Hacker News new | past | comments | ask | show | jobs | submit login

> Now is the perfect time for Open Source maintainers to become legible to the big companies that depend on them—and that want to get more out of them—and send them five-to-six figure invoices.

Well, this is exactly what I've been doing around VideoLAN (VLC, x264) and FFmpeg for the last few years. In order to do that, I've created 2 official companies Videolabs and FFlabs (besides the non-profit orgs) and I've gone through all the hoops to get paid (PO, billing, invoices, registering to large companies is a lot of paperwork, tbh, but well..) and we try and bill small to large companies that depends on those projects.

And FFmpeg and x264 are the core of the online video.

So I did exactly what Filippo is saying we should do.

But the result is really not impressive. Seriously, asking for money for support from those companies feels like we're pulling the nails, even if their full business depends on it. Getting 30-50k$ from those companies for support for one year can be very challenging, long or leading to nowhere at all.

So, large SV companies and startup should also start agreeing to pay for open source, when it's the core of the tech.




> So, large SV companies and startup should also start agreeing to pay for open source, when it's the core of the tech.

Companies usually have a reason to keep their expenses low. Sometimes they are a public company with fiscal responsibilities. A startup will only have so much runway and is likely trying to reduce expenses.

Given this situation, why will they pay for what they can get for free?


It seems like you haven't quite got the concept of open source. If everybody consumes and nobody contributes, how long will that last?

A while back I bought a cheap robot vacuum. Their scheduling feature didn't meet my needs, so I reverse-engineered the protocol and open-sourced a cron-friendly CLI tool and a library so people could do other things with it: https://github.com/wpietri/sucks

Honestly, this was a mistake on my part. It was a demanding audience of home-automation hobbyists mostly without programming skills. The company was thoroughly unhelpful. When my vacuum finally broke, I was relieved, as I had a good excuse for trying to hand off the project. Nobody stepped up, so I shut it down. I just ran out of interest in doing free work to support a company worth billions.

I really admire the community spirit of open source But it's not sustainable if companies making their money off it keep depending on the niceness and generosity of others without giving back enough to keep them happy, healthy, productive people.


It seems like you haven't quite got the concept of open source.

Making something open source is about granting freedoms for users of that thing. One of those freedoms is usually "you owe nothing and can do with it what you wish: sell it, fork it, modify it" in exchange for "the author provides no guarantees and is not liable for this software".

Open source authors that expect some benefactor to appear and sprinkle money so that they can quit their day job and work on their hobby full time are, for lack of a better term, delusional.

The default is that no one will use your thing, no one will contribute, no one will fund you, etc.

Anything beyond that is a fluke.


> "you owe nothing and can do with it what you wish: sell it, fork it, modify it" in exchange for "the author provides no guarantees and is not liable for this software".

This is demonstrably not how many people many treat open-source authors. Just look at how the Log4J folks are feeling right now: https://twitter.com/yazicivo/status/1469349956880408583

I do have some open-source code out there where people have been mostly pleasant and reasonable. It's targeted at developers in particular niches and they do act mostly as you describe.

But once it shifts from a peer relationship to a producer/consumer relationship, things can easily get ugly. Ugly in a way that drives people out of open source and keeps people from open-sourcing useful code. You appear to be fine with that. But if anybody's delusional here, it's the people who expect to keep taking from open-source software without worrying about its sustainability.


the text of the tweet:

> Log4j maintainers have been working sleeplessly on mitigation measures; fixes, docs, CVE, replies to inquiries, etc. Yet nothing is stopping people to bash us, for work we aren't paid for, for a feature we all dislike yet needed to keep due to backward compatibility concerns.

Why don't they 'resolve' the security issue by removing the feature and then set up a bug bounty for backporting fixes to the shitty feature? Then the companies that depend on it will actually be on the hook for once.

Too much collateral damage for downstream F/OSS? Too unseemly a move, in a moment of ‘crisis’?


I don't know why you're getting downvoted. This seems like exactly the right move.


So your proposed solution is for the open source maintainers to release a hotfix build and to put up their own money to host a bug bounty program so someone else can fix it?


I think what they mean is: If you want this misfeature back, pay us $50k to do it properly.


Can anyone recommend a service that allows people to back specific GitHub issues (pledge money) other than Bountysource?


You don’t really need a service, you can just post in the issue “I will pay $X for a merged PR that closes this issue.”


Commenting may work if the issue has one or two large backers that can independently be vetted to be trustworthy. But if there are several dozen small backers, having to track them all down after closing the issue seems less than ideal.


I'm not sure to whom you are replying.

I can't think of anyone I've ever met that started an open-source project expecting it to become their day job in short order.

When your project blows up and mints a herd of new gazillionaires, yes, it's reasonable to ask those companies to fund what is now an important community project.

Anybody that says "nope, their money, they do what they want" is spouting the same flavor of dipshittery as "free speech only means the government can't censor, private companies are free to do what they want".

Technically correct and functionally disastrous. Societies worth living in can and do not endure this behavior for long.

Americans used to understand this. Know why there are schools all over the country named after Andrew Carnegie? Because that ruthless capitalist mercenary, after crushing every one of his competitors to dust, invested a large chunk of his fortune on infrastructure for national wealth that would propel another three generations.


I think the point is that while it would be awesome to just have everyone pay open source maintainers what they can afford to when they use their project, in practice relying on people's (or worse, companies') good will is a losing strategy. It seem wildly unrealistic to just expect that everyone will just naturally give back to open source in a meaningful way absent any actual incentives or requirements, and even if it did start happening there would be nothing the situation from returning to the way it was before. I think most of the arguments you'll see against the idea of "just give back to open source maintainers even though you aren't required to" aren't skeptical of the idea that people should be compensated for their work, but just skeptical that peer pressure is the only thing needed to turn the current open source model into one where all maintainers are fairly compensated.


You are absolutely right. The naivety of most open source developers when it comes to understanding how people/companies/markets work is jaw dropping. If you ask people to pay $0 for your work then that is exactly what they will pay. Wishing for things to be different is a waste of time. Accept how the world works and act accordingly.


That isn't "the world". It's a relatively small set of people in a relatively small chunk of history that see themselves as entitled to make endless profit without ever worrying about where that comes from or who it hurts. It's not a sustainable mindset, so it never lasts.

Look at the shift in attitudes toward the environment in the last 100 years as an example. There was a point where executives thought it absolutely fine to pollute wildly. That consequences were for the little people. Through a mix of culture change and improved regulation, that has changed, and it continues to change.

A more recent example is the trend toward corporate social responsibility, which looks at a broad set of problems and devotes corporate resources toward fixing them: https://en.wikipedia.org/wiki/Corporate_social_responsibilit...

Do they put in enough money? Surely not. But it's indicative of the kind of culture shift we can push for here.


> It's a relatively small set of people in a relatively small chunk of history

I think it’s a fairly large chunk of history (e.g. all the time humans were a thing) that this applies to. The fact that it weren’t executives but kings, queens and nobles thinking this way doesn’t really change much.

It’s not even necessarily malicious, but you really don’t want to think about the fact your life is so comfortable at the expense of other people.


I agree with your general point, but Kings and Queens absolutely had to consider other people.

Specifically, most rulers had some kind of patronage network where they gave out 'gifts' like land, or the right to collect taxes, in return for loyalty. Princes did not generally just sit on a huge pile of money, like a dragon. If they wanted to go to war or build a palace, they had raise taxes, which meant concessions to their power.

Anyway, slightly off-topic! Still, the analogy holds - you don't get to be a prince of the internet without the work of a lot of minor nobles.


So what's your evidence here besides some hazy gesturing at "kings, queens and nobles"?

Because when you look at actual history, you see long-running mutual relationships. E.g. the English Commons system: https://en.wikipedia.org/wiki/Common_land

Or you could look at the Mexican ejido system: https://en.wikipedia.org/wiki/Ejido

Which descends from the Aztec capulli system: https://en.wikipedia.org/wiki/Calpulli

Historically, leadership was tightly bound to productive land, because that's what everybody needed to survive. Your "nobles" could in the long term only be as successful as the people they ruled over, and the feedback loops there weren't long ones. Were there sometimes bad nobles and bad kings? Sure. But overall, the badness was limited because harming the "infrastructure" of the day, land and people, was felt quickly by people higher up the hierarchy. Sustainability was a must.

That's distinct from modern capitalism in the age of industry and information technology, because the portability of wealth and the long feedback loops mean executives can get quite rich in unsustainable situations. The elevation of an IGMFY ideology to become the dominant view of the moneyed was only recently possible because for most of history one couldn't escape the consequences like people can now.


You haven't worked enough shit jobs if you think that un-"moneyed" plebs aren't similarly willing to fuck someone else over if it means they have the opportunity to three-quarters-ass their work and leave the rest to a coworker who they are on a first-name basis with and is otherwise friendly to them.

"IDGAF, it's not me" and "ask for forgiveness, not permission" is not in any sense a minority viewpoint. Even people who insist they don't follow those creeds have the issue of being, more often than not, unreliable narrators of their own actions—not to mention: economically irrational in ways that extend to the economics of non-monetary, give-and-take systems.


Which world are you talking about? History is full of people exploiting other people. Mention any period of history where people were not trying their damn hardest to exploit other people?


You've the one making a positive claim. Let's see your evidence that this was the dominant mode of thought in all places and all times.


What are you talking about? You are the one that's making the following claim:

> That isn't "the world". It's a relatively small set of people in a relatively small chunk of history that see themselves as entitled to make endless profit ...

Which is a claim that can't be proven either way since you are talking about how people in all of history was thinking. In other words, you are making a claim that is just wishful thinking.


You have made a claim about "how the world works". Where's your backing for it?


You made the opposite claim. Where is your evidence for it?


Seems we're at an impasse.


You're largely correct, but I'm not speaking about peer pressure.

'Tis the season, so we've been listening to a lot of Christmas carols.

One of my favorites is Good King Wenceslas, which concludes with the verse: "Therefore, Christian men, be sure, wealth or rank possessing, Ye who now will bless the poor, shall yourselves find blessing."

Charity used to be a behavioral expectation in the West. Charity is not "giving money to somebody else so they can do charity on your behalf" nor is it "paying taxes to fund social programs". Charity is you, directly, investing your resources in your community, with no expectation of return.

Today, this assumption no longer holds. The result is the current state of open source, which needs to figure out a license that extracts value from players big enough to pay it, without punishing upstarts into oblivion (and thus forming a protective moat for existing large players).

Some percentage of net revenue share strikes me as the right sort of license, with sensible caps and/or some sort of shared pooling mechanism.


>Charity is not "giving money to somebody else so they can do charity on your behalf" nor is it "paying taxes to fund social programs". Charity is you, directly, investing your resources in your community, with no expectation of return.

Can you give some concrete examples? Because I can't tell what distinction you are trying to define, at all.

In which bucket would you put:

   1) Giving money to a local hospital
   2) Volunteering with a non-profit organization
   3) Giving cash to a wandering schizophrenic
   4) Buying lunch for someone who's been holding up a cardboard sign at an off-ramp
   5) Giving money to the United Way through paycheck deductions.
   6) Giving money to an organization that funds research into a disease
   7) Giving money to a local organization that gives grants and loans to disadvantaged people to start small businesses.
   8) *Lending* money to a local non-profit that gives loans to disadvantaged people to start small businesses.
   9) Giving money to a local food bank.
   10) Donating blood to the Red Cross
   11) Giving money to the Red Cross


Such a license doesn't seem likely to fit the Open Source Definition.


Some projects use a copyleft license like the GPL or AGPL by default but also sell their product under another license to parties that want to avoid copyleft. This way the product is FOSS but companies that want to use it in their proprietary software have to pay.

https://en.wikipedia.org/wiki/Multi-licensing#Business_model...


> When your project blows up and mints a herd of new gazillionaires, yes, it's reasonable to ask those companies to fund what is now an important community project.

You never need an excuse to ask, but neither side should feel compelled. The transaction is already complete.

Once you give something away, it doesn't matter if someone else gets rich off it. You gave it away. You're not, and shouldn't feel, entitled to anything.

If this bothers you, maybe you shouldn't have given it away for free?

> Anybody that says "nope, their money, they do what they want" is spouting the same flavor of dipshittery as "free speech only means the government can't censor, private companies are free to do what they want".

I don't know how to respond to this. This statement seems entirely paradoxical to me. Yes, it is their money, and they can do whatever they want. And also you accurately describe how free speech applies to private enterprises. Why are you so bothered by this?

There is a question of morality, sure, but that's a fruitless conversation to have. It's one thing to wish the world were different, but another to be angry with people who live in this world. Does this make me a person who merely spouts dipshittery?

You seem to acknowledge that the world is a certain a way, but feel shocked to find, and subsequently rebel against the idea that yes, it is actually that way. I don't understand this at all.

I for one appreciate that this site and others are moderated and restrict and remove posts containing hate speech. I imagine that the majority of readers and contributors would agree with me.

> Americans used to understand this. Know why there are schools all over the country named after Andrew Carnegie?

Perhaps it's because I, and the rest of the world, are not American, but I can't say I've ever given a moment of thought to the names of schools in your country, or Carnegie for that matter.

Perhaps America's fetish for capitalism is at the root of these divides. If you want to get paid and work on open source software full time, I can't think of a better way than under some form of universal basic income, but your capitalist infatuations make that unlikely. Charity is not the solution.


> It seems like you haven't quite got the concept of open source. If everybody consumes and nobody contributes, how long will that last?

I think that's a pretty unfair characterization of the previous post.


A few thoughts...

I've long known people who modified cars. Sometimes they did it as a business. Sometimes they helped friends out. Sometimes the work was on nights and weekends. The car manufacturer never had a responsibility to support them. They never had to support people in forums. Anything they did was their choice. Sometimes as a business and sometimes volunteering.

You didn't have to open source that work. Once it was out there, you didn't need to provide support.

Doing volunteer work and hoping for generosity from companies isn't working.


>> You didn't have to open source that work. Once it was out there, you didn't need to provide support.

That's true. The problems brought up in the article all stem from companies relying on open source and then getting into trouble when there are problems with it. They would pay if they had to.

The core problem is that everyone wants something for nothing. Sure companies appreciate that they can get billions of dollars worth of infrastructure software for free. Individuals appreciate that they can get useful software for free (though many don't care if it's FLOSS or illegally obtains commercial). People will take what they can, and pay for what they must. Open source is sometimes better than commercial, and even if the developers were paid industry rates it would be much cheaper because companies charge rent for software - not for development.


It is not a problem. It just is how humans function. So act accordingly. Trying to change how humans work is a waste of times. You are fighting millions of years of evolution. Good luck with that. Try not to be bitter when you fail.


That is one of those evo-psych just-so stories. American corporate culture in the late 20th/early 21st century is not representative of all humans at all times.

I get that it's the dominant experience for you, but please don't confuse that with some sort of deep evolutionary imperative. One of the things that distinguishes humans as a species is how extremely social, how extremely cooperative we are. See, for example, E. O. Wilson's "The Social Conquest of the Earth" for more on where we fit in evolutionarily.


I agree with most of what you are saying. Groups cooperate internally and go to war with other groups externally. However that has nothing to do with my point. I am basically making an economic statement about how modern companies work.


No, you made a claim about "how humans function" over "millions of years of evolution". I guess you're abandoning that claim now? If so, maybe do it honestly.


No not at all. My comment was a reply to your argument:

> One of the things that distinguishes humans as a species is how extremely social, how extremely cooperative we are

Where I point out that what you are saying is not true in general. But it is true within a group (say a company) and not between groups (say between companies and OSS maintainers). Groups that corporate well within the group have an evolutionary advantage fighting other groups.

However I am not sure what the point is you are trying to make? My original point is that corporations/people don't throw $ at OSS maintainers for the work they do and expect them to maintain it for $0. That's a clear objective fact. So either treat your OSS project as a business and get paid to do your work or accept that outcome and stop complaining.


Again, you made a claim about the evolved nature of humanity. It seems like you can't back it up. Bluster all you want, but if you can't come up with actual citations, I think we're done here.


There are a huge number of references online. Just Google “in group out group social evolution”. Or simply go to Wikipedia for a quick summary:

https://en.wikipedia.org/wiki/In-group_and_out-group

Now I think we are done here.


> I guess you're abandoning that claim now? If so, maybe do it honestly.

This is unnecessarily aggressive. Also, it’s not fun reading a thread dominated by one or more people who are combative.


Sorry, what makes you think you're telling me something I didn't know? Do you honestly think I was somehow compelled to release the code? Do you think I was expecting the open source police would kick down my door if I didn't provide support?


> reverse-engineered the protocol and open-sourced ... free work

oof, I know that feeling - that sadness that comes with the realization that the manufacturer could have saved you so much trouble but chose not to... which you then rewarded with free labor and promotion. I got it every time I disassembled binary blobs in order to get hardware to work with anything beyond Windows. For a long time there wasn't much of an alternative, but that isn't really the case anymore. Setting up a new openpower system was a very strange experience, reverse-engineering wasn't even an option - the manufacturer provided schematics for the board and a wiki directing you to the source code for every bit of firmware (including the ring -3 processor).


My sympathies! It sounds like you got much deeper than I did.

I don't regret trying it once. It's possible, after all, that the manufacturer would have said, "Look, there's demand for an open protocol, just like some engineers have been saying. Let's take on that work ourselves." And honestly, they could have gotten away with some very modest support of the project: occasional discussions with engineers and enough free hardware that we could test new builds. But no shits were given on their part, so I also don't regret shutting the project down.

I'm glad to hear things are getting better in some spaces. Let's hope it keeps going that way!


IMO, I think the golden age of completely FOSS apps (no open core) is ending/has ended as users expect more features and apps struggle to meet demands without effective monetization. I think open source will always have a place for libraries and tools, but end user applications will either become open core or no longer open source.


I think the exact opposite. All of my open source tools in 2021 are of extraordinarily higher quality than they were 10 years ago.

All I see with the FOSS ecosystem is it picking up steam at an extraordinary pace from 2005. Postgres in particular has absolutely dominated its incumbents in recent times, an insane reversal from the situation at the turn of the millennium.

There's a guarantee of correctness, availability of auditability, and a tide of slow, iterative improvements.

The key is supply and demand.

Open source software is often not a trailblazer. Open source is often reactive to a need, and punctuated by a demand for quality, bad treatment by the commercial incumbent, and constant iterative improvement.

See the pattern of so many technologies, Docker following VM ware, open source databases following Oracle (1980s Oracle was a real pioneer).

Open source has always and will continue to be a slow rolling borg that chases commercial software. Projects will never be rushed, but the benefits of an open base has time and time again crushed closed source incumbents.


> I think open source will always have a place for libraries and tools, but end user applications will either become open core or no longer open source.

Very sad if this ever comes to pass. It's a world in which I would never have learned about computers or decided to work with them. I think it makes more sense to charge big companies but keep software free and libre for individuals.

(I don't think this future will happen though: I think it's based on a deep misunderstanding of what drives FOSS developers to do what they do).


Shouldn’t Open Source be considered the 8th wonder of the world?

- OSS allowed an entire industry to flourish,

- It has had so many contributions that it is easily the category which is the biggest benevolence of the world, and possibly the biggest achievement of humanity,

- It allowed the entire world to go securely on the internet (launch a Debian and it’s secure and up to very high professional standards without effort, try doing that in the legal field),

- Its results are permanent. In 2100, documents written in Office 365 or Adobe will be lost, but they’ll be able to recompile LibreOffice, Chrome (at least Webkit) or Wordpress. Benefits of OSS accrue over time, as opposed to closed-source software which is sold under closed license and DRM.


> Its results are permanent. In 2100, documents written in Office 365 or Adobe will be lost, but they’ll be able to recompile LibreOffice, Chrome (at least Webkit) or Wordpress. Benefits of OSS accrue over time, as opposed to closed-source software which is sold under closed license and DRM.

In practice, I think that only entirely cloud based ecosystems will be lost to time. As long as the requisite hardware can be emulated and there is an archived version of a local viewer, it's possible to interpret a closed source format document. People already do it with WordStar and retro games.


> I think it makes more sense to charge big companies but keep software free and libre for individuals.

I agree, but how do you distinguish between the two, and how do you make the source available yet compel large companies to pay?


Entirely possible. Although I suspect more libraries and tools will go that way as well. Note that mine was in theory a library/tool. And the examples mentioned in the blog post were similarly infrastructural.

Most of us work at such high levels of abstraction we couldn't even name all our dependencies. Which in effect makes us the same sort of consumers app users are: expecting a lot out but not putting anything in.


> as users expect more features

I think mobile was a reprieve for commercial software and UX specialists and the increasingly negative comments on new OS versions indicate it is close to done like desktop.

For every user that likes a change there are 19 that prefer the flow they already learned to stay exactly the same and at least half are looking for exploitive attempts to modify their behavior in anything a publisher changes.


>> Given this situation, why will they pay for what they can get for free?

> If everybody consumes and nobody contributes, how long will that last?

That doesn't answer the GP question, which is all about incentives.

The answer is, at least some parties won't pay for what they can get for free. So the options are:

a) deal with it

b) require payment

c) come up with some way to incentivize more donations


Those aren't the only answers. The notion that people only respond to direct incentives is incorrect and ahistorical. It's a convenient dogma for the selfish to promote, but I don't have to take it seriously at all.

Another perfectly good option is for tech people to build strong cultural expectations that people and companies who benefit from a commons should help keep it healthy. Which is what's happening right here in this discussion, so you could be part of that solution if you wanted.


How has the strategy of "companies should just be nicer" worked for things like minimum wage, health insurance, workers rights, ect... It's getting to the point of insanity (in my opinion) that people keep thinking this is going to magically appear if they ask for it. It arguably flies in the faces of thousands of years (or millions if you count pre-humans) of evolution.

At the least people suggesting this should acknowledge that this kind of society has possibly never existing in this entire universe on the scale they want it to exist (larger then dunbar(ish) number tribes). The onus is on them to build a path towards this new kind of society instead of just throwing the ideal out into the ether and expecting it to just magically appear.


I'm not suggesting it's magic. Indeed, what I specifically said was that we should work to build strong cultural expectations. Which are very much necessary in all the cases you name.

As an example, note that the Fortune 500 spend $20bn annually on corporate social responsibility: https://econreview.berkeley.edu/stocks-sustainability-how-th...

That's not because they just had some good feelings. It's because people expect them to be at least slightly non-awful. We can accomplish something similar here. If programmers start insisting that companies take open-source funding seriously, it will happen. Not quickly and not easily. But if people start taking action (e.g., turning down jobs when companies are parasites on the open-source ecosystem), things will change.


Yes and no. A lot of that spending is done with a monetary incentive in mind. Companies aren’t completely devoid of understanding that there is a certain breaking point where being shitty can have financial consequences. They aren’t doing it out of the goodness of their hearts, not predominantly anyways. They can use charitable contributions to project a public persona (earned or not) of being good, for the purposes of increasing/maintaining business. They can do it as a smokescreen/cover for other scandals for the same reason.

Is that a good thing? Yes. Is it enough? Not even close.

The culture needs to change sure, but the change of culture that needs to happen seems effectively impossible unless companies are dragged into it kicking and screaming through organized labor efforts or government oversight/regulation. Those are both of course highly polarized political issues and that aspect of culture sure isn’t getting better either.

I think the quicker, sadder, and easier change is that a lot of Open Source projects just aren’t going to get started like they used to, and are going to have increasingly restricted licenses with stratified feature sets. We’re definitely seeing more of the “Taking my ball and going home” approach by small developers with tiny open source packages these days and it’s sad but also hard to blame them for. Even worse there are an increasing number of groups who attempt to buy projects for sometimes stupid money for the explicit purpose of using them as a Trojan horse to ship malware. They’re preying on the same people who have become incredibly cynical about the whole thing and that’s dangerous for everybody.


What do you think underlies most of the changes via "organized labor action or government oversight/regulation"? People understanding that things should be different, which is a cultural change.

The history of the minimum wage isn't that some bureaucrat mandated it and then everybody said, "Gosh, that's a good idea, let's keep it." There was a long period of advocacy for it, a period of persuading people that it was the right thing to do. That was the ground in which all the work for the change grew.

Today, software developers are the key labor force for this change, and we aren't organized. So in practice, the first work we have to do is to persuade the bulk of programmers that it's part of their professional duty to make sure their employers support the open-source projects that their businesses depend on.

Companies will do it if we insist. In the grand scheme of things, it isn't even much money, not compared to what they're paying programmers in salary, benefits, and cushy amenities.


Good luck with that. I for one am not holding my breath. Meanwhile, perhaps accept the world for what it is and act accordingly? Just make the companies pay for it by licensing the code correctly. It isn’t rocket science.


Oh? Shame nobody's ever tried that. But since you've had a brand new idea that you're sure will solve the problem, how about you take a swing at it? Show us how easy it is.


Where did I say it was a brand new idea? Where did I say it would be easy? Starting a business is hard. I founded and ran my own succesful business so I know how hard it is. I am not sure what your point is?


My point is that you're trivializing the problems and insulting all of the people who have been trying to make it work for decades. I too have started successful businesses. What I learned from that was to respect the people doing the actual work, rather than to run around arrogantly blustering, "It isn't rocket science."


You are attacking a point I am not making. My point is that some OSS maintainers don't understand that they have to think about their work as a business if they want to see any $ thrown their way. That's the part that isn't rocket science. I agree with you that actually doing it is hard. My message is to stop whining that companies/people don't give them $ out of the kindness of their hearts and instead accept it and either treat their work as a business or accept that they will get very little gratitude or $ in return. The idea that OSS maintainers are special snowflakes that can work on whatever they feel like and the world automatically owns them something in return is childish.


No, I'm "attacking" a point you're making.

This notion that one has to think about it as a business is just false. That is one way to do it, but open source funding happens other ways too. Your attitude that anybody must be an idiot if they want to solve in a way incongruent with your hypercapitalist fantasies is both rude and ignorant. If anybody's being childish here, it's the person treating them as "whining".


There is no need to be rude. I have no “hypercapitalist fantasies” thank you very much :)


> tech people [need] to build strong cultural expectations that people and companies who benefit from a commons should help keep it healthy

Agreed on this, but the "and companies" thing is a total red herring. Two things to note: even though you mention "people and companies", it's incredibly clear from popular sentiment that the conception held by most people of the problem/solution comes down to the latter (companies) and not the former (people). Focusing on companies at all—let alone allowing it to occupy a majority share of one's focus—is a huge mistake. Depersonalized abstract entities like companies are almost entirely immune to whatever methods of persuasion people have in mind here. Gay rights only just became kosher to "take a stand" on, and even then it's invariably limited to being trotted out as a vehicle for the most empty and self-serving marketing horseshit and other corporate speak that anyone should expect to come out of these institutions. Cultural pressure for open source by way of shaming companies doesn't stand a chance; it has to come down to people.

I've brought up the subject before: why do we rake companies over the coals for their inaction, but ignore the individuals? It's worth reflecting on the relationship between a company and its employees.

A company, no matter how many layers of management are involved, delegates some problem to an employee. That employee surveys the lay of the land and then elects to use some tech that is available from the commons towards solving the problem. In turn, they are rewarded by their employer in both tangibles and intangibles that are considered proportionate to the achievement and budgeted accordingly. Thus, that person is, in a very real way, converting the labor of others into personal gain—in the form of wealth, career prospects/advancement, and personal stature in wider society.

Why is it easy to frame a company as the perpetrator and hard to say anything about any given developer who benefited from this (and did not share)? Because it's uncomfortable, since it's too personal? That might make sense if we were talking about, say, a custodian with limited career prospects just doing their best to keep their head above water and provide for their family already, but that tends not to be the case where software development is involved. The implication here is clear. (Forget, for now, the prior argument I just made about effectiveness for a moment and feel free to focus just on the fairness aspect here, if it uncomplicates things.) If there's any appropriate allocation of social pressure to be meted out—resulting in social expectations to be met—then it needs to come in the form of beliefs like, "hey, if as part of your employment you are singlehandedly making something like twice the US national average of an entire household, and you're not giving away at _least_ 10% of your salary to the people who made that possible, then you're kind of a piece of shit." Is that a stand that people are willing to make, though?

It's acceptable to disagree with this, but to understand why you feel it's justified to defend the individuals involved means that you have everything you need to understand why there is no movement on the problem. Perennially and impotently opining that companies need to quit screwing around and do something already is a ridiculous strategy.


d) stop

It’s not like there is a parable about killing the goose that laid the golden egg to teach you how to appreciate these things.


I don't think that releasing that tool was a mistake. The mistake was worrying about providing support for it, beyond what you needed it to do.

This is the same as the poor log4j devs, getting bashed and still trying their best effort to please everybody.

Lost and lots of open source authors release some work to the open, and then start to worry about everybody's opinions and complaints. But that's a very unhealthy thing to do, IMO.

In essence, this is your own garage project and you've taken it out to the street for people to enjoy or admire. You should care about people's complaints as many f*cks as stacks of money they are putting on your table. Anything else, will end up deteriorating your mental health, one way or the other.


It seems like you haven’t quite got the concept of capitalism and how humans and markets actually work. If you give away your work for $0 then the value of your work is $0. Yes a tiny minority may want to pay more than that to make themselves feel morally superior or to virtue signal their goodness. But most won’t. Accept it and act accordingly: make companies pay to use your work and sue the companies that fail to comply with the licence conditions. It isn’t rocket science.


> If you give away your work for $0 then the value of your work is $0.

I should've been paying my mother market rates. After all, she and my father have been running at a loss for this whole "family" enterprise.

IMO, open source is (or should be seen as) more of a "friends and family doing favours for each other" kind of human activity. Some people do it for the sheer joy of it, share without expectation of more than a "thank you" (at max), and calling their work valueless is just crass marketism.


You are not getting my point. I am reacting to the OSS maintainers that get upset when the intrinsic value of their work doesn't automatically convert to market value ($ in their pockets). My point is to stop blaming the world and instead put a market value on their work for corporations.


Can you please stop posting in the flamewar style to HN? You've been it a lot in these threads. I'm afraid it's repetitive and it lowers the quality of the discussion.

https://news.ycombinator.com/newsguidelines.html


I am surprised you would see my comments as engaging in a flamewar dang. If you look at my comment history it should be clear that I in general don’t do that. Perhaps also take into consideration the many upvotes my comments have received. However I acknowledge that I might have been a bit more snarky in my comments than was strictly necessary to get my point across.


Thanks. My apologies for taking the bait.


This is a classic mistake of people worship at the church of Econ 101: confusing price with value. Our system depends entirely upon things that are priced at $0 but are valued much higher. If you actually spend your life only doing things you are paid in cash for, I truly pity you. And in fact I can help you out by reminding you that you aren't getting paid for posting here, so you are morally obligated to stop doing it.


No you are not getting my point. OSS code often has a high intrinsic value (it is useful) and $0 market value (you pay $0 for it). The problem is that OSS maintainers often mistake the two. They seems to think that the world should automatically give the work they do a high $0 market value because of its intrinsic value. But that is not how it works.

> If you actually spend your life only doing things you are paid in cash ... > And in fact I can help you out by reminding you ...

Hahaha I love it when people get all passive aggressive :) It should be obvious to you that the fact that I am writing this, without getting paid for it, show that I don't spend my life only doing things I am paid for. You might want to look into the Econ idea of Utility Value. It has nothing to do with $.


> Companies usually have a reason to keep their expenses low

No they don’t. That’s why they keep plowing billions into cloud infra and gazillion of saas products. They have an excuse when they think they can get it for free anyway like is the case with OSS but not an actual reason


Why should the companies pay more than $0 for code with a price tag of $0? Do you normally pay more than the asking price for things you buy?


Why would anyone pay for business class airline tickets instead of (subsidized) coach? They both get to the destination at the same time!


If you want people to travel (because them travelling is good for business) you probably don’t want them to be stiff and unproductive after a long flight, and you don’t want to make the experience so unpleasant that they won’t want to travel.


That's a good question! However I am not sure what that has to do with what I am saying? People pay for over priced luxury goods all the time. There are psychological reasons for that (signaling wealth among other things).


Not just psychological but convenience, reliability and status all of which can apply to oss consulting/patronage


If you look at the commenter's other messages, you seem very much to be making their point for them. The thing that they are advocating for is what you seem to be trying to, through snark, give them an education on.

No one makes coach tickets available for free and then asks people to pay after the fact. Certainly no one would do that and then complain that the system is broken because nobody is paying. People, on the whole, do not behave in a way that's compatible with that kind of thing, and the expected outcome there matches the outcome that we see today with (un)-sustainable open source.


The point is that sometimes, profit isn't the only priority, so one may choose to pay even if they didn't have to.


My point is that the evidence is in and clearly companies/people don't do that. And some OSS maintainers then get all upset and throw their toys around because people don't behave as they expect. My answer is: Grow up. Accept the world as it is. And act accordingly.


It costs me $0 to walk to work but i pay for transportation because it gets me there faster and more comfortably. You just are looking at cost too narrowly.


I don't understand your argument at all. Companies and people in general only pay for things they have to pay for. So if you ask for $0 that is exactly what they will pay. It is not a difficult point I am making.


Let's assume that I did decide to walk to work for $0. Even though the cost is free, I may have to pay for better walking shoes. Additionally, I may have to buy a umbrella to prevent getting rained on. I also may want to think about the safety and security of the streets that I walk down. And lastly, I may after some time walking, have a foot/leg injury that requires either medical attention or physical therapy. My point is that even though the cost was $0 up-front there is additional costs that show up because of my prior decision to walk. These indirect/future costs need to be considered especially as a business deciding to utilize OSS for some operational need.

In a way, you should evaluate each OSS tool/library as if it was a business which further corroborates the blog post's point.


You're making a simple point when this is a complex issue. Software costs more than just the price tag on the box.


Never tipped for good service?


I have. What's your point?


> Sometimes they are a public company with fiscal responsibilities.

Public companies also have accounts for goodwill in their books, don't they?

Also, I'd even say that depending on volunteers for everything when you aren't in dire straits isn't to responsible.


> Public companies also have accounts for goodwill in their books, don't they?

I've worked for multiple public companies and have yet to see this. I have seen different models. For example, when they want a feature in an open source project they may contract with maintainers to pay for work. Or, they may have a maintainer for a project on staff.

> Also, I'd even say that depending on volunteers for everything when you aren't in dire straits isn't to responsible.

Responsible to whom?

People choose to be volunteers. Being a volunteer and hoping for hand outs from companies it's working out well for most folks. Maybe it's time to look at other ways of doing things.

Note, I'm not suggesting what the right way to do things is. I'm just looking at how people are doing things. Expecting them to behave differently isn't likely going to bring about a change in them.


Yes, but it doesn't mean what you think.

Goodwill in that context is towards the company, an intangible asset comprising the value in its brand etc.


No, the companies are supposed to generate value for shareholders. They are supposed to have infinite financial growth and that is pretty much it.


That's how it is most of the time but I don't see how you can say it's "supposed to" be that way. It's pathological. Essentially it's a form of group sociopathy.


Most farms are also commercial and most of them still feed their cows and paint their barns even though in the very short abd short term it doesn't matter.

Edit: Same goes for basic politeness or being customer friendly. Can be very good for the stock price long term even if it doesn't matter in this quarters result.


Supposed as per economical theory/ideology, legal expectations and also per "what kind of CEO will get the job".

It is not like most of the time randomly. It is like that, because economic system is designed to work that way.


> It is like that, because economic system is designed to work that way.

"Designed" is probably putting it too strongly. But however you characterize the process that got it that way, people did it, and people can change it with enough effort. In fact it is constantly changing, and each of us can decide the direction we are going to push it, and how hard.

"And friends, they may thinks it's a movement." — Arlo Guthrie, Alice's Restaurant Massacree


There were economists articles literally claiming this is good and pushing for reforms to that effect. Neoliberslism is literally theory that claims the companies should seek profit and only profit and then everything else will be good.

They got their reforms, so yes it was designed.


You can certainly make the case that the proposed reforms were designed, but to claim that for the economy as a whole would require that all such proposals were adopted with no changes, and that no changes to the economy that weren't in those proposals happened.

The neoliberal faction certainly has had an outsized influence (funny how proposals that the 0.1% want done end up getting a lot of positive attention more often than not), but even so, the economy as a whole is the result of a lot of political compromise and dealmaking, not to mention undirected evolution.


That's a myth about legal expectations.

"every state has enacted a corporate statute giving managers explicit authority to donate corporate funds for charitable purposes"

https://digitalcommons.law.villanova.edu/cgi/viewcontent.cgi...


Being allowed to donate to charity does not make those managers responsible for anything else then profit.

(I am not necessary saying companies should run social support. I don't think so. But they are nor responsible for anything but the profit.)


well actually they ARE providing value for shareholders by using opensource products instead of wasting thousands of human hours for reinventing the wheel.


> Given this situation, why will they pay for what they can get for free?

See the article...


I was responding to the parent comment not the article. The article makes great point. It essentially talks about a services and support business around open source. Some have been doing this for decades.

When you have contracts and support at a cost you aren't doing the work for free. The article is talking about running open source like a business rather than a volunteer situation. That means, you're not doing everything for free.


> It essentially talks about a services and support business around open source.

Which is _exactly_ what we are doing...


This comment is pretty disingenuous. (I personally found it a bit obnoxious.)

The person you're responding to made it very clear that they were responding to your conclusion that "large SV companies and startup should also start agreeing to pay for open source, when it's the core of the tech". The fact that you have support and services available isn't a "gotcha!" that refutes the point they are making, which is that given that there is also a zero-cost "product" available, then (unsurprisingly) prospective customers prefer that one instead.


In strictly economic terms, it rarely makes sense for all but the largest users of some upstream project, putting that proposition squarely in tragedy-of-the-commons territory: it’s better to hope for others to support it.

That applies even to existing sponsorships, however. Their existence thus points at more than cold-blooded short-term business interests being at play here. While corporations are in theory seeking only shareholder value, corporations happen to be (made up of) people, who are capable of altruism, and should be encouraged to use it. Just because US capitalism has managed to build a not-entirely-failing system on unadulterated selfishness does not turn that mindset into a virtue, or even reality: as far as I can tell, the dominant reason for sponsorship is that some person with a bit of authority likes the idea.

They may consider it good for marketing, or recruitment, or to secure their supply chain, or just morally called for, or they want to be the fat cat at this years TINYTEC-CON. If you asked them, they’ll give you a reason that totally makes sense for a business and has little to do with reality. And, no, nobody ever got sued or fired for these decisions. So go ahead, do it! You got all the left-padding you needed, it’s right to pad their wallet in return.

(recycled from earlier comment on the topic)


Companies routinely make investments to guarantee their future revenue.

Sometimes they could keep hiring for cheap a provider for one of their core needs, but choose to pay much more to have an exclusive contract and guarantee the provider doesn’t get scooped or goes under.

There can be any rationale applied to paying more money than the minimum they could get away with.


Right. Mostly they wouldn't even pay employees if they could get away with it. We have to make laws about it.


like dual licensees?qt?


I mean just ordinary employees really wouldn't get paid at all if not for labor regulations.

Just look into the amount of simple "wage theft" (employers forcing employees to work off the clock, etc.) that exists in the USA.

Of course, this country fought a war over the issue of free labor from black slaves.


What you say is nonsense. Companies will try to pay as little as possible to make more profit. They won't pay you more than you can make them. Employees will try to get paid as much as possible. They won't work for something they can't live on.

All is good and dandy.

If employees are not getting paid, they'll go and do something else (like another job or growing food themselves) or steal and starve if there are no jobs or resources. They would never work for free because they can't live without eating.


> They would never work for free because they can't live without eating.

Except, slavery. Sure, the master pays as little as they can to keep the person alive, but staying alive is about the only good thing they get out of life.


> and I've gone through all the hoops to get paid (PO, billing, invoices, registering to large companies is a lot of paperwork, tbh, but well..) and we try and bill small to large companies that depends on those projects.

I see an opportunity to create a "create-a-company"-as-a-service, to help tons of other maintainers to do this with ease.


According to GP that's still the easier part. A more valuable service would be a "bill-a-company-for-your-open-source-work"-as-a-service.


Although being capable of sending a bill is part of the problem, I suspect a bigger problem is getting your bill in front of someone who has the budget, the mandate and the inclination to pay it.

A lot of companies have a lot more controls on purchasing than they do on employee salaries. So a manager who has ten $100k developers reporting to them might only have $10k they can spend at their own discretion.

And the unix philosophy of having many small tools and libraries means practically nobody is _just_ using one open source product. So even if you can get your bill to someone with a million dollars to spend, if they have to share it between 1000 open source projects it's not going to go very far.


Why not just have an intermediate company that handles the donation/support aspects? I mean, we already have Open Collective: https://opencollective.com/ and for other content creators the likes of Patreon also work out nicely.

Two examples, off the top of my head:

1) Here's how Open Collective looks, for jMonkeyEngine (a lovely Java game engine that's also a bit underfunded and underutilized): https://opencollective.com/jmonkeyengine

2) Also, here's the Patreon of Godot (a more hyped and better funded engine): https://www.patreon.com/godotengine

Why would large enterprises not just use a tool like that, if they already use the likes of AWS or other IaaS/PaaS/SaaS offerings?

But i definitely agree that a lot of open source is underfunded and as a consequence many can't work on it full time or even every day, because things are dire financially otherwise: https://staltz.com/software-below-the-poverty-line.html

Not everyone has cushy jobs that make them $100k a year, i make closer to $21k in Europe now, about which i wrote on my blog: https://blog.kronis.dev/articles/on-finances-and-savings

It feels to me that perhaps the solution here is to have something like a bot on GitHub/GitLab, that adds a comment to issues: "If you'd like to express to the maintainers how important this issue is and draw more attention to it, then submit a payment here: ... Payments so far: ... (possibly with messages by supporters)"

Most people don't care about Open Collective or GitHub Sponsors or whatever, they just want to make feature requests or bug reports. If their attention is captured and the ability to make their own request/report more visible is offered to them as a part of that process, maybe things would be a bit better? I've definitely heard the sentiment expressed that micropayments have the potential to improve how we interact with others on the web in some ways, i'm just not sure how viable that is.


Well not using Patreon or Open Collective is exactly what article also talks about.


This is also exactly what my problem is:

> But! Maintainers need to be legible to the big company department that approves and processes those invoices. Think about it: no company pays their law firm on Patreon. You'd be amazed how much harder it is to explain "what the fuck is an open collective?" for a $10k donation, compared to paying a $100k invoice to an LLC that filed a W-9 or W-8BEN and takes payment through ACH. The trick is that you can easily incorporate a pass-through US LLC and open a business account for it even if you're not a US citizen, it's not rocket science.

And yet, these companies basically pay monthly to AWS, which isn't all that different on a conceptual level. Needing a LLC just to receive donations of any sort is ridiculous, why can't these companies just be more humane, instead of drown the idea of doing anything good into needless bureaucracy?

It's like a scene out of Brazil: https://en.wikipedia.org/wiki/Brazil_(1985_film)

The mission of Open Collective is clear even on the main page: https://opencollective.com/


Why not change the license to a revenue share agreement with a cap on total amount of revenue?

For example, if a company uses ffmpeg on their products and product generates a yearly revenue of 1m then they will pay you 1k.

Current open source agreements do nothing to help smaller companies or the maintainers and honestly I find it stupid and destructive.

Charge larger companies more depending on their revenue and let small size companies with less revenue basically use it for free. Isn’t this more ethical than letting FAANG use these software for free?


I really don't understand this mentality. This is what we've all been fighting for since the 90s. A free (as in beer) and open stack of software that anyone can pull off the shelf and use.

So many commercial platforms rely not just on ffmpeg and vlc but also on nginx, php, python, nodejs, linux, mariadb, and everything else you can imagine. We also pay for some very niche things that are simply not available from the open source community.

If my company was liable to have to pay out for each one of these projects we would be bled dry and our business would no longer be profitable. A bunch of people would also lose their jobs in the process.

At my company we have revenue sharing so the idea of having to cut out a piece of the pie for an open source project would not be popular among staff. Most of them aren't even in tech.


"If my company was liable to have to pay out for each one of these projects we would be bled dry and our business would no longer be profitable. A bunch of people would also lose their jobs in the process. At my company we have revenue sharing so the idea of having to cut out a piece of the pie for an open source project would not be popular among staff. Most of them aren't even in tech."

As a small business owner I understand this perspective, but if you expand it out it becomes transparently exploitative. "If my company was liable to pay for employees' health insurance, we would be bled dry and our business would no longer be profitable." I pay 25-35% of my income every year via taxes, if I didn't have to do that my profit margins would increase. It's not hard to find someone who claims they're being "bled dry" by taxes. Egress and ingress bandwidth is expensive, imagine if you didn't have to pay for it? Companies like Walmart are able to offer low prices in part because taxpayers fund them by providing food stamps and welfare to their employees.

At the end of the day the stuff you rely on costs SOMEONE money, if you're not paying for it, someone else is paying for it with their time and possibly money. If you can't do business profitably after paying for the stuff you use, your business is already insolvent and someone else is funding it for you.


> If my company was liable to have to pay out for each one of these projects we would be bled dry and our business would no longer be profitable.

Unfortunately, building a business on a limited resource that is -currently- "free," is not a particularly wise decision.

VideoLAN and ffmpeg are amazing tools, but a lot of folks have made a lot of money on wrappers (some of which, are eye-wateringly expensive). I'd be unsurprised to find a number of license violations in some of these wrappers.

History is filled with examples of people making money on resources that are not sustainable. These folks make a lot of money, until they wipe out the resources.

OS is a limited resource.


If my company was liable to have to pay out for each one of these projects we would be bled dry and our business would no longer be profitable.

To put that another way, your profit is derived entirely from arbitraging the value of open source software for your customers. If you were actually paying what the software is worth to you there'd be no money left. Effectively, you are taking some of the value of the work done by open source developers and keeping it for yourself rather than passing it on (that's not a criticism btw, it's how practically every "supplying goods" type business works.)

That's very unfortunate. You're not really creating much value, so I imagine your business is too small for anyone to worry about. In the case of something like YouTube that clearly that isn't the case though; they create far more value from the open source software they use. YouTube absolutely could afford to pay a fair fee for what they use. If nothing else, it protects YouTube from a problem like the log4j issue this conversation has arisen from.


The math probably doesn't check out. Paying 0.1% (1e-3) revenue for a core business dependency is a no-brainer (if you have reasonable margins). When you go from dozen to hundreds, you will not only bleed dry, you will be paying more than a fair share of what is needed to sustain/develop the dependencies.

When your software is used by billions (1e9), a adequate/fair share may be around 0.00001% (1e-7) with huge variability, but try paying 2c for your favorite logging library, 3c for gcc, 1c for task manager, 0.1c for a tool you never heard of ...


It's not even shared infrastructure like roads, since software is durable and the cost of use (and copy) is zero. Free and open source software is like science and technology. Like the modern wheel, candle, and cooking.

Plus some folks are tweaking and fine tuning it from time to time to be compatible with road 5.2 and with axle 3.1 and so on.

GitLab uses a delayed release (open core). Paying customers get the features first and months/years later they get into the free tier.


Open source developers can still release things to everyone for free. Seems fair to say that companies derive value from open source in proportion to their scale. How about a $1m value generated threshold before it's considered impolite for a company to not at least give a little something back?


Ultimately these tools have already been released for free so asking for a rent seeking style payment after the fact is a little bit like sour grapes. What stops me from just forking the project? Really nothing. If anything open source maintainers that want to get paid should look into a model that mirrors the bug bounty programs. Have bounties for features. Generally these projects only really need security updates.


Is it "sour grapes" if I bring a big dish to a potluck to share and I get mildly irritated if someone walks over and takes the whole thing to their table, ensuring nobody else gets any of it? Is it fine if a crowd of strangers shows up to my potluck without bringing anything, takes all the food, and leaves? Should I be able to go to a food-bank-for-the-poor and walk out with a big crate full of food since it's free?

At some point you have to recognize that a lot of our society operates on the expectation that people will behave in accordance with norms so that we don't have to bake every single thing down into extreme rules and have them enforced by armed goons. You're certainly free to ignore norms and do whatever benefits you the most at expense of others, but if other people did that to you constantly you'd probably end up pretty grumpy. There are lots of ways you can inconvenience someone without breaking the law.

Personally, I gave away a very useful free software package for ~4 years that I maintained solo, and multiple corporations repackaged it to sell to people without ever contributing fixes. Then when I stopped maintaining it for free, they all sent me emails offering to sponsor it (at pathetic rates). Seems like my free labor was worth something after all!


It's not a potluck, though. There is no meritocracy, even if you believe there is one.

Instead you brought your big dish to a food stall on a street corner that has the sign "FREE FOOD" in large font. Folks of all backgrounds, shapes and sizes show up and soon your food is gone.

If after that, instead of feeling warm and fuzzy that you did the world a solid, you wonder if any of those patrons were wealthy and could afford to pay for what you gave away for free, then maybe next time you should put a price tag on it.


I mean it's true that once the code is published it's out there. So if you are only interested in the code up to a certain cutoff date I don't think you need to pay.

But that's not how people use them- people commit to a solution not only because it works today but also because they are likely going to keep using it for the foreseeable future. It's the maintenance that is the costly part. Maintaining a library is a lot more involved than producing it and then vanishing w/o a trace.

Ultimately somebody publishing and maintaining a good library is a positive externality for society. It's like giving kids a good education- it helps everyone. So big corporations relying upon open source w/o putting their money up to help allow the actual 'boots on the ground,' so to speak, get the job done, is kind of like getting a good free education as a kid, making a ton of money as a grownup, and refusing to pay teachers along the way.


What stops a company from forking and paying 200,000 a year for someone to maintain vs paying 20,000 back? Money.. cheaper to support than fork.


Most of the open source tools used could be forked and used as is with no need to change them for years. Sure you could say they need security updates but I could also just silo off that stuff from anything important.


In those cases they could take the tool as is and incorporate it into their workflow..make local changes or not.

The problem happens when you want to maintain your version with the current version (for security / features) or push those local changes to the project so you can stop maintaining. At that point you have to assign local resources or hope your patches are accepted which takes usually requires a relationship.


So your argument is that people shouldn't be paid for their labor because the companies profiting from that labor might not be able to profit?


The labor was already given away for free. Don't maintain open source projects if you don't like the license.


Perhaps the better way to get paid is to include a small and well-throttled cryptocurrency miner in the library you are open-sourcing, as a require-to-run part of the license.

No invoicing, no approvals, it runs, you get paid in fairly direct proportion to the actual run time. This might actually be a real use-case, not that I think about it (of course, then there will be a war to strip it out, violating the license, etc.)


It aint going to happen, have you read some of the contracts linked to opensource, it will be a minority who make money from it. For example, I could use opensource internally, add features to it but I dont have to submit those changes back to the main source for others to use. Not only that who is going to police it? Its not like there is some magic open source police who will police my computer is there?!? So sure whilst the statement is true that Open Source runs most of the internet, the companies using it like Facebook or Google are not under any legal obligation to submit any changes back to the public domain for the greater good under some of those contracts. Even MS has some API's which come very close to mirroring Open Source functionality which makes me question MS is this legal!

Open Source is just naïve charity, much like the UK Govt exploited the charity of the public by helping along a Weekly 8pm clap for NHS workers on a Thursday night during Covid Lockdowns. A weekly clap aint going to pay the bills and the rich will say anything to get out of handing over money. Hard lesson but its the truth, they would spend on PR Image control than pay bills IMO.

So sorry, Open Source is something people can practice on and not get paid for except in a consulting role at best.


> For example, I could use opensource internally, add features to it but I dont have to submit those changes back to the main source for others to use. Not only that who is going to police it? Its not like there is some magic open source police who will police my computer is there?!?

There is nothing to police. You making changes and not releasing them is perfectly within your rights. You can even distribute binaries with your changes legally.

> So sure whilst the statement is true that Open Source runs most of the internet, the companies using it like Facebook or Google are not under any legal obligation to submit any changes back to the public domain for the greater good under some of those contracts.

That depends. Both named companies have a global ban for anything using the AGPL license family. Except from that, you might be right that they aren't obligated to distribute their changes. You might find, however, that they do so anyways. It's much easier to merge your changes upstream than to maintain an internal fork indefinetly. And by merging the changes upstream everyone else profits.

You seem to have a very warped view of what open source software and free software is about, and what rights the users may have or not have.


My point is this, if the OSS remuneration situation were better would we have seen HeartBleed or other CVE's? There are a lot of falsehoods in the OSS domain, like its better for security. https://www.cvedetails.com/top-50-product-cvssscore-distribu...

Just looking at paid out Bug Bounties gives you an idea of how hard it is to get appropriate levels of remuneration as a vendors own bug bounty is outbid.

https://www.theregister.com/2016/08/11/exodus_intelligence_5...

So whilst the call to arms to get paid for OSS submissions is noble, its still a flawed business model for most "professional" maintainers. I know there is a culture at Uni's to maintain OSS but they dont have the experience which we see in the quality of the code output.


It is really not that hard with the right licensing.

Offer your FOSS project with the meanest anti-corporation license you can find (AGPL?) which is not going to bother your user base but it is going to be a major hurdle for any corporation and then offer the software with a corporate friendly license for 100.000 / year.

Wouldn't this work?


You run into problems when there are contributors other than yourself.


Could you elaborate?


Ffmpeg’s code is owned by hundreds of people, you’d have to get them all to agree to relicense.


Not if you only change the license of the encompassing project, and leave the license of the sub-projects intact. Corporations are too addicted to plug-and-play software to be switching away to those sub-projects; also they'd lose the benefit of the maintenance (you could choose a new license once you maintain parts of the code).


So it is possible just hard.


Some are dead, the copyright will have passed on in their wills to next of kin.


Change the license. Make it so that large companies have to pay, and small companies can still use it for free.


You're saying that they should make their software proprietary to solve the problem of FOSS maintenance. That's forgetting the implicit requirement that it should remain FOSS.


I don't believe there's any requirement that it should remain FOSS. In fact the situation provides a strong argument that FOSS is missing a key piece as it is currently conceived.


It's still FOSS, except if you are making millions using it and the entire issue becomes a luxury problem.

That's what FOSS should mean anyway. The old definition can be renamed into exploitationware.


> It's still FOSS, except if you are making millions using it and the entire issue becomes a luxury problem.

I guess we can discuss what should be, but AFAICT it's just not FOSS according to the OSI or the FSF.


You need a proper "asshole" in such organizations that will go and threaten complete lack of support if the bill isn't paid. Of course there is a lot more detail in such negotiations, but the fact is that he/she will be facing similar "assholes" from the side of the copros. The entire thing is essentially just a game of standard capitalism. You have to know how to play that game, though.

FFmpeg should be able to pull multiple $M per year easily from all the major corporations that use it. For comparison, $1M is the total yearly cost of ~3 average engineers at FAANGs. And most, if not all of them, use FFmpeg quite seriously.


> You need a proper "asshole" in such organizations that will go and threaten complete lack of support if the bill isn't paid.

That's the point, they don't pay, and they don't get support. But they still complain when there is a major CVE.

> For comparison, $1M is the total yearly cost of ~3 average engineers at FAANGs.

I wish we got that...


> That's the point, they don't pay, and they don't get support. But they still complain

You've put your finger on the core of the issue with FiloSottile's suggestion. The problem is that to sell something to a big corporation, you need to have something tangible you can sell. What you have are enormous pieces of widely used software, being given away for free. Many companies are going to take that and run with it, and forgo a support contract entirely. You may argue that they want support when there's an issue, but the truth is they're happy enough with the status quo and just complaining a lot.

In FiloSottile's model, a corporation needs to use your software for something specific, but also expects to need changes to it or prioritized issue support and approaches you; you send them an invoice with five zeroes on it as a bill for your services and they are heavily incentivized to pay for it.

Unfortunately that's not the reality for 99.9% of open source maintainers, a figure that includes most creators of popular software like VLC. I've personally contributed to a bunch of projects and maintain some of my own, but it's a hobby. As far as I know no corporations are even using any of them. Figuring out some software niche that no one yet has a product it, building it, and waiting for a corporation to swoop in and drop me a six figure yearly check cannot be a career strategy.


Would it be unethical to refuse to fix bugs reported by employees of large corporations, unless those corporations pay a support contract or contribute a patch themselves?


I mean, I’d eventually get around to them I guess? But on my schedule, not theirs.

If you want it fixed now submit a PR that I can accept. That’s what I do anyway.


It’s not unethical. In fact, why not!?

Sure, someone else may start a competing project…


No


1) Create a funding report newsletter for FFMPEG

2) When funding is low, big scary exclamation marks all over the place

3) Include a bulleted list of doomsday scenarios showing what could happen to YOU if a bug/vulnerability is found

4) Add a picture of a sad kitten or crying baby for good measure

Now just subscribe all of the non-tech business people at organizations that use FFMPEG, and wait for them to panic. (Make sure that they need to call you to unsubscribe from the newsletter, especially if they work at the New York Times)


> Now just subscribe all of the non-tech business people at organizations that use FFMPEG ...

Don't do that bit unless you're sure it's not illegal in your (and their) jurisdiction.

Spam being a thing, and there being laws against it.


Easy solution, update the FFMPEG license with something like:

> By using this software, you agree to subscribe to our monthly newsletter

(I was joking btw, in case that wasn't clear)


>Now just subscribe all of the non-tech business people at organizations

Ah, if only one could "just" get a mass of people's attention and send the message


Note "yearly cost". Between administrative and organizational overhead, taxes, benefits, etc, typically only 50% of that cost is actually taken home as employee-visible salary [1] (which the employee then pays income taxes on...). $175k is still a healthy salary especially when compared to other locales, but it's not the $333k that is easy to presume based on GP's comment.

[1]: From what I've seen this ~50% number seems to be pretty close to the mark across virtually all industries and jobs. I.e. it's pretty safe to assume that the total cost to your employer to retain you is around double your take home pay.


It doesn't seem like that 50% number would just keep scaling with salary. There is a cap on payroll tax [1], administration stuff around administering health, vacation, etc. doesn't change that much, office space.. maybe so with things like the Apple spaceship ($5 billion with capabilities for 12,000 employees; amortized over 25 years would be $16,000 per employee so I wouldn't think so).

[1] https://en.wikipedia.org/wiki/Payroll_tax#/media/File:Effect...


Do those specific managers and layers really complain about CVE? Afaik they don't care or know.


Thanks for sharing, Couldn't have asked for someone with better authority for an open-source project vital for both business and end-users; Payments from the latter can be excused as they're largely poor but we need better ways to make the greedy corporations pay.

Many open-source project maintainers wouldn't go to the length of setting up companies like you've done, The paper work and compliance don't cut slack for building an open-source product.

Perhaps there's a need-gap for services which maintain those for open-source projects and acts as a middle-men between the maintainers and the Account Payable of companies?


Would following an open core model work better, like it has for Hashicorp, Sidekiq, Tailwind, etc? Also, would focusing more on the low 4 figures result in more revenue? I feel the crowd sensitive to open source has that kind of spending authority, but once you get into the enterprise amounts, it's out of our reach to effect change.


At Enterprise levels there is no excuse to be using open source software and not paying some amount to get support. Boo!!! Booo!!! To anyone in an Enterprise that exploits FOSS without diverting funds to it. https://youtu.be/74GdZs2Ilk4


> Would following an open core model work better, like it has for Hashicorp, Sidekiq, Tailwind, etc?

Yes, I think this might be a better model, indeed.

But I did not start either of those projects, I came on board later; and those models are difficult to back-fit into an existing project.


I don't think it matters much that you didn't start the projects, you are the one who is responsible for them now. That is the part that counts.

If the project improves by making a difficult change then that is still your choice to make. Sure some people will complain, but there is always someone that complains when things change.


That could work if the cost per sale were sufficiently low. But unless companies set up some sort of low-overhead system for putting that kind of money into open-source projects, I can't see it working. From what I hear, most devs can't just say, "We use project X a lot, so I'm going to fill out their web form right now and expense a $1k annual donation."


Those projects aren't donation-based. They are open core (they have an upgraded version that builds upon the open source version, adding desired value that is worth paying for)


Throwing money at some outside parties will not ensure that your in-house developers aren't carelessly in including snippets of code from the wild into your product.


That's interesting hey. Just imagine though, how does a company define what is "the core of the tech" and imagine the arguments in meetings between legal and engineering defining those terms.

The way this industry has evolved is a complete dumpster fire, where the dudes that glue the pieces together are paid 10X the value the dudes that actually built the hard part!


What's the largest company that uses FFmpeg and has refused? What did they say?


> What's the largest company that uses FFmpeg and has refused? What did they say?

I won't give names, but some very large cloud providers and some very large chips vendors.


“Getting 30-50k$ from those companies for support for one year can be very challenging, long or leading to nowhere at all.”

Do you have reps that can wine and dine high level people? From my observation this is where the money is.


Wasn't there some YC company that was trying to act as a sales agent/middle-entity for this kind of situation? If not YC, they at least were on HN at one point.

Curious if anyone knows.


Not yc, but there is http://openteams.com/ by the founder of numpy. disclaimer, I invested in it out of a fund.


TideLift is the one I know of, I believe there have been others…



Out of curiosity - do you have actual sales person? Bc I think that maybe the problem…


Yeah my problem with Filippo’s perspective is companies aren’t delivering what they promise either.

It’s not as if altruistic motives, are what drives big corp.

Open source often originates in big corp; k8s, Rust, and all the ML … none of them are exactly wart free or blowing minds as promised. Just the next evolution of a big corp financed mess from the 90s.

The response to big corp complaints is they get what they pay for. And since austerity for the masses, all your agency are belong to us, fuck big corp




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: