Hacker News new | past | comments | ask | show | jobs | submit login
The gift of it's your problem now (apenwarr.ca)
756 points by Tomte 4 months ago | hide | past | favorite | 293 comments



This was a long, thoughtful read. I really enjoyed it and mostly see things as the author does.

> So it is with free software. You literally cannot pay for it. If you do, it becomes something else.

This is really the crux. Everyone is mad there’s no money in writing free/os software, but if there was money it wouldn’t be free/os software. It would just be like what we do at our day jobs.

You can write the code someone else wants and get paid for it (aka a day job). You also have the option to write the code YOU want to write, but in this case you’ll need to figure out a plan for making money on your own.


I think the "dream" of writing FOSS for a living is that it's like a normal job except for all the non-fun parts like mandatory HR meetings, boring standups, performance reviews, having to deal with customers/PMs/etc who don't understand the technical constraints, etc etc etc. It is just writing code you want to write with zero other obligations but somehow you get paid for it.

When it's written out like that I think most people would recognize why it is not very realistic to get paid for something like that, but it is still a very tempting vision.


It's perfectly reasonable to want to be paid when your work has positive externalities. It doesn't matter whether you liked doing the work.


It is a reasonable desire, but not one very likely to be fulfilled.

Let's say I pick up some trash at the local park. Plenty of positive externalities there.

But if I then send the community a bill afterwards, I don't think it will go over very well. Even if they all appreciate the effort they might object, on any number of grounds:

- There are other trash pickers who are more efficient and can be hired more cheaply.

- There are other higher priority projects to which those funds should be allocated.

- That the quality of the trash picking was not in line with the bill.

- And on and on.

If I want to get paid for picking up trash I'll have to work it out with the community before hand. And then there will be expectations, contracts, a supervisor, and all those things that come with jobs.


A few years ago my housemate found out I was cleaning up trash around town and replied (with some disgust, I might add), "But we pay people for that!", to which I replied, "You mean the town owes me money? ;)"


There is a lot to be said for the value society receives for paying a 10 cent bounty to pick up cans/bottles. How to implement a similar universal petty payment system for FOSS contributions is beyond me, but a minimal overhead method to funnel subsistence-level money to contributors feels like it would have net-positive societal benefits.


While not the reason for "Pfand" in Germany (originally it's to encourage reuse of bottles, now it's expanded to include recycling), this is a pretty good analogy. Including the points beyond which it fails: You get emptied trash cans because people tried to get at the Pfand... Which brings you back to the original point: People are far better at gaming a system than the system is at setting its rules


But if the community reacts like this then you didn't really solve a problem for them. At least they didn't see it this way.

Perhaps a more apt analogy: you invent a better water filtering system and provide it to the world for free.

The community immediately starts using it as the benefits are undeniable, but now the community needs someone to do maintenance on their new filter system and you are the only one with the required expertise.

Should they "sponsor" you or is it fair of them to expect you to provide them support for free?


I don't necessarily think it is fair, but my guess is that even in your example, the inventor is unlikely to get paid very much by the community unless they had a maintenance agreement worked out in advance. They might be able to get some funding through something like the Nobel prize or Gates foundation.

Like the author of the article, I've observed that if you give a gift, it's very hard to charge for it after it’s been accepted. Whether this is innate to human psychology or caused by social constructs, I don't know, but it basically feels like a law of the universe.


But if there was already an established budget and way to decide how much the trash collection ought to be compensated there's no good reason why you shouldn't be. There probably needs to be a set contract between the community and "whoever wants to pick trash" up front though.


Right, but that last part of your statement is the required piece that changes everything. An agreement in advance that when you do something you’re gonna get money for it.

“Positive externalities” are irrelevant.


And some sort of new tax on everyone who uses FOSS, of course. Budgets don't appear out of nowhere.


What an excellent answer.


I wish there was an open source fairy that put money in my bank account every time someone used my software! Until then, it's reasonable to want to be paid without having to deal with the attendant hassles and responsibilities of participating in a business venture, but not reasonable to expect that to happen.


Starting around the renaissance, we kind of had “open source fairies” in the form of research grants, professorships and other forms of patronage. If you look at 19th century scientists, it seems like most the famous ones weren’t paid to do specific research, but instead we’re given space to do whatever research they could.

This has gotten more and more restrictive: even in academia today, it seems rare for open ended grants to be given, and even when there are, there’s a lot more competition for those grants than we can sustain with current funding.

Open ended research doesn’t necessarily work in a pure market system. And most open ended research probably won’t provide any concrete monetary benefit to the person funding that research. Even Bell Labs wasn’t really self-funding despite having developed some of the underpinnings of our modern economy. This is an (if not totally compelling) argument for a basic income: anyone can focus on fundamental research without worrying about covering life’s fundamentals, so long as they’re OK living a bare bones life while they can’t get outside funding for it.


Edison (et al) especially early on, had to spend huge amounts of time raising capital. Our remembrance of history is often rosier than the reality.

Bell Labs in many ways was self funding, 80% of the research the labs did was unglamorous, and wasn't basic research, it was things to directly further the business of AT&T, the Labs did product development and software development directly for Western Electric, which is what the BOC's paid a license for back to the Labs for, and which funded the whole of the Labs operations.

The occasionally glamorous high profile basic research that the Labs did was something AT&T did partially as a public good, and to avoid antitrust scrutiny as well as to develop new foundational innovations for its primary business.

Unless you have a deep knowledge of AT&T's pre divestiture organizational structure, these facts are just not well or widely known.


The market can work, but I think we've been going through a particular centuries-long period where the capital-intensive projects are most celebrated since they bring together the best of industrialization. However, there are crowdfunding platforms of various kinds now that let you sustainably finance small projects or build a marketing story that can be taken to a larger investor. When you get some proof, the funding spigot can flood in rather suddenly.

I agree that open-ended research still isn't very rewarded since it goes too far from immediate wants. But I also suspect we are going to get a quality bump on "small stuff" in the coming decades, because so many of our technologies were rushed to market as soon as they were mature enough, and that was a causal factor in major quality issues like buggy/insecure software. Those issues are not cap-intensive to fix, and could subsist on crowdfunding solutions, but they need awareness.


I think that it’s less that people expect it to happen. But that it rudely points out the absurdism and structural inequality involved in building free software within capitalism.

Not just from the perspective of individual compensation but that billion dollar corporations can be completely exposed due to their reliance on people’s hobbies.


I agree, but there are two obstacles to actually getting paid:

- The amount you can be paid for any sort of work has a range. The ceiling of the range is the value you added, the floor of the range is how expensive it would be to get someone else to do it. Since in open source the competition costs zero, this sets a very low floor for how much you can charge.

- Wanting to be paid is indeed reasonable, but just wanting it is often not enough when it comes to companies. There will be contracts involved, minimum time commitments, purchasing processes if the company is big enough, etc. Navigating all that is what will turn open source back into a job, if you really make work of getting paid for it.


> Since in open source the competition costs zero, this sets a very low floor for how much you can charge.

The competition? Does that mean copying the same software without paying it is competing against paying for it? Like how movie piracy competes against DVDs, or not tipping competes against tipping?


I meant it more in the sense of "there are 5 different logging libraries for the language I use, will I use the one that charges money or one of the 4 that don't?".


> It doesn't matter whether you liked doing the work.

It matters hugely, a lot of the good FOSS is good because the people who wrote it were passionate about what they are doing. You cannot create this passion with money, which was one of the largest points the author is making.


Is being averse to having good things a prerequisite to passion?


I did not say that, I only said it matters that you like doing the work.

If anything, wanting good things and being dissatisfied with what you have is a pre-requisite to having the passion to creating something new. But none of what I am talking about are liquid, they are tangible - you can't have bad money, it's just money.


If you want to be paid for creating value, exchange value for money. If you want to change society, create value in exchange for conditions on its use and obligations of its users.


What does positive externalities have to do with it? The entire point of volunteer work is to do something with positive externalities where you don’t get paid.


Why should it be "volunteer work" though? It's question-begging.


Proper use of "begging the question"! I never expected to see it in the wild!


Are you asking why people volunteer?

If you’re asking why people choose an open source license when they expect to get paid instead, the answer is simple: they don’t understand open source.

This is no different than someone putting some literary work in the public domain and then getting mad when their work gets popular, criticized, all without pay.


No, I'm not asking why people volunteer.

I'm saying that you're _assuming_ that they are "volunteers" when that is precisely the question being asked.

Thus, "begging the question" -- begging means assuming. Begging us to take for granted an answer to the very question we are debating.

Probably there is a reason the phrase isn't found "in the wild"... people don't understand what it means.

> This is no different than someone putting some literary work in the public domain and then getting mad when their work gets popular, criticized, all without pay.

Federally-funded research is placed in the public domain. Emphasis on funded.

In the absence of funding, people may still perform. If they do, why wouldn't they be upset about the lack of funding?

(In fact, people can be, and are, upset about the lack of funding even if they don't perform. I am personally upset about the lack of funding for many works that are not my own.)

You seem to have a victim-blaming mentality. As if no complaint about the social environment or the treatment of the individual by society can be valid because "you should have known better." The mere fact that people can know about some aspect of society cannot ever justify that aspect of society.

And don't presume people didn't know. They probably knew. Either way, it doesn't invalidate the complaint which has to do with basic fairness considerations.


> I'm saying that you're _assuming_ that they are "volunteers" when that is precisely the question being asked.

It’s not being asked. The authors didn’t get confused and expect to be paid for their work. I don’t know of anyone in the open source community who expects payment for their work from the community. If you want to get paid by your users, open source is not for you. I say this as a long time open source contributor.

> Federally-funded research is placed in the public domain. Emphasis on funded.

Open source contributors get funded by corporations all of the time (see Red Hat, Canonical, Google, etc, etc). That’s not new or novel and is a well-known way to get paid to work on open source. That’s still not comparable to complaining that your users aren’t paying you.

> In the absence of funding, people may still perform. If they do, why wouldn't they be upset about the lack of funding?

Again, we’re not discussing lack of funding. Most of Linux contributions come from people who are paid by some party to work on Linux. The important point is that they aren’t trying to turn around and shakedown people who use it under the auspice of being open source.

> You seem to have a victim-blaming mentality.

No, a victim blaming mentality would imply I’m blaming the victim of something. Who is it you think is the victim here and what are they victim of?

> Either way, it doesn't invalidate the complaint which has to do with basic fairness considerations.

“Basic fairness considerations” is a weasel phrase. What exactly is it you think is unfair about people publishing open source work and it being used under that license?


What I'm saying is that you're merely taking for granted that society will not compensate free software so that it will have to be done by volunteers.

Yet the question under consideration is exactly whether this state of affairs is acceptable or not.


It is certainly reasonable to want that. It is unfortunately not reasonable to expect it. Sorry.

I hope you like what you're doing.


I want there to be world peace and all dogs to be happy and I think that is reasonable, but I also understand that it is not likely to happen. To be honest I feel that is pretty similar.

If someone wants to get paid for something, it needs to be explicitly charged for. Can always set up a patreon or something and only give it to backers or whatever. If they give something away for free I think it is a stretch to expect to be paid for it just because someone else finds it useful.


It’s also perfectly reasonable for people to not pay you if they don’t have to. Which is what happens 95% of the time.


would you like to live in a world where every behavior that could be construed as having benefits for you was expected to be compensated?


Sounds like you might like dath ilan.


I would :(


It reminds me of the joke "I thought I wanted to be a software developer but found out what what I really wanted was just a paycheck."

The essay is definitely resonates with me in so many ways, and the whole idea of foundations as a charity structure not a development/company structure was both new and quite profound. I expect charities that get "targeted" donations feel similarly about them as paying for free software. It is all about whose agency is it really?


To be fair you can greatly reduce the necessity of those other things you list if you take on a role of contributing to FOSS dependencies used by where you work. Because you can have a significant portion of your time devoted to that work & it won't involve those things. You also then gain a passive political advantage as feature requests to that dependency will fall under your responsibility as the contact point between the project & company

Note that I may be totally wrong, as I've never found myself in too bureaucratic a team, so have generally found myself able to do whatever I want (within reason ofc, but I try to be reasonable)


That model works OK for the music industry. If you write code and people go 'wow, super useful' you ought to be able to make something off it. I mean, it's not so hard to figure out if a free software product is widely used or not. A lot of problematic situations you outlined had to do with expectations of either payment or performance. But if there's hundreds of thousands of people using A Thing that sort of speaks for itself.


If you singlehandedly write TensorFlow, and I singlehandedly write a left-pad library which has more deployments, should I be paid more than you?


When I make a suggestion involving heavily qualified generalities, that's a signal that it's not offered as as a fully defined proposal ready for deployment. It's an invitation to explore the concept rather than just throw rocks at it. Of course I think a big project like TensorFlow or Pandas involves a lot more effort than some little helper function and should be rewarded proportionately, though not necessarily in purely linear fashion.


This. Money and accountability are directly related. So are accountability and processes/controls, the "boring" part.

I think the developer dream isn't really FOSS, but something along the lines of "very popular, stable API in an API marketplace made by a single person".


> "very popular, stable API in an API marketplace made by a single person".

Could you explain this a bit please? Or give a few examples? It's getting late here and I can't wrap my head around this. :) Thanks!


Imagine youre the first one to automate something many developers need, like converting IPs to locations or convert between two specific data formats. You can offer your API and make money from it. Check out this example:

https://rapidapi.com/spoonacular/api/recipe-food-nutrition/

There are many other APIs with freemium models at this API marketplace, and there are other marketplaces as well.


I work at AWS on opensearch.org, literally to do this as described.


I always wonder how much of the most popular open source projects are written by people who are actually being paid for the work by their employers

Many of my open source contributions came from fixing bugs or adding features because I needed them for my job. Many of the biggest open source projects I use come from big companies that have full-time engineers working on them.

I’ve also worked at two separate companies that have hired developers of very popular open-source projects. It didn’t work out in either case because the company wanted them to prioritize work related to the company, but they wanted to continue focusing on the community as before.

On a micro level, it’s surprisingly difficult to arrange to pay someone outside of a company to work on a project for you. The amount of overhead that goes into arranging the contracting agreement, communicating the issue, setting up the contractor with your environment, and managing it all can quickly snowball into a massive commitment for even small work. The exception is hiring contractors or contracting companies who have made a business out of working in that exact domain and are already up to speed on the project and have good relationships with upstream maintainers, but those are rare.


Conversely, on the receiving end, if you aren't somebody who's made a business out of being a contractor then taking some company's money to do a specific piece of work also seems like too much hassle and overhead to be worth it...


JM Keynes said: “A ‘sound’ banker, alas, is not one who sees danger and avoids it, but one who, when he is ruined, is ruined in a conventional and orthodox way along with his fellows, so that no one can really blame him.” and same applies to software managers.

We're had lots of nasty security breaches lately. These breaches overall have nothing directly to do with free software but it's pretty easy to see what they have in common.

Security breaches grow like hardy weeds on the ground of "I don't have to face the consequences of bad security, my customers do". The Solar Winds and Log4j breach/hole came from wildly different software types but each had the quality of paying for security at the rate that it might harm you, not at the rate it might do harm in general. And comes because security is inherently expensive - since "security is a process, not feature", done right costs the entire organization time and money rather than simply involving a purchase.

Which to say: "Everyone is mad there’s no money in writing free/os software, but if there was money it wouldn’t be free/os software. It would just be like what we do at our day jobs." seems totally incorrect.

QT makes money selling open source software. Red Hat makes money selling open source soft. If there was a market for tightly secure, verified open source software, people would be working writing (and especially testing) that. But companies whatever crap onto their machines, whether barely maintained java or dubious closed source stuff.


I see what you're saying, but just to be clear I'm using "free" here in the very idiosyncratic way the article does.

Things like Red Hat, GitLab, or MongoDB from a license perspective are free/open source. But these types of projects are a totally different beast than "real" (for lack of a better word) open source projects like the linux kernel, emacs, ruby on rails, or lucene.


1) Most people doing open source don't share the author's definition so this discussion winds-up not being about their

2) Tremendous effort and money goes into making the Linux Kernel secure. The fact that you fail to draw a good line between paid open source and "real" open open is indication that this idiosyncratic definition is fallacious and disingenuous.

3) Which brings me back to what I think the real, reasonable line is. The line is between cheap software, software that involves the minimal effort to squeeze out a feature and a full, carefully secured software process. Open source is virtually irrelevant. If some people didn't volunteer to produce free apps that got duplicated everywhere, you'd have a low-paid smuck doing somewhere, probably producing worse quality. Oppositely, highly secure software should be open source or source-available - the eyes the better. Linux, notably, benefits from many, many people testing it and that benefits the very heavy users of Linux who do employ people developing it.

good quality software where people pay for the quality.


I think your points are fine, just orthogonal to the article.


That is very much not true. I get paid to write free software. Linux, arguably the most successful piece of free software, is almost entirely written by people who are paid to do it.

You don't pay for the software, but that doesn't mean "there is no money" or that it is very different from "what we do at our day jobs".


I think the point is, like the gift analogy in the post, that once you're doing it for money it's no longer free.

Not free as in beer or free as in speech, but free as in choice (or free as in time). :D


Well that's not what FOSS software means, but even if you creatively change what it means to fit, that's still not true. I'm also paid to work on free software. I work on what I like and choose to at my job. That is why I chose to take a job where I am. If I didn't have a job I'd be doing this anyway as I was when I started getting into it as an unpaid hobby for several years. If my employer decided they wanted me to work on something I don't want to, I would choose to quit and look for something else.


That's not true. You are paid to do it, but it can very much be grabbed by anyone for free (as in free beer).


I think the question can be a little more subtle than that. I'm involved with an organization that does a lot of Free software. But sometimes money is involved.

For instance, we have collected some money and funneled it to developers to give them time to do what would otherwise either take many years of nights and weekends, or just be too hard to get done without time to focus on it alone. This software is still Free, though.


I think of platonic ideal FOSS as liberal art in the ancient definition: you do it because you can afford it.

Having said that, this does not imply FOSS developers shouldn't have the "product mindset". Quite the opposite, in fact.


> Having said that, this does not imply FOSS developers shouldn't have the "product mindset". Quite the opposite, in fact.

Disagree. FOSS developers should have whatever mindset they feel like having. Motivations run the entire gamut. Some FOSS developers really do want to build a polished "product" that others will want to buy (or whatever the non-paying equivalent might be). Others just want to scratch their itch and share what they've made. Telling either of those people (or any of the people in between) that they're "doing it wrong" is incorrect by definition.


> Everyone is mad there’s no money in writing free/os software, but if there was money it wouldn’t be free/os software.

This doesn't hold up for me. I develop GPL'd software and I get paid for it. I probably wouldn't develop this particular GPL'd software if I wasn't getting paid to do it. The issues of payment and license seem related, but orthogonal.


Right, so this is why the article tries to make the subtle distinction around "free" vs "open," not in the sense of the license, but in the spirit of the project.

Different licenses, but working at GitLab or working at GitHub probably feels pretty similar; you have a boss, there are probably sprints, you build features, fix bugs, and so on.

This is fundamentally different than working on a rust port of a GNU utility. This is the sense in which the article is using the word "free." This is idiosyncratic and doesn't align with its either of free's typical usages (free as in beer or free as in FOSS), but there really isn't a perfect word for what the article is talking about.


Self-directed programmers. Autonomous programming. Independent programming. Volunteer programming.


I think there's an important distinction, though. You're not getting paid for the GPL'd software as a product; some company is (presumably, apologies if I've mischaracterized your work) paying you to write some software that also happens to be released to the public under the terms of the GPL. Presumably this company would also pay you to build the same thing, in house, and not open-source it at all.

I read the "everyone is mad there's no money in writing free/os software" as meaning that people are upset that you can't really sell GPL'd software to other parties. Sure, you can dual-license, and require payment for the non-GPL version, but then it's not really "free/os software" anymore, at least not for the part you're getting paid for. You can also sell support and consulting services around the GPL'd software, but, again, that's not really getting paid for selling the software, at least not directly. And if you're writing software for a company that wants to use it directly, and decides to also GPL it, you're not really getting paid to sell GPL'd software, you're just getting paid to write it for someone else, and the license is incidental.

I agree that sometimes people's motivation for working on (or not working on) some piece of software can be tied both to the license it ends up getting released under, and whether or not they get paid for working on it. But I also agree that's orthogonal to the point being made.

It's still true that getting paid to write free software is harder than getting paid to write proprietary software. Companies that would pay you just to write some piece of software are more likely to keep the source closed than open it. If you write something yourself, selling it directly to others is hard enough if it's proprietary, but even more difficult if the code is available under a permissive license. Selling support or consulting services around the software might be viable sometimes, but can also be very difficult, and requires a different skill set from writing the software in the first place.


> I read the "everyone is mad there's no money in writing free/os software" as meaning that people are upset that you can't really sell GPL'd software to other parties.

Perhaps I'm being too literal/granular, but my point is that there definitely is money in writing open source software. There isn't (often) money in selling it once it's been written, no, but I find that to be a more ethical arrangement for everyone involved, so I think of it as a good thing. In my opinion it is better for people to be paid to do work, than for having done work.


I write code somebody else wants and get paid for it as my day job. It happens to be open source. Some people write the code they want to write, but keep it closed-source. So I don't think your contrast quite works.

I think some of the "no money in open source software" unease isn't because people would like to get paid to write whatever code they feel like, but a desire to retain the benefits of having a massive amount of open source code out there (less reinvention of the wheel by multiple companies, low-cost low-friction way to bootstrap whatever actually interesting/novel software your company is doing, etc) but put it on a more sustainable footing where money is directed reliably enough at the people keeping it together that we can avoid the xkcd "one person in Nebraska" failure mode.


IMHO the underlying problem is value based pricing. Roughly that means you take how much money your software generates for your clients and try to capture as much of that as you can. That leads to huge incentive for companies to not depend on commercial software since as soon as that happens the vendor will take them to pound town in contract negotiations.

That fear makes it nearly impossible for something like Log4J to charge anything. Even if it's a penny per year per server you don't want to build on it because they can come back next year and make it $10 a year. And what are you going to do about it?

FOSS removes that threat but it also makes the path of least resistance to not pay anything. The ideal solution is something like "You have to pay a little bit but it's guaranteed that it will never be more than a little bit". But I don't see how to do something like that.


> That fear makes it nearly impossible for something like Log4J to charge anything. Even if it's a penny per year per server you don't want to build on it because they can come back next year and make it $10 a year.

I see it more as a function of scarcity. If it was really difficult to write a logging framework, and no one wanted to do it without getting paid for use, then anyone writing a logging framework would release it under a license that requires they get paid for use. But if there is just one logging framework that exists that meets people's needs and is free (as in beer), then you end up with the situation you describe. Then all the other logging frameworks either need to find some sort of big differentiator that is hard to duplicate and that people will pay for, or they just stop charging.

And since we're talking about a logging framework, something that isn't very hard to build yourself if you confine yourself to the likely very small number of features you need... sure, no, of course the idea of paying for one is just silly.


FOSS eliminates more uncertainty than price “supply” uncertainty. Since it’s free, you don’t have to know the “demand” value it provides to make a good purchase. Furthermore, you can always add features you need.

All of this uncertainty is easy to deal with if you have a nice API. Swapping out databases, for example, is (in theory) near-zero cost. If the database vendor tells you they are charging more, it’s somewhat simple to switch (unlike, say, ad-hoc logging).


It is, isn’t it. The article talks about “open source is communism” but not authoritarianism, real communism. Which made me daydream about if the various licenses for FOSS required profit making companies to pay 100$ per year for all you can eat FOSS. And then it got distributed on some usage based basis. Would things be better? Not practical though.


Seems practical enough to me, but our government/society wouldn't go for it.


One of the problems is that if your target market is other devs, there is a knee jerk demand that your software should be foss and free (as in beer).

I hope that we'll see a move away from foss licensing to source available licenses over the next few years and an increased acceptance of this model in more areas.

Dropping the non discrimination clauses in open source licenses while giving licensees the right to view and modify the source and integrate it with their own software, but not the right to redistribute, is to me a good middle ground for a lot of projects. This would allow developers to charge different rates (or not charge) depending on the licensee and ensure that they can capture more of the value from their work if they need to do so in the future, or if their project becomes popular. It works for Epic with Unreal Engine and more generally in the game industry where it is common to have source available licenses.

While free software has its place in certain areas (academia, government, hobby projects), and I agree you should be able to audit and fix the software that runs on your own devices, it also has downsides and I don't think foss licensing should always, or even usually, be the default outside of these cases.


"...giving licensees the right to view and modify the source and integrate it with their own software, but not the right to redistribute, is to me a good middle ground for a lot of projects."

Licensees have that right with (most) free software licenses.

The downside of this is that, if the owner, Epic say, is not interested in changes you need, then you cannot distribute those changes no matter how valuable they are to you or anyone else. Further, you will have to maintain those changes in the face of whatever architectural differences the owner decides to introduce.[1] You are in the same position as the good old days of proprietary software (Believe me, you could absolutely pay IBM to make changes its OS's. If you were, say, Ford.) except that you get to see the source. Yay.

[1] Yes, you should be expected to maintain your own changes if the original maintainers don't want to. However, that's significantly more difficult if the owner is uninterested in your features or is actively trying to break you. (Microsoft waves in the distance.)


> One of the problems is that if your target market is other devs, there is a knee jerk demand that your software should be foss and free (as in beer).

The problem with source-available COSS licenses like SSPLv1, BSLv1, Perimeter etc is that, it almost to the point of insulting developers who care about FOSS, wants to have its cake and eat it too: That is, the benefits of both, open and proprietary software. That's a hard sell, and it remains to be seen if they'd be as successful as FOSS for developer tools: http://dtrace.org/blogs/bmc/2018/12/14/open-source-confronts... and https://steveklabnik.com/writing/the-culture-war-at-the-hear...

Another popular strategy is to open source just enough bits, but not all of it: Previously named "open-core", pioneered by Elastic (who have since moved to SSPLv1) and GitLab, but is now accepted as open-source, anyway. Tailscale falls in this category. https://www.heavybit.com/library/video/commercial-open-sourc...

> I hope that we'll see a move away from foss licensing to source available licenses over the next few years and an increased acceptance of this model in more areas.

Nouveau open source strategy is to have a strangle hold on the software itself (think Chrome / Android) by keeping the development tightly guarded along with the business interests of the original sponsor. Typically, these projects are open sourced to commodotise competitor's advantages (Symbian/Blackberry in the case of Android, IE in the case of Chrome): https://www.joelonsoftware.com/2002/06/12/strategy-letter-v/

The traditional way of being in a F/OSS business was through associate services like deployments and consulting ala RedHat for Linux / Acquia for Drupal: http://dtrace.org/blogs/bmc/2004/08/28/the-economics-of-soft...

Open source, in particular FOSS (free-as-in-beer), in itself is a business strategy (but not a business model) if one knows how to use it to their advantage (as the author points out, many startups doing so these days): https://a16z.com/2019/01/22/what-comes-after-open-source/


Most money made by open source developers comes in the form of donations. Those have no obligation attached by definition.

If a developer doesn't do what the community wants, the donations could stop coming. Or not. If they don't do want an employer wants, the paychecks will definitely stop coming.


> You literally cannot pay for it

Sure you can. You can hire someone to fix it to your liking.

As an example, I'm pretty sure that's RedHat's M.O. Pay them to fix whatever you want them to fix.


If you want to make money off your library it kind of has to be complicated. Something that could be written in 500 lines should clock in at around 10k. And create a slick needlessly complicated marketing + docs site that conveniently glosses over the ugly warts of the library. Make sure to support react native, it's something very few will care about but adds to the perceived impenetrable fortress of pristine functionality. Make sure to tell your readers-- Don't roll _this_ at home!


In an ideal socialist economy, I could imagine engineers being sponsored by the state to work on FOSS, similarly to what happened in USSR with the Artists' union or in Tito's Yugoslavia.


> I read a book once which argued that the problem with modern political discourse is it pits the "I don't want things taken from me" (liberty!) people against the "XYZ is a human right" (entitlement!) people. And that a better way to frame the cultural argument is "XYZ is my responsibility to society."

I don’t know if it’s the book he’s talking about, but Simone Weil makes this argument in the beginning of The Need for Roots[+]—that the correct way to think about our relationship to society isn’t “rights” (someone else’s problem) but obligations (our problem).

[+] https://antilogicalism.com/wp-content/uploads/2019/04/need-r...


I don't recall which of Simone Weil's works this is from, but in terms of suggesting the ineffectiveness of rights, she presented this dialog of one person pleading with a much more powerful one:

Pleading: But sir, you must respect my rights.

Reply: I do not see the necessity of that.


There aren't any fundamental rights which require someone else to provide them to you. For example, your right to free speech does not oblige others to provide a platform for you.

Now, "rights" can be created by law, but those are a different meaning of the word. A more apt word would be one of "privilege", "license", "obligation" or "power".

For example, it is often said that the President has the right to veto legislation. No, he doesn't. He has the power to veto legislation.

The words right, privilege, license, obligation, and power are probably the most misused words in the English language.


What Ive noticed on this topic as a staunch proponent of individual rights from their enlightenment and renaissance roots is that far too many people pontificating on this subject don't even know the difference between a negative right and a positive right, nor do they understand the perils and antithetical nature of collective rights.


The right to be ignorant is a negative right - which might be why it is so well spread and used :)


> There aren't any fundamental rights which require someone else to provide them to you.

But don’t all of the fundamental rights require someone else to protect them for you? Otherwise they aren’t rights, they are just observations of the state of the world.

In the end, what is the difference between protecting a right and defending a right? They both require action and resources, and are both an obligation.


Good question.

We empower the government to guarantee our rights.

They are rights whether the government exists or not, and whether the government enforces peoples' rights or not.

For example, slavery violates peoples' fundamental right to liberty, whether the government legalizes slavery or not. Rights do not flow from government action. Rights are a fundamental consequence of human nature.


> Rights are a fundamental consequence of human nature.

What does that mean? If someone stronger forces you to do work for them and beats you if you refuse, that seems like a “fundamental consequence of human nature” a lot more than saying that they shouldn’t.

To me, the “natural state” is for that you can do whatever you can get away with. Any limitation we place on that is our attempt to impose our conception of humanity on nature.

To put it another way, what about the state of nature would imply that we have ANY of the fundamental rights people speak of as being such? The natural rights I see are what animals have; the right to try to survive as best you can, by doing whatever you can.

Now, I am in no way arguing for anarchy or anything, just that there is nothing ‘natural’ about our concepts of rights.


As soon as people get together, they tend to form rules, a leader, and a means for dealing with someone who breaks those rules.

How we find out what the rules should be is by observation of the results. A very large number of societies have been created, with every set of rules imaginable, multiple times.

By correlating rules with success or failure of the societies, we can begin to tease out what the best set of rules are. Clearly, some sets of rules work a lot better than others.

The best outcomes come from rules that guarantee a set of rights, best excemplified by the Declaration of Independence, the inalienable rights to life, liberty, and the pursuit of happiness, and later by the Bill of Rights.

Some rules work out very badly, like Marxism. No amount of wishing Marxism would work made it work, and no amount of coercion made it work, either.

This strongly implies that rights are natural, innate characteristics of being human.


> By correlating rules with success or failure of the societies, we can begin to tease out what the best set of rules are

This is not how we decide what should be considered fundamental human rights. Plenty of rules work out fine (i.e. effectively maintain social order and persist for long stretches of time) for “society” while being disastrous for the disempowered living under them.

> best outcomes come from rules that guarantee a set of rights, best excemplified by the Declaration of Independence

This is entirely circular reasoning. You have pre-determined that outcomes similar to your personal experience should be considered “good”, and then are declaring your society to be best because it led to your experience as an outcome. But you have neither clearly articulated what you mean by “best outcomes”, nor considered the outcomes for the less fortunate in your society. The argument more or less boils down to “Life worked out for me personally, and if it didn’t work out for you in my society, tough luck. If it didn’t work out for you in a different society, well mine is better.”

For example, I might for the sake of argument point out that Cuba clearly provides dramatically better healthcare and education outcomes than America (an astounding accomplishment considering its limited resources), and therefore conclude that Cuban society must be better structured and do a better job guaranteeing basic rights than American society.


> I might for the sake of argument point out that Cuba clearly provides dramatically better healthcare and education outcomes than America

How many Cubans want to leave and come to America? How many Americans want to live in Cuba? Venezuela? N. Korea?

Therein lies the answer to your argument.

It's interesting you chose to compare health care and education. Public education in the US is a gigantic socialist system. So is health care. You're not comparing a socialist system with a market based system. You're comparing a socialist system with a socialist system - which says nothing about what market system could do.

And lastly, who collects those astounding statistics on Cuba? The Soviet Union was famous for celebrating astounding statistics on food production, while the people starved. Why should we believe statistics collected by another communist, totalitarian outfit?


> Therein lies the answer to your argument.

Their argument wasn't the specifics of the hypothetical. You're actually supposed to believe that Cuba isn't unilaterally better than America for the example to work.

You're in the middle of a discussion about Rights, why would you think this is suddenly a debate about Cuba?


> why would you think this is suddenly a debate about Cuba?

You should ask the person I replied to, as he brought up Cuba.


As a rhetorical example, not an invitation to debate the finer points of Cuban policy.


You've missed the point: that your argument depends on ends - a metric - which you've arbitrarily selected.


> By correlating rules with success or failure of the societies, we can begin to tease out what the best set of rules are. Clearly, some sets of rules work a lot better than others.

How do you measure success or failure? Whoever lasts the longest is the most successful? Because by that measure, the longest lived societies were empires ruled by monarchs.. they did not guarantee rights.


> How do you measure success or failure?

A great question!

Here's one way. Does a country build walls to keep people in, or keep people out?

How about that terrible video of people clinging to a jet leaving Afghanistan and falling off of it to their deaths? Were they fleeing a Taliban golden age in Afghanistan?

I personally know several people who fled the USSR. Ask them about the golden age they risked their lives to leave.


> Here's one way. Does a country build walls to keep people in, or keep people out?

Ok, so this basically amounts to using average life satisfaction as your measurement for success of a country. You could easily use any other measure, though, if you have a different goal... for example, my first thought was that "continued existence" was the measure of success, and whichever nation lasted the longest would be considered the most successful (a sort of Darwinian measure)...

Look, I personally agree with your measure of success. I am a child of the enlightenment, and I do believe that state authority rests with the will of the people. However, that is not an a priori fact... not everyone agrees with that as the criteria you judge a civilization, and it is not some natural fact that everyone is equal and deserves liberty, etc. Natural law is "whoever survives survives".


> Here's one way. Does a country build walls to keep people in, or keep people out?

Can you make this into an actual measurable statistic or does this require us to just guess at the motivations of wall builders?


I'm wondering what you think the purpose of the wall along the Rio Grande is for. It was in all the papers for the last 6 years.

Or why the Soviet Union built a wall across Europe.


So, nothing quantifiable?

I guess the if we ask the people who built those walls they'll give us whatever answers they think are convenient for their propaganda purposes in the moment.


If human rights are fundamental consequences of human nature, is there some way to list them?

It seems to me the whole notion is a valuable but entirely human construction, ripe for debate about what counts and what does not.


> is there some way to list them?

Over time, by observation, we discover what they are.

For example, do you have a right to not be a slave? If so, why do you think you have that right?

Do you have a right to not have someone clonk you on the head with a pipe and steal your wallet? If so, why do you think you have that right?


I think it's important to note that these rights are there regardless of who you are or what you have done. And that differs from "natural" human tendencies to strip wrongdoers of their rights. We have collectively agreed that a wrongdoer can have some rights revoked (prison) and yet continue to preserve more fundamental rights. Yet many people today still feel that someone that commits a terrible crime should be stripped of all their rights, including in some cases their most fundamental right to be alive.


Yes, at least in the US I have both of those rights, but neither is a "fundamental consequences of human nature".

I have the right to not be enslaved because the government and broadly society deems that valid. But that's a consequence of government force preventing people from enslaving others. Without government intervention, slavery emerges. It even still happens today, in the US in particular cases (prison, as one legal example). I don't see how something can be considered a fundamental consequence of our nature if, when left without supervision, it disappears.

I don't think that you can provide a clear list of such "natural" rights. If "liberty" is one, why isn't "health"? Improving my health improves my liberty, but (in the US) we don't culturally consider healthcare a "right", although it is considered such in some other countries.


> I have the right to not be enslaved because the government and broadly society deems that valid. But that's a consequence of government force preventing people from enslaving others. Without government intervention, slavery emerges.

That's one way of looking at it. Another is that you do have the right not to be enslaved, just by dint of being a human being, but that sometimes, someplace, because there are no laws or government to enforce your right, you might be enslaved anyway.

In this second perspective, you have the right not to be enslaved even if you happen to actually be a slave; it's just that your right is being violated.

That is, I think, what is meant by a "natural" -- or, if you are American, in a perhaps more familiar term, "inalienable" -- human right. You always have it; it cannot be taken away (or "alienated") from you.

Yeah, I'm also a bit confused as to why the "Founding Fathers" left out healthcare. But maybe they didn't -- I mean, can you really be "happy" if you're ill...? So maybe they meant for it to be included under "the pursuit of happiness". (Hey, in their day medicine was less advanced -- you couldn't be as almost-certain of a beneficial result from medical care as we can today, so that, too, was more of just a "pursuit".)


I fully accept the idea that rights may be natural, and slavery violates an inherent natural right.

But then how do we decide which rights those are? GGP suggested we do so by analyzing society, but that fails when rights are being violated, so...


A: By navel-gazing.

I jest, but not completely: It'll probably have to be by philosophical introspection. You'll have to look at society -- societies, all over the world and throughout history -- and decide for yourself which of their traits are expressions and which violations of human rights. Figuring out from that which of those rights are "natural" and which not is... Not easy, so I'll leave it as an exercise for the reader.


> Without government intervention, slavery emerges

A closer examination of history shows that slavery tends to fail when in competition with free labor. The emergence of free labor destroyed slavery the world over. The Civil War was the last gasp of slavery in the US attempting to protect itself from free labor. Slavery had already died out in the northern colonies due to it being uneconomic.

Free labor caused the collapse of the USSR. Free labor destroyed Nazi Europe.

> we don't culturally consider healthcare a "right"

Sure we do. >50% of health care in the US is provided by the government, and the rest is heavily controlled by the government. Emergency rooms are required to treat people who cannot pay for free.

The government has so thoroughly regulated, overseen, subsidized, distorted, etc., every aspect of health care, that in no way can it be described as free market.

Let's try something that is free market - the software business. Software in the US is completely unregulated. What's the result? Incredible progress, world leadership, and plenty of very high quality FREE software.

It's amazing, unpredicted, and unbelievable. But it's true.


"A closer examination of history shows that slavery tends to fail when in competition with free labor"

"Free labor destroyed Nazi Europe."

I cannot even comprehend what this means - how were slaves a major part of Nazi war effort or economy?

In your mind, did they loose a trade war and the 100+ million dead soldiers were a side show?


> how were slaves a major part of Nazi war effort or economy?

The Nazis employed slave labor on a massive scale. Their slaves were Jewish prisoners, political prisoners, and POWs.

The US free labor produced plenty of war material for two major wars, and enough left over to supply Britain and the Soviet Union. US troops were well fed, with plenty of gas, bullets, airplanes, ships, aircraft carriers, medical supplies, trucks, everything, and also managed to ship it all to the war zones.

The Nazis and the Japanese never had a chance once the US got going. They had critical shortages of everything.

For example, what did the Nazis do when the battleship Bismarck was sunk? Game over for the Kriegsmarine except for the U-boots. What did the US do when the Japanese wrecked the US aircraft carriers? Built lots more! What did the Japanese do when their carriers were sunk? Game over for naval aviation.

Also, the Wehrmacht in WW2 was still very much a horse driven army. The German propaganda newsreels, shown endlessly in WW2 documentaries, avoided showing the horses and loved showing the mechanized troops. I don't think the US used any horses at all.

Free labor also sunk the Confederacy. The Confederacy was never able to properly supply their troops with guns, cannons, powder, food, uniforms, or even shoes. They were largely barefoot.


> The US free labor produced plenty of war material for two major wars, and enough left over to supply Britain and the Soviet Union. US troops were well fed, with plenty of gas, bullets, airplanes, ships, aircraft carriers, medical supplies, trucks, everything, and also managed to ship it all to the war zones.

A more realistic explanation of course is that the Allied powers had around 3x the population of the Axis, and that America's production infrastructure was never negatively impacted, while German and Japanese infrastructure was routinely bombed.

The UK, for example, despite not using slave labor, wouldn't have been able to win the war without US assistance, and you failed to mention the USSR at all, which beat Germany just as much as the US did, but doesn't fit the market based and slave labor free image you're trying to project.

The better explanation is that when you are already losing a war you need to eek out more production from what you have, and you're willing to sacrifice long-term things for it. Slave labor, in the short term is more efficient for some things, especially when you need the people who would normally be working in the free market to be elsewhere manning the guns. Employing slave labor didn't cause the nazis to lose WWII, at best it was coincidental, and at worst it was a response to the fact that they were already losing.


The Soviet Union was heavily supplied by the US.

The German and Japanese homelands were not bombed until they were already losing the war.

The Nazi prosperity before WW2 was fairly limited, as the Nazis couldn't resist endless meddling with it. The suppression of the Jews surely must have had bad consequences for the economy, though I know of nobody who has attempted an accounting of it. The living standard did not approach that of the US.

> manning the guns

Don't forget that the US pressed into military service all the fit men 18-36. Didn't resort to slave labor.

(Footnote: FDR proposed forced labor in his 1945 State of the Union Address. Don't believe me? Look it up! Fortunately, that went nowhere.)


>Don't forget that the US pressed into military service all the fit men 18-36. Didn't resort to slave labor.

The irony here being, of course, that while the US courts ultimately disagreed, forcing people to join the military is arguably itself a form of slave labor. It is certainly a form of involuntary servitude.

> The German and Japanese homelands were not bombed until they were already losing the war.

The Allies had begun bombing Berlin before the US entered the war. So if your contention here was that the Nazis were losing from day one, sure. Otherwise you're not correct.

> The Nazi prosperity before WW2 was fairly limited

The German prosperity before the Nazis took power was fairly limited. That was in fact one of the primary reasons the Nazis took power in the first place.


> forcing people to join the military is arguably itself a form of slave labor

Indeed it is. But the soldiers were taken out of production in the economy, which is the point I was responding to.

> The Allies had begun bombing Berlin before the US entered the war.

Yes, the British bombed Berlin early in the war as a propaganda stunt. The US Doolittle raid on Japan was also for propaganda. They were ineffectual from a military perspective. It doesn't alter my point at all.

> The German prosperity before the Nazis took power was fairly limited. That was in fact one of the primary reasons the Nazis took power in the first place.

We both know that. The Nazis were in power from 1933-1939. There wasn't much prosperity.


> Indeed it is. But the soldiers were taken out of production in the economy, which is the point I was responding to.

Right, but the allies had more people, so there's nothing relevant about slave labor. Like I said: slave labor is a tool of last resort, when the market fails. The US had to use that tool to get enough labor in the fighting force, but still had enough humans that market systems (and propaganda) worked in the economy.

> We both know that. The Nazis were in power from 1933-1939. There wasn't much prosperity.

Then I have no clue what your point is. My point was, and continues to be, that Nazi use of slave labor was a consequence of the already relatively weaker economy. You seem to be arguing that slave labor caused the weak economy. My point is that it started weaker and remained weaker, and to try and keep up, they had to force more people to do things.


Help me understand your train of thought, so if there Nazis had 'free labor' they would never have shortages of oil and natural rubber? Would it just magically appear? And without the shortages they would have won the war, right?

That must be the point you are making, because if they would have lost anyway then your argument makes no sense?

And what about USSR, their 'free but not free' labor caused them to win and loose simultaneously?


If the Nazis had free labor, they would have done better, but they still would have lost because the US was bigger.

The USSR likely would not have prevailed against the Nazis if the US didn't supply them. Or at least it would have been far more difficult for them.

Synthetic rubber - "Production of synthetic rubber in the United States expanded greatly during World War II since the Axis powers controlled nearly all the world's limited supplies of natural rubber by mid-1942"

https://en.wikipedia.org/wiki/Synthetic_rubber#World_War_II

Synthetic fuel - "During World War II (1939-1945), Germany used synthetic-oil manufacturing (German: Kohleverflüssigung) to produce substitute (Ersatz) oil products by using the Bergius process (from coal), the Fischer–Tropsch process (water gas), and other methods (Zeitz used the TTH and MTH processes)."

https://en.wikipedia.org/wiki/Synthetic_fuel#History

The V2's were fueled by alcohol from potatoes.


Your arguments really sound like “just-so stories” (https://en.wikipedia.org/wiki/Just-so_story)

You are picking examples that fit your idea of what natural rights should be, and are ignoring the countless counter examples. If a free society is fundamentally better, why is China so successful? Countless empires have been built on 5e backs of slaves, conquered people, and oppression. Yes, most eventually collapsed, but so have all democracies except the ones that are currently around… and there is no reason to believe the ones around are the “end state” of the evolution and not just a snapshot of civilizations that will eventually collapse like all those that came before. Democracies have fallen, to be replaced by dictatorships… dictatorships still exist, and many are successful members of the international community… Saudi Arabia is a strong ally of the US, and doesn’t seem close to collapse.


The rise in the standard of living in China is directly correlated with their adoption of a free market and dispensing with collectivism.

> Saudi Arabia is a strong ally of the US, and doesn’t seem close to collapse.

Why not tour Saudi Arabia and come back with a report about how people there live?


I wasn't making any claim about the lives of people in Saudi Arabia... my only claim is that it is an absolute monarchy, it is still around and not close to collapse, and is an ally of the US. All of those things are objectively true. It isn't only democratic countries that have survived.


I didn't make an argument about longevity.


>Software in the US is completely unregulated.

Banks, the healthcare industry, the aviation industry and NASA would like a word with you, as well as US import and export control regulators.

Not all software in the US is the vomiting of code cowboys into NPM and Github, by a long shot.

>Incredible progress, world leadership, and plenty of very high quality FREE software.

Sorry, what potentially world-crippling bug are we on this week, I've lost count. Or was it a million dollar company that got hacked and exposed PII because their database layer was written by an intern using open source code written by a high-schooler who thinks writing SQL statements with printf is elegant?

No... the unregulated wild west of software is turning out to be a nightmare. The regulated part, at least, holds bad actors accountable and doesn't depend on "all eyes making bugs shallow" and just hope quality emerges from the aether.


If I sell medical software, yes, it would have to pass the FDA. Same for software going into aviation systems (the FAA). Same for NASA.

> Not all

Not a single byte of software on any of my computers now or since the 1970s have been regulated at all.

> the unregulated wild west of software is turning out to be a nightmare

How much have you paid for the software you're using right now? How much have you paid to use HackerNews? You're free to go use software written in the 80s, 90s, 00s, etc., if you like. I bet you aren't.

Software these days is far less buggy than it used to be. It may appear more buggy to you, but that is the result of a large increase in the number and efforts of sophisticated (and well-funded) engineers attempting to subvert it.


You didn't use strong encryption that was not allowed to be shared outside the US? I remember early versions of software (PGP, I think?) in the 90s had some warnings to this effect.


> A closer examination of history shows that slavery tends to fail when in competition with free labor. The emergence of free labor destroyed slavery the world over. The Civil War was the last gasp of slavery in the US attempting to protect itself from free labor. Slavery had already died out in the northern colonies due to it being uneconomic.

I don't mean as an economic system. Chattel slavery is one particular example of macro-scale slavery, but macro-scale slavery isn't what I was referring to.

Put another way, our markets are not perfectly efficient, and there exists enough slack to allow niches where inefficient cruelty can exist. Even though slavery was inefficient and had died out in the north, the South did all it could to keep it around. It still took a laws and war to get rid of it. If the government stopped enforcing all laws today, how long would it take for some people to be kidnapped and enslaved? A week?

> The government has so thoroughly regulated, overseen, subsidized, distorted, etc., every aspect of health care, that in no way can it be described as free market.

Something being not a free market doesn't make it a right, nor does the government providing it as a service to some people. You might be able to get away with the argument that emergency medical care is considered a right in the US, but emergency medical care is only a small part of healthcare.


Take a look at what goes on in the healthcare system. It's all the result of unintended side effects of well-intentioned regulation.

For another example, the AMA deliberately restricts the number of seats in medical universities. They are empowered to by law. This keeps the number of doctors down, and increases their pay.


This has nothing to do with whether or not something is a "right".

I'll remind you, the initial statement you made was "Rights are a fundamental consequence of human nature.", but you're now saying somewhat ahistorical things about slave labor and market economies. Even if what you were saying was accurate, is has nothing to do with how we define rights.


You can (and people do) invent and define rights all the time. People have also tried to legislate that pi=3. Almost daily, legislatures try to repeal the Law of Supply and Demand.

That doesn't make them rights, and it never works.


What makes something a right, then? You keep talking around it, and saying things which you believe are rights, but have never said explicitly what makes your set of rights somehow objectively rights where others aren't.


I did say, multiple times in this thread.


"The law of supply and demand" isn't a right.

> You can (and people do) invent and define rights all the time.[...] That doesn't make them rights

Huh?


"The law of supply and demand" isn't a right.

I didn't say it was. Neither did I say that pi=3 is a right. Please read what I wrote again.


Yes, I and others have asked you to list out what the natural rights are, and you've waxed about free markets. I have no idea what you're trying to say, since you seem to be contradicting yourself. Hence my request for clarification. You're doing such a bad job of communicating here that the only reason I don't think I'm being trolled is that I know you wouldn't do that.

My best guess is that you're trying to make the point that market economies are natural and that the rights we have under them are therefore natural, but this is basically an argument from status quo and it goes directly against what you said elsewhere about healthcare being a right due to government regulations.

And from that you seem to be saying that healthcare is a right due to government regulation, but here you're saying that government decree doesn't make something a right. So like I said, I'm lost.


"Now, "rights" can be created by law, but those are a different meaning of the word."

I read a few of your posts, and it felt like reading the old testament - full of self contradictions, the only constant is you don't like 'government'.

You seem to have little regard for the fact that your countrymen have laid down their lives for your rights. The only reason we don't have 'Divine right of Kings' is because we cut off their heads, and we don't have slavery because those that support it have been shot or convinced at gunpoint. Women have the right to vote because they invented the letter bomb and burned down houses of MPs that voted against them.

Every right you enjoy, from a fair trial to your very freedom, has been won in blood and while you pontificate about 'unexpected, marvelous free market' (which existed for thousands of years, Kongō Gumi was incorporated in 578 CE) society becomes more polarized and likelihood we will resort to good old ways of settling differences increases.


> you don't like 'government'

You evidently missed when I wrote that the function of government is to be the guarantor of rights.

> You seem to have little regard for the fact that your countrymen have laid down their lives for your rights

You would be very, very wrong about that. I have many family members who fought in American wars, all the way back to the American Revolution. I know what they fought for, and it wasn't socialism.

> Every right you enjoy, from a fair trial to your very freedom, has been won in blood

You're right, and I enjoy those rights and thank our American soldiers for fighting for them. You are very, very wrong about my feelings about GIs. My own father volunteered to fight the Nazis at the sharp end of the spear, and volunteered again for the Korean War at the sharp end. He also served in a support role during the Vietnam War. I take American freedom very, very seriously.

I am grateful for all American servicemen and women who risked their lives for American freedom.


Your post isn't really an argument. It's just contradiction.

The whole point of calling rights "ineffective" is to say that this idea of fundamental rights that other people aren't obligated to provide to you has no utility. Your definition doesn't really contain any evidence to the contrary.


> The whole point of calling rights "ineffective"

I never wrote that. I welcome you addressing what I did write.


No, you didn’t write that. It was a9h74j, that you replied to, who wrote that. And Simone Weil, originally.


> There aren't any fundamental rights which require someone else to provide them to you.

I mean, people have a fundamental rights to food, water and shelter. So it certainly seems like we have to provide people with those or those rights cannot be satisfied.


> There aren't any fundamental rights which require someone else to provide them to you.

This is, of course, totally false. From the moment of birth your parents have to provide sustenance and safety, or you'll die. Similarly, someone must teach you a native language, if only indirectly, or you'll be unable to communicate or acquire skills. If a parent neglects a child and fails to provide them "services" (or whatever), the state will absolutely take the child away and punish the parents.

As an adult, you have the right to a system of justice that allows you to argue grievances and petition for redress against others. You have the right to police and fire fighters. Those are all services provided to you.

I used to think that everything was a transaction when I was a hardcore libertarian, but I'm not anymore. There are bazillions of things that we take for granted that are just table stakes in a modern society, like the rule of law, an educational system, clean air and water, and yes, healthcare. A hospital can't refuse you emergency care if you can't pay, and that's absolutely a right established in the social contract.

Rights are a mix of inherent and acquired capabilities as well as courtesies granted by a social contract. Until you start paying back every person from whom you've learned a word in the English language, yeah, you are getting tons and tons of things for free without realizing it.


Bluntly claiming someone's post is false is rather rude isn't it? particularly on a subjective philosophical topic.

Governments are never "givers" they are just different systems of trade-offs, which can also be in terms of services and freedoms. For example, you have a right to justice if you are wronged. Society can either step aside and let you seek it yourself, or, if that behavior (vigilantism) is outlawed, then they are obligated to instead provide you with a system to seek justice within. Or they could come up with some alternative to allow you to protect your right. From this perspective, your right is not an entitlement and you don't have to postulate a new entitlement every time the govt creates a new program for (ostensibly) helping people achieve their rights better.


> This is, of course, totally false.

Your example is one of the state punishing you, not an example of a fundamental right. Services provided to you is not a right simply because the government provides them.

The proper role of government is as guarantor of fundamental rights.

> you are getting tons and tons of things for free without realizing it.

This is confusing rights with getting things for free. Nothing about fundamental rights prevents you from providing free stuff to others. In fact, you have a fundamental right to choose to give your stuff to others for free. Heck, I work on D every day, and give it away for free. My salary as CEO of the D Language Foundation is $0. There's nothing non-libertarian about that, since I freely choose to do it.

As for children, as a hardcore libertarian you should be aware that the notions of fundamental rights apply only to legally consenting adults. Children enjoy only a subset of those rights.


> Your example is one of the state punishing you, not an example of a fundamental right. Services provided to you is not a right simply because the government provides them.

I'm not sure which example you are referring to; I gave several. But if you're referring to the state punishing you (by taking away your kids for not feeding them), keep in mind the state will by default become the ward of orphaned children and it will indeed pay foster parents to take care of the children.

The broader point that we clearly don't agree on is that rights are in fact negotiated in a social contract. They are an agreed upon set. In man's state of nature before civilization, there are no rights and no authority but power: violence and threats of violence. Even proto-societies that develop in groups of primates, the rules are set by convention and agreement. Almost any statement that either you are I could come up with that starts off with "well clearly the inherent rights include X and Y and Z" is false on its face. We can really only talk about rights in the context of them being respected. By whom? The members of society and particularly its governing bodies.

Again, I gave several examples. Providing for children, even if the state does it, is clearly not in dispute, and that alone refutes your rather bold statement. Emergency medicine is another; that's something that applies to adults. In any modern society it's accepted that my human rights "force" EMTs to render emergency help, regardless of my ability to pay[1].

[1] I can't think of many countries besides America where emergency bills can be astronomical, but even there, regardless, a hospital must make every reasonable effort to save your life and eat the cost if you cannot pay.


How is an "obligation" not the exact same thing as a "right", just from the other person's perspective?

Pleading: But, sir, you must fulfill your obligations.

Reply: I do not see the necessity of that.


You didn't flip the dialogue, you just substituted different words.

Replier: I should fulfill my obligations to society.

Pleader: le suffering

Replier: Ya..I should really do that now. It's my duty.

That's the difference, the perspective. You aren't asking someone to fulfill their obligations, people are taking it upon themselves because the mindset has shifted. It's now upon you to do the right thing, not hand-wave say "you have rights..but it's someone else's job to realize them"


That's not inherent to the word "obligation" any more than saying "I must do this, it is your right". It's fine as a concept, but saying "instead of talking about rights, we should talk about obligations" doesn't clarify anything, because my right is simultaneously your obligation.


Right, but in so doing you're also switching the grammatical subject. The original statement assumes the same subject, moving from rights -> obligations implies a different meaning. I.e., when speaking of myself, "my rights" vs "my obligations" are very different things. Likewise when speaking of society, "our rights" vs "our obligations" also lead to a different dialog. The onus is on what we owe to others, rather than what we are owed, even though such a contract necessarily implies both.


That's exactly my point: Changing the word that's used doesn't matter, what matters is getting people to think of others instead of themselves.


Yeah, that makes sense in egalitarian societies, but in real world societies, it means the slaves aren't allowed a voice.


I think the whole point is that it is from the other perspective (they are "jural corelative"?)[1].

Example: https://en.wikipedia.org/wiki/Noblesse_oblige

[1]: https://en.wikipedia.org/wiki/Corelative


Doesn't that cut both ways?

Pleading: But sir, you must respect my laws.

Reply: I do not see the necessity of that.


Exactly, people are missing that rights and laws are an agreed upon arrangement to find a set of compromise for everyone to live together happily, which results in stability and often overall growth in economy, invention, social enjoyment and entertainment, etc.

You can't just tell someone they're not allowed to take food from your plate, while simultaneously not providing anything for them to eat.

There is no longer any plot of land anywhere that is not owned by someone else. Think of those plot of land as plates. One who doesn't own any of it is hungry, you tell them to get their own food, but they can't take from any of the plates of anyone else, so you can't use any land to try and get your food from. Now this person tells those who have all the food, hey I have the right to food as well, and people say, I don't think that's a necessity, well why is your right to your land and your plates of food a necessity as well? You can't have it both ways. If you want to have the right to own the plates of food, you must also provide food to others somehow, because you've taken up all of the abilities to get food from others.


> You can't just tell someone they're not allowed to take food from your plate, while simultaneously not providing anything for them to eat.

You can, and a lot of people do say this. And it was said many times in history, and ... people were maimed for it regularly. (And every day we get the reports, pictures, videos about people inside a fence saying that those who are outside should just go and try their luck somewhere else.)

The whole point is that wordgames are not going to get us the desired utopistic society where people feel that obligation to act to uphold others' rights in accordance to their power/ability for doing so.

It needs a culture that cherishes this, enforces this, perpetuates this.

In essence we need a control loop that keeps society on track, and this system has to be aware of all the usual problems (the optimal set-point of intolerance of intolerance, top-down systems tend to consolidate power, bottom-up systems can easily oppress minorities, political arbitrage of resources for favors is an ever present problem, and so on).


Seems like we're in agreement, unless I'm misreading something.

Obviously, you can say that, but the people you say it too now also loses their reasons to uphold your words. If you tell me I can't have food from you, and I also have no other way to get food, I'm going to have to disregard your right to property you were hoping to have and force my way into your plate of food.

And now we're back at the typical human power struggles and infighting.

I think your point is that simply asking for food when you don't have it doesn't magically solve the problem. And I agree, but if you think about who you're asking it makes more sense. You're asking those who have all the food or means of producing food to give you some, or to do something about your lack of food. They were handed ownership of food and food production, now there's people who feel they don't have the food they need. They're complaining to those who own the food and its production, which to me makes sense, since they are the best positioned to solve the problem as the owner of the food and food production. And those who don't own food or food production have little ability to do anything about it. That's what I was trying to convey, there's no where else to try my luck, everything is already fenced up.

This is kind of just a debate on equal opportunity and equity I guess. Everyone should have equal opportunity, and those who haven't in the past might need equitable retribution to make up for it.

Asking for that I think is very different than asking to be handed things without effort. I think most people simply ask for justice, if you had land and couldn't make food with it, so be it. Most people might accept their fate. Now it be nice to also deal with those unlucky in their attempts, but now it's a different debate. If you never had land to begin with, had your land taken, etc., that's another story.

I'm also 100% in agreement with the following:

> It needs a culture that cherishes this, enforces this, perpetuates this.

Even though I'm not so sure how best to nurture such a culture.


> food production analogy

Yes, with the added twist that the people who don't have enough vastly outnumber those who have a lot. The real problem is not Elon and Bezos and the other token billionaires. After all their net worth is in their companies, most of it is unrealized capital gains.

The real problem is with the folks making over 150-200K but still think they are living "paycheck to paycheck"

https://mobile.twitter.com/ne0liberal/status/147776715594083...

So in reality it's not as simple as farmers telling homeless people to go somewhere else, but there's no more land left. It's more like the have-lots telling the have-a-bits to watch out for have-nots, and this works perfectly. Conservative populist rhetoric is very effective in suburbia.

> equal opportunity and equity

Yep. The big problem with this is that many people consider one time help as now take this and we're even "equal opportunity". Of course what's needed is a strong social safety net that helps people back on their feet. Shelter, healthcare (mental hygiene too!), education.

Again it's not cheap. And even though the economy is not zero-sum over long term, yearly budgets are. Hence the fight about how much on what to spend.

> culture

I think simply (ah yes, simply! :} ) going incrementally, starting with the best cost-benefit programs and areas. Focusing on cities where there's enough like-minded people to enact the policies, learn from the consequences, course correct, while not losing sight of the goals.


> rights and laws are an agreed upon arrangement

I don't know why people say this.

It's just a fairy tale. Laws aren't agreed upon; they're initiated by conquest and continue through the establishment of institutions that preserve an occupation over generations.

There may be some kind of "democratic" process for public participation in law-making, but that's not the same thing as laws being "agreed upon."

There may be some kind of cultural process for raising children to accept the laws that existed and were put in place by adults before them, but even that's not the same thing as laws being "agreed upon."


That seems like a bad example. In modern society rights are generally enforced by the support of the population via some judicial (or extra-judicial) system.


From the post's author, the mentioned book is:

> The Future of Capitalism by Paul Collier. There are a lot of insights in there but beware that the writing is kinda problematic in some ways, so it doesn’t get my full endorsement.

https://twitter.com/apenwarr/status/1476590932619567104


I like this:

> Sometimes liberty is differentiated from freedom by using the word "freedom" primarily, if not exclusively, to mean the ability to do as one wills and what one has the power to do; and using the word "liberty" to mean the absence of arbitrary restraints, taking into account the rights of all involved

It's from Wikipedia, and it implies this is the modern take of the definition. I think it's how I think of it as well. So it is neither of the two you mentioned, but a combination of them with the focus being the balance between them.

Liberty would assume all have rights they are entitled too, and that none shall arbitrarily restrict ones ability to do as they please, where non-arbitrary is defined as not restricting of other's rights.

I don't think it really puts people against each other. Some people simply disagree with liberty and favor freedom instead. Which would mean, some people want to be free to do whatever their power allows them too. You can think of it as whatever I can get away with because I'm more powerful. It would mean if I'm stronger I can strongman my way into doing more things, same if I'm richer, more influence, etc.

Fundamentally it's a disagreement with your objective. If you don't accept that the less powerful still deserve certain rights, or that power should not dictate rights and restraints, there's no amount of discourse to be had, you will be optimizing for different outcomes.

I also find the framing of rights as someone else's problem misleading. It is not someone else's problem, oftentimes it is because of restraints society imposes, the other person's problem is due to their restraint on other people's rights. For example, that I can't just walk in your house and sleep in your empty bedrooms as I please, and eat the food sitting idle in your fridge, or build myself a cabin using wood from your trees and on your land, those are all restraints society is imposing on me. So if I'm now homeless and without a job, I cannot just do these things to provide for myself shelter and food. But if you believe everyone has the right to shelter and food, and you are restraining my ability to get them as such, you need to offer an alternative, it isn't entitlement, it's the trade for accepting the restraints being pushed on me.

For me, it's the fundamental agreement, you accept the restraints from laws in exchange for rights. If the rights don't come, you're not getting your side of the deal. Now off course people can impose restraints with power instead, and that's almost always what used to happen and still to a large extent does today, but at least we seem to try harder today to be just.


> the correct way to think about our relationship to society

This right here is the problem. I'm very familiar with Simone Weil's ideas, and also the criticisms. Her entire philosophy can be reduced to "Ubuntu": We are who we are, because of who we all are.

The problem is that this doesn't follow with a free society. Or individual liberties. It's basically that the "individual freedom" is reduced to the lowest common denominator of what the society will comfortably tolerate. And that, by definition, is tyranny.


That’s pretty lazy thinking. Those are the same things. Your “rights” are everyone’s “obligations”.


What other gifts continue to be the responsibility of the giver after they're given?

If I give you a puppy, and it gets sick, should the vet bill me?

If I gave you a car, and the wheels fall off two years later, is that my problem?

In this instance people have been using this Java package for years I gather without problems. Why is the responsibility for changing the package anyone but theirs, the people using it; now that they're decided they have stricter requirements for that need?

Even the entertainment industry's notion of "ownership" isn't so endless. They'd like to be paid every time we use their product, but have settled for "licensed media" ... but that license doesn't extend to replacing the media when it wears out.


I think it could be both a user and an industry issue.

Lately I’ve been experimenting with treating many libraries as a starting point in some of my projects. Meaning I read and use the code, often removing things I don’t need.

So I fork and maintain my own lesser / crippled version (and hope authors don’t take this as passive aggressive criticism!). This helps me lower attack surface and better understand what’s going on.

This doesn’t work for everything obviously. I’m not forking an OS or database, so there are still lots of black boxes, but for some stuff for I’m liking this approach.

Now if another dev inherits my code I doubt they’ll see it my way. The industry wisdom points at simply assembling libraries and only writing your specific business logic. So what if you use a library to do one thing that just happens to do 100 other things (this having a much larger attack surface and bug potential)?

I don’t know yet if I’m being foolish or if I’ve stumbled on some ancient programmer wisdom I simply failed to grasp earlier. At least I’ll probably never run into a leftpad issue.


> So what if you use a library to do one thing that just happens to do 100 other things (this having a much larger attack surface and bug potential)?

I’ve wondered about this for a while, and one idea that’s crossed my mind is whether compiler stages could be introduced to do this. For example, you add a dependency, you use a few methods and structures. You compile it, the compiler goes through your code, looks at what traits, implementations, etc that you do and don’t use, it grabs just the code required to satisfy these, and proceeds as normal. At the end it spits out a little report for you telling you what specific things it included/excluded from your binary/library. Like tree-shaking in JS but better.

Maybe this already happens during dead-code-elimination passes, or during some other compiler step, maybe most of our libraries are far too interconnected/non-modular to be able to do this without ending up with the whole dependency anyway, maybe it’s computationally infeasible due to some result in Computer Science, I don’t know-and wouldn’t really know where to look to find out-but if it could be done, and if we could go even further to embed this metadata into the resulting binary itself, we’d at least have a provable way of saying “my application is safe from x because it does not include <vulnerable part of lib y>”.

I imagine to do this, you’d need to operate on source code-unless there’s some magic way to do it with precompiled binaries-and runtime dynamism would make things extra difficult, but it’s an interesting idea.


This is pretty normal for compiled languages like C, C++, and Rust; the linker will throw out functions and classes that aren't used. In Java it's a bit different, because the compiler doesn't know if some code is using reflection to talk to some other code, so it can't safely throw away stuff that isn't directly referenced. Even then, tools like ProGuard can help you trim out code you don't use, but I don't think they're used all that often outside of mobile.

But the log4j thing really isn't in the same class because it's not really "code that wasn't used". It's code that probably users didn't expect was there, and if they knew would probably not want used, but it's there, and the proper functioning of the library included that code path that allowed for JNDI interpolation. Whether or not that code is really "needed" is not something the compiler can really figure out, at least not without teaching the compiler that very very very specific thing (which would be madness). And even then, let's say you bizarrely wanted to be able to do things very much like what the log4j exploits do, there's no way the compiler (or even some kind of specific purpose-built code scanner) can know whether or not some string that might be supplied by a user in the future is going to trigger this JNDI interpolation code.


I've been thinking about this too. Most of my JVM projects use slf4j and logback, but the same concept applies as for log4j. I probably use less than 10% of the features provided.

I log strings at different logging levels, and want to be able to set the level globally at which log lines actually get emitted. My use of interpolation is dirt-simple: I just expect the logging framework to call ".toString()" on the things I pass. I log exceptions, and expect the framework to emit a stack trace in addition to the exception message. I log to stdout, and use pretty much the same log-line format for everything. I like the loggers to be named, and occasionally use the ability to change the log level on a per-logger basis.

I could build this set of features in... I dunno, a day? Sure, it would take me a lot longer to build the entirety of slf4j+logback, or log4j, but I don't need 90% of their features. So, yeah, I'll continue to just use slf4j+logback (hell, maybe I should use slf4j-simple); the idea of writing my own simple logging library doesn't really interest me all that much, even if it wouldn't be too hard to do so. But I'm still carrying around all this extra attack surface, and that's unfortunate.


Yes I generally use a similar strategy of avoiding dependencies and writing my own small library that does what I need. I also appreciate learning exactly what’s going on.

> Now if another dev inherits my code I doubt they’ll see it my way. . . . I don’t know yet if I’m being foolish or if I’ve stumbled on some ancient programmer wisdom

I have the same fear here. Lately I’ve been trying to keep a similar api to popular libraries so it would be easy to swap in the real library if ever needed.

But yes “at least I’ll probably never run into a leftpad issue.”


This cultural expectation follows naturally from the nature of software. Software (especially of the networked variety) isn't something you can just deploy and be done. It has to be maintained to continue running over time as the ecosystem changes. The cost of this maintenance is lowest when amortized across the largest set of users, hence the success of open source software, and the desire to avoid forks. The people who are most qualified to maintain software are the original creators, so that is the path of least resistance.

Of course no one is obligated to maintain anything, open source maintainers abandon stuff all the time without any repercussions beyond passive internet rage.


Yep. The puppy analogy falls apart when you've given the same puppy to 10,000 people. All of them could pay the vet bill separately, but we instinctively recoil from that as being horribly inefficient (and personally inconvenient) when it's possible for just the one puppy-giver to pay it.


> Why is the responsibility for changing the package anyone but theirs, the people using it; now that they're decided they have stricter requirements for that need?

It isn't. Every open source consumer is ultimately responsible for the use of the code. That's baked into every open source license I'm aware of. Even the "share and enjoy" mantra is a tongue-in-cheek reference to a rhyme that ends with recommending what porcine orifices you can put your head on if you don't like the software.

... But there's more to be gained by the original authors, in glory and internet points, by publishing a fix for the problem than in washing their hands of the whole affair. Some people want their code correct as a point of professional pride alone.


> Even the "share and enjoy" mantra is a tongue-in-cheek reference to a rhyme

I don't know of any rhyme, but I always assumed that this was a reference to the Hitchhiker's Guide and Sirius Cybernetics Corporation. Which, yes, does involve a pig: https://www.goodreads.com/quotes/95859-share-and-enjoy-is-th...

Sirus Cybernetics Corporation was best known for having created Marvin, the depressed android, and doors with cheerful personalities:

> “All the doors in this spaceship have a cheerful and sunny disposition. It is their pleasure to open for you, and their satisfaction to close again with the knowledge of a job well done.”

So yes, "Share and enjoy" was originally deeply drenched in irony, and it functioned as a warning to proceed at the user's own risk.


It's not just internet points, it's what makes the whole thing practically viable.

If you don't give any guarantees beside "it's a hobby project", you can't expect anyone else to use your software beyond hobby projects either.


> If you don't give any guarantees beside "it's a hobby project", you can't expect anyone else to use your software beyond hobby projects either.

I am happy to provide consulting services and support guarantees through my LLC, and have done so in the past.

Non-paying users who ask nicely might get fixes. Or they might not! Unfortunately, those fixes might also arrive a year or two after they stopped caring, I'm sad to say.

But a project which doesn't bring me any revenue, and which doesn't function as valuable advertising, is only going to receive support when I have the time and the inclination.

Realistically, commerical adoption is only interesting to me if there's some upside for me. This isn't to say that companies should never use my libraries or tools. Just that if they want timely support, they should be prepared to either pay me, or use the "Fork" button.


Or it's the opposite. I've had people base their business operations on my clearly marked hobby project. And then they started being nasty when I stopped updating it.


> If you don't give any guarantees beside "it's a hobby project", you can't expect anyone else to use your software beyond hobby projects either.

Can't speak for log4j, but I don't expect anyone to use my SW beyond hobby projects. If they do, I expect them to be responsible for how they use it.


> If you don't give any guarantees beside "it's a hobby project", you can't expect anyone else to use your software beyond hobby projects either.

That's a good thing. The companies shouldn't be expecting free code and free support. If they want something for a commercial product, pay for a commercial library with a support contract.


Reviewing code is (should be) significant less work than reimplementing it yourself, if you were able to do it in the first place.


> If I give you a puppy, and it gets sick, should the vet bill me?

> If I gave you a car, and the wheels fall off two years later, is that my problem?

So in Western culture there's this notion that a gift creates no further obligations. The recipient should just be happy he got what he got and not expect anything more. As if to say, at least you didn't get nothing, you can still get nothing, you want nothing?

I would say with the puppy if it gets sick and the recipient can't afford it, you should accept paying the bill. Before it was the "giftee's" puppy, it was your puppy for some small amount of time after you got it and before you gave it. Surely when you gave me a puppy you expected me to be able to keep it alive, right? And as for the car, it's not right to give someone a car whose maintenance they can't afford. The puppy and the car are two excellent examples of gifts that cannot be given without forming a relationship between the giver and the receiver.

On the other hand a gift you can give and split and that's it is food or money. Just handing money to a beggar, he might ask for more, and you can walk.

In some African cultures it's more like, if you do me a favor, do me another favor, and then we're true blue and you can rely on me to help you in return, but never in a tit-for-tat manner. It's in the book Debt: The First 5000 Years.


The software library in question wasn’t gifted. It was made open/available for re-use from a library.

The person who chose to put it into _their_ code took ownership of its ongoing maintenance in their instance of its usage (presumably because they felt that would be less work than entirely diy).

There is no puppy here.


It's prudent to decline a gift if one doesn't really have the circumstance to accept it responsibly. As in the case of a puppy. Or an offered position. (Eg. if someone shows up at your doorstep and gifts you a military rank and accepting that would make people to expect you to go and lead them in battle.)

But a car is not a liability. They can sell it. It won't "go bad like a puppy" if it just sits in a garage.


A car is a liability. And it does go bad if it sits in the garage, the tires, the battery dies...Plus the space it takes up. Maybe if you didn't have that car in your garage you could do something interesting with that garage, like form Hewlett-Packard or Apple? I expect there wasn't a car in those garages. So it takes up space, about the same as what you need to house someone, and if you want to sell it you I suppose have to drive it...no I guess you're right in that regard, you can show it to people until you sell it. But it's better to regift it, so you're not responsible for harm that could come from bad condition, in fact come to think if there's no trust it might itself be a regift. Yeah, it's a liability.


Worst case scenario, you can throw the car away. You had no car before receiving it as a gift, you'll be not worse off if you throw it away. The dog is a little worse because you may become attached and in general, you can't really treat animals like objects in our society.


Throw the car away how? What type of garbage do you put it with, recycling or compost?


You can get it towed to a junkyard and they will even pay you a little bit for it, probably enough to at least pay for the towing costs. Otherwise, I’m sure you can arrange something with your council.


Is that true? I would expect that most junkyards would charge you both for towing and scrapping the car.

(Granted, nowadays, due to the supply chain issues and component shortages, people will pay an arm and a leg for a car that even barely runs, so there's that.)


They won't tow it for you. But they will usually pay for your car if it's in any reasonable condition, though not a lot. Maybe it's different in different countries


You can still sell the parts years and years later. No garage necessary. No driver's license required. If someone gives you a car unless it's a total junk you can easily convert it to money, and the time pressure is completely different compared to a pet.

The moment you accept the pet you have to think about everything in your future for years. You accept a car? Okay, you might not even see it, maybe you just get a paper and a key fob and an address. And you don't have to do anything for years. Nothing happens morally.


The examples are a bit one sided.

If I give you covid, is that my responsibility?

If I give you a piece of software with a backdoor in it, is that my problem?

In reality, all actions carry various kinds of responsibilities. And well designed backdoors looks exactly like oversights, so the difference isn't all that clear cut in pratice.


I mean, it depends?

If you give me covid, and you did so intentionally or negligently (as in, you knew you had it and yet did not isolate or at least tell me you have it so I can decide not to meet with you), then yes, that absolutely is your responsibility. But if you contracted covid from a trip to the grocery store, were asymptomatic, had no idea you had it, and I got it from you, I certainly wouldn't hold you responsible.

The software-with-backdoor bit is similar. Did you put the backdoor there, and then give me the software with the intent to later use the backdoor against me? That may not be your "problem", but it's certainly your responsibility. Or did a contributor sneak a backdoor into the software, but, despite your best efforts, you missed it? I'd be upset, and might trust your technical judgment less, but I would hold the contributor responsible, not you.

> In reality, all actions carry various kinds of responsibilities.

Yeah. Going back to the covid example, I could imagine an intermediate situation where you didn't know you were infected, but for the past months you'd been engaging in all sorts of risky behaviors: not getting vaccinated, no social distancing, no masking in crowded indoor places, hanging out with unvaccinated people in close quarters, etc., then I'm probably not going to react as severely as if you deliberately gave it to me, or knew you had it and didn't warn me, but I'm certainly not going to hold you blameless either.


So... this is essentially a cultural question, so I think the best way to look at it is empirically.

Not exactly your question, but there's an anthropological pattern whereby gift exchange between individuals of disparate class or power (eg peasant & lord) automatically create a tradition. If a boss gives his employees a turkey for christmas, christmas turkeys become a permanent expectation. If a lord give his king 20 camels for spring equinox, this can easily escalate into a permanent tax.


I know a former software developer who is very open about going to therapy. He once commented on this fact, saying that he knew someone who also talked openly about therapy, and that he never would have gone if they hadn't known this person. Essentially he's hoping to be 'that guy' for somebody else.

Computer science, to people who are picking college degrees, seems like a safe, sterile environment of pure logic. But the only jobs are in software development, which is organic as hell. It's messy, it often smells, sometimes it rots. And sometimes it's just scary. A lot of people seem to be in denial about this for a long time.

Software is full of social capital and emotions, and we often try to conceal both behind a mask of objective thought. I can tell you ten logical reasons we shouldn't write the code this way but the real problem is that I think your solution is going to leave me stressed out of my comfort zone and/or missing life events because I either can't trust that you'll clean up your own mess, or that the business won't let you because you can't do it fast or robust enough. So I'm gonna argue with you about getting anywhere near that cliff edge, but we're not going to talk about the proverbial agoraphobia because that's too hard.

And if my logical, objective, sterile reasons for saying 'no' are deflected, odds are very good I'm going to acquiesce instead of actually agree, and I'll be secretly stressed, possibly grumpy, possibly even ready with an 'I told you so.' All while we're trying to keep hard things 'professional'.

Your solution is nerve wracking. This one is not. We should use this one, because we have better things to stress about. You're goddamned right we're going to trade a little more stress for you now for less stress for the entire company three months from now. It's a fair trade.


Did you respond to the wrong comment? Not sure where you're going with this comment.


???

Must be a sibling comment. Shoot.


> In this instance people have been using this Java package for years I gather without problems. Why is the responsibility for changing the package anyone but theirs, the people using it; now that they're decided they have stricter requirements for that need?

Because for a long time, libraries have been advertised as building blocks that you can quickly integrate into your own application without having to understand in detail how the library works. This assumption has been pretty crucial in the cost/benefits calculation for using libraries vs writing functionality yourself.

Now that internet security is becoming an ever more serious topic, this assumption might be less and less viable to hold. We've walked back on it to an extend already with the current best practice of "you don't have to understand how it works, but at least update frequently".

However, it might as well happen that this is not enough to keep security issues from happening. Things are already moving in a direction where it's absolutely expected that a developer understands and takes responsibility for every line of code that is included in their prodiuct, whether they wrote it themself or not. But if that happens, it will fundamentally change the way we deal with libraries and how software ecosystems work.

Yes, free software devs can smugly repeat their stance of "it's a gift so don't complain, no guarantees about anything" - but if everyone took this serious, no one could use free software for anything critical, so the free software movement would be mostly dead.

> now that they're decided they have stricter requirements for that need?

I think what made the log4j vulnerability so dangerous wasn't the ability to load arbitrary code via JNDI on it's own (even though that was certainly a horribly overengeneered and dangerous feature). The main vulnerability was that log4j was accepting substitution patterns in the "parameters" section of a logging command, the main purpose of which is to accept untrusted input. There has been at least one other CVE which exploits this without needing JNDI at all.

"Don't trust user input" hass been a fundamental rule of security for a long time, and it was reasonable to assume the log4j authors were aware of it. So the current situation is not that requirements have suddenly became stricter, it's simply that log4j broke a fundamental assumption about its API.

(I'm also pretty sure that while the JNDI thing was an unfortunate feature and was "working as intended", the "substitutions in untrusted input" part was likely a honest bug and never intended like that)


""Don't trust user input" hass been a fundamental rule of security for a long time, and it was reasonable to assume the log4j authors were aware of it. So the current situation is not that requirements have suddenly became stricter, it's simply that log4j broke a fundamental assumption about its API."

Once you see it this way, the whole "open source is broken" debate goes out the window. It was just a bug. A bad one, but not anything that hasn't happened before and won't happen again, open source or not.

"Yes, free software devs can smugly repeat their stance of "it's a gift so don't complain, no guarantees about anything" - but if everyone took this serious, no one could use free software for anything critical, so the free software movement would be mostly dead."

Free software devs have to smugly repeat "no guarantees about anything" in the same way that non-free software development has to do it: Otherwise all software development would be mostly dead.


>Yes, free software devs can smugly repeat their stance of "it's a gift so don't complain, no guarantees about anything" - but if everyone took this serious, no one could use free software for anything critical, so the free software movement would be mostly dead.

I don't think they have to smugly reply, it's included in the licence[1] of the software that folks chose to use. See sections 7 and 8

1: https://logging.apache.org/log4j/2.x/license.html


There is social context to licenses.

My employment contract states that I am an at-will employee, so my boss could technically fire me because they didn't like my haircut. If they were to _actually_ do this, I would certainly be slighted by this, probably post about it publicly and forewarn others against working for them, although they would not have violated the letter of the contract nor my understanding of its literal meaning.


> There is social context to licenses.

What is the social context in terms of open source software and licences?

> so my boss could technically fire me because they didn't like my haircut. If they were to _actually_ do this, I would certainly be slighted by this

If we translate this to the log4j scenario: log4j says there is no support or warranty provided in their licence, however if they _actually_ do not provide support or warrant, you would be slighted by this.

To me this does not sound fair at all. Your boss at least pays you for your time as part of your contract. What do the log4j developers get for their time? Absolutely nothing. Yet it is expected they should provide support even when the licence says they won't? That's just comes off as entitled.

Drew DeVault has blog post that covers this better than I can: https://drewdevault.com/2021/06/14/Provided-as-is-without-wa...


Right, and I disagree with that post in this sense: there is a social expectation of fitness for a purpose that cannot be disclaimed with a license.

Many projects under licenses providing no warranty are nevertheless of high quality and well-maintained. Making the category in question precise is difficult, but it includes log4j. Projects by organizations such as Apache and eminent individuals like Bellard or Valsorda fall in this category. There is therefore an expectation that if you are such a project, yet unwilling to hold yourself to that standard of quality, you should make it clear for your users. Using a license with a no-warranty clause does not achieve it because it is not a distinguishing factor. The license, of course, protects from legal liability and so on, but no one is talking about legal matters here -- only about whether we should be collectively unhappy with the log4j maintainers.

The reason for this unhappiness would not be that they aren't willing to donate more of their time, but that their stewardship of the project is poor. Vulnerabilities are found in FOSS all the time; this instance was special because the misfeature in question was an egregious inclusion in the first place. It appears to be not a case of lack of time for review, but a lack of sense to say, "no, interpreting strings after formatting is insane and will never be part of this library." Obviously, they are entitled to include whatever code they want in their project, but some code is incompatible with it being useful -- if they do not aim to clear that bar, they should make it clear, because others in their position do.

I would say that something like opening your README with "this is not a serious project, you should not use this in prod" would be reasonable. This warning needs to be front and center and explicit, not merely sating "we are unpaid volunteers" or similar. There is precedent for this. Yes, some ignore such warnings and complain -- as long as this verbiage creates a useful distinction, such people are wrong and we should ridicule them. This warning would stand in contrast with the great many projects which aim to be fit for a purpose in practice, such as Postgres, Linux, Blender, etc. Obviously, such projects are usually better funded than log4j -- making it clear that you're not funded well enough to dedicate much time to the project an important part of this warning's content.

To continue the workplace analogy, I would be the unreasonable one to complain if the company specifically warned that they were significantly more trigger-happy that the normal company hiring at-will.


There is no such context. The licence specifies clearly and completely the terms of use. You cannot handwave an unwritten "social context" into existence, that adds and obligation to the creators that their licence explicitly refused to accept. What you get, of course, is the actual source code.

It's understandable that you would assume such a spurious obligation, human history is full of references to such obligations, up until the age of Big Data, which is when we realized that most of these assumptions were false. It's been a painful time for all of us.

In fact, the actual obligation is yours, if you decided to use this logging library. Seems there was a severe vulnerability in the code. It also seems that the people who responsibly forked the code, ran their own security audit, discovered the vulnerability and then patched decided not to make their contributions known to the general community of users of the software. They, if they exist, seem to be acting as if no obligations exist with respect to the code they acquired.

Speaking of assumptions, your proposed actions regarding your employment assume that your boss was obligated to tell you the reason your contract was terminated. Again, no such obligation exists. They can't fire you out of disgust for your Satanism, or because of your Innuit heritage, or because there are ambiguities regarding your gender. Luckily for them, at-will employees can be terminated, well, at-will, so there is no need for them to specify that it was not, in fact, because of your quite stylish haircut. Your public postings might in fact earn you a letter from the legal department, since you have no way of knowing the real reason was that you downloaded logging code on to mission critical servers, and lacked either the inclination or capacity to verify this internet code, and then when asked about your decision to do this thing, you quoted an imaginary "social context," an unwritten, unknown construct, that in this case silently tacks on the term "users of this library will receive free, unpaid support in perpetuity" that functioned exactly like Adam Keynes "invisible hand," that is, some rationalization to absolve you of the responsibility for explaining problematic aspects of the mental model used in your decision making. This was a vast surprise to the administrators of your company, who, understandably, know very little about logging libraries, which is why they hired someone to provide the required functionality.


This is what happens as things move more into mainstream from a few technical users using this as intended in sort of a small walled garden so to speak and then as it grows you get non technical users and bad actors. Look how smtp started, open for anyone where open relays were expected, to what we have today - still a large spam problem, compromised accounts with security on top of it. There are lots of rewrites and different smtp programs as things like smail and sendmail were replaced by exim, postfix and qmail (qmail which is free software, but really unmaintained and could be anyone's problem if they wanted).

I'd argue if there is an application that being built on libraries with out a full understanding of keeping them maintained over the years you will get a massive cluster fuck with code rot. These are things that are learned with experience, as a dev starts they take short cuts and learn from the mistakes. It is not a bad system when you are learning from your mistakes. There are simple solutions like using an operating system that is maintained. Log4j and java packages exist for example in operating systems that get security updates - and continue to do so for the life of the operating system.


Yeah, my guess is also that long-term, software development will involve less libraries and more "reinventing the wheel" for those reasons.

> Log4j and java packages exist for example in operating systems that get security updates - and continue to do so for the life of the operating system.

But how does an updated OS help if the packages themselves are not updated?


> But how does an updated OS help if the packages themselves are not updated?

Package maintainers apply patches and roll a new package version (e.g., +deb11u1).

At some point the package maintainers themselves may not want to babysit things anymore and deprecate the package. But most packaging systems that I'm aware of have mechanisms for applying patches.

In many cases even if the software itself is still maintained, the package maintainers may only apply a specific patch to ensure maximum compatibility.

It's why many of us prefer 'slow moving' distros with "old" packages: minimal change for a given version and then only when 'necessary'.


> Yeah, my guess is also that long-term, software development will involve less libraries and more "reinventing the wheel" for those reasons.

I very much hope not.

I would greatly prefer to see some certification bodies arise that can vet libraries for exploits like this and give a certificate of some sort saying "This library is safe to use".

Of course, that requires them to have some extremely good exploit-finders.


It's also a competitive problem.

Log4j commoditized log formatting, appending, and rolling for Java. If all my competitors use it and I don't, then I'm behind them in the market. I spent engineering resources creating my own, and add another layer to the NIH snowball which will eventually start rolling all on its own if I don't constantly invest a small amount of my limited attention into stopping it.

I only win if my competitors don't get away with it. Whole empires have been built in the time between log4j being 'production ready' and the discovery of this RCE bug. I'm reasonably sure that the majority of software companies that have ever existed, existed during this period, and any of them who used Java got away with it, and trillions of dollars to go with 'it'.


> However, it might as well happen that this is not enough to keep security issues from happening. Things are already moving in a direction where it's absolutely expected that a developer understands and takes responsibility for every line of code that is included in their prodiuct, whether they wrote it themself or not. But if that happens, it will fundamentally change the way we deal with libraries and how software ecosystems work.

That's one of the differences between coders and engineers.

Coders just import libraries to avoid re-inventing the wheel. Engineers consider each import as a dependency they'll have to maintain, buy support for or replace. Log4j just highlighted this difference, with some knowing exactly what to patch and others franctically trying to determine if one of the thousands of dependencies they imported into their app actually used it.

> Yes, free software devs can smugly repeat their stance of "it's a gift so don't complain, no guarantees about anything" - but if everyone took this serious, no one could use free software for anything critical, so the free software movement would be mostly dead.

There's a simple alternative: hire the devs.


I have zero sympathy for the library users who got burned by this security defect. It's fine to use free software for critical systems, but only as long as you have developers who can maintain it internally or a paid support contract with a vendor who can do that for you. Those options cost money. If you fail to account for that in your software bill of materials then you deserve the consequences.


Back a few decades ago, companies (at least ones I worked at) did not often use open source libraries in products. Sometimes you'd go through months of lawyer meetings to get some special case approved, but that was rare. So when you needed a library you couldn't write internally, you'd buy it from a vendor. That came with maintenance and a support contract.

As a developer that was a bit of a pain since you had to get purchase approval instead of just adding a dependency to a build file.

But, I'm feeling that is actually the better model the industry should go back to. It meant that developing libraries was actually a viable business. Today companies just leech off the open source everything, externalizing all their costs and dumping the maintenance burden on unpaid volunteers.


"As a developer that was a bit of a pain since you had to get purchase approval instead of just adding a dependency to a build file."

How much of a pain was it when the vendor refused to fix your bug because it, or you, weren't important enough? When the vendor went out of business, or was bought by a company uninterested in the product you were using?

Oh, and when you consider writing a library internally, keep in mind that patents are a thing.

"It meant that developing libraries was actually a viable business."

Yeah, I remember that. I remember when there were a million billion little companies producing C++ libraries. Then C++ started to get really popular, and those companies' customers went from a small group of experts to a large group of, uh, non-experts. Then they discovered that support was hard and all went out of business.

I really wonder what would have happened it HP hadn't open-sourced the STL...


How do you 'leech' off of something intended to be used for the common good? That perspective just doesn't make sense.


> Because for a long time, libraries have been advertised as building blocks that you can quickly integrate into your own application without having to understand in detail how the library works.

Libraries in general have been advertised this way, but it's not true for any given library, unless the library maintainers make that claim. In fact, it's quite common for people to release libraries with the exact opposite claim: They are not liable for anything that goes wrong, and they don't promise any support.

It is a bit offensive to have expectations from someone when the person makes it unambiguous how their SW can be used, and where their responsibility lies.

Now yes, it is true that many major, popular open source libraries do make a show of their libraries being reliable, and do provide support. And those that do tend to have more adoption. But even a number of those do say "Hey, we're putting in this effort, but are not promising bad things won't happen."

> Yes, free software devs can smugly repeat their stance of "it's a gift so don't complain, no guarantees about anything" - but if everyone took this serious, no one could use free software for anything critical, so the free software movement would be mostly dead.

This is transforming a continuum into a fairly worthless binary scenario. You're not going to have every library say "We won't provide support" just as you won't have every library say "We'll follow best security practices" - so why bring it up? It's trivial to show the latter would have likely killed the free SW movement too.

The reality is a continuum. And that is how the free software movement succeeds.


Hmm, re:

> how startups tend to go bankrupt and their tech dies with them

I have this mental model, which may not be entirely accurate, that the original Iridium corporation successfully launched satellites into orbit, erased the multi-billion dollar costs of the launch using bankruptcy, and then handed over control to a successor corporation who inherited control of the constellation but none of the startup costs.

Do I have the story right? Is there any other example like this where a failed company manages to leave us with something useful while its immense costs were just … evaporated?


>Is there any other example like this where a failed company manages to leave us with something useful while its immense costs were just … evaporated?

Blender's original investors' capital not totally evaporated but the $100k buyout to release it as open source was a small fraction of their $4.5 million:

https://docs.blender.org/manual/en/latest/getting_started/ab...


That's roughly true, but it's sort of a special case; as I recall it, the US Department of Defense had come to depend on Iridium and didn't want to lose service, so they facilitated the orderly bankruptcy and re-emergence of the company, in part by offering an enormous multi-year contract to the successor company.


Do things like Tumblr and Skype count?

Where a legacy Internet behemoth mistakenly clicks "Buy It Now" on a startup for eleventy billion dollars during some drug-and-drink fueled bender and then wakes up the next day and offloads it to some rando on Twitter for whatever they have lying around in their PayPal balance.


It's funny, I think Yahoo has done this twice now: once with Tumblr and once with Delicious (although the chain of ownership for Delicious is much longer).


Yes, I forgot about Delicious. Yahoo destroyed both of those companies. Unbelievably all the Delicious data is still available. Delicious was one of the only accounts I could log into after eight years in jail. It was amazing to see that 99% of my bookmarks were dead links.


I liked the book Eccentric Orbits about Iridium


They didn't give me anything, they gave to the companies that bought the satellites for next to nothing.


The company didn't "fail" -- it ripped off creditors.


Motorola developed and launched Iridium. They may have lost their $X investment, but they also went out and sold mobile network infrastructure equipment in the developing world for $(X * Y).


In case I forget when I'm done - I'm half a dozen paragraphs in and I want to say how much I love this style of writing.


You're not the only one: https://news.ycombinator.com/item?id=2320966 (2011)


> Miraculously the Internet Consensus is always the same both before and after these kinds of events. In engineering we call this a "non-causal system" because the outputs are produced before the inputs.

So funny.


I can't help but think so much of this could be solved if we simply had real and effective product liability rules and consequences for things that use software.

You give it away for free, no guarantees and such? Great, we appreciate it.

You sold something to someone? Okay, well, like with food and buildings and cars and airplane rides, we understand that if it's done wrong it can be really harmful, so we have real legal consequences for getting it wrong. Where you sourced your inputs is not my problem when it does -- whether that input was "free software" or "rotten ingredients" or "faulty concrete."


Software is everywhere. A 5 USD gadget dies because the software is shit? Nobody cares. (The ewaste is bad still.) An 1 USD app has bugs? Meh.

We have liability regulations for the actual things that use software. (And in some cases too much and in some cases too little. See healthcare, medical devices, FDA on one end, and Boeing and the MCAS fuckup on the other end.)

One reason Amazon got sooo big is that they do have a consumer protection regulation. (The return everything no questions asked policy. Of course they also have a fucking big problem with scams, and they are too hostile with merchants, because they are a fucking de facto monopoly, and are not forced to work much on those problems or "metrics".)


> if we simply had real and effective product liability rules...

Isn't there a risk it software would become as ineffective as healthcare?

It seems to me that private enterprises aren't good at handling huge uncertainties (like liability). So businesses would aggressively minimize liabilities. Sure we would get better software, but we might get less competition, higher barriers to entry, more expensive products, and less capable products.

Suing companies for doing the wrong thing is an expensive mechanism. Gradually regulating supply-chain documentation is probably cheaper.


I literally believe we would likely get the opposite of every possible negative thing you mentioned; mostly because I think the cause of most software problems (or more specifically, the difficulty of discovering and fixing them) comes directly from the monopoly and monopoly-like players that currently exist.

I'm aware that a world in which e.g. Microsoft was actually sued to the extent of the damage it has caused is hard to envision, but I can't help but think breaking that sort of thing up by whatever means gets you more visibility, more localism, more shallow bugs, etc.


> When you try to pay for gifts, it turns the whole gift process into a transaction. It stops being a gift. It becomes an inefficient, misdesigned, awkward market.

This resonated with me. When opensource involves money, incentives become misaligned... And all the bad parts of a SASS product become important, vendor lock in, upselling etc...


Thanks for that gift of an article!


If you liked it so much, why don't you give a donation :)


I will read it for free


Fred tosses and turns, unable to sleep. Wilma sits up. “Fred, what’s the problem? Why are you tossing and turning?”

Fred comes clean: “I owe Barney $10,000 and I promised to pay it tomorrow. And I know he needs it, because he bought a new set of golf clubs to use at the company golf tournament this weekend on credit, and if he doesn’t pay, he’ll have to take the clubs back.”

Wilma picks up the phone. “Betty? Sorry to call you so late, but would you give Barney a message? Tell him that Fred doesn’t have the $10,000 he promised. Yes, that’s all. Good night!”

Fred stares at Wilma, aghast. “What did you do THAT for?”

Wilma smiles. “It’s Barney’s problem now. Let him toss and turn, we can go to sleep!”


‘You literally cannot pay for it. If you do, it becomes something else.’ This is mot true and imho misleading. You can pay for GPL software. Many people do pay a lot for FOSS software. You can pay devs that develop GPL software. And it will still be FOSS. Payments do not change wether software is FOSS or not.


In that case (using the article's analogies), you are receiving a gift (GPL/FOSS software), and choosing to give them a gift as well (money). Both transactions are 100% no strings attached.


I bought qcad a few years ago (used it for a hobby project), I payed for it because compiling from source would have been a hassle.

Note. qcad is open source.

But yes, there is a limit for what you can charge and how far you can scale that model :)


>Many people do pay a lot for FOSS software.

A few. Most people leech.


Somewhat related to the points about authoritarianism, a book review of "The Conquest of Bread" that had some discussion about a month back: https://news.ycombinator.com/item?id=29349688


> Paying for gifts... does not work. When the context is friends/family exchanging gifts, I agree. But, given the context of the author's argument (open-source software), I disagree. When I pay for (sponsor) open-source software, I'm doing so because I want to encourage the relevant author(s) to continue applying their talents for the betterment of both myself and the world at large. I'm not paying for something I requested of them, nor am I telling them what to build going forward. If I knew a person who spent some of their free time helping relieve homelessness in some way, I'd be inclined to sponsor them in the same fashion.


>a person whose name is now unpopular was at a university, where they had a printer, and the printer firmware was buggy.

Is this not a quote from Stallman? Is he really so badly in the internet's doghouse that we can't even say his name?


I think the author is missing (or perhaps just discounting) the fact that not all developers have the same level of competency. Just because someone releases code as free software or open source doesn't mean they have done the work that a more skilled practitioner of the art would do prior to public release. It's not just money that determines code quality, but there are cases in which it can help. Taste in selecting which code and features are accepted by a maintainer will have a huge impact on the resulting security track record of a project.


Wow, the "Authoritarianism" section is the essay I wish I had written, but better than I would have written it! Thank you!


There is a book, called 'The Gift: How the Creative Spirit Transforms the World' that is popular in author circles. It's about the gift economy and how it's different than capitalism and how creative endeavours are really part of the gift economy, not the cash economy proper.

I honestly got a bit bored of reading it and stopped, but the idea stays with me. This essay captures some of that idea - why you can't pay for a gift, how gifts work differently. They are a form of capital in that gift givers get social credit or something, but it's a very different system, a more traditional one than capitalism.


Does the book talk about one among the dangling questions the author posed but didn't answer: how simultaneously, whole promising branches of the "gift economy" structure have never been explored.?


You might have more fun reading Marcel Mauss' classic, also called The Gift, on the structure and function of gift exchange across various societies.


"gift economy" is also the model underpinning Free Software.


It's also the model underpinning bribery. It's multi-purpose.


I expounded on the gift-giving theme as well, some years ago, and am glad to see I was not alone: http://paul-m-jones.com/post/2018/12/11/open-source-and-sque...


I have only one question: is his blog a gift?


apenwarr's posts on (software engineering x startups) are even more lit. As someone who works on FOSS full-time, I wish they wrote about the questions posed in the epilogue section of that post.


I don't like hair trimmers. I have no use for them and they only occupy space and eventually I return them when I get them as gifts. And yet, every 2 or 3 years I get one as a gift.

His blog is a hair trimmer, now I have to kill the memory it occupied in my brain (return the gift).


The hair trimmers are not a gift. They are a pointed commentary on your grooming, or so I would assume.


Considering I have a hair salon I go and do said grooming every 2 or 3 months, it's not a pointed commentary but a poor gift from people who don't really know me. You see, it's fashionable in my country to do such a gift to men, except in my case I get it from people who don't really know me but they enter my my life one way or another. Trust me, they learn and next gift is usually perfume or shaving water. Those gifts are always welcome, no matter how many come.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: