This post has moved to erikras.com.
For further actions, you may consider blocking this person and/or reporting abuse
This post has moved to erikras.com.
For further actions, you may consider blocking this person and/or reporting abuse
Hollow Man -
Timothy Spann. πΊπ¦ -
JP Hutchins -
Piotr Kulpinski -
Top comments (22)
Eric Raymond, although I've lost all respect for him as a human being over his bigotry, did write the watershed work on this topic, to wit, The Cathedral and the Bazaar (the book), for which we (sadly?) have no comparable works. In the essay therein entitled The Magic Cauldron, he addressed this exact problem, and suggested several solutions.
Some of those have proven fairly effective in my experience, looking at the industry:
Offering commercial licensing. You license the open source code under GPL or another restrictive free license. The Qt Company is one example of this. If your usage complies with the terms of the open source license, you can use it as such. If you cannot, you have to pay a license fee.
Free the source, sell the support. Canonical and Red Hat do this, and it works out well for them. Anyone can use Ubuntu or Fedora, but if you want their help with stuff, especially in a commercial setting, you pay them for that.
Free the source, sell the content. This works when you can make the source code open source, but the compiled version with the extra content costs money. Some games are like this.
Free the source, sell the service. This works when your tooling is free, but access to your servers, API, or what have you costs money.
As the CEO of xs:code - I totally agree with you :-)
I strongly believe that these models are the answer, so my team and I started the company to solve the OS sustainability and help developers monetize using these (and other) models.
Let's talk!
xscode.com
Great read Erik.
I think this is the most realistic path to make companies contribute a bit more to open source. Quoting myself:
It distantly reminds me of e.g. Unity assets you have to pay for. Npm could become a Code marketplace. Problem would be that you would have to turn GitHub into a Code marketplace with it, otherwise another tool would emerge compying the code from GitHub. Also, some way would have to be found to prevent a simple clone of the code from being distributed freely... you cannot secure code using e.g. DRM
But how to make this happen.
No one wants to be the only company paying (unless there are marketing reasons). Giving 100$ to a project won't make it sustainable, we'd need to force companies to give those vouchers somehow, and ensure that others get "punished" if they don't.
What about crowd funding lib's versions? Like v1 is released, there are a few issues, now contribute to the v2 campaign or nothing will happen.
The ongoing maintenance and growth of open source projects are clearly in the best interest of the software companies using them. And yet, raising money for an open-source project is difficult, and many developers struggle with finding the right sponsors for their open source projects. What is the best way to get the resources open source developers need to keep developing? here's an article I wrote about how to find the perfect sponsor for your opensource project:
blog.xscode.com/736/the-right-spon...
Check it out.
Great write up, Erik! Iβd be curious to hear your thoughts on the Sponsorware approach. It doesnβt address the issues with big companies and open source, but I wonder if it could help with the funding.
I'm a marketer, so I'm planning to use GitHub Sponsors differently than intended. My team wants to award hackathon winners; give larger, 1x sponsorships to devs and projects we use or want to support; and generally use GitHub Sponsors to encourage engagement in open source work we care about.
This isn't directly related to open source sustainability, but I wanted to get opinions on this. Is this type of approach a net positive for open source?
what were the arguments against using scarf?
Basically just around the "implicit contract" I mentioned in the article. It feels "dirty" or "shady" or "creepy" to have a library force your computer to upload information about you (minimal as it may be) to anyone. The irony, of course, is that you're trusting NPM with this knowledge...basically as a requirement, since they have a monopoly in this space (No wonder Microsoft liked them! π€£). Also, nothing about the
npm installbuild process is secure. There's nothing stopping a library from adding apostinstallscript that uploads~/**/*to a server somewhere, and now you have no privacy. None of us are running ournpm installcommands from some permissions-restricted account, aside from the CI vendors.whats your opinion on? are either of those deal-breakers?
and what would an acceptable opt-out mechanism?
Hey Kevin, here's a write up of the main issues. gist.github.com/samsch/c38f3109701...
I acted as point person for pushing to get scarf dropped from libraries, so I'm an explicitly biased source. However, I did drop this for some review in the discussion channel on Reactiflux where a lot of conversation about this happened.
Great post Erik. I agree with a lot of the problems you describe here.
Just a few days ago, I posted an article about funding in open source here on dev.to as well. I wanted to know how the open source community feels about the current situation and started a survey on the topic of open source funding. Maybe you want to check out the survey: opensourcefunding.github.io/
great post, some points and a prompt:
100% this will not work, but I disagree with your 'libraries devs appreciate the most' idea. I think what we're already seeing is that a small number of libraries with more exposure are starting to attract even greater support. People tend to pick the winners.
We could go down the line and say that there might be an algorithm that takes into account the cyclomatic complexity, usage and a dampening factor for current level of support. I would love to get there, and I have tried and failed in the past.
More and more I am thinking in terms of sustainability as a community of projects, rather than treating each project in isolation. Given the current programmes we have some projects will 'win' and others will lose. But what if we use that fact that some projects have that exposure and are able to generate 'revenues' (whether in paid for services, support or donations) to create a a sustainable future for themselves and those that they depend on? At what point should OS projects begin to support other OS projects?
I wrote about this last year: aniszczyk.org/2019/03/25/troubles-...
At the end of the day, I think there is a difference between an open source project and a product. Most developers are currently building projects that are widely used, these aren't the things businesses traditionally want to buy. There's also the cruel reality that the market may be telling you something about the monetary value of your work :/
Very interesting, I just can't see me convincing my CFO to pay anything for something that has no contract of support associated. I can pay and the library could still go unmaintained.
Off the top of my head and with only a passing thought, how about a business based stewardship of library forks - paying the original developer if they continue to support it or using a pool of resources to continue if it goes unmaintained? Not sure I'd be happy to have my MIT libraries making other people money as a corporation without any real modification though.
Nice summary. I've tried GitHub sponsors myself, and so far have one sponsor (which I'm thankful for!) for Open Source contributions that I know is used by hundreds of large companies.
After reading a blog post on that subject yesterday evening, I just wrote an article about the idea of integrating a Sponsorware approach into dev.to:
π‘ GitHub Sponsors and dev.to posts
RaphaΓ«l Pinson γ» Jul 2 γ» 1 min read
The big problem I see in the (important, no matter how pessimistic I sound) conversation around Open Source Sustainability is the "build it and they will come" mentality, the idea that, if we write useful code and make it available under licenses that allow big companies to yank it behind a paywall, they're going to finally realize their obligation to the community and Open Source developers around the world will be sitting on fortunes for their altruism.
The reality is that the big companies might hire a couple of developers to get what they want without training someone on their team. But after thirty years of explaining to lawyers that the BSD/MIT-type licenses mean that they can pretend their programmers wrote the code and not need to issue a purchase order, they're not going to spend money on software everybody can get for free.
That's one of the reasons I've become a copyleft hard-liner, even though I'm not producing anything important: If you want to pretend the code is yours or if you want to make changes that don't get pushed back to me, you need to negotiate with me for your own license. Otherwise, you're constrained by the AGPL, because I'm not interested in working for Apple without a salary...and probably not with a salary, either.
I keep wondering, though, if the flaw in "sustainability" is in assuming that it needs to focus on money. Don't get me wrong. Money is important to things like not starving. But in insisting that a sustainable system is a well-funded system where people quit their jobs, it seems like people are just creating companies that require design, marketing, sales, support, and accounting, leading the founders to burn out from the strain of trying to get money from other Open Source projects (the most likely entities to appreciate the work) to, in part, pay other Open Source projects.
I don't know. It often feels like we confuse hobbyist Open Source with "follow your dreams (and live off your savings)" Open Source and (worse) commodify your complements Open Source, and the result is a twisted mess where people are trying to figure out what's stopping the Big Five (Amazon, Apple, Facebook, Google, and Microsoft) from showering us all with money, since they all love Open Source.
Unfortunately, I don't have any legitimate solutions, beyond the deeply unsatisfying, "get a job, Hippie" accidentally implied by my rambling...
Are there currently any attempts at a spotify model?
Your post is very informative and good suggestions :)
Thanks Erik for this post!