pool of clickbait ads. It's a developer using their open source work to generate interest in the work that pays for it.


As an open source developer, I would refuse to "reach" my users in such a tacky way as selling ad space in my README. You're correct that the README is one of the few touch points with users, and I wouldn't dare waste that on something I consider so disrespectful.


Oh, I'm not talking about selling ad space. I agree that what Funded did was misguided at best. But what my parent was responding to was the idea of even putting a little ad for a paid product by the same developer or company.

If JetBrains, for example, wanted to remind me on the README for Kotlin that they have an IDE that works well with the language, that doesn't offend me.


> perhaps even a tracking one

Tracking the campaign? Yes, probably. But tracking you? How do you expect that to work?

Making ads contextual to the place they are and tracking the campaigns to discover what works and what doesn't is how it should be done.


I presume the user is assuming you could put a tracking pixel in the readme and have it rendered, the same way the build badges work. Github is, of course, one step ahead and hides those behind camo.githubusercontent.com.


An affiliate link, I suppose. Which is annoying, as these are practically spam.


> You're (possibly unintentionally) distorting/diverting the issue. Nobody is criticizing open source maintainers for trying to get funding in an abstract sense.

Yes they're very good at providing speech and debate lip service about wanting to sustain OSS devs, but then when we actually want to do anything except hold out a tip jar they treat OSS devs like trash. The person that wanted to throw people in prison didn't seem particularly interested in our ability to get funding https://twitter.com/kyledrake/status/1166801737534984192


if the concrete implementation of trying to get money is unwanted and unexpected

Every method of funding open source either doesn't work or is unwanted, so arguments like "get paid, just not this way" are disingenuous. When that guy tries a different approach instead of ads, people will be attacking him just as much.

It's time to move the discussion on to "all possible funding methods are unpalatable, so what's the least bad method?"


Open source project funding is a major open problem, which is something many people agree on. It can't sustain if we don't solve that.

What I don't see is the fairness argument. Developers have legal means to restrict commercial use of their software. The community has for decades had a conversation about licensing and none of this is new territory.

These developers chose to volunteer their time to corporations. If they don't like that choice they should change their behavior not make demands of others.

Otherwise it's just the high tech equivalent of the common street scam where somebody hands you an object and then demands a donation if you take it.


> These developers chose to volunteer their time to corporations.

Not so, these developers chose to volunteer their time to benefit the commons, and corporations occupy the same spaces once in a while. Whether or not there are abusive companies who stake out those projects for rent-seeking, to build walled gardens of their own, looting the commons making money for themselves and giving nothing back, is really not a function of the person who did something good for everyone's benefit.

We shouldn't be asking the person who is doing the good thing to change, friend! Reciprocity is an evolutionarily acquired trait, and while you can't count on favors to be repaid all of the time, anyway this is not a requirement in order for us to benefit from reciprocity.

Students of psychology have understood this as one of the favorable characteristics of human behavior which enabled us to survive up to this point. The idea that you can give someone something and receive something bigger in return, while both parties benefit, has been a part of community building for as long as humans formed communities. I would like to share this Sandi Metz talk about it in case you have an hour and want to hear more, I'm not the student of Psychology and didn't make this stuff up myself:

https://www.youtube.com/watch?v=VzWLGMtXflg

> You're Insufficiently Persuasive by Sandi Metz


> Not so, these developers chose to volunteer their time to benefit the commons, and corporations occupy the same spaces once in a while. Whether or not there are abusive companies who stake out those projects for rent-seeking, to build walled gardens of their own, looting the commons making money for themselves and giving nothing back, is really not a function of the person who did something good for everyone's benefit.

It actually is, that's my point. The developers knew there were licensing arrangements that guarded against that possibility, and they chose licenses specifically designed to allow such looting.

Reciprocity is great. But if you license your code in a way that says "Feel free to take this and make money off it and give nothing back" when there are other options, then you made that decision and there is no obvious fairness argument that somebody should be punished for doing what you granted them license to do.


The point of the linked video, at least the relevant part about the street scammers that hand you something and then ask for money, is that we actually banned that kind of behavior in public spaces because it was exploitative.

People have evolved to trust in reciprocity, because it's to our mutual benefit as a society that reciprocity remains a thing, and behaviors which are pathologically exploitative of this evolved trust in reciprocity are fully in the wrong. We decided it and made laws about it, something like 30 years ago. I learned this watching the keynote myself, and was surprised (as it actually hasn't stopped, in spite of legal protections which you might assume put a permanent end to the practice, to the contrary there are still monks handing out little plastic bracelets outside of the Smithsonian in DC, and no shortage of people who are not wise to it, with the $20 to spare.)

If the next generation of developers can't anymore trust in reciprocity and they have to decide on non-free licenses as a result of these companies which plainly don't understand reciprocity, we will all have lost something profoundly important. (And if we assume these companies and their behavior is purely exploitative now, what makes you think a legal machination like non-permissive licensing is going to have more success at getting them to stop doing that? You might have more avenues for recourse, but at what cost...)

It's not about fairness or punishment, it's about protection of our shared mutual benefit via social cues, and we can exile or something like exclude them from polite society if they are not well-behaved. From the receiving end it might look like a punishment, but I prefer to think of it more like as "corrective prodding" or "defensive posturing," and if it works the bad behavior will change, or if it doesn't, then hopefully at least the blast radius can be well-contained.

There are corporations which have learned to behave more thoughtfully and in harmony with OSS, who made a point to be aware of their community footprint, and sure plenty of such individuals too. Those who are not well-behaved can either hopefully see the light, or maybe there's no hope remaining, they will totally take over, and complete the tragedy of the commons. I submit humbly that we should not degrade the commons though as a response to their influence, because even with the bad actors around and their bad behavior, the facts show that our innate understanding of reciprocity is mostly still a beneficial trait, worthy of keeping around.


Oh sure, but Industry has also browbeat people into believing the GPL is completely untenable.

I've yet to see an original monetization suggestion in these threads. People have tried it all. Companies and devs prefer to wait for a poor sap to make a free-as-in-beer version and then stiff them on tips.


Not sure it’s a good one, but how about this:

A hub of software, like github or npm could acts as a general mediator of funding. A new license could be designed such that entitles above a certain size would have to donate a percentage of revenue to the hub, while also reporting which software they which to license (this only acts as a kind of voting for where to place investments, the donation size is fixed). The hub in question could then spend the income on the various projects taking popularity in account for prioritzation.


> or getting hired by FAANG

But that way, you're still likely funding your project through ad scumbaggery, you're just adding a layer of indirection.


I disagree with Patreon and FAANG as possible socially acceptable routes, and have no problem with ads in the console. (Grant's are clearly OK). So I guess that might be subjective?

I do think that instead of everyone putting in an "ad dependency" is not the best way to go about it, but to at least directly negotiate with cloud companies to do it would be awesome.


I release a ton of my work with open source licensing and I've never thought of it as a revenue stream.

If people are financially burdened by making their project open-source; then don't make it open source. Donating something to the community and then getting offended when nobody reciprocates is disingenuous. It's part of the problem with "freemium" software these days where developers think I should be indebted to them for eternity because they did something with no ROI in sight. That's not my problem! There were 100,000,000 developers before you who had to write the ISA, the compiler/interpreter, the OS, the firmware in every device... If I gave each one a nickle I'd be in worse shape than you are.

Sure, it's possible to turn a profit making open-source software. If that's a goal you have then buckle up because it's not a smooth ride. I liken it to being a starving artist. It's not for everyone, so if you already bitch about being hungry all the time maybe you should just look into a day job instead.


> I release a ton of my work with open source licensing and I've never thought of it as a revenue stream.

That's the problem - nobody treats being an independent OSS dev as a possible career, so we either get 1) extremely privileged people that have the significant amount of time and resources required to contribute substantially for no payment, 2) open source that serves to promote a corporate goal, and 3) less and lower quality hobby contributions because the rational people realize they're doing free work to get treated by garbage by people that feel entitled to free-as-in-beer software and choose not to do that.

Imagine how much worse any industry would be if nobody got paid for doing it. Now imagine how much better the OSS ecosystem would be if more people could make a living doing nothing but OSS on their terms. That's the goal here. We want to transform OSS from a starving artists realm for privileged people to a place where people can make careers. I'd be totally cool to see some dev-focused ads to make that happen.


It is a sustainable career if you start a business. If no one wants to pay you for your project, that could be the market telling you something.

At the end of, donations don't work and open source is being fairly well sustained if people seek employment or start a business: https://www.aniszczyk.org/2019/03/25/troubles-with-the-open-...


FOSS as business only works for consulting and training, which don't apply to some domains, desktop and mobile for the consumer market as an example.


>If people are financially burdened by making their project open-source; then don't make it open source.

This is largely my position. I view contributing code to open source projects almost as altruism. I don't expect compensation or reward, and I do it out of a general feeling of wanting to contribute something unselfish to the world. The fact that some open source projects are important is a secondary concern; I know I don't consider any of my FOSS code to be important to many people other than myself.

That said, my primary income comes from working on proprietary closed-source software. I don't think I've ever interviewed for a position with a company that contributes most of its code to FOSS, so I've really never seen that model work in-person.


That’s a good point you bring up...where do we draw the line? Lots of projects use Debian and docker, etc...is it even ethical to donate to an npm package before donating to the dozens of free tech layers node sits on top of?


You can't live without a heart, but most people don't get cancer, is it ethical for me to donate to the American cancer society but not the American heart association because Cancer is built on the heart?

No it's my donation I'll donate where I want. If I find joy in donating to a small oss dev instead of a strategic donation to a well organized large one then that's what I do.


Ok, I wasn't confused before but now I am.

Look, all I'm saying is if some javascript developer guilts me into donating to open source, the right thing for me to do (I feel) would be to start from the top of the open source chain.

* Operating system * Code versioning * Container system * CI/CD etc...

It's a long way down before I get to "standard - the javascript linter configuration file".


That's a bit like arguing that Bernie Sanders should give up his housing in Vermont, because No True Socialist would own a house. A good action which is done with good intentions is wholely good, regardless of other good or bad actions that may occur in the same space.

You could donate to all of those projects, but there's no moral imperative to visit them all in order of importance, just because they all played a part.

A permissive license is permission to behave otherwise, and just like Open Source contributions are made voluntarily, your support in kind should be on a voluntary basis too.


Yea I didn't phrase that correctly. I tried to address it elsewhere but it just seems odd that these tiny projects are making so much noise over money while these larger, more integral ones have been going on for decades, providing much more value without turning your install process into a gofundme campaign.


FWIW, I agree. I don't remember the name of the NPM module from the article I just read, and I sure wouldn't have paid them any money if I had been alerted as part of their experiment.

I only donate to obscure Debian derivatives though, so...


>Lots of projects use Debian and docker, etc...is it even ethical to donate to an npm package before donating to the dozens of free tech layers node sits on top of?

Are you asking whether it is ethical to do something that the authors have explicitly said is OK?


> It's not for everyone, so if you already bitch about being hungry all the time maybe you should just look into a day job instead.

The problem is that there's an increasingly influential movement in the software engineering community to shun not only proprietary software, but also several alternative revenue models (such as "software as a service") that use open-source code. If you're part of this movement, then making money off of donations to open-source software is one of only two known, viable ways to be paid to write code (with the other being paid support contracts).

I am not part of this movement, only attempting to provide you with some additional context that might explain some of the opinions you see here.


> That's not my problem! There were 100,000,000 developers before you who had to write the ISA, the compiler/interpreter, the OS, the firmware in every device... If I gave each one a nickle I'd be in worse shape than you are.

Well, I have been giving them more than just a nickel since the late 80's, and still doing pretty ok.


Are you well paid or well off?


If you are a software developer and you want to make money, sell your software. If you want give away your software for free, do that.

Giving away software for free and then using adware to make up the difference is something else entirely.

If someone wants to make money with developing software, they have many many ways of doing that. Framing this as poor starving software developers getting the shaft by for-profit companies is a huge mis-representation of the situation. No one is chained to their desk and forced to produce NPM packages.


In other words, don't do what Google, Facebook, Twitter, YouTube, Reddit, or Yahoo did.

I appreciate the sentiment (and it's what I do with my own hilariously unsuccessful software), but you can't walk into a room full of data-driven aspiring entrepreneurs and tell them to do exactly what the market has shown it doesn't want, even though that would be better for all of us.


Building a particular thing using a set of tools is not the same as infecting a set of tools with a thing.

More to the point: by injecting advertising directly into packages distributed through a package repository and/or a specific toolset / toolchain / language, the parties injecting the advertising are exploiting and mining the accrued trust of that project, toolchain, and/or language, for personal gain.

It's a tragedy-of-the-commons effect: socialised costs (building of the larger toolchain), privatised benefits (ads revenue).

The long-term consequence will be a very-well-deserved shunning of the toolchain by others. A cost largely born by the vast majority not acting antisocially.


None of these companies make money from Free Software. They might use Free Software but the majority of those companies run proprietary software as a service.

Data-driven aspiring entrepreneurs would notice that companies attempting to create and sell distributed free software haven't historically done so well. Putting ads in free software doesn't make it analogous to the business of Google and Facebook.


Indeed. In particular, using a MIT or BSD license is a choice, and one that comes with forgoing expectation of profits, in exchange for boost in chances of adoption. Want to make money and open source software? Try GPL and dual-licensing.


Why not switch that around (honest question)?

If you are a software developer and you want software without adverts, pay for it. If you want software for free, you accept whatever the author of that software chooses to do to pay their bills.


Software that has ads is no longer free (gratis). You're just paying for it with annoyance and intrusion instead of money.

And I think the collective opinion here is that we'd rather go without that software than to pay for it that way. In other words, we won't accept those terms and we won't use that software.


How did you arrive at that "collective opinion"? Google and Facebook still seem to be doing OK. Even limited to developers, StackOverflow is being used as much as ever.


I meant in this particular case. People accept that consumer products like Google and Facebook are funded by advertising.

We are talking about Free Software, libraries, and advertisements in the console. I think the collective opinion is that developers would rather not use that package than be subjected to ads in their console.


Well then that's easily solved. People who don't want ads, don't use the software.


1. Sell

2. Gratis.

3. Gratis; donations welcome.

#3 is barely adware. Sometimes people are extra appreciative of someone's work and want to express that through action; this just tells them how.

On a personal level, I have no issue with an OSS author asking for donations. I draw the line at a company doing so. (An individual soliciting donations for something unrelated, like vim's "Help poor children in Uganda!" insert, isn't my favorite.)


I get where you're coming from. But doing an annoying thing is always going to bring negative attention, and doing a novel annoying thing is going to get a lot of attention.

That attempting to make money by spamming diagnostic mechanisms was going to annoy people was inevitable.

> But instead of attacking the guy for trying, I really wish the discussion were

I wish they guy had spent energy on "how the community... can contribute back", instead trying to get a payday by stripmining trust.

I have a lower tolerance for this crap than others, but any code I catch doing things analogous to this gets banned from my environments and the author names noted. What else will they do to my machines if someone dangles a buck?


Out of curiousity, does the organization you work for contribute money to the Open source libraries it uses via existing mechanisms (e.g. gratipay, Github sponsors)?


I work on Enterprise projects and we rarely (never) contribute back financially, because we cannot for practical reasons.

It is simply not possible for us to add a "donation" cost to our projects. That will not get past accounting.

A license, on the other hand, we would have no issues purchasing that.

We purchase (expensive) licenses to proprietary software all the time. We could and would do the same for the open source software, we use, but without being able to purchase a license, there really isn't any practical way of doing that.

Free for everyone, except for enterprise production environments, would work for us. As long as we get a license key and an invoice.


> I work on Enterprise projects and we rarely (never) contribute back financially

I work on Enterprise projects and we almost always buy support contracts, for both paid-license and open-source software, if they are available; you don't need creative licensing models to get enterprise to pay for open source software, you just need to provide an opportunity to pay to have a live person respond to and manage issues for enterprise customers.


I agree, and yes, we do the same when that option is available.


Enterprise companies pay for "support" all the time. It's usually utterly pointless and very expensive annual fee that lets you enter a support ticket.

Enterprise companies also don't like to run "unsupported" software. So there is definitely an opportunity here.


It's just hard to "scale" across lots of individual open source maintainers/contributors who as individuals are unlikely to be able to keep SLA minimums, support query timelines (always answer in 24 hours), other such things that help corporate accountants and lawyers sleep at night. It also doesn't quite scale if those corporate accountants and lawyers have to sign and pay for O(N*M) such support contracts for the direct and indirect open source dependencies of the company's software.

If there is an opportunity here, it's most likely in collective effort. An open source guild/union could provide a support pool/cohort of contributors to cover 24/7/365 or what have you support agreements, an insurance pool for SLA guarantees broken/fees, broker and collectively bargain with enterprises for support contracts that cover costs and wages for entire direct and indirect dependency chains, rather than just obvious direct dependencies or splashy well branded dependencies.


What about a completely pointless "support the project" license? So you basically chip in for the maintenance, but don't get any additional rights?


Doesn’t make it past accounting.


What if it's a support contract that entitles you to a response to support requests on the basis of 'in less than twenty-four hours' as opposed to the usual 'I might respond on a best effort basis if I have time, but no promises'? Would that make it past accounting?


Yes, but:

1. Do open source maintainers actually want to commit to that?

2. What if the response is "Yes, we don't support that and don't plan to?" and the company feels this doesn't qualify as enough support and causes a headache.

3. If the purchaser knows what they're getting into, what's to say their successor also does?


What would such a license look like? Anyone know of examples?


WinRar, maybe. It is an example of a software when you dont really need a license, but you can buy one if you desire.

https://www.win-rar.com/winrarlicense.html?&L=0


I think we have got open source funding all wrong. The thing that makes open source great is that, in parallel, half a million projects are ticking along from which we are learning what is good, what is bad, what is the future of our art. It is education. It is research.

We look for 100,000 individual solutions to making rent while FAANG are just sitting there with a quarter trillion plus in cash waiting to benefit from the best everything that emerges from this massive, free R&D pipeline. Take the best ideas, hire the best programmers, copy the best software, adopt the best practices. From top to bottom you could probably find 10,000+ open source contributors across their stacks, and to enable that open source software required even more contributors, and influencing it all was the previous generations of contributors.

I think the best solution is FAANG pay it forward and support the entire opensource R&D pipeline that enables them to hoard so much money. Between them they hire more people than there are open source developers so it's ridiculous they cannot support them all. It's a security issue that they do not support them at all for the most part, like with OpenSSL, like with injecting ads into node modules, like with selling modules to be repurposed as malware. We haven't even found the stuff compromised by state agencies yet.


Google+Microsoft+Facebook contribute quite a lot to open source though. React, Angular, TypeScript, Kubernetes, TensorFlow, etc etc....


To write React Facebook needed 20 years of R&D done by open source... jquery, mootools, long list of dead stuff today we needed to learn from. If Facebook needs 1000 projects to show them how to produce the best React then they need to keep 1000 projects in the pipelines so they can build the best successor to current solutions too. That's why they need to fund open source.


This is true of all software whether you're Facebook or a solo open-source developer; we all stand on the shoulders of giants, literally nobody doing work today can claim otherwise.

> That's why they need to fund open source.

They do. They pay employees to work on software they contribute to the open-source community. To build React, Facebook had to rely on "20 years of R&D" but also millions of dollars in engineering hours.


Funding open source != paying thirty people a few hundred grand and the thousands they depend on nothing. It is an obvious resource allocation problem.

Why should the resources not come from the companies extracting the most cash value from open source?


Those companies contribute back monumental open source projects that would simply never exist without the level of funding, organization, and real business knowledge that those companies provide. The amount of open-source code given away freely by FAANG and similar corporations is worth hundreds of billions of dollars to the wider community. Even much of the software itself is produced with open-source languages made possible by corporate sponsorship. All that open-source work contributes to the richness of the ecosystem just like everything that came before it, empowering the next generation to continue the cycle going forward.


Nobody is questioning that they give some software back but giving software back simply does not fund open source. Most people cannot convert their contributions into money as deftly as FAANG has converted 10,000s of people's contributions into a quarter trillion dollars.

It does not fund the tools that power their current open source projects.

It does not fund the tools their next open source projects will use.

It does not fund the brilliance their next open source projects will iterate on.

It does not fund the mistakes their next open source projects will know to avoid.

They need all of that stuff before they have even a clue what to make next, and they need the open source community to try everything a hundred different ways to see which is good.

We will still be arguing about this in twenty years as open source transitions into a mostly Indo-Chino-Russo-African dominated landscape because western developers can't afford to work on open source unless it's through their employing-FAANG company.

Long before that all the current FAANG open source we're supposed to be grateful to receive instead of funding will be obsoleted and tossed aside because only a handful of ideas in it actually mattered after all.


> Nobody is questioning that they give some software back but giving software back simply does not fund open source

As I already stated, yes, it does fund open source. That's literally what they're doing: spending funds on developing and maintaining open source code. Did they fund every transient piece of software in the technology stack? Of course not.

It does not fund the...

Corporate money funds all of those things you listed. No, not every single package that becomes popular, but many of them, including many informed by practical knowledge acquired through battle-tested experience operating such software in their businesses.

> western developers can't afford to work on open source unless it's at a FAANG company.

So what? If western developers can't afford to work on open-source software they shouldn't. I wouldn't expect anyone to work for free if they couldn't afford to do so.


You mentioned the wealthiest 0.000001% of open source projects in a discussion about how the other 99.999999% need funding as some kind of proof FAANG are pulling their weight. Just their cash savings weigh about 2,500 tonnes so they're obviously not pulling their weight at all.

The so-what is software development evolution comes to a grinding halt while we wait for third-world and developing countries to hit the sweet spot where people can afford to pursue their art and afford the tools and connectivity it requires and afford the many years of learning to understand the steps between hello world and inventing kubernetes. Google didn't even invent kubernetes as much as they extrapolated to it from experience and open source.


They don't need funding. Most open-source software is redundant, low quality, or extremely niche. It's ok if some open source software is simply never written.

I think it's fair for developers to charge (or otherwise monetize, including ads) for their software, even if they open-source it, but they don't "need" funding any more than any other arbitrary piece of software that someone somewhere thinks should exist.

> software development evolution comes to a grinding halt

What's wrong with this? If "software development evolution comes to a grinding halt" then it means we didn't need any more new software and existing solutions have solved all problems.


They do need funding or they wouldn't put ads in node modules. They wouldn't sell popular packages to bad people to repurpose as malware. These are telltale signs that open source developers are not being looked after. They are not making ends meet. These are people with popular open source and the reward for open source is not being distributed effectively for popular projects so it's surely much worse for the bottom million projects.

And the low-quality stuff is super-important too. Before someone can work at FAANG they need to write good software. Before they can write good software they're going to practice writing all kinds of dumb shit and good stuff building the experience and knowledge required to invent a kubernetes. The time investment to obtain the skillset to work for FAANG is years. It requires hardware and connectivity.

The problem with it coming to a grinding halt is we're obviously not finished yet. In ten years React should be in the trash like literally everything that preceded it is. We might still be using Flash if we were finished. Its syntax sure looks like it lent TypeScript some ideas.

What if software genius like Torvalds isn't even rare and we're still just too stupid to foster and enable it for common good...


> They do need funding or they wouldn't put ads in node modules

That's a tautology. They decided to monetize their open-source work through ads. I don't disagree with this approach, if users don't like the ads then don't use the software. That doesn't mean companies need to arbitrarily fund that project.

> Before they can write good software they're going to practice writing all kinds of dumb shit and good stuff building the experience and knowledge required to invent a kubernetes.

So what? They can write lots of practice software and not open-source it. Why should anyone be paying for them to do so?

> The problem with it coming to a grinding halt is we're obviously not finished yet. In ten years React should be in the trash like literally everything that preceded it is. We might still be using Flash if we were finished. Its syntax sure looks like it lent TypeScript some ideas.

If it should be so then it will be so. People will write software if there is a need for it. There is no inherent reason why React "should" be in the trash in 10 years, it will be in the trash only if new problems need to be solved and if they do someone will attempt to solve them.


>Why should the resources not come from the companies extracting the most cash value from open source?

This is easy to answer: Because most/all those open source writers explicitly said it's OK for the users of their software not to provide them cash for it. If I openly say you can use my stuff for free, and then later come and say you are morally obligated to pay me because you made huge profit from my stuff, then my integrity is compromised.

It's totally fine to say "I will no longer respond to support tickets for free", though.


No they don’t. They didn’t find any of those projects and it worked out quite well. Let a thousand flowers bloom.


They need all those projects to surface good ideas and they need all that parallelism to identify mistakes they can avoid.

Without it what do they base decisions on? React would be guesswork or an internal tool built in isolation that only solves their specific problems if even that good.

This is how software is evolving. If there is no parallel evolution it will take 1000x longer to do so. If it takes 1000x longer to evolve it takes 1000x longer to invent opportunity and savings for FAANG.


And you have made no arguments supporting the notion that they need to fund open source for that to happen.


> I think the best solution is FAANG pay it forward and support the entire opensource R&D pipeline

That's not so much a solution, but a new problem: how to get FAANG to actually do that?


You vastly overestimate how far that money would go to just “hire all the open source developers”.

You miss the point of open source if you think it entitled you to money from people who use it.


> You have people working mostly for free, developing open-source, FREE code that provides incredible value to the for-profit companies that use the open source code to generate (sometimes) massive amounts of revenue.

But these open source contributions are being done by people with free will. They are not forced to release the code they write to the internet for free. They choose to do it because that's what they want to do.

Instead of associating writing code with money, try to relate it to a hobby. I have 40 something repos on GitHub and posted 200+ blog posts on my site for free but I don't expect payment. I do it because it's fun and it helps me learn.

I'm not sure where I stand with banning terminal ads.

On one hand if someone wants to try and make money by spamming people with ads, I say let them do it because if it gets really obnoxious then ad blocking tools will remove them. On the other hand, if it becomes expected to have ads on every tool, I could get see that getting out of hand. And at the same time I don't think there's a clear enough line to constitute what an ad is. If I link back to my site without asking for anything (as a signature of some sort), is that an ad?


I disagree with the premise that companies don't contribute to open-source. It's a rare open-source library that I don't contribute back to in some way, and that was even more true when I worked at big or rich tech companies. All software has bugs. Half the point of using an open-source library is so I can fix them!

It's also strange to use "maintainers" as the worthy recipient here, since in almost every case I've seen, these people were also working for a big rich tech company, and very well paid already.

The programmer in question sold his last company to Yahoo. He's got a Patreon page (hundreds of dollars a month), a GitHub Sponsor page (at least hundreds of dollars a month, and possibly much more). The software in question is a "JavaScript style guide, linter, and formatter". I don't think any company is "generating massive amounts of revenue" from a JS style linter. The GitHub page has a "gold sponsor" ($500/month) advertisement, too.

The problem with advertising is that (as someone here described it recently) it's an arms race. When anyone starts using them, everyone else will struggle unless they match, and that makes life worse for everyone. Is contributing bug fixes to open-source software, plus the occasional corporate sponsor, not sufficient contribution to the community and ecosystem? What exactly is the goal here? Are we upset that developers don't earn enough money?


I hadn't heard of Tidelift before until recently, and I don't see it mentioned here in the discussion. Is this the kind of thing you'd like to see?

https://tidelift.com/

Something has to be done to ensure that Open Source which plays a vital role in our business ecosystems remains sustainable. There are real business implications if some package we all depend on is under-funded and implodes (we can all name well-known examples of this from recent history.)

Some projects may be of critical importance to the future, but without a business model they may fizzle out and die. There's an argument that some culling must occur for the overall benefit of the collective, and I have no doubt there is a market-driven solution that we can live with. I don't know if Tidelift is it, but it is definitely an approach.


OSS is sustainable. I don’t like how tidelift seems to present a partial story.

If there some OSS crisis that I’m not aware of?

Separately, just because something is an approach doesn’t mean it’s worth talking about.


What makes you think OSS is sustainable? There have been various problems with key projects due to lack of funding (e.g. OpenSSL, GPG)

There area huge number of libraries are are becoming unmaintained due to lack of resources, which will likely cause problems down the line.

I'm not sure I'd call it a crisis, but it's definitely a problem.


I call is sustainable based on the evidence of tons of projects sustaining themselves. Many for decades.

There are flaws in OpenSSL and they were corrected. Sometimes projects like gpg die off. That stinks, but there are other options.


Yes, there is a crisis. Critical infrastructure is maintained by single developers who get no money for their effort, while the companies using their work make billions.


I'd even say these ads were just one symptom, we'll see more and more until people realize that yes it's fun to use free(dom) software but if you don't follow the other part of the "contact" of contributing in some way, it's not sustainable. Someone once said on HN that FOSS culture has mixed with startup culture and the startup culture doesn't like the pushback, I suspect it's true.


There are also an increasing number of cases in the last few years of such maintainers moving on, and that infrastructure failing soon after that. The event-stream npm debacle, the left-pad npm debacle, the electron-native-notify npm debacle, the rest-client ruby gem debacle, the strong_password ruby gem debacle...

Single points of failures in underpaid open source maintainers are an amazing security risk to critical infrastructure. "Patching" the labor market of open source to better account for the realities of downstream profits relative to upstream labor efforts, might be at least one way to make the entire ecosystem better for everyone.


That doesn’t seem like a crisis to me. Are some of these critical infrastructure devs threatening to quit work unless they are paid. I’m not a big contributor, but I’m pretty familiar with a French projects and the contributions are made specifically because of the license. OSS licenses are designed to let companies make “billions,” that’s a feature not a bug.


please proof this claim... the majority of open source seems to be sustained extremely well... there are some outliers like OpenSSL and others that have been fixed but the majority is well sustained https://www.aniszczyk.org/2019/03/25/troubles-with-the-open-...


What I see in my day to day life is that OSS is generally behind paid systems. I use a bunch of software that I feel annoyed by because they are not as good and are not developing as fast as expensive proprietary alternatives.

Something that can really boost OSS community would be really good, but all I see in the market today are attacks on OSS. For example the recent amazon-mongodb debacle where a proprietary system is stealing money from an open project.


> I’ve spent over 3,000 unpaid hours over the last four years maintaining some popular open source packages.

> Maintainers do critical work which enables companies to create billions of dollars in value, yet we capture none of that value for ourselves.

From TFA, some Open Source contributors are burning themselves at both ends and they should not be reduced to selling paintings on street corners to make ends meet. I'm not arguing that just anyone should be able to earn a living by writing any code and licensing it permissively, but there are some utilities which should be funded that are not, and their ability to obtain funding on their own should perhaps not be the one deciding factor in whether they survive.

In my day job, I frequently insist that programmers are bad at estimating, but they persist in asking for fine-grained estimates and making their business decisions based on them. If the success of a programmer team or product team depends on each individual programmer on the team's capability to always make estimates correctly, then the effort is likely doomed. This is a foundational idea of Agile. You can prove this empirically with enough experience; programmers should focus on making their programming skills better, not on precision time accounting and making sure that to improve estimation to become more accurate. Those things have value, but working software is more valuable. A programmer skill level may be completely orthogonal to the programmer's estimation skills, and many of us may not have the capacity for improving both at the same time.

Similarly, the success or failure of an Open Source project may depend more on the maintainer team's ability to market the project as a product and derive revenue from it.

So, how can we make this easier and more efficient, without forcing everyone to become better at it, individually? (There may not be an answer, but you haven't really taken any time at all to explain what makes Tidelift "not even worth discussing" in your view.)


It's sustainable if you consider important code that we all rely on is being maintained by developers working for free and constantly burning out. Without proper support these developers will move on and stuff is going to get left behind. I mean, just look at OpenSSL a few years ago, almost everything is like that.

It's sustainable if you accept OSS is always going to have an incalculable maintainer churn rate.


If there some OSS crisis that I’m not aware of?

I think there might be.

I'm not involved in OSS circles, and don't really pay attention to the issues much beyond what I see on HN, but recently in a survey I completed for a tech company there were a number of questions asking my opinion on whether OSS is still a sustainable model, and if I believed it would be around 5, 10, 15, 20 years in the future.


So you admit you don't really know much about the matter, but consider your opinion qualified by virtue of somebody asking you for your opinion?

You can ask me what I think about inflation but that wouldn't make me an economist, would it?


That seems an unnecessarily hostile response.

So you admit you don't really know much about the matter, but consider your opinion qualified by virtue of somebody asking you for your opinion?

Yes, I admit that I don't know much about OSS. But I did not state that I have a qualified opinion. In fact, I answered "Don't know/no opinion" on those questions.

The reason I posted my reply was to indicate that there must be some people worried about the situation, or it wouldn't have appeared in a survey from a very large, frequently mentioned on HN, tech company.

You can ask me what I think about inflation but that wouldn't make me an economist, would it?

No, but you could relay the fact that somewhere there are people who are apparently concerned enough about inflation to ask you about it.


Would there be any significance to the question if the people asking about it weren't themselves economists?

It's a strange question, to ask if OSS will still be around that far in the future. It (albeit without the name) has been around longer than proprietary software. Did your survey ask if proprietary software would still be around in 20 years? I think it should have.


The people forcing those ads onto us "well-paid tech workers writing code for well-funded companies" are also "well-paid tech workers writing code for well-funded companies".


> The overwhelming majority of the people complaining about this are well-paid tech workers writing code for well-funded companies

I very much doubt that assertion is true.

> But instead of attacking the guy for trying,

I didn't see many attacks generally in the comments here, directed at the guy for trying generally (a few ad-hominems were thrown, but you could cure all forms of cancer and still attract some of those!). Most were criticising him for trying that way. "Bad idea, this is why I think so, please don't". Maybe the filtering here was sufficient to hide the worse reactions, and things were far less civil elsewhere.

My tuppence worth?

Adverts and other superfluous junk do not belong in build/install/other logs like that, for technical reasons rather than (or as well as) personal preference ones.

The same defences of the idea ("I need to make ends meet somehow", "But I'm only sending a couple of lines to each person", ...) apply equally to spam email so the idea shows the same lack of empathy about potentially inconveniencing others which might be a source of more aggressive reactions. As the title of the article he quotes (in his reaction to those reactions) says: "Open Source is Not About You", it isn't just about him either. And with regard to the quoted text "and the scope of their entitlement extends only to their own projects": exactly, other people on other projects that have the code as a dependency are potentially affected by these adverts - his idea was itself stepping outside the scope he expects others to keep to. Of course he is free to go ahead anyway, though others are equally free to fork the codebase to remove the adverts.

Again, this is not intended as a criticism for trying at all. This is just stating that I think this particular attempt is a pretty bad idea.


Meh!

Money has really corrupted free and open source. The entire idea of free software is that it's free, without any catch. People loved to create and would create and give it away, the reward was in the creating and seeing other's use it. If you didn't care about that, you charged for it. Sometimes, the idea was that a bunch of random people would show up and create a free alternative against a very expensive software. For photoshop, see gimp. For oracle see mysql & postgresql. It was not free so companies couldn't profit off them, it was free for anyone to use, students, people without money, bums, anyone, companies included. The idea of open source was you can be free to inspect the source, tweak and customize to your taste, fix a bug if you have it, share your knowledge so other's can also borrow. This was the ethos of the hackers spirit. Build shit, share shit. Not hackers vs for-profit companies. We have coexisted along side for profit companies companies for a long time, they have built some cool shit that an individual or a random bunch of individuals couldn't. iphone, gpu, cloud some of those profit companies were started by hackers, and we have built shit they couldn't imagine or dare build. napster, torrent, bitcoin, linux.

So let's please stop this rhetroic about for-profit companies gaining value from open source. That was always the intent. Would it be nice if they gave back? Sure! But if they don't, no problem too. If they build cool stuff with open source that drives society forward, it's good for all. Case in point, see Linux or raspberry pi tons of amazing IOT devices out there that won't exist without it or worse running windows ce.

Companies are also giving back, go to Github. Sometimes it's just a single line of code commit, sometimes it's finding a bug, sometimes it's a correction to documentation. Then some are giving massively, see go, dart, react, angular, ionic, tensorflow, kubernetes. The symbiotic relationship between hackers and for-profit companies are really strong and we are not enemies. The only real battle that's been fought since the beginning is that information must be free. It's never been about the battle of money.

Want some money? Go get a job or start a business. Bill Gates did it, Jobs & Woz did it, Linus got a job. John Carmack has a job, Jeff Dean has a job, even Paul Graham works for his. If anything I'm very suspicious of those who want to get paid for working on open source.


Adware is malware, categorically. I don't give a damn if it's open source. If being adware is the only way software can exist, I'd rather it not exist at all.

When those redditor called it sleazy, they were being too gentle.


> Adware is malware

This seems like an overreaction. Are HN ads (those links to YC company jobs) malware? According to feross, the ads were just static hardcoded messages. I find it distasteful, but I don't see how it's "malware".


The entire advertising industry is scum. I worked in it for two years and wish I never did. That's a sin I now atone for by discouraging younger developers from making the same mistake, using the harshest language I think dang will permit.

It doesn't matter if there is no telemetry (and if this were to be normalized, there would eventually be telemetry. Such are the economic incentives in the ad industry. When it's possible for telemetry to exist, advertisers will desire it and some engineer will eventually decide to profit from implementing it) Advertising is propaganda inherently contrary to the interests of anybody subjected to it. It's rife with psychological manipulation. FM radio ads have no telemetry, but can anybody seriously deny that FM radio ads are sleazy as fuck?


You're too absolutist. How is advertising inherently contrary contrary to the interests of anybody subjected to it? How would you find about a single product people are trying to sell if they don't advertise?

E.g. would we better off if we couldn't advertise that free software alternatives exist?


Advertising is not a charitable act done for the benifit of consumers, no matter what anybody in the industry tells you. The relationship between advertisers and consumers is inherently adversarial, and advertising professionals are well aware of this fact even when they pretend otherwise (pretending otherwise is just one aspect of their complex web of lies and deceit. Whenever they do it, they remind me of what utter scum they are.)

If anybody needs proof of this, install an adblocker and observe as your life does not fall apart despite your now limited exposure to advertising.


> The relationship between advertisers and consumers is inherently adversarial

That is naive thinking. Advertising exists to reduce friction in the market. I'm a lot more likely to buy something if I know it exists. I won't go to the movies unless I've seen a trailer, for instance.

Maybe installing an adblocker doesn't super negatively impact your life but if we completely stop advertising as a practice then spending would slow and all of our lives would be worse off.


You may very well go to a movie theater and have a bad experience because an advertiser took a movie they knew was awful and made an appealing trailer for it. The advertiser is just as willing to persuade you to see a bad movie as a good one. They aren't operating in your interest.

Far from negatively impacting your life at all, blocking ads significantly improves it. Try it out yourself. I think you'll find that through various interactions with the general public, people who aren't paid to lie about products or services, you still find out about movies worth watching.


Can you please list your definition of "advertising" because it seems to be much more narrow than what I know of.


Fair question. I am chiefly concerned with the promotion of corporate goods or services. Authentic 'public service announcements' ("Smokey the Bear implores you to stop setting things on fire", etc) do not bother me, since the interests of the 'advertiser' and the target audience are reasonably aligned in cases of genuine PSAs. I consider personal advertisement ("I have a patreon" or "please hire me") tacky, but not nearly so bad as corporate propaganda on account of the relative power dynamics.


But yet, part of the allure of hobby magazines, for instances, are the ads.

Ads need not be scummy, and just because some are doesn't mean all are. Ads _can_ be primarily informational without being "scummy" or "sleazy".

Sure, yes, most of the ad industry is currently about being manipulative and invasive, but it need not be that way. We, as a society, need to figure out how to stop it from being that way across the board, because as you said, good actors will be at a disadvantage to sleazy actors.


Advertisements are designed to make you feel informed, rather than to actually inform you. When a product is bad, inferior to the competition or just generally harmful to you (think: sugary soda pop ads), advertising professionals will promote it with just as much vim and vigor, if not more.

(To the extent that bad products get more enthusiastic advertising, in a perverse sense viewing ads might actually make you a more informed consumer if you deliberately avoid any product with slick marketing. However I cannot advocate for such an approach because I think the theoretical advantage here is washed out by the practical reality that advertising will effect you in ways contrary to your own interest, but in line with corporate interests.)


Going back to an older post of mine (https://news.ycombinator.com/item?id=20035005)

Here are some examples from a 2010 model railroader. https://photos.app.goo.gl/RvRzECgs7MaTo7tP8

Some, especially the Kato model Amtrak one, have some aspects of an aspirational ad, but I don't know if I'd condem them as such. They usually, as the Kato one has, information about the specific items that are now available and often some "ambiance" information that many hobbiests, especially people new to the hobby like to look at.

I don't mind ads like these as they're not designed to make you feel as though you need to purchase something to be better and they're not in a public space. They're they're to matter-of-factly says a service or product is available.

I could also show you the local pennysaver or Craigslist. All of those are also add, but they're not the "aspirational" kind. They're more matter-of-factly that someone is selling so (used) item, or provides some kind of service, or that there is a garage or estate sale at such-and-such address. How else would this information be made readily and easily available?


This is a great, great point. Ads themselves aren't necessarily scummy or manipulative. I can't even think of the number of restaurants I've found through their ads, products I've ended up buying through ads, or services I learned about through advertising. Which is sort of the point -- I have interests and some money to spend, and ads tell me of new people (or familiar people with new products/foods) to spend it on.

Specialized magazines (hobbyist, regional, etc) seem to hit the absolute right balance for this. People advertising in them know who they're advertising to, in general, and people picking them up know what they're getting; some interesting content (hopefully) and some ads relevant to their hobby/region.

Online ads have gone way, way, wayyyyy too far in getting into the scummy hyper-profiling, and they're not even selling stuff I'm then interested in! So what's the point? I mean, in practical terms the point is to try and differentiate their profiles of me from other people's profiles of me -- marketing techniques applied to the business of marketing -- but in real terms, who (aside from the companies building these profiles) benefits?

I'm personally holding out hope that the US will adopt a "you own your data and can determine its uses" legal framework, and bring the hammer down on anyone amassing profiles on the populace. Google, Equifax, Facebook, the million anonymous marketing and list-selling firms, all that stuff needs to come under heavy regulation.


I, like a typical nerd, was just pedantically annoyed by the misused of the term "malware". I don't actually disagree that the ad industry should burn to the ground.


Adware being considered malware used to be the norm. The temptation of money has normalized adware, but being normalized doesn't make it any less malicious. Subjecting people to advertising is an inherently malicious act.


Yep.

Adware is malware. It's software that does a thing the user doesn't want it to do. That's definitional.

About the only exception I can think of would be oldschool stuff like the AllAdvantage toolbar that would pay users for watching ads. That was intentionally installed.


Does the ad for OpenRent make Tubermap malware? If not, what's the difference?


Ha. Thanks for visiting!

The longer term plan for tubermap, was to essentially have the site be a way of people determining where they should live based on commute times, cost of rent etc.

In that sense what you're calling an ad would actually be the primary purpose of the site, i.e. you'd go and look for apartments now you've figured out (based on that pricing information) where makes sense.

It just never actually materialized because, well, other projects, jobs, etc. The beta version has rent pricing but it was inaccurate due to people selling parking spaces as 1 bedroom flats on APIs etc.

So it's more like kernel.org having a link to lwn.net or something. No-one actually uses the site for navigation because there are better tools for that.

You'll note that none of my sites have third party ad networks, analytics, any of that nonsense. If I use CDN's anywhere subresource integrity should be on but there might be some older stuff that doesn't.


Sorry for throwing that curve ball, but to my excuse you do have your site in your profile :)

I still think that definition is unworkable. What "the user wants to do" isn't even an objective measure. Is VIM malware because it includes s message urging the user to donate to charity, which is unrelated to it'd purpose as an editor? Is apt-get malware because it included an Easter egg? By that definition, the answer is both yes and no, since it depends on who is using it wanting that or not.


https://en.m.wikipedia.org/wiki/I_know_it_when_I_see_it

When Microsoft put live tiles and telemetry in Windows, whoever signed off on that knew they were crossing a line.

It doesn't need to be defined that strictly. The OP talks about FM radio adverts. An announcer telling you that a new song like, exists, could be construed in some sense to be an advert, just as my profile telling you that I am indeed a software developer could be.

But that's not really what's pissing people off and abusing their attention here.


Curious, what industry are you working in now? Do any skills from the ad industry transfer over?


I think the only adtech specific skills for a programmer are 'ethical flexibility', which is more a form of moral corruption than a technical skill. It has not been hard for me to find work on things other than ad servers.


[flagged]


I appreciate your 'concern', but reading those sorts of books, recommended to me by my former coworkers in the advertising space, is what lead me to conclude that the industry is evil. The style advocated by that literature is insincere, cynical, and manipulative. Those who brushed up against it and didn't rejected it are irredeemable. Those who haven't yet corrupted themselves are the ones I hope to help, and I believe I can do so by creating a fanatical anti-advertising mob mentality that allows feelings of self-righteousness. (I am aware if the irony here, since these very techniques were turned into a science by the industry I want dismantled, but that's the way the world works.)

> Once again: All I need to do is think of one counterexample where both parties gained value (monetarily and psychologically)

You know damn well, but are unlikely to admit unless perhaps called on it, that an advertising professional that gives value to a consumer one day will be just as willing to take it the next. The advertising professional is not motivated by a desire to help the consumer and cases where that happens are incidental at best (and rare.) There is a lot of delusion in the industry too. Advertisers in the pharma space will swear themselves blue that they're helping consumers to find medication that will earnestly help them, but these advertisers are not altruists, they do I because they're paid. And more damning, their industry (pharma advertising) is illegal in other countries with good reason. But this is an industry that regularly turns its own techniques in on itself, using their rhetorical/persuasive skills on their own, to reassure their own that what they're doing is humanitarian.


>I appreciate your 'concern', but reading those sorts of books, recommended to me by my former coworkers in the advertising space, is what lead me to conclude that the industry is evil. The style advocated by that literature is insincere, cynical, and manipulative.

Claims without specifics or examples.

>Those who brushed up against it and didn't rejected it are irredeemable.

Very vague. No specifics.

>Those who haven't yet corrupted themselves are the ones I hope to help, and I believe I can do so by creating a fanatical anti-advertising mob mentality that allows feelings of self-righteousness.

Reminiscent of No True Scotsman.

>You know damn well, but are unlikely to admit unless perhaps called on it, that an advertising professional that gives value to a consumer one day will be just as willing to take it the next.

Attributing things to the other party in a conversation is a tried and tested method of making a conversation go downhill.

>Advertisers in the pharma space will swear themselves blue that they're helping consumers to find medication that will earnestly help them, but these advertisers are not altruists, they do I because they're paid.

I don't recall that advertisers claim to do things out of altruism. The grocery store owner down the road is not an altruist either. Nor is pretty much any non-profit entity out there. You're merely pointing out that advertisers are in the same category as all businessmen.

Quite apparent in all your comments: A willingness to preach, and not a willingness to have a conversation. Even your response to me missed pretty much the entire point of my comment. Trying to convince me that advertising is bad is a clear sign of that.


Adware (and malware for that matter) were actually already banned by npm. Just don't tell feross that. He deleted my comment mentioning that part of the Acceptable Content policy and blocked me from making any more comments on the repo.


I don't agree with npm's ban, but open-source developers don't necessarily deserve payment for their work. I don't think there is much productive discussion to be had in the way of "how open-source consumers can contribute back". The reality is that the vast majority of consumers don't care about contributing back and never will; this is fundamental to the nature of open-source. Thus, if those developers want to get paid it's up to them to come up with a monetization strategy that works for them, whether that be the red-hat model, enterprise licensing, or even cli ads, let consumers decide if they can tolerate those terms.


>You have people working mostly for free

I think citation is needed here. Many big open source projects are created and maintained by the paid employees of big corporations.


This is an important point to consider.

For large corporations, it is easier to hire a developer to work on a critical piece of open source software than it is to go through the approval process of sending money (no strings attached) to a particular individual.


Which is quite something considering the dog and pony show that is the recruiting process of most large orgs. One suspects that if OSS developers routinely offered to invoice for "software support" rather than requesting a donation, this would be a vastly superior option from the company's viewpoint compared to having to go through the expensive palaver of hiring.


> companies that profit off of open source code without providing any reciprocal value to the open source projects in return

You mean follow the terms of the open source license? If the creator wants money all (s)he has to do is put it up under a different license. You can’t have it both ways. Promoting free usage and expecting money back as well.


Open source is good. I've been saying for years that OSS devs should be paid and the cheapskates who use OSS for commerce should put their hands int heir pocket instead of forcing devs into the humiliating position of begging.

Ads are cancer though. The idea that the only reliable way to fund anything is turn it into a billboard needs to die.


Everyone agrees that Free and Open software needs better funding models. If it could somehow manage to obtain one hundredth the revenue stream of Surveillance Valley, projects could pay full time employees to polish up UX and compete for popular mindshare.

The problem here is the showing an ad is working directly against the user, and working directly against the user violates a core expectation of open software. A thing cannot be supported by destroying the thing itself.

It would also be unacceptable to backhaul system information for "market research", run a Bitcoin miner, add entries to authorized_keys, flash epileptic trigger patterns, etc. We would rightly call such additions security incidents, as is this attempt at psychologically manipulating users.


> Given the amount of value open source provides to for-profit companies (with the open source maintainers rarely getting any reciprocal value from the companies that profit off them), why is it so alarming to think that these maintainers might think of a clever idea like this to make a couple thousand bucks?

Because it's not a clever idea at all. First of all, open source software should stay true to what is is, which is free and open. If maintainers really wanted to profit off of this, they should have never made it free or at least offer some sort of pricing model that doesn't affect the essence of the project being open source (e.g., offering paid support), projects like Sidekiq having Sidekiq Pro. Users shouldn't be the one "paying" for open source software through the ads. This is making developers pay for the project indirectly.

DHH latest keynote from Railsconf 2019 hits the nail in the coffin: https://www.youtube.com/watch?v=VBwWbFpkltg


This says more about the state of society than anything else

Profits are up, inequality is up.

That’s by design.

We should be working on making it so people can eat and be healthy, and not have to be reduced to such bottom feeding tactics.

But everyone thinks it’s mean and petty to tell kids of dead rich people they don’t get to inherit all the power.

If I learned anything getting an MS in mathematical linguistics: economics is not physics and mass delusions infect smart people’s limbic systems too.


I'll second this downvoted opinion. The mismatch between economic good created by and economic incentive to create OSS is just tragic from a hard numbers perspective.

How do you fix it though? A large funding program? If the state or private industry were the backer, how do you prevent manipulation? The only viable models (that spring to my mind) are Spanish-Anarchist type stuff of generally funded unions of technical workers, but that doesn't feel likely.


We already have a large funding program called taxes. We seem to enjoy giving it to private interests instead of state and local governments directly.

Kind of wondering how, given that direct pipeline of transfer payments from the fed to private companies we can ever believe the “our economics is a free system of ideas.”

Prevent manipulation of the state by prioritizing policing of state acts, not average folks on the street.

Absolutely none of these ideas are new. It’s a fact of our biology that sees us favoring the mental model we know versus the unknown of a new social hierarchy. A reasonable “how to” is well detailed though.

The public must engage the political system directly and not through the business sector administrators inserted in the middle of the process via manipulation of the financial systems flow of capital.

Look what happens when there’s a half assed effort to get something like Obamacare. Imagine if the effort wasn’t so half assed?


This isn't about funding open source, this is about ads. Very, very, very specifically about ads.

> I really wish the discussion were focussed on how the community of open-source consumers can contribute back to the open source ecosystem in a way that promotes the sustainability of the projects and community.

Then you should post an article about that and vote it to the front page.


Ads are a cancer upon the world, far worse than poor free software funding, and people are understandably dismayed at seeing that cancer spread, no matter how justifiable the reasons given.

Paid software is increasingly filled with ads, and I would argue it is precisely the absence of a profit motive that has kept FOSS software so virtuous. See the effect it had on app stores.


What about the agency of NPM to not accept packages that are objectively inferior because they contain ads? If I submit purposely crappy code to a public repository should I be outraged if it gets rejected?


The parent comment seems to rely on the all-too-common assumption that the only means by which a software author can be paid is through internet advertising.

With that assumption, the argument against advertising then can be shifted to arguments for or against paying software authors for their work. Of course, this was not the issue that triggered the action or resulting commentary. It was advertising.

It is an evasive shift from one issue to another, a rhetorical trick. There is no debate for or against paying for software. There is a debate against advertising via internet. That debate has existed since the network opened to the public.


You are missing the point of open-source. They are working for FREE because they choose to. If companies are using the FREE software, they are not required morally or legally to contribute anything back.


I find it particularly ironic that the tech boom is seen as a triumph of capitalism when it depends so much on the free labor of an army of volunteers.


no one has forced them to do this if they didn't want to. they are breaking the expectations and goal behind open source. They're more than welcome to do something else if they want to make money.


I know this is a controversial opinion and I know it won’t directly solve the issue at hand, but it’s related and it addresses some of the concerns raised by many people in this thread: how do we get open source the funding it needs?

Consider a world where the norm is not MIT/BSD but GPL dual licensed with MIT for a fee. This would give back control to maintainers of a library, and it would allow people without funds to use the software freely by contributing back to the community any changes they wish to further publish.

It puts the incentives in the right place, which is very important for a scalable, sustainable solution and to avoid tragedy of the commons!

It’s controversial because licensing has become a tribal issue, frustrating level headed debate. But I would argue that many people choose MIT without really thinking it through, “because it’s how everyone else does it”. You can see this in complaints from maintainers of code released under MIT, abuse which would never have been possible with the GPL.

I really think there is value in evaluating the community’s obsession with MIT, before we jump to pointing fingers at “companies”. Remember: if you get burned by the tragedy of the commons, ask yourself why did we set ourselves up to fail? It’s the hardest possible fight to win.

Again I’m not trying to derail this into MIT v GPL, I’m just saying: IF we all choose MIT, can we really complain now? This is what happens: people profit off your work and don’t contribute. If you feel so frustrated by that that you’re adding ads to your lib, maybe MIT wasn’t the right choice?

(MIT has merit and there are people out there using it for the right reasons. But they’re not the ones putting ads in their repos.)


> Consider a world where the norm is not MIT/BSD but GPL dual licensed with MIT for a fee

Note that the MIT license allows redistribution: anyone who bought a single MIT license could legally distribute MIT-licensed copies without continuing to pay the original author for additional licenses.


I'm not sure that would actually be that big of an issue.

Let's say you have some sort of model where a monthly subscription gives you an MIT license for all commits made that month. Who is actually going to go to the trouble of mirroring every commit or release from upstream to their own public repository? If somebody actually did that gratuitously, the copyright owner could just decline to renew their subscription the following month.

I'm sure there's some issues with this that I'm not thinking of, but I think generally if somebody is willing to pay you for a license, they're not going to be a jerk and try to undermine your business.


I agree with the parent post, and the sibling. MIT doesn't make much sense in your scenario. Dual-licensing is usually a copy left license, and some sort of private/commercial license agreement to protect against the case the parent comment mentions.

The people who want to support you are not the problem. They'd probably donate too if they would buy a license in this thought experiment. The people who don't want to support you are. One of them could buy a license, relicense as MIT. And either they'd get updates with their paid license, in which case they'd just release those as MIT too, or wait for your next stable version and buy again and so on. Or they would just fork the project, and start their own business around it, without having had any more cost than a single license....


You're describing a commercial licensing agreement. Why would you use MIT at all in this case?


There's a good article about this practice here: https://www.gnu.org/philosophy/selling-exceptions.en.html

Usually you wouldn't use the MIT license to do it, but it's the same idea.


Fascinating article, is this common practice? Anyone know of companies successfully selling license exceptions?


Yes, Oracle does this with MySQL. If you want to use MySQL in a way that the GPL doesn’t permit, then you are supposed to buy a license. I have no idea if they are making a lot of money from this.


Qt is primarily LGPL with some GPL modules, and sells commercial dual-licenses.


> how do we get open source the funding it needs?

Has anyone considered that open source / free software is just fundamentally incompatible with capitalism? Society already has plenty of ways to fund projects -- we even created entire legal constructs, like copyright, to facilitate this very thing.

The zero-cost ability to copy software and mutate it (if you have the source) is at the heart of the movement. As is the realization that we can collectively build something that benefits everyone. Money doesn't have to figure into this.

Of course, plenty of developers have tried (and succeeded) at using free software for capitalistic ends. But I don't think it follows that free software should, or needs to be, funded the way that we purchase other software or how Google or Facebook funds their software.


> Has anyone considered that open source / free software is just fundamentally incompatible with capitalism?

Legions, many of which have only recently become aware of Free Software or Open Source.

As far as Free Software is concerned, there is no problem with capitalism. It's only about guarding the software freedoms of the users of software.

"Free" as in "free market", not as in "free lunch".


I understand that Free Software is not concerned with capitalism but that doesn't address the question.

Free Software can still be incompatible with capitalism even if it doesn't address it directly. If you release your software with a Free Software license do you really "own" it in a capitalistic sense? I'm thinking no. As a consequence it's actually hard to make money with Free Software. But that difficulty and lack of ownership hasn't prevented Free Software from thriving, in fact, just the opposite.


Depends on one's definition of "capitalism" when applied to software I think.

Whereas I would not "own" the software, I would own the hours I'm willing to write software. As things are I can't freely sell those hours because of a monopoly on many programs, that is, no user can hire me to improve their proprietary software. I can only sell my hours to users of Free Software.

Now we have software "ownership" against the workings of a free market. Both of these are generally considered "capitalist", so it depends on your definition which is "more capitalist", but I hope it's clear that neither of them is strictly capitalist where the other is not.


You make a very good point.

At issue here is that the developer is not selling their time. They're putting in that time for free. And then they want to recover that income after the fact. This is traditionally how any kind of product is developed. You put in time and resources into a product and you sell that product to recoup that cost and hopefully make a profit as well.

If you don't own/control the software, due to it being Free Software, then that whole avenue of income generation is not available or very difficult. Time and again, we see individuals and companies trying to find a way to sell Free Software like traditional software.


It's inspiring how quickly ad tech devs can band together to completely remove all ads from their ad tech development environment.


I've had a theory for a while now that the only reason devs are so ok with working on ads is because they never see any (with pihole/ublock/hosts/etc...) and they don't know how creepy they are. On the rare occasion I have to turn off my adblocker I'm almost always amazed by how well the ads are tracking me - and that's while I'm actively trying to prevent it from tracking me!


On the other hand, I'm sure it simply pays nice.


n-gate worthy summary of this thread


Don't violate the prime directive.


The rationale from the author of the package who adding advertising is enlightening and definitely worth reading.

https://feross.org/funding-experiment-recap/


I don’t agree with his problem statement that OSS developers need payment.

I think that paying people for valuable work is a good thing. But I don’t think there is a problem with this as evidenced by 50 years of great OSS software written by professional and amateur developers.

Saying I spent 4000 hours on a project without pay is not enough info to be useful to determine that I need payment. I volunteer time to lots of charities, I don’t then say I need payment for this time. I also spent countless hours on hobbies, this doesn’t entitle me to payment.

If I put an annoying ad into people’s consciousness because I spend 3000/year organizing my magic cards, that’s not really relevant to most people.


That reasoning makes sense at first.

Until you consider the fact that critical infrastructure depends on underfunded open source projects that sometimes have trouble staying afloat.

NTP is the classic example of the problem.

https://www.infoworld.com/article/3144546/time-is-running-ou...

http://www.ntp.org/


> Until you consider the fact that critical infrastructure depends on underfunded open source projects that sometimes have trouble staying afloat

This is not principally an issue of a funding problem for the maitnainers, but an issue of a risk management problem for the relying parties.

Unfortunately, it's probably going to take a massive costly, critical failure before it gets addressed, but once that happens it will be addressed quickly, and critical infrastructure will rapidly not be relying on underfunded open source projects. (Whether that is through those products—whether the existing core project or a new fork—getting better support from well-heeled downstream parties, as many widely-critical open source projects (e.g., SQLite) already have, or whether it means those products get replaced may not be consistent from product to product. If they do get funding, though, it's not going to be without the funding parties taking a keen interest in governance, as the risk doesn't go away with unaccountable funding alone.


If they depend upon it then there are two obvious solutions - provide it doing the work themselves or fund it.


Unfortunately people pick the third option that is dissing the developer who has made that piece of code for trying to get funding for the work.


That is just a ruder version of the null option "doing nothing, leaving it unreliable and suffering the consequences".


I'd love to know what the story behind "Google was unable to sponsor us this year" is.


Charity? People make money off libraries.

It's such a ridiculous attitude to read on a news site hosted by a Venture Capitalist firm.


Well the whole point is to /not/ be "permission culture" shutting things down because someone doesn't get their cut in something which never existed before.


I think another thing the author misses is that Standard is _just_ a formatting library. It doesn't need/deserve as much resources as libraries that do more and deliver more value for the developer/company such as Vue, webpack etc.


> Standard is _just_ a formatting library

It's just a configuration file for a formatting library that someone else(s) wrote.


> If even I – with my fortunate position – can’t make a comfortable living working on open source, then how is anyone else supposed to make it work?

If living comfortably is Feross's goal, why not get a job? This is a high profile programmer in one of the highest demand, highest-programmer-wage places in the world. What am I missing?


Feross could easily get a job, but the point is that he wants open source to work. So much of everything you do every day depends on open source code, and every open source dev I know says its an utter shit show.

The alternative is Feross gets a job, and everyone invents their own stuff in-house, and we end up with 'open source' that is just what profitable companies want to have as open source. The set of things companies decide to open source is not a good overlap with the set of software that should exist.


Working for someone else is a last resort for some of us once all of our other ambitions have failed.


Popularity does not equate to value. Perhaps the market simply does not see his thin eslint wrapper as a valuable tool.


> Open source maintainers need income to fund their work.

lol if you need to make income from your work, don't give it away for free. Should everyone demand getting paid now for working on hobby projects?


Well, obviously selling paid software is a well known way to make money. However, it would be really cool if we could give away software for free and make money off it at the same time.


Red Hat, Canonical, Docker, Suse, and many others give software away for free, and make money from that same software.


They do that by selling support, or additional non-free features bundled into an "enterprise edition" (at least in the case of Docker). I don't think that's something Feross or other open source maintainers are interested in doing.


Fair point, but it's inaccurate to say we can't make money off software we give away for free.


I'm not saying that we are literally unable to make money off of free software. We can and donations / advertising / GPL license exemptions / crowd-funding all work to some degree.

My point was that even though the "don't give it away for free" model works, we should still try to improve the profitability of funding models where we can give software away for free.


All those companies offer enterprise editions and service-based support; what does standardjs offer that's worth paying for?


That is worth reading, and he makes some great points, but there’s a jarring shift in it. At the start he talks about it in terms of:

I would love to find a way to help maintainers capture at least a bit of the value we create so that we can happily continue to write new features, fix bugs, answer user questions, improve documentation, and release innovative new software.

But after it was received badly, he switches to:

Folks who contribute nothing don’t get a seat at the table. Rich Hickey said it best in Open Source is Not About You:

Which seems contrary. Rich Hickey’s post is that open source is built for oneself (one person or one company) and then released to the world in whatever state it was used internally. Other people aren't paying, so they don't get a say. The opening position is that open source is created and maintained for the benefit of others.

It can be either, neither, or both for different projects, sure, but to suggest that people take up maintaining unseen infrastructure code so that they can answer user questions and write documentation and code new features to help people and also don’t no have to listen to anything those people say because it’s done for one’s self and not about those people at all.. which is it?

People who tidy the commons for the council are employees, and do what they're told. People who tidy the commons of their on volunteer effort get to choose what to do but don't get to stick a price tag on it. If you do it for yourself on your terms, you don’t get anyone’s money. If you do it for others and want their money, it’s a job but you have to be controlled by what they want because it’s a job.

If you do it for guilt and charity, who gets to thrive off charity work in other fields?

If you went to a local park and found someone had picked some poison ivy, and left an advert there instead, would you approve?


This is highly unrelated, sorry, but does anyone know the zsh theme used in that post (https://feross.org/images/funding-screenshot.png)? I didn't see anything like it in the list of zsh themes (https://zshthem.es/all/). The colored arrows look very appealing if they're contextual, like if they denote the status of git files (deleted/edited/added).


My ZSH looks like that, though the arrows are less bold. I don't remember configuring it much, if at all. I think it might be close to the default theme.

In my case, the arrows are purely stylistic. They never change color or ordering.


Ah, I found it. It's the default(?) theme called "sorin" from zprezto: https://github.com/sorin-ionescu/prezto


There is a lot of concern in this thread about open source projects needing funding and they're not wrong. There are a lot of projects that are underfunded--most of them, in fact.

However, it's not like the developers of and contributors to these projects naively go in thinking they're going to get paid anything. They graciously choose to make the fruits of their efforts freely available regardless of compensation. And, yes, there are companies making money off of that generosity.

My point is; nobody is in the wrong here. Both parties have entered into this agreement willingly.

Injecting ads like this is wrong because the developers are reneging on that agreement. It's as if the developers are saying, "You know what? I changed my mind and I want some money for this because companies are making money off of it now." What's worse is they aren't even charging the companies directly.

I'm all for a discussion around how to help generate funding for FOSS projects but have we not learned from Google, Facebook, and others how wrong a path advertising can be? At what point are the advertisers going to want demographic information and the module developers start requiring you provide that information at 'npm install'?


I totally agree about open source devs doing it voluntarily. But I disagree they have no right to stuff terminal full of ads. It is their code - they can do whatever. Ever change their mind and license from there and into the future. Just like npmjs.org is completely in their own rights can ban such projects from enjoying benefits of the package distribution platform.

In fact, if the project was important enough, and maintainer was stubborn enough, I am sure devs community using that code would rant, but end up using it anyway, with or without npmjs.org


It’s a slippery slope. The first packages with ads just printed a single line of text. Then others started adding more lines, more aggressive colors, and now you have npm ads painting a half a screenful of empty lines with their ad in the middle. Once can imagine an arms race of ever worse ads.

And considering that it’s not unusual to be installing hundreds of npm packages for a single project, the ads would soon render the logging output unusable, giving rise to an arms race between npm ads and npm ad-blockers.

So npm basically had to nip this in the bud, before it makes the ecosystem unusable through the tragedy of the commons.


they didn't limit ads. they banned them altogether. it's a charitable thought, but doesn't hold up.


That was the correct thing to do. Considering how many npm packages the average project consumes, having even a single line of advertising for each would make npm a pain in the ass to use, and people would be looking for ways to block the ads.


Clearly, you didn't read the article from the original author. Ads were deduplicated, so only a single ad was shown, even if 500 deps used the funding dependency.


That’s a big _if_. Until now, each package with ads have rolled their own, and since there’s probably more money to be had that way, there’s no reason that would not continue.


Key part of the article: " According to these upcoming updates, npm will ban:

Packages that display ads at runtime, on installation, or at other stages of the software development lifecycle, such as via npm scripts.

Packages with code that can be used to display ads are fine. Packages that themselves display ads are not.

Packages that themselves function primarily as ads, with only placeholder or negligible code, data, and other technical content. "

I wonder where they will draw the line with the last point.


Far, far more harm is caused by a package repository electing itself as a censor than could ever be caused by a few additional chunks of ASCII turning up in a 4MB Travis CI log. Free software is supposed to be about freedoms, not having those freedoms dictated to me regarding what kind of software I can or cannot create.

There are limits to explore in this area, for example, I doubt anyone would disagree with censoring obvious malware. But for the rest? It is deeply political, and politicizing the distribution of free software is frankly repugnant. This puts me off spending much time with the JS ecosystem (not that I would have already), and worried about it setting precedents for ecosystems I actually do care about.

A glorified FTP server should never be telling you what kind of software you can write or how you package it. In this scenario, the glorified FTP server is no longer fit for purpose, and if such changes have community support, in my eyes that community is no longer a free software community.


Seems like an opportunity to compete in a market. It's just a matter of time now before npm has competition.


NPM's move to ban the practice is unsurprising. Consider however that NPM has no qualms about showing various nag screens of their own, such as "a new version of NPM is available," etc. Perhaps they should consider taking leadership in the OSS funding space. "Hey, it looks like you're enjoying these packages x, y, and z! Click here to donate to your favorite OSS projects." Or something.


A software update notice cannot be considered as an ad, can it?


If a software update notice like that is considered an ad, then that’s an ad that I’m perfectly fine with


It fits any reasonable definition of an ad that I can think of.


If the new version bundles crapware...


Do new versions of npm bundle 'crapware'?


They do not, I think GP was saying it would be an ad if they did


Parent said nag screen, not ad.


Yes, sorry, I meant compared to.


What's this "standard" package anyway? Looks like it's packing eslint with an .estlintrc and... that's it?


The history of JS style standards is a lesson in ignoring prior work:

- In the beginning was the jQuery style guidelines, which started for jQuery but were eventually for general JS https://contribute.jquery.org/style-guide/js/

- Then there was idiomatic.js, from a massive bunch of JS community leaders https://github.com/rwaldron/idiomatic.js/, evolving some of the principles of jQuery style guidelines.

- Then AirBnB made their own style guides because they didn't realise the jQuery guidelines or Idiomatic existed

- Feross and some other people made 'Standard' JS, ignoring the previous 3 standards, and said it's standard because, well: https://github.com/standard/standard#but-this-isnt-a-real-we... (see 'tape' and how it's 'the only test framework which supports TAP' because the tape author invented TAP). https://standardjs.com/

- Currently most JS devs who have been around a while use Prettier instead of eslint because it formats the code rather than just complaining (recent versions of Standard apparently do this too, but that came later) https://prettier.io/

Feross himself is awesome. The name 'standardJS' was a poor choice.


> see 'tape' and how it's 'the only test framework which supports TAP' because the tape author invented TAP

What? The tape package on npm? As far as I know, that was made by substack (James Halliday), whereas TAP dates back to 1987 with Perl (https://en.wikipedia.org/wiki/Test_Anything_Protocol says “the Test::Harness module was written by Tim Bunce and Andreas König”).


I saw TAP presented for the first time along with tape and evidently got confused. You're right. I stand corrected.


Yes, this developer has 100s of libraries most of which are just code snippets. That was part of the criticism here, it looks like this guy is trying to take advantage of jr devs without providing any real value.


If you look at the dependencies and actual JS code there is, it looks like a glorified configuration file.


It's apparently an ESLint wrapper that's worth $2000 in console ad revenue.


I've seen this comment and reserved comment a few times but here we go...

Sure, Standard on the face of it seems simple technologically, and compared to many other things it is. But it's value lies in completely removing long winded and often unnecessary conversations within teams about code style.

Standard represents a standard style of writing JS that has gained widespread support (similar to Airbnb's linter config). It's value is that a team can adopt broadly sane conventions then never think about it again - which leaves those dev cycles for shipping features. Without widespread use, Standard would be just another linter config - but large parts of the JS ecosystem (regardless of what people think of JS) have adopted it and as a result it has saved the world a million conversations that "didn't need to happen".

If you care enough about style to not pick their choices, you're free not to use it. But for a lot of us we just want a broadly accepted opinion so we can focus on features.

And as it turns out, maintaining a style guide for how to write JS for the masses takes quite a lot of work. Not writing code necessarily, but considering and replying to all the feedback on that style.

Not for or against the funding project - but within the JS ecosystem Standard has meant many hundreds of hours that might have been spent biked shedding, have been spent shipping features.

Standard has been genuinely useful to myself and pretty much every other JS developer I know. And whilst I'm in no position to speak to weather I'm junior or not I know a lot of the most experienced programmers in the JS ecosystem reach for Standard so they can focus on more important matters.

It's not JS that has such opinions enshrined in law, Python for example has pep8.


"Just a configuration file" is an odd thing to say. People spend a lot of time thinking about configuration! A coherent option set that makes sense in a range of use cases is actually really valuable.


This comment is just as applicable to the sibling comment here and many others, I don't mean to pick. Peace.


Feross was looking at some sort of profit sharing of the console ad revenue across multiple projects. The "opinionated eslint config" here just had the widest install base to get feedback quickly on the idea. It certainly got feedback quickly.


He's a glorified domain squatter trying to figure out how to monetize it


Feross? No, he's a serious OS dev, behind WebTorrent and other projects.


I can't edit this anymore, but s/OS/OSS.


Yes. The idea was that eslint let's you do whatever you want, but it's daunting to download eslint and then be asked to create useful rules from scratch, and eslint doesn't have amazing defaults, and it would be kind of cool if the JS world could be more like the Golang world with gofmt. These are valid observations!

So Feross tried to solve this by, yes, making an eslint config and a thin wrapper around it to run it, then giving it a really pretentious name in the hope it would become The Coding Style for JS. It didn't work. Airbnb has always had a significantly more popular eslint config package, and more recently the Prettier tool has solved the problem Standardjs was trying to solve much better (and become much more popular).

And the issue with trying to do what Standardjs is trying to do is that if you're not the most popular solution, you're part of the problem. :)


I know it's not a npm package, but would the donation message for kids in Uganda when you started vim be considered no bueno with these rules? I guess it's not an ad technically


Same deal for Sidekiq, a very popular job worker library in the Ruby world. On startup, if you don't have a commercial license, it advertises the availability of one:

    Upgrade to Sidekiq Pro for more features and support: http://sidekiq.org
I personally have no problem with this and I think the npm ruling is a bit too restrictive.


The important differences are Vim is much more useful and complex open source project, and it is an advertisement for charity (most people will give pass for this thing).


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: