Here is a link to the donation page: https://gnupg.org/donate/index.html
Do Free Software project with funding 'pay it forward' to the volunteers on other projects they heavily depend on? (I don't really know) If not, they deserve to suffer the consequences.
How would a free software project 'pay it forward'?
They are in a very similar position, aren't they?
Edit: For some reason, I can't reply to child comments (probably a cool-off time-out at work?).
Just a short note here, then: $1.25e6 for the FSF translates
to 10 developers like Koch being paid (the donation page quotes "120000 EUR").
That's ten. For the whole FSF. As an example of a well-funded project.
I'm not going to comment on that. HN would rightly give me months of cool-off time.
It seems reasonable that these projects should consider adding items to their budget to redistribute funds to projects that they depend on.
Some probably do this, however I think the GP was suggesting that something like this become more common.
Too bad OpenSSL wasn't one of them until after the big "heartbleed" incident.
The core infrastructure projects don't seem to get as much funding as they ought to, especially given almost everyone relies on them (even if they don't realize it).
Prior to Heartbleed and the industry rallying to fund critical projects, OpenSSL only received an average of $2,000 USD a year... that's pathetic.
> Intel will invest "$300 million to help improve the pipeline for women and minorities, actively support the hiring and retention of diverse candidates, and fund programs that support the positive representation of women and minorities in technology and gaming industries."
> "Google Gives $775,000 to Nonprofit for Tech Diversity
CODE2040 said Monday it received $775,000 in grants from the tech giant to support the launch of free training programs for more than 5,000 black and Latino college engineering students over the next two years."
But there are also justified backlashes to the programme, given that there is a perceived priority given to the programme in some areas instead of writing software. The argument is that not everyone and their dog needs to be involved with writing software, so why should we encourage them to? You don't see such pushes in dentistry, the car industry or anything like that; "Are you a WOMAN? Then join the car industry!".
Strangely we do in IT though, where it is the belief that we should make EVERYONE code!
The "I will fight you and I will win" response from Emmanuelle Bassi is a particularly horrible/strange/passionate reaction from one of the guys involved with the programme: see http://blogs.gnome.org/tvb/2014/09/12/im-looking-at-you/comm...
Yes you do. Every single fucking time this comes up someone says "you don't see this in construction". It's rebutted every time it comes up and it's really fucking easy to do a simple web search to find examples of programmes to get men into teaching or nursing or to get women or minorities into construction.
Example links have been posted to HN many times.
I haven't seen anything like this here in the UK. Is it a US thing?
BTW, I wasn't advocating for or against in this GNOME argument. I am entirely an observer and was highlighting the arguments made by both.
I thought I ought to add that because I suspect people are thinking that I dislike the programme? Either that or people like down voting with no reply.
With regard to the encouragement for everyone and their dog to take up coding, I see it a lot but in truth I do not see the same things in other professions - I have never seen a push to make youngsters take an interest in banking or journalism yet over here in the UK there is a push to make programming/coding a part of the national curriculum for youngsters, hence the introduction of the Raspberry Pi to encourage that.
That's at least how I think it went, you can go look it up, the details are online.
Which ones are those?
In addition, some projects that are not well-funded as a project are "funded" in the sense that companies pay people to work on them, for example Microsoft paying Simon Peyton Jones to work on GHC.
All of the Debian developers are volunteers, am I wrong? Slackware can barely support one employee, the founder. OpenSSH falls under OpenBSD, which also supports just the founder, everyone else volunteers, and they DO volunteer some serious time and do important things. They also had problems raising funds, there were discussions on HN about that here, and I'm sure there will be more in a year or two.
From: http://www.openbsdfoundation.org/campaign2014.html :
* If $10 were given for every installation of OpenBSD in the last year from the master site (ignoring the mirrors) we would be at our goal.
* If $2 were given for every download of the OpenSSH source code in the last year from the master site (ignoring the mirrors) we would be at our goal.
* If a penny was donated for every pf or OpenSSH installed with a mainstream operating system or phone in the last year we would be at our goal.
This is kinda depressing.
Is there someone from the Debian project here? I'm wondering if they could afford to run their own mirrors around the world if they had to. Could they cover hardware, colo and bandwidth costs, if they had to? I'm just curious.
That's the point -- the ones that can should support the ones that can't, which are often foundational components of the reason the ones that can, can get money in the first place.
Ubuntu is funded by Canonical. http://en.wikipedia.org/wiki/Mark_Shuttleworth in other words. So one big donor.
Debian... seems to mostly get by on volunteer labor and be ok with it, or it did when I was involved with them. Has that changed? I suspect that in some ways Debian is underfunded given the amount of work they do. Perhaps money would make some things happen faster there.
The Apache Software Foundation does a decent job at fundraising, and even employs a few people to do stuff like administration. Most of the projects get by with companies that pay people to work on them, which seems to work out pretty well.
Firefox/Mozilla make most of their money with deals: Google and Yahoo, last I remember.
I don't know about OpenSSH.
It's possible, but mostly donations don't seem to work unless it's big chunks of money from companies.
> The Apache Software Foundation does a decent job at
> fundraising, and even employs a few people to do stuff
> like administration. Most of the projects get by with
> companies that pay people to work on them, which seems
> to work out pretty well.
As a 501c(3) non-profit, it is constrained as to what it can
do with donations.
Unfortunately, that is very far from true.
Ubuntu was negative $21 million USD in 2013. Canonical would literally make money by just not doing Ubuntu anymore.
(Every time Canonical is on the verge of bankruptcy, Shuttleworth re-seeds back into the company from his personal checkbook)
(the numbers are represented in thousands, so 21,343 is 21,343,000)
The significant losses due to Ubuntu development and related expenses are why Canonical as-of-late has been turning focus away from Ubuntu towards other markets such as Mobile and especially Enterprise (a la Red Hat's turf).
Canonical's cloud business might be profitable (even though Canonical as a whole is very-mush-so-not), however their cloud business is not coupled to Ubuntu, ie. they could use any Linux Distro, or any OS for the matter.
Ubuntu is a total loss center for Canonical. It's surprising to a lot of people given it's popularity... but popularity doesn't equal profitability... especially when most users don't pay anything for the software (not even support fees).
Typical beancounter mentality.
Probably comes with a suggestion of closing this division and going with something else
OF COURSE this department loses money. But it is a net gain for the company, and in fact without it the rest wouldn't exist.
Not sure what "of course" means here... it's very possible to be profitable off your OS Development division... look at Red Hat, SUSE, etc. They pay for the development from support payments... they collect support payments because enterprise wants their OS... it's a positive feedback loop. The better the OS, the more enterprise pays, the more funding RH can put into the OS dev team, the better the OS gets, the more support fees they collect, etc etc etc...
Canonical has not been able to successfully charge for support like RH and SUSE have figured out.
> But it is a net gain for the company, and in fact without it the rest wouldn't exist.
It's not a net gain unless the company can be profitable as a whole and subsidize (and justify the enormous expense) off-put by tertiary services, etc.
... right now Ubuntu project is responsible for Canonical being perpetually in the red... every quarter, since their foundation. Canonical could very well just run enterprise support contracts, or push their cloud services. They don't have to use Ubuntu... any OS would suffice. They aren't somehow coupled to Ubuntu to the point if Ubuntu didn't exist, Canonical wouldn't either.
Circa 2008, before the Unity and Pulseaudio switches, it was considered by pretty much everyone the premiere Linux distro. I don't see why they could not get support contracts with Dell, HP, etc to sell Ubuntu computers and provide the tech support in exchange for positive cash flows.
Even today Dell is still doing Sputnik and in European countries you can buy HP hardware with Linux. Why is Canonical not taking advantage of the fact that they could be making money off support for their desktop OS through all the hardware vendors?
Ubuntu has never been profitable for Canonical. Shuttleworth's game-plan was always long-term minded regarding Ubuntu -- but as we've seen as-of-late, Canonical is shifting focus to other markets they view as potentially profitable. Shuttleworth has committed to keeping Ubuntu alive, but it's no longer Canonical's sole hope for income.
> I don't see why they could not get support contracts with Dell, HP, etc to sell Ubuntu computers and provide the tech support in exchange for positive cash flows.
This isn't just a problem for Ubuntu, but for most end-user linux distros. People always joke with Linus when the "year of the Linux desktop" will finally arrive... The people who use Linux as their daily driver generally don't need the support, and for the ones who do, well it's a lot less marketshare than Windows.
> Even today Dell is still doing Sputnik
Besides Sputnik, and some Linux-only end-user manufacturers like System76, there really isn't a lot of choice for pre-installed Linux end-user computers.
It's weird too, because Sputnik is $50 more expensive than the windows version of the same hardware. (probably some Microsoft deal going on here).
Linux comes pre-installed on majority of server hardware (server hardware than comes with any OS at all that is), and Linux dominates this field. But the "year of the linux desktop" hasn't quite arrived yet. I do hope it comes soon.
I've used System76 and Zareason. System76 are Ubuntu-only (and the hardware may have issue with other distros); Zareason will support any Linux.
I run full-time linux on my laptop and my goto hardware has typically been a Thinkpad T series.
Is it about profits, or - I'm going to be kind of cynical here - chasing taillights? The way they seem to bounce around from one thing to another (mobile phones! embedded!) makes it feel like the latter.
I tend to agree... modern Canonical feels like a company that lacks focus (probably because they aren't quite sure what the focus ought to be after realizing Ubuntu might not ever turn a profit for them).
The FSF had revenue of 1.25 million in 2013. I'm not trying to comment on where it came from or where it went to. I'm only pointing out that they are not in a very similar position.
In 2013 FSF paid $ 689,239 in salaries and, astoundingly!,
$ 48,995 in credit card fees.
Anybody got an idea why they pay so much?
Source: 48995/689239 = (x*.029+.30)/x
Some banks do tack on a foreign transaction fee though, but that goes on the payer.
If they had zero expenses other than staffers, at a very modest 65,000 USD a year that would not even cover 20 people.
The EFF, FSF are the only real "good guys" out there fighting for your techie rights every day... They could really use your donations and support (even if you don't agree 100% with all of their message).
As mentioned by the grandparent comment, GPG is in use by Debian, Ubuntu and RedHat package managers. Whether or not you count those three as free software they have plenty of money to pay forward to a piece of software that underpins their entire stacks.
 - https://lists.debian.org/debian-vote/2013/03/msg00095.html
I am having a hard time to find financial statements from Debian.
Ubuntu, or rather Canonical, being a private company, doesn't seem to release financial information.
The Ubuntu main page doesn't even provide a 'donate' link anymore.
Which leaves RedHat, at last. A public company, of course:
Operating profit 2014: $ 1.3e9
Net total income 2014: $ 178.3e6
For some reason SPI has not put out an annual report since 2012: http://www.spi-inc.org/corporate/annual-reports/2012.pdf
Try to download it: http://www.ubuntu.com/download/desktop/contribute/?version=1...
21 million USD negative, largely due to Ubuntu development and related expenses.
Canonical has never been profitable, which is why Shuttleworth constantly re-invests his own personal capital in the company.
However, a lot of commercial entities use pgp as core of their business: all software packaged for the linux world is signed with gpg one way or another. All commercial distributions depend on it at their very core. I'm amazed that they don't fund gpg at least partially.
One of the points of open source is that software becomes a commodity, and that will always hurt OSS founding.
Even sadder is the fact that these "free" things actually cost us much, much more. https://news.ycombinator.com/item?id=8585237
It's a play on words though, by analogy with "Pay it back" which is returning a favor to one who did a favor for you first (like paying back a debt). In the case of large distros being heavily reliant on GPG and other upstream projects, I think the applicable term here is "pay it back".
Upstream developers helped out Debian, et al, and now Debian needs to pay those developers back. Arguably, by gifting their distros to the world at large, they're already "paying it forward".
I left a note that he (like the EFF and the ACLU) should have a recurring donation option, or at least an option to receive a once yearly email asking for a donation. There are many people that would happily go with a recurring donation if that option were available.
I just chipped in $25.
Edit: Over €10k more in the hour since this comment. It's now 2/3 of the way to the funding target.
It's just that it takes a lot of media attention to get you to your goal plus a lot of the donations a coming from regular developer who understand the importance of this instead of the big companies profiting from this software.
Imagine all the workflows that depend on verified encryption signatures like Debian, Ubuntu, etc and that's just software distribution, not counting privacy issues like journalists, political dissidents, whistle blowers, etc using it for secure communications.
It was pretty easy to donate, took me less than 2 minutes. I encourage everybody that is able to make a donation, however small, every euro counts.
And, as others have pointed out it is easy and you can choose between cc and PayPal.
Really happy to see that this post on HN has traction, and delighted to watch the counter go up. GPG and other security projects need a way better tech PR push.
Interesting to see more people have donated so far in 2015 than the whole of 2014.
Email Encryption Software Relies on One Guy
Err... did PGP recently go bankrupt?
Edit: Crap, it's worse, they seem to have been acquired by Symantec. Is it still any good?
I'm experimenting to do a dead-simple licensing system using SSL certs and signing--rough idea is, cert is from me, and when it expires, software says "lol no get new cert".
I'm sure this has been done before, but the amount of custom license management code I've seen in the wild makes me wonder...
You are of course aware signatures don't solve the licensing problem however, which is a Trusted Client problem (i.e. unsolvable).
It also seems you want to expire things, so I do feel I have to warn you that signatures are a totally separate thing to a secure time source, which is a whole different bag of marbles.
However, since what you're designing sounds like a logic bomb/copy protection/DRM system, I must say what I've been saying for the last quarter-century or so: please do not design your software to deliberately fail. That is a bad call: trust me on this one. Any crypto that you do to support it, even if the crypto itself is sound, is just tapdancing around a failure state.
Software is shareware, gets a little naggy within 30 days of license expiration, send money to get a new license file, which makes the nagging go away. No cessation of service.
I'm not worried about clock spoofing--I assume basically good-faith customers.
Signing would help people from just copy-pasting certificates around. If they want to go into the executable and rewrite the routines, well, there's only so much one can do, yes?
(Your registrations are time-limited? That's very unusual for self-described "shareware". That's pretty much "commercial, but your demo nags".)
You're welcome to choose whatever business model works for you, of course, but take it from me, this one's straight from the early '90s. I hope it works for your users too.
And unfortunately, the harder someone tries to reach that goal, the more fragile their software becomes. A lose/lose situation.
It really is better to engineer software to work, not to fail.
For example: https://github.com/glebd/cocoafob or
This is how the stories goes: we haven't figured out
how to make good work worthwhile.
Perhaps we can learn something from our vast experience in profitably peddling shit?
But that'll never change unless all of a sudden we say "Ok, on the count of 3, everybody stop giving away their hard-earned expertise for free. 1... 2... 3..." We're like musicians nowadays. We love it, so we do it without insisting on compensation.
A few months ago, I Show HN'd an open source project, but reserved the copyright to the code. The commenters immediately took note of this and I felt compelled to switch it to an MIT license. (It was open source for security reasons, if you're wondering.) I'm glad I did, but the point remains: there was pressure to conform.
Er, the first to keep their source closed and try to charge for it happened a long time ago, and there are huge numbers of developers at firms from one-man shops to massive megacorps still doing it today.
The idea that closed-source for-profit development is a novel idea that violates norms in the software development community and that everyone is afraid to try is cute, but, you know, completely contrary to the actual facts of both the current state and history of software development.
ORLY? Have you read much source for BitLocker or FileVault, recently? WhatsApp? Skype? And those are just the most popular ones off the top of my head...
Some source is better to be open for all stakeholders, others... it's more or less irrelevant, unless you believe the entire world is out to get you.
I say this because I know that when I am looking for libraries to use at work in commercial software, I have to look for BSD-style code and now actively steer clear from GPL and LGPL code (static builds for me please).
It isn't to be malicious but it's mainly because I would like to continue living. Giving away things I have spent years working on doesn't pay my mortgage or put food on the table.
Seems like there's another option -- open source your project and also charge for a license to use it. By open sourcing people will trust it more which will cause its value to go up. And then more people would be willing to pay for it.
If you open source your project, unless you're using an unusual definition of open source, you've provided a free-of-charge, sublicensable license to use, modify, and distribute it. (Or, at least, a license that the licensee is free to sublicense without charging the sublicensee or paying an additional fee to you, so even if you are charging for the direct licenses, the more you sell the greater the probability that it will be available at no charge.)
You could open source it and charge a fee for professional support, however, which is a fairly common model.
But there are library authors who publish BSD (governnent funding) who can't partner with GPL. It's unfortunate.
I mean, I feel the burn when I give money to Debian, Arch, KDE, etc - but I do it because I know I have to, because the software is so important to me. The $500 or so I donate each year is a lot of money to me, and I'm in the US - I cannot imagine how much donating to these projects would hurt the international users who make significantly less than the 15-25k or so I make annually.
I don't know how KDE managed it, but Blue Systems (http://en.wikipedia.org/wiki/Blue_Systems) is a Germany company founded by one Clemens Tönnies, Jr. Don't know anything about the guy, but he is somehow paying 10+ KDE devs without a business model. I've donated a lot to Kubuntu, but I cannot imagine in a million years they get enough donor money to fund all the devs they employ.
But those kinds of philanthropies, the way Mark Shuttleworth keeps Canonical afloat, seems to me to be the only practical way to keep free software afloat. You cannot ask a million destitute people to donate money they need to eat or sleep comfortably, but we as a community don't have the charisma or ears to get fat cat donors to foot the bills. Probably because software freedom does not matter as much when you are wealthy - you can just pay to get the software you want made anyway, and you might even be able to bribe companies to give you the source if you care enough.
And I recognize a huge portion of the donor pool for most free software projects isn't either end of this spectrum, but people like me making something above the poverty line and below extravagance that donate what they can where they can, but that is consistently shown to not be enough. And I imagine it is more because it takes millions of average joes paying dollars to match what one millionaire can do in an instant.
It's easier for businesses to write off these type donations (and make them for significant amounts) than for private individuals to do so.
If your effort is half as good, you still get half million people to donate $1.
On the company case, one million is not pocket change, so this will be a serious decision that has to be approved by several independent branches within the organization, each with veto power. Screw one of those and it's a deal breaker.
Furthermore, I'd say that this decision is one that is particularly difficult to frame for the company. While corporations do understand direct costs very very well, they are practically hardwired to ignore/exploit the gift economy. So the discussion will be stirred towards what indirect benefits will the company receive from donating to a worthy cause (public relations, tax exceptions, etc) and away from the consequences of letting a (unacknowledged) strategic partner to go under.
Not to say that a corporation cannot assume stewardship of a distressed project, but it almost always requires executive fiat to get over the bureaucracy.
Far simpler not to even bother at all.
Or they're small for-profit companies and they can't spare the revenue.
Or they're large companies and no one with a budget and decision power is even aware they use the product.
Or they're Red Hat... With limited budget for this and unlimited needs to cover.
I don't know how we get there when companies like Apple eat such a huge portion of the consumer OS and application dollar and companies like Microsoft and Oracle eat such a huge portion of the corporate dollar.
My name isn't even on the list of recent donors anymore, that's going fast! Maybe he'll wake up tomorrow and hit refresh a couple times to be sure there's nothing wrong with the counter, hehe.
"CII does what's beneficial to its members. Privacy tools aren't" [https://twitter.com/matthew_d_green/status/56338899320386764...]
...which indicates to me that GnuPG wasn't sold properly. It's not just a "privacy tool" -- it's one of the ways that software (including OpenSSL) is securely distributed. I would guess that quite a few of the CII's members benefit from GnuPG and don't even realize it.
I imagine those people need to control integrity of the software, to make sure it is deployed correctly on their servers and distributed securely to their clients and users, and OpenSSL has all they need for that. Privacy, OTOH, is unneeded because they are not (or rather much less) after their own or their users' privacy.
Perhaps via a "Free Core Infrastructure Initiative"
exactly. Given the number of corporate laptops encrypted by the corporate IT with that software , and thus definitely some "license" style good money were paid by the corporations to some entities ... i never believed in the magical concept of trickle down and sounds like it doesn't work here too.
EDIT: Someone downvoted me, not sure why, but I am genuinely curious what the senior engineer does?
It's interesting to note though, that Facebook does uses PHP and C++ extensively. And Facebook maintains a large a number of open source PHP and C++ projects. So I suppose that some Facebook engineers are more involved with PHP and some more involved with C++.
But more importantly, I don't think Facebook engineers are bound to a technology. They think about how to solve problems. If PHP is the best tool to solve a problem, they'll use that. If it's C++, they'll use that instead.
You're right about them using the right tool for the job - their entire HipHop etc. (whatever it is called now) creations to convert PHP to C++ and run a C++ web server are a good indication of this. Good point!
I'm really glad Pro Publica picked it up, but I also think we need to change to way we think about critical software like GPG. The GPG Tools team (GPG for Apple Mail) recently stated they need to charge for the tool in the future because they simply can't handle to amount of work anymore (it's still GPL) — the response from us was nothing but outrage.
// I just realized all of this is mentioned in the article. My bad.
Maybe the lesson here is not to license important software under such permissive licenses. Make it open source and free for non-commercial, require a donation if it is used in a commercial product. I don't really see how you can give something away for free and then expect companies to volunteer to pay for it.
Every serious definition of 'open source' or 'free software' says that you can't discriminate by field of endeavour - if you have one set of rules for commercial use and one for non-commercial use, it's not really open source. And the nature of donations is that you can't require them.
That's not to say that you can't build a business model around open source software. You can charge for pre-built binaries, you can charge for exceptions to the GPL license to build proprietary software with it (this is what Qt used to do), or you can charge for services associated with the code (e.g. running a hosted service). You can even technically charge for the code itself, though since anyone who buys it can resell it or give it away, that sounds precarious.
We call it Free and Open Source Software for a reason. Open Source means the code is open (i.e., you can study it), Free means it's licensed under a Free Software license (it doesn't necessarily mean free of charge).
People usually omit the "Free and" part when they talk about FOSS.
// Anybody want to tell me why you vote me down? Am I wrong?
Calling it just one or the other is enough though. Being "under a Free Software license" by definition means "the code is open (i.e. you can study it), so no need to say "and Open Source".
I do however prefer calling it free software over open source as I find the free software definition simpler and than the osd. And also because the term open source seems to place importance on the code being 'open' instead of 'libre', which you'll here rms talking about everytime someone says open source.
"Free software" has issues as well as a term, since free can obviously mean two things, gratis or libre. However, once the reader/listener has understood the difference between free of charge software and software that preserves your freedom to study, modify and redistribute it, I think open source is the more problematic term as it can more easily cause confusion as demonstrated by your comment (where you think open source means that the code just has to be 'open').
The kind of "open source" I was talking about is source code that is released under a non-free software license. What do we call that?
@alexvoda "it's not really open source" is the part I tried to contradict. I may have been wrong though.
More seriously, typically something like "look but don't touch", or "proprietary with source available", or "source available under a restrictive license". Microsoft used to call it "shared source", and that term still has those connotations too.
Definitely not "open source", though; that means more than just "has source available".
The Unreal Engine is an example for this kind of business model on a large scale. KoboldTouch (used to be?) an example for the same on a very, very small scale (less than 5 people). I really don't see anything "obnoxious" about it.
Yeah, that's a very different case. It's indeed moderately common for proprietary software frameworks/engines to include source, so that their paying customers can modify and redistribute, but cannot redistribute in source form (modified or otherwise). That's not any more obnoxious than any other kind of proprietary software distribution, and I wouldn't call it "look but don't touch", though it certainly isn't open source or free software.
The case I'm talking about is software with publically available source, but under a restrictive license that doesn't satisfy the OSI or FSF or DFSG definitions. For instance, many random projects on github that don't bother applying a license, or rar (the archive format implementation), or tarsnap, or the extremely obnoxious JSON license.
You are free to come up with your own defintion of popular, agreed up terms. But this will lead to problems when you're using a different definition from everyone else.
It might be a little tricky in the case of GPG since it is really a GPL port of the commercial PGP software. So a major reason for it's original existence is that it is GPL code.
This kind of way to function give enough money to employ 10 people, and also secured a lot of new developments (encryption, video, etc.). Disclaimer: I'm just an employee, not the founder.
I would advise him to switch to that kind of licensing, if he wishes to. There's no reason he shouldn't be able to live through his work.
If you do this, the problem with dual-licensing a copyleft project is as follows:
-The copyleft license allows use in other projects with the same copyleft license
-The "dual" part allows use in proprietary licensed project (the stated enemy of the copyleft license)
-The ones left out are projects that use other copyleft licenses and copyfree licenses.
In my opinion dual-licensing copyleft licensed projects is a mockery of the purpose of copyleft.
All this is however irrelevant to the discussion about funding core FLOSS software. It doesn't matter the license, the challenges to funding such a project are the same.
I hear you though. Free of charge and open source need to be two separate things (not all the time, of course). Cutting costs in FOSS development usually means spending less time on websites, documentation/support and UIs, which hurts the projects in the long term. It's a vicious cycle.
GPL lets anyone running a webapp pretty much ignore everything in the GPL license.
I did manage to do some isolated contributions to Open Corporates (http://turbot.opencorporates.com) where the community are super-welcoming and very patient, but I've felt a little isolated and like I'm not exactly giving much back. Apologies for the mildly-OT rambling.
Sometimes it's small things, like documentation. For example:
Mozilla is quite friendly and makes it easy to contribute. I've had quite a pleasant experience whenever I tried to make a contribution.
And their bug tracker is fairly pretty too.
Same for GPG until now. I didn't hear they asked for donations.
And I doubt I'm the only one. So I quickly checked if maybe this was big on HN at a point and I just missed it.
Nope. It's not just me.
If not even the most technical people (that actually know what GPG and openssl are without looking it up) don't hear about this, how are regular people going to find out where to throw their donations at?
I think people would donate if they knew about it. I'm going to send this guy $100 and consider it a license fee, because he deserves it.
On the other hand, I had no idea that he was working full-time on it, and having money trouble.
Also: If you search for "GPG Koch" you can come across this comment:
EDIT: An example of development that is slow-coming: library support. Most GPG "libraries" in languages like Python and Ruby are just wrappers around the GPG command-line, because there is no proper library.
EDIT: For example, I believe that it would require rewriting a lot of code, and that means said code would need to be audited to make sure no security bugs were introduced. It's "easier" to just wrap the current command-line tools because they are a known quantity.
IIUC this is intentional design of GPG 1.x vs GPG 2.x: the former is statically linked binaires for "security reasons" while the latter is a shared lib (libgcrypt) + binaries with exactly the same features.
I haven't used it, so I really don't know.
I've used it while making bindings for it for my Scheme project: https://github.com/cslarsen/mickey-scheme/tree/master/lib/op...
Another key would be to add a real commercial justification to pay for projects instead of just donating. Often for tax and regulatory purposes businesses can't just spend money on fun, frivolous things unless they want to make a mess of their accounting. Maybe something like for each $50 you spend you get to ask one question on a mailing list or message board.
I remember it made the front page (but that might have been during business hours here in europe).
Oh certainly, I use GPG on a daily basis, yet it never even occurred to me that such an ubiquitous project would have trouble gathering funds!
I tossed in a donation as soon as I saw the link in the article.
I remember jOOq (a Java SQL DSL) had similar troubles raising donations. They ended up moving to a commercial licensing model for 3.2+ that provides connectors for "enterprise" databases as well as professional support.
Had I seen a banner asking for donations, I would've gladly donated what they're now charging for licenses. -- It is an excellent library.
However I feel like the tooling does them a disservice. When the library can be added by tossing a few lines into `pom.xml` and having Maven fetch it, and the API can mostly be figured out w/ javadoc and your IDE's autocomplete: how many developers will even visit the project homepage and see a "We need funding!" banner?
That's a good point.
Not sure how this can be technically addressed though
The problem, I think, lies in the lack of balance between different types of "users", their ability to absorb risk, and their ability to advertise.
For an individual developer, new product development is a chicken-or-egg issue: you need money to live, but you can't make money off of an infant project. On the other hand, a corporation can siphon funds off of profitable projects into R&D, and the larger the company, the longer they can do it. There is a certain level of financial security that removes emotional burdens that can be real impediments to development progress. There is a singular focus that can be achieved by the developers in such a situation: one 100% focused developer is more than twice as productive as one 50% focused developer, all else being equal.
It's also extremely difficult for an individual developer to get the word out on their project. But if Google even breaths a hint that they are doing something, a subreddit will be made for it overnight and TechCrunch will assign a team of reporters to cover breaking news.
So from the start, the individual is behind the 8-ball in terms of being able to maintain a certain pace of development and gain mindshare for it. If you're entering an existing market, a lot of times the only way to gain traction for your project, to get any attention and get anything out of it, is to have to open source it just to meet other developer's expectations.
But I suspect the vast majority of people who want "open source" really only want it as a security blanket and aren't actually going to look at it. I completely admit that I'm included in that group.
For a corporation, what's the worst that can happen? In other words, who is going to fork their source? Another individual? They won't be able to keep up. Another corporation? They have to compete in both code and marketing, which isn't so attractive. It might be--all things considered--an equivalent effort to just start a competing product. Maybe even a little less effort, because you don't have to dance around collaboration and contribution issues.
But for an individual, it's a significantly higher impact of a problem. If I make a tool, release it open source, and--say--Google decides that it's great and they want to use it, even if I license under the GPLv3, they can very easily strong-arm me out of the driver seat. They could be in complete compliance with the license and contribute all of their changes back, but their marketing machine could easily put themselves at the forefront of developers' minds as the source of that project.
Is "closed now, open later" the solution? I don't know, that's always sounded to me like "closed now, closed later". See Android. What good is Android being open source if, by the time the source for the latest version is released, they've abandoned it for a new version?
Correct me if I'm wrong. I'd like to be wrong, so I know in which direction to take my own business development. But it just seems like there are several types of power, and individual, independent developers have few that large corps do not, whereas large corps have several that indies do not.
Juce and PyQt were created by single developers, so it's not impossible. Staking out and defending a niche would be a prerequisite, open-source or proprietary.
I have a library project right now that I provide dual-licensed under GPLv3 and a paid, proprietary license. It's not typical to release libraries under the GPL rather than, say, the LGPL or MIT. My reasoning is "code or coin, you gotta give something." I have no idea if it will actually work (and I'm not banking on it working, I wrote the thing for my own use first and foremost), but I am starting to think that I would rather nobody use my code than everyone if it meant I didn't get anything out of it past an 'at-a-boy.
Put another way, if I were Ryan Dahl, having gotten Node.js started off on my own, and I still had to work for a living, I'd be pretty freaking pissed. (https://groups.google.com/forum/#!topic/nodejs/hfajgpvGTLY) Maybe the actual Ryan Dahl doesn't care (and maybe he chooses to work, I don't know the exact details), but it would seriously bother me.
"Open" is as much a state of mind and development practices as it is a license. JIRA shipped with full source code while remaining proprietary. This removed customer concerns about JIRA going out of business, no need for source escrow. Customers ended up making modifications to the source, which then influenced the Atlassian roadmap. Conversely, one can have an open-source license, but a dev culture that rejects external input, e.g. Calibre. If a vendor focuses on business goals first, then creates a culture to support those goals, license choices will become clearer.
There are useful history lessons among these links:
1) Free Software Business mailing list archives (1993 to early 2000s), http://www.crynwr.com/cgi-bin/ezmlm-cgi?iis:0:201311#b
2) Self-publishing docs+screencasts with 90% royalties, earned railstutorial over six figures in a market where most technical books are lucky to earn $10K. Relevant to OSS biz models: https://news.ycombinator.com/item?id=7350265
& screencast toolchain: https://news.ycombinator.com/item?id=8932387
3) Bootstrapping 101, http://discuss.bootstrapped.fm/ & http://www.startupsfortherestofus.com/
4) ISV (Stardock) 2014 report,
Resources on business models:
5) The Business Model: Theoretical Roots, Recent Developments, Future Research, 2010,
6) Free Software and OSS Business Models, 2008, http://www.springer.com/cda/content/document/cda_downloaddoc...
7) Any good book on organized crime / unregulated business. Boundary conditions inform risk management, i.e. early recognition of failure scenarios to be avoided.
Would it be impossible to create some sort of stipend program at FSF? After all the creation and maintenance of software is allowed to cost money under the GPL.
But to make a larger point, if you try to model RMS's behavior using cynicism, you'll tend to make inaccurate predictions. To use a metaphor, his brain is running slightly non-standard software: His social skills are not quite compatible with standard protocols, but he will go to far greater than ordinary lengths to uphold his personal moral principles. I've dealt with RMS and/or the FSF a couple of times, and once I decided to assume that RMS wants exactly what he claims he wants, dealing with the FSF was actually rather pleasant.
Thus, if Stallman thought that programmers should live ascetic lives, he would have written long essays justifying why this was correct. But instead, he wrote long essays about why sharing and hacking on software was a Good Thing, and added (almost as an aside) that you are welcome to charge as much as the market will bear, and that doing so may often be a good decision.
Free software was never about no money being involved. In fact, RMS himself used to get a lot of money by selling free software. Back in the day when Emacs was too big for the internet, RMS used to sell Emacs tapes at 100 USD each (with documentation and source code, of course).
In fact, he still thinks that you should be charging money for distributing free software:
Distributing free software is an opportunity to raise funds for
development. Don't waste it!
He also thinks selling exceptions to the GPL is another good way to support yourself. FFTW and Qt are two prominent projects I can think of that did this.
The GPL itself is anti-freeloading. We give you the code, you can do whatever you want with it, but if you want to build on top of ours, you have to give back. It's all about levelling the playing field for everyone.
I have really hoped that the current app store model would turn out to be a great way to sell free software. A convenient way to pay, and you can download and install whatever you want. Optionally, you can have a link to the source code.
Sadly, it doesn't seem to be happening this way. I don't understand why not. Perhaps I too am being too idealistic.
No! Nowhere does the GPL says you have to give back to developers, you just have to give everything to the users (and more specifically to your users), because they are the one with the product and the modifications. If they happen to be upstream developers, then sure, they will get the changes too, but that is not the primary goal of the license. It's all about the user being Libre.
git clone --token=0x1515151 <repospec>
If that would work it would be an interesting way of selling your software.
There's no reason why free software should just be given away. The point is to make sure users have the source code and the permission to modify it and redistribute it. It was never to make sure they don't have to pay in order to acquire the software.
Sure, if they can redistribute it, perhaps they could undercut you, but if we believe that piracy doesn't really hurt sales that badly, it seems likely that this secondary moneyless distribution might not substantially hurt the primary one.
The problem here is determining where the divide between "using the software" and "building on top of ours" is. The line becomes blurry when the software is (e.g.) a library where the basic use of the library is to base other software off of it (as opposed to a desktop app -- e.g. GnuCash -- where "usage" has a more straight-forward meaning).
There still exists uncertainty and ways around it (You can execute GPL programs or write shell scripts so that GPL programs execute your code) such that you don't have to distribute the major parts of your codebase, but the GPL has an explicitly different version for libraries that are supposed to be linked in to non-free software vs libraries that are cores of GPL software.
Eben Moglen seems to think, as I understand it, that it depends on how you distribute the thing. If you link dynamically but distribute the whole thing together as if it were a whole, it's a single work and all should be under the GPL. Other situations seem less clear.
It's one thing to "cash in" on a GPL/LGPL project (e.g. writing a nice GUI around GnuPG, but not giving back to the project) where you are just wrapping the functionality of the GPL/LGPL project. It's another thing entirely to just use a support library (like an xml parser) where the library itself is not the main functionality of the program and have someone saying that your project has to be GPL.
Same problem exist with complete overhaul mods to game. Counter strike simply wrapped around half-life. Half-life was not the main function of CS, yet if they had been giving out CS with half-life under a open license it would again be piracy.
Thus it is hard to see a world where copyright would allow someone to ignore the license as long the "library" is not the main functionality. It would be a nice world, a world with remixing and a explosion of creativity, but a very different world from one that we got now.
> Sadly, it doesn't seem to be happening this way. I don't understand why not. Perhaps I too am being too idealistic.
As an indie app developer, I already struggle with people ripping off my apps and publishing them in various app marketplaces under similar or identical names, or taking my web app, wrapping it and charging money for it.
I have to imagine that if I used a free software licence, this would happen a lot more, and I wouldn't be able to issue takedown requests. Someone searching for the name of my app might find five or ten similar or identical looking results and have no idea which is mine. These other results might serve ads, track user behavior, gather personal information or perform other anti-user operations, leveraging the popular reputation my apps have built to do so.
If people want to bundle "my" GNU Octave and modify it randomly delete the users hard drive, that's ok. Free software allows this. Just don't call it GNU Octave, call it GNU DiskDestroyer or something.
Also, I know some free games are sold on app stores. Wesnoth comes to mind. Have people come to spite the Wesnoth developers and put the same game on the app store without a fee?
You can list a couple of exceptions, sure. But I'll see you that and raise you all of The Pirate Bay.
That is, you are always free to charge money, but you are not free to withhold source or prevent modifications/redistribution of those modifications, because this restricts the rights of other human beings. Or said another way, your freedom stops where my nose begins.
See what happened to VLC as an example.
In at least one case it's because a single open source contributor with an ideological conflict with App Stores was able to get an app removed:
By the way, VLC has been relicensed as MPL and is now available for iOS again.
There's simply very little reason for someone to pay for BSD licensed software, but there is reason to pay for GPLed software (even if only to get a different license for it).
People are very eager to work for free on free (as in speech) software just for the pats-on-the-back from "the community", it seems to me, at least as often as people do it because they're truly passionate about their craft.
With the rise of "have a github profile/opensource contributions" in job posting descriptions, it's only going to get worse. "Open source" is very rapidly becoming the "unpaid internship" model of hiring and distributing work in the software industry, and it breeds a sort of contempt for the notion of receiving compensation for one's efforts. I'm not sure that's a good thing with all the very-much-for-profit activity around software development.