When Caddy made their announcement earlier this week, I shook my head with pity at what they were about to endure. I could have given them a list of all of the shitty (and merely unhelpful) things people were going to say to them, because I've heard them all, too. There's a deep streak of meanness, and, as the post states, entitlement, in the OSS user community (much less so in the developer community, which doesn't overlap as much as it once did, though sometimes developers do it, too).
And, the really awful thing is that if the project continues, it'll never stop. Every once in a while someone or some group will get a bee in their bonnet about the thing not being open enough, or the authors not following or not understanding the license (as though the copyright holder needs a license), charging too much for the one little thing they reserve for paying customers (no matter how small that amount is...we charge as little as $6/month, and we still get complaints about price).
And, there's always a huge misconception that because an OSS project has a lot of users it must be making a lot of money, especially among the people who won't tolerate any action that would actually make money for the project.
What I'm trying to say is that OSS is a hard-as-hell way to make a living (I've done it for my entire professional life, over two decades now), and there's gonna be a handful of users who will make it unpleasant. I love it when I can build some one-off thing and just throw it over the wall onto Github and never think about it again...where I can take a "use it or don't, but don't ask for my time" attitude. Making a business out of an OSS project makes it harder to select good users (who become good customers), though you have to in order to survive.
I agree with everything you said, but couldn't resist:
The awful behaviors you see from some users of a previously free-and-open project that went closed (ish) sound an awful like the behaviors of . . . paying customers in pretty much every industry.
If they're paying me (or if they're contributing in some way), I'll accept a certain level of belligerence. It's the assholes who think I'm gonna put up with their crap for free that most chap my hide, and I suspect OSS is unique in just how entitled people can be for something they got for free.
What's interesting is that people who pay or people who contribute are, on average, nicer to us than the people who don't.
> What's interesting is that people who pay or people who contribute are, on average, nicer to us than the people who don't.
This should not be at all surprising. It's often mentioned on HN that you get rid of the worst customers by charging more. This is not peculiar to OSS either.
It being "free", in a certain sense, makes it invaluable—a blank canvas on which the ungrateful have the opportunity to each paint their own vision of its worth. Something priced at one dollar is worth a buck, but at zero it's priceless, so there's no specific psychological cap on the well of entitlement for a certain kind of unreflective user.
> It's the assholes who think I'm gonna put up with their crap for free that most chap my hide, and I suspect OSS is unique in just how entitled people can be for something they got for free.
Some people is entitled. Period. They have the same attitude when they pay, when they get something for free, when they are right and when they are wrong. And these people are the ones that ruin it for everyone.
I think Caddy brought this on themselves by being so heavily marketed and user friendly.
I'll have to clarify right at the top that I have not previously commented about Caddy, and I don't care about one cosmetic header nor the need to compile from source, those sound just fine to me.
Anyway: compare https://caddyserver.com/ to http://nginx.org/ and on the former you'll see way more marketing, logos, testimonials, quickstarts, etc etc ... looks way more like a product than an open-source free-software tool.
I always thought this was a weird trend for open source projects these days. I'm accustomed to debian, gnu make, nginx, apache, samba, cups ... useful tools with zero marketing and support. That's just how it used to work ... and frankly it still seems like it works better that way. A super modern website and easy-as-possible getting started stuff sets the wrong expectations in many many people who are not familiar with this world. They expect to do nothing and get a slick product / solution. They're drawn to the language they're familiar with from startups who get millions in funding and promise the world and then fizzle in a couple of years. That's not sustainable for open source projects.
Open source software is very useful and valuable and democratizing. Just the simplification of no per-user or per-machine or per-anything licensing adds a huge amount of value! The economies of scale of good quality open source software is super high. This stuff is really amazing and effective.
But the support does not scale. This is the one part you have to pay for with your own time. It could take years and years. That's the trade-off. You can't get it all for free, it's not possible.
You'd think that, but OTOH, they haven't invested anything so they have no incentive to be nice. You and I may wish people were nice as a matter of course, but sadly, not so much. :-(
(To be clear, I think the really awful users are a just a very vocal minority.)
This provides some good context. People are used to the model of paying for something and the entitlement that comes with it. It's only natural that they would take that default stance when it comes to OSS.
There are perfectly amicable ways of monetizing open source. The most common example is selling a pro version with additional features that go beyond the basic use case. That's a well-understood model and shifts the discussion. Trying to diminish the open offering by adding ads, even if removable, is perceived as taking away something
we charge as little as $6/month, and we still get complaints about price
Charge more. Like an order of magnitude more. You should charge enough that people who complain about price are firmly outside of your target market. If the thing is something you can target to large companies, you could charge an additional order of magnitude more.
Sadly the internet is full of bullies, trolls, and those overburdened with a colossal sense of entitlement, and I feel a lot of sympathy for the Caddy maintainers. I endured a similar situation a few years ago. We coped with it, to some extent, with gallows humour by printing the most outrageous comments and sticking them up on a sort of wall of shame. I particularly appreciated the tweet branding us "software terrorists".
(Btw, this nonsense is exactly the same mob behaviour Jon Ronson talks about in So, You've Been Publicly Shamed - which I highly recommend).
People get angry because they have hope for a better world. Now a lot of the responses he talks about in this blog post are, yes, very childish. I can see that.
OSS companies do struggle. I get that too. A lot of times they don't think enough about the business model before they start building their product. I agree, support contracts aren't enough a lot of times and I can see how their efforts struggled to bring in revenue. What they did is really no different than what RedHat did with RHEL .. that's why we have CentOS.
Today we live in a very different idea of what OSS should be. A lot of people don't differentiate licensees. So much of what is OSS are frameworks and tooling, and even in that space, big companies have worked very hard to get things out of GPL (Clang is a good example...and MacOS which has systematically removed any GPL code over the past several years). So much of our OSS is supported financially by the big players (RedHat, IBM, Google) and the dream of Linux desktops overtaking Windows on the consumer market died a long time ago. But that was the dream:
I don't think it's entitlement. I think a lot of people want to see real OSS; where devs have the time and energy to work together to make really good tooling. We want more projects like DarkTable. We want spare time projects that become amazing that people care about, not more half free/half enterprise stuff.
If a company fails to be profitable, we hope their tooling lives on in OSS. Making OSS profitable is super difficult, and something I don't even look for in my own big project (which is used more by students than in the commercial space).
And the big reality is, will this actually generate revenue for Caddy? Probably not at all. I'm sure they thought this out, and enough of them thought it was a good idea, but looking at it on the outside in, it was a terrible business decision. I mean, what did they seriously think was going to happen? Would companies seriously start paying a fee for what they had gotten for free previously, when it would cost lest just to add a package building step into existing build systems?
Six months out I hope they publish a post on how this affected their actual revenue stream. If it helped them out, then I guess it was worth it to make that decision and I'm totally wrong and I have a lot to learn about business. If not, I'm equally interested in what went wrong and how open source projects can get a revenue model done correctly.
"I don't think it's entitlement. I think a lot of people want to see real OSS; where devs have the time and energy to work together to make really good tooling. We want more projects like DarkTable. We want spare time projects that become amazing that people care about, not more half free/half enterprise stuff."
That sounds kinda like entitlement.
"We want" these things, but "we" only want them if someone has the ability, resources, and time, to do it for free as a "spare time project"? I would argue that's a world where the only large-scale software we can use comes from major corporations (Google, Facebook, Microsoft, etc.), because they have the ability to do "pure" OSS tools that serve their bottom line indirectly.
Also, "real OSS" is what we do and have always done. It's also what the Caddy folks do. The code is out there under an OSS license. This is the kind of attitude that makes it difficult sometimes to want to do any OSS in a way that isn't corporate-sponsored.
My ideal OSS world has a lot of independent developers, not just employees of the giants pushing their particular visions of the future. That's not possible without some level of funding, and since people don't donate, one has to come up with other ways to incent paying for OSS development. We've got hundreds of thousands of lines of systems management code to maintain...that's not a thing that happens merely for fun.
> that's a world where the only large-scale software we can use comes from major corporations (Google, Facebook, Microsoft, etc.), because they have the ability to do "pure" OSS tools that serve their bottom line indirectly.
I think this is a major aspect of the issue. Users of open-source software have been conditioned by these corporations to expect a "no immediate strings attached" license and an almost commercial level of free support provided by salaried full-time employees. What these corporations gain from their OSS projects is often not immediately obvious and thus the public is okay with it.
Now when a smaller company tries to gain something from their OSS work in a more immediate way, they get a violent push-back with people accusing them of not doing open-source "properly". But the problem is that we haven't yet discovered the way to do it "properly" - when commercializing open-source projects works it is mainly by accident (well, or by superhuman marketing feats) and for every successful project there are a lot of undeservedly failed ones.
> I mean, what did they seriously think was going to happen? Would companies seriously start paying a fee for what they had gotten for free previously, when it would cost lest just to add a package building step into existing build systems?
It's a signal that says, "Hey, we actually do need money to keep this going", for those who would've never seen or given a second thought about donation links. I imagine what they were thinking was that people who hold the project in a warm spot in their hearts would pick up on this signal and then sign up for a "plan". (And I imagine that since this is Go, a big chunk of those users are already doing their own builds anyway and yet it's entirely plausible that even some of these people would sign up for a plan just for the warm fuzzies.)
Having a publicized announcement and a plan to get rid of the headers is a gesture more than anything else, and only half a step removed from comments like the text that Marijn Haverbeke has on the ProseMirror homepage[1]:
> If you are using ProseMirror to make profit, there is a social expectation that you help fund its maintenance.
Android, Fuchsia and ChromeOS also have been moving away from GPL licenses.
In any case, as former FOSS zealot, the fact is that pull requests don't pay bills, and for the majority of consumers there are zero differences between OSS software or just get a couple of pirated copies at the weekly bazaar.
Also even the ways one can monetize enterprise software work pretty badly in the consumer space.
"We want spare time projects that become amazing that people care about, not more half free/half enterprise stuff."
Amazing projects require huge amount of effort, experimentation and time. Once in a while there is something amazing that can be cranked out fast. Very rarely.
That is why you see half enterprise stuff. You can't spare time 40 hours a week, year long, five developers (includes organizational and design and marketing work) large awesome project. If you would attempted, your people would likely loose real jobs (due to low performance) and damaged their families over it.
Of course you're going to hear supportive friendly things from your friends. It's much harder to tell someone a hard truth if you see them as your friend and want the best for them.
Here's a blunt truth. If it's easy for me to ditch your product, your product has no value. 90% of the comments here on HN amounted to "gee, I guess I have to spend an extra 20 minutes configuring Nginx now." Solving 20 minutes of Nginx configuration is not a viable business. System configuration is handled by some Puppet library author. Who's going to spend $100 on your product so they don't have to spend $20 on a non-free SSL certificate?
You're friends with the RethinkDB developers? The moral of their story was even if you have a compelling product, even if you have an interesting niche, even if you give it away for free, even if you give away the source code, even if you have features nobody else has, if you are entering a saturated market you are facing a massive, time-consuming, expensive up-hill battle. Moving away from RethinkDB to Postgres is hard. There are things RethinkDB does that Postgres just doesn't do. But people did this anyway instead of paying, instead of contributing.
Moving away from Caddy is simple. Your product barely even exists. That's why you're having trouble making money. Solve a real problem and you'll make real money.
You miss 100% of shots you make when you aim away from the basket with no ball in your hands too.
There is a market for his product. Nginx and Apache already own that market. His differentiator is being easy to install. Puppet et. al. solve ease-of-use for large corporations with the budget. The niche that cares about being easy to install is the niche with no money and nobody to pawn it off on. That niche is also passionate and loud.
If he could make some money back for his time, he would already have had a business here.
This business idea is essentially selling pre-made cardboard signs to the homeless. If they have the money, they aren't homeless; if they don't, well, they already make their own signs.
Not just easy to install. Easy to install, maintain and extend. Those properties clearly have value, not just for those who can't afford to pay licence costs.
The idea there's no market for Caddy is clearly false. As referenced in the linked article, there are already uses of it in commercial organisations, something you're suggesting can't possibly exist as "Nginx and Apache already own that market".
The only criticisms I'd make is that the price is too high (in my opinion) and there should've been prior warning given before switching to a paid model, so that companies could budget for it in advance. However, that doesn't mean they won't have paying customers. Note that they've already got commercial sponsors.
Price being too high is an interesting question. I've found that people willing to pay, will pay a high price. You don't really gain anything putting it any lower. Those that want it free or else stay the same.
Consider what's cheaper, paying for Caddy under its current pricing structure or paying for a consultant to configure NGINX? If the key selling point of Caddy is that it makes web hosting easier to manage, but you can get around that cost by paying a one-off cost for someone to set up a free, high-performance web server, you've taken away the most of the potential benefits.
As a reference, you can see the current pricing structure for Caddy here:
That doesn't look more expensive than consultant, looks less. That's what I'm saying, if anything I think they may have underpriced that cost. That's way cheaper than most support options I've seen.
If you're seeing companies spending $600 a day for a devops consultant, I don't know what to say other than you can get much more affordable, high quality advice elsewhere. That said, the super high wages of IT staff in some parts of the US is a frequent source of surprise for me.
Related to this is the question of what types of users there are, and after some thinking about it I think that's what confused me most about the announcement.
I might be totally off on that, but from my outside impression, there were a bunch of projects suggesting Caddy as a frontend for APIs (to get HTTPS etc), which would often be in a commercial environment. On one hand, great potential sources of customers, on the other hand it seems those using "new" projects like Caddy also are current on other practices: A lot of those projects seemed to be big on container-based deployments. In the HN thread already there were announcements of just building Caddy in the Dockerfiles (or other places of CI/CD) instead of using the official binaries. Once that has happened in one place, it seems likely that would be adopted widely (especially if a project is suggesting Caddy officially, it'll likely include those, since it doesn't want to require users to get Caddy licenses)
On the other end of the spectrum, there are people who were looking for a simple server for their personal or small-ish projects.
Some are go enthusiasts at the same time: building Caddy likely isn't a big issue for them, if they don't do it already because they tinker with plugins. Some others already use Docker etc, they also likely can switch easily to some process of building it.
Others likely aren't, some aren't even much of developers or admins in general, and really were attracted to Caddy because of how simple it is to use (or it was recommended to them on that basis, e.g. as I've done to some people that are more designers or front-end devs). For those, nothing changes if it is just private use and they don't care about the sponsor-header. Otherwise, both options are pretty bad: Suddenly learning how to patch and compile Go projects is, while doable, exactly the kind of thing they wanted to avoid by choosing Caddy. The commercial pricing also is way to high for that: Spending >1k$ on a webserver for a freelancers homepage or a toy project just doesn't make any sense at all. EDIT: Some of the comments regarding "open-source community" also point towards this. Not all your users are open-source developers which consider compiling yourself trivial.
This last group is the one for which the changes are the most annoying, and at the same time the group I before thought Caddy was targeting primarily. It likely makes sense for a commercial offering to target other users, but it isn't surprising when this group is making noise.
Somewhere inbetween seems to be where Caddy's commercial pricing was targeting: Commercial, using a few Caddy instances for something profitable, and willing to pay over going through efforts to avoid doing so/interested in getting support. Similar to Nginx Plus customers.
(Again, I might be totally misreading the situation here, since I'm not exactly part of the community, and certainly not every user falls into these categories)
This seems like a pretty canonical example of "Subtle emotional manipulation based on a misconception" except maybe not subtle.
To quote from the article:
> This was the worst part of this experience, and is akin to abuse. Demands or demanding comments stem from the misconception that users are entitled to FOSS. This behavior also stems from a misconception, but a different one: that open source maintainers depend on, or need, their open source projects.
For most maintainers or project owners, this is FALSE!
> snip
> as well as any comment insinuating that the maintainer is reliant upon a project that is not profitable or sustainable. Here’s the brutal truth for 99.9% (* not an actual figure) of open source projects, folks: you (the user of an open source project) need and rely on the project more than the maintainers do. Do not make the mistake of thinking that maintainers are emotionally tied to their projects. Definitely don’t call it their ‘baby’.
There are three lemonade stands. Two of them are giving away free lemonade; the third is giving away a free lecture about why I shouldn't feel so entitled to free lemonade alongside charging me for theirs. Who's really confused about the economics of this situation?
That doesn't really have anything to do with GP, right?
I feel like this is a maybe-true comment on the link in general, but not the post you're replying to: entitlement/general nastiness towards open source maintainers is very common, as is the misconception about their degrees of commitment to their projects. That's true whether or not a project switches to a paid model, and whether or not maintainers post what you refer to as "lectures".
You are angry about someone else making a mistake in your eyes.
His mistake (people moving away from his product) doesn't affect you, so your essentially drinking poison to spite someone else.
Alternatively, you think things should be free and get angry when people want to get something for their efforts.
For some reason lots of companies are paying for Slack, even though it's basically IRC-plus-emoji, and easily replaced by any of a dozen other chat platforms.
Is it because it's user-facing instead of an infrastructure component?
> (Is anyone offended that you can’t remove nginx’s Server self-promotional header without an extra module?)
Wait a second. The Caddy developers implemented a premium "thank you" feature that embeds their sponsors' company names in the HTTP headers of the binary distribution[0], and then defends this by complaining that you can't disable nginx from simply printing a header that says "server: nginx"? It's not even remotely the same thing!
I think this was a very poor use of judgement. I don't even see why it's relevant that they asked their sponsors "do you want us to put your names in the HTTP headers of all the poor suckers running the binary builds?" There's a handful of other places that would be way more appropriate for spamming sponsors' names, for example: banner on the website, in the log files, on the download page, in the README, etc.
The biggest rub for me was the intentional misdirection regarding the Apache 2 License.
As a web server, the only attribution required is to the person or entity who is deploying the server, not to the people accessing the website! (To be clear on that point, the actual web server software is running on the server end, not on the user end; this is in contrast with a JS library that runs in the web browser)
I think the authors either fundamentally misunderstand the requirements (in which case they should find a lawyer) or they are intentionally misleading readers (in which case they are acting in bad faith and deserve contempt)
I think the main problem is that the original announcement read more like a ransom note than a press release.
IMO the author doesn't realize how much price factors into tech stack decisions, or how the majority of his users are developers who now have the new responsibility of creating business cases for a piece of software (or scramble to find a replacement) that need to go through approval, or the projects that now have to be delayed to switch around one framework on the back end (I can just see the looks of manager/PM faces everywhere when they get the news from one of their devs).
The tone is another big issue. Flippant phrases like "what's new for personal edition users? Not much" isn't going to get any laughs after talking about mandatory payment. Other times, the disdain for users seeps from the wording (like the passive-aggressive "reminder" that internal apps constitute commercial use).
I'd really encourage the author to go back and re-read that announcement as a user who has taken a gamble on your software and is now invested in it. Yes, this might be a completely necessary move for the survival of Caddy. The necessity, though, doesn't mean you can skip the formalities. Users still need to be sold on the idea.
Users don't need to be sold on the idea. They already bought. This is like buying something with your credit card, happily using it, and then getting upset by the charge on the corporate card at the end of the month. As a competent software professional you know the stakes of using free software.
The professional users will pay for the software they're using, or accept the consequences of the tech decisions they made. Maybe the release wording sucked, but software vendors shouldn't be on the hook to sell you the thing you already bought.
That's an interesting thought process. How, though, does paying $0 up-front for something that costs $0 put you on the hook to later be charged any price the vendor wishes? And what makes this different from a $5 purchase? If I buy a hot dog from a street vendor, I certainly wouldn't expect to see another $10 charge from him 6 months later just because he felt like he should have charged more at the time.
Because in life, all prices are subject to change. Maybe you wouldn't expect the hot dog to double in price to $10, and conversely the vendor wouldn't expect you to become bored with hot dogs and now are only willing to pay half at $2.50. The only right each party has here is to say no.
You misunderstand. In the analogy, I never bought a second hot dog. Likewise, all "commercial" users of Caddy had the EULA switched out from underneath them to force them into non-compliance.
You weren't "forced into non-compliance", you could keep your hot dog (=caddy executable you downloaded before) just fine.
The difference between hot dogs and software is that hot dogs don't get (and don't require) updates after the fact, while for software they are important.
EDIT: also, you don't accidentally install new hot dogs through dockerfiles or something - it's quite possible people ran into non-compliance that way, given there was no prior warning.
Again, this stresses the need for clear communication.
> Beginning today, all official Caddy binaries come with an End User License Agreement (EULA) that designates them either for Personal (non-commercial) or Commercial use.
They probably could have clarified this by saying "Beginning with version 0.10.9" instead of "all binaries".
This was pleasantly nuanced and comprehensive. The gamut of reactions to license changes is always a fascinating roller coaster.
The "most maintainers have very little to lose" point is one that isn't emphasized often enough. For every famous, high-profile FOSS developer who gives big swaths of their life to their projects, there are dozens or hundreds of people who are: a) contributing stuff they build for their job that they convinced the company to open source (hopefully out of good will, and not out of "maybe community PRs can fix our garbage fire") b) contributing code they wrote while learning something new for personal or professional enrichment, or c) just doing it as a fun activity.
The give-your-life-to-a-project folks are important, and prolific. Hats off to them. But so are all those other contributors. They might write less code than the lifers, but their code isn't any worse because they spend fewer hours per week developing it; it just takes longer to get written. And there are a lot more "casual" FOSS developers than lifers. Many FOSS projects started out in that "casual" realm before they became household names today. Sure, a lot of people think some of those casual projects aren't great, but that's not unique to small FOSS projects (cf. systemd).
All this is to say: be careful when communicating, especially negatively, with FOSS maintainers. If ethics and basic decency isn't reason enough to treat your fellow humans with compassion, try self-interest: a lot of these people are so un-invested in the projects you depend on for your {fun|living|freedom from the soulless void of the blinking cursor in an empty terminal} that your "How could you be so stupid?" or "Guess this project has gone to hell" comment on their GitHub PR might be enough to make them abandon it entirely.
Edit[s]: I accidentally some words and punctuation marks.
Oh, boo-hoo. I maintain a bunch of FOSS projects too and I endure entitlement too, and I yet was still there calling you out for this. What Caddy has done is deliberately mislead and disrespect both new and established users. Other groups have added commercial licensing options to their software without facing (as much) vitrol because they didn't mislead or disrespect people while doing so. Don't think Caddy is in the same league as them. You got hate because you did it wrong, not because you did it at all. Your post is mining for sympathy because you got hate for being a jerk and it demonstrates that you've learned little from the event.
You may not owe your users anything, but guess what: they don't owe you anything either. That's how open source works.
You may not owe your users anything, but guess what: they don't owe you anything either. That's how open source works.
Yep, that is how open source works. Note the 'source' there? Anyone is free to charge for compiled binaries. If this compilation has added bonuses (e.g. including plugins) that gives people a reason to pay for that compilation. In any case, those that don't like it can just compile the project themselves.
What exactly do you think was misleading about this move?
> Anyone is free to charge for compiled binaries. If this compilation has added bonuses (e.g. including plugins) that gives people a reason to pay for that compilation. In any case, those that don't like it can just compile the project themselves.
Yep, anyone is free to charge whatever amount for whatever service/feature they offer. But apparently, in this case, the backlash against Caddy's move is greater than the willingness to pay for the service rendered (building binaries without the sponsor header).
Matt's post, and a lot of comments here on HN defending Matt, are missing the point: yes, there was vitriol, and yes, people reacted in a way that was disproportional to the announced changes, but in the end the most important take-away is that people are _not_ willing to pay for the product and are angry because of the changes and the way they were handled. This will cost Caddy a lot of business. Period.
In my opinion Matt should have done one of two things:
- Own up to his mistake (if he agrees it's a mistake)
- Stand by his choices, grow a pair, and laugh at the community for their silliness
What he did instead, is play the victim. He's not a victim. He tries to run a business. That alone will always alienate people. Deal with it!
Can we try to move away from phrases like "Grow a pair"? It's such a classically unhelpful line. I feel like this isn't even being too nitpicky -- women can't grow a pair, and saying that men lack a pair is nothing more than an insult.
The underlying message is "shut up and deal with it," which is also unhelpful. People can feel how they feel, and there is no shame in expressing those feelings in a productive way.
It seems like he grew a pair and told community what he thinks. He is actually dealing with the fact that some people don't like businesses - he is responding to them in calm rational manner. Right here, in the linked article.
What he is not however, he is not doormat that would pretend to laugh when being lied about, when his oss credentials are attacked, etc. Neither he is refraiming what he considers "vitriol" as "silly community". The two expressions have two different meanings. You may disagree about characterisation, of course, but it seems that you don't. You just want him not to talk about it.
Demanding that he pretends issues are what he does not considers them to be is to demand he becomes a coward and poisons the community with feel good lies.
Have we forgotten about Mozilla/Debian [0,1] already?
A hypothetical -- but certainly possible -- scenario: $distro (e.g. Debian, RHEL, Ubuntu) takes the Caddy source, removes the controversial header, builds a binary package, and distributes it as "caddy" via their standard repositories. Light Code Labs doesn't approve of this and asks/demands that $distro stop using the trademark. $distro now has to make a choice: remove the "unapproved" changes from their package, stop distributing their package, or rebrand the software under a different name.
(That potentially could have happened here [2,3] but it was quickly resolved well before it got to that point.)
I don't think "it doesn't" is correct -- at least not for 100% of cases.
I just read the release announcement and, while poorly worded, I don't see how it misleads or disrespect users.
OSS is just that : a promise that users may modify the software to their heart's content. They didn't break that promise at all. Care to share why you hold your view ?
I rather think this was probably incompetence rather than malice or, as someone I know likes to say: cock up, not conspiracy.
That being the case do we really think it's justified to roast them over it? Do we really think it's OK to make unpleasant accusations about them? To character-assassinate them? To drag their names through the mud and hurl insults at them?
I don't think so.
My suspicion is that all you know about these people is what you've read about them on the internet (granted: some of it will have been written by them), but the internet is a notoriously fickle and inaccurate source.
I seriously doubt they've "deliberately misled" anyone.
You're probably right. People don't always track down what people have posted elsewhere, even if it's further down the thread. This would seem to be an opportunity to share your complaints, or perhaps just let it drop.
Thanks. I'm sure that's helpful for the member you responded to and anyone else following the discussion.
And you're right. You can't be held accountable for people jumping the gun. Regardless of how they comment or their lack of preparedness, you are responsible for how you yourself respond. And part of that is hopefully to assist when people are uninformed.
I didn't say it was a conspiracy. What makes you think I did? I said they were jerks and instead of apologizing they played the victim and mined for sympathy.
The world and oss especially would be much better place if people were able to criticise without being so emotional about it (the hate and personal attacks part). It is like, every other issue leads to blow up of emotions.
I think a significant portion of the hate could have been avoided if mholt made it clear in "The High-Order Bits" section of the original blog post that Caddy is still free to use for commercial purposes if you build from source and also explain that it's possible to remove the response headers. That lack of clarity can be explained by the need to push businesses to pay for a license. This move is often perceived as a dark pattern among hackers who hate it with a passion, as evident in the previous post's HN comments.
Having said that, what was particularly disturbing was the amount of hate towards the Caddy team. It's best to explain why think a certain change was "bad"/not in the your best interest and maybe offer suggestions on how to balance the need to build a business without alienating the community that supported the project in the early days. Outright vitriol is not a productive way to further your cause.
I guess building a business out of FOSS is as hard as ever.
It depends how you look at it:
1. I would contribute to GCC because it's still "free".
2. I would have contributed to Caddy, but now they are half commercial, so I'm disinclined to provide my "free" to their commercial success.
Most decent people that I know would calmly do the same.
Most leeching off Caddy will send the vitriol to the author. But, they are not his community, now they are his customers.
> It depends how you look at it: 1. I would contribute to GCC because it's still "free". 2. I would have contributed to Caddy, but now they are half commercial, so I'm disinclined to provide my "free" to their commercial success.
Your argument would apply to any Apache or BSD licensed code. Not just Caddy.
Caddy has used the Apache 2 license for 2 years. Why would you not contribute now vs when the license was committed? Because they are not providing full free builds anymore? The public source code you are contributing to is still free. Nothing would have stopped anyone else from slapping a EULA on a custom Caddy build to sell.
It feels like a poor reason to refuse to contribute to an Apache licensed project.
An Apache licensed project with no commercial offering will happily incorporate your improvements whenever they meet its quality standards and scope. Now, when the company controlling the upstream project is chafging for the same functionality your patches provide... let's just say ut is going to be harder to contribute them upstream.
That's why I find it a no-brainer to invest in and contribute back to open source projects without "paid features available" whereas I will avoid the same project when they do.
Projects where maintainers get money through support contracts are fine for me, although a similar argument may be made regarding the project's documentation/easiness of configuration.
> Now, when the company controlling the upstream project is chafging for the same functionality your patches provide...
It's important to correct this statement, which is either disingenuous or just incorrect.
Light Code Labs is not charging its users for the functionality of the Caddy server. They are charging its users to provide pre-compiled binaries with optional customization in the form of a selection of plugins and server types.
Don't conflate binaries distributed under EULA via the build server at caddyserver.com with the actual functionality of the (still 100% free) software. You're welcome to (not) contribute and (not) benefit, at your leisure.
As the actual post linked by OP states, the maintainers tried support contracts. Nobody bought them, so it wasn't sustainable. Their options were to look for other solutions or stop maintaining the project. You may or may not prefer that they abandoned it instead, but they made a choice.
(This doesn't necessarily apply to Caddy, I'm thinking more abstractly)
Licensing isn't everything. There's a difference in attitude between an open source project that provides commercial services to support itself and a commercial project that also has an open source version. It's a fuzzy line, but "is this good for business?" and "does this make it a better project?" don't always align.
No one is forcing anyone to release an open source project or make anything available for free. It's a choice. There are entitled, selfish and extremely immature users but also projects.
Open source users frequently put up with extremely poor products in the beginning and help them mature and grow.
In the case of users some are frequently on HN itself complaining if a project repo on github is not updated in a week. There are startups who are successful who let alone give anything back to open source projects do not even properly acknowledge their use. This is hand waved away on HN when it should be the leading force of change against this kind of self serving culture.
Users pay you with their attention, that is the currency of open source and adds tangible value to your project in the beginning when you have no users. So projects like Caddy have been paid and validated by their users which enables them to now make a commercial push.
Once you gain traction you can't suddenly change the rules of the game and change the narrative to 'free' and 'paid' users or 'developers' and be dismissive of users who supported you.
Yet when even projects like Debian dismiss users to focus on developers now that they have traction, nevermind a project without users has no reason to exist, its not surprising this is the predominant dismissive attitude in open source towards users.
As someone who was going to switch a few personal projects to Caddy this weekend, and who read through both the initial announcement and this, I am now massively confused by the whole thing and have no idea what users are actually allowed to do.
Is "sudo apt-get install caddy" allowed? Does header advertising mean "Server: caddy" or "X-Advertisement: go to www.malicious.com for camgirls"? Is this indicative of a broader move to stop supporting the open source version? If I had previously installed Caddy through a package manager that grabbed the official binaries, and I updated my system, would I now be breaching an EULA that I never saw? And so on.
Obviously I am not entitled to get anything for free and don't use the software anyway, and I can probably find answers after 10 minutes on the Caddy website, but this seems like a communications issue that might have made people angry - particularly if they thought they would have to immediately migrate back to nginx with zero notice.
The caddy source code is licensed under the Apache License. As a user, you can modify and/or use the software in pretty much any way you see fit -- as long as you download the source and build it yourself. You can add or remove features (including the controversial header) and use it as you wish, but redistributing modified versions and calling them "caddy" may not be permitted.
Binary packages from your distro should also be fine.
If you download and use the binaries from the caddy web site, you are bound by their EULA.
To be safe, use the version provided by your distro or -- even better -- build it from source yourself.
You may want to read the actual Apache License [0] yourself, skim over the "Licensing conditions" section [1] of the Wikipedia page, or, at the least, review GitHub's bullet points [2].
I don't believe there are any Caddy packages in the main repos. You have to download and install it yourself, or create your own .deb (correct me if I am wrong)
In terms of the header, that change was reverted a few days ago
> ...toxicity festers in open source because it’s all too common for forks to ground their motivation in emnity towards other projects.
This is wishful thinking, for the most part. Communities don't break off because things are going well. The American Revolution wouldn't have forked if King George had been sympathetic to their needs.
There has been this assumption that software is "free" for so long that many people must assume it is nearly trivial to create and maintain.
Perhaps every download page should have a preamble reminding people how many staff, how many collective years of effort, and how many dollars for laptops, web hosting, etc. went into what they are about to use. Perhaps every "./configure && make" should print a similar dump to the terminal. Put it front and center, clue people in.
> Comments started rolling in, but I had class until almost noon. With me in class and Cory at his day job, it was impossible to coordinate any responses until much later that day.
The quote above clearly shows a huge oversight -- there were no plans in place to block out time to do PR after the announcement. Better to schedule the announcement to coincide with a period when the co-founders would be able clarify the public's perception of the changes. Even for OSS projects, marketing is important. But that's not even the underlying issue.
There is a subtle but very important observation that the OP's article didn't touch and I think will help illuminate why the seemly small changes to Caddy lead to the outburst of entitlement and vitriol directed at Matt and Cory.
Humans are naturally loss averse[0] this is why there is an enormous difference between marketing copy that says "a $5 discount" versus saying "avoid a $5 surcharge". The original announcement[2] was framed[1] like a loss -- existing users should prepare to deal with previously non-existent advertising of Caddy's sponsors -- causing the human instinct of loss aversion to kick in in full force.
This will always happen whenever you switch your user/customer interaction from social to market norms [3] which is essentially what it means to monetize an OSS project. Better to keep a free product unchanged then create a separate product targeted at commercial users [4] to avoid alienating your free users, or incurring their wrath.
Engineers are generally skeptical of marketing but this is one of those situations when good marketing would have helped to put out fires.
Well, I barely knew Caddy (had to google it again), but after reading the "Ugly" section I am sure I will not become a caddy user anytime soon.
I mean we all know how brutal (emotionally) online communities can be and I respect anybody who stands against it. Nevertheless, I do not think that 'Entitlement' and 'Emotional Manipulation' are the real problems here, because those are just honest expressions of what other people think. Those comments are some kind of feedback which the maintainer can accept or ignore.
On the other hand, there are a lot of dicussions where we have personal assaults, like 'the maintainer is a prick' or 'what a dumb move'. Those are totally unacceptable and the people discussion should show what they think about such comments.
And in the end, HN has a very heterogenous group of commenters, but Paul Graham gave us a guide on how to write good comments: http://www.paulgraham.com/disagree.html
1. Dealing with paying customers is actually worse than this.
Unless, of course, you have an army of lawyers.
2. You initially sold people on this project. That's what got your project enough eyeballs in the first place for you to even consider making it a business.
3. Of course, your acquaintance will not complain - that's precisely the reason they are still with you. As you got upset when people told you of your unfairness. It's such a pity that these days people don't even have friends who can tell them the truth to their face.
4. OSS as requires a certain spirit. The OSS project is being sold on a set of ideas which is exactly opposite of the commercial world - that's why they use and contribute to your product.
5. Maybe you are too poor to be an open source contributor, I suggest getting a job and not expecting to make money by flipping the board. That will get you more fame and respect.
In some ways, I agree with him; he doesn't owe anybody anything, it's fine to make money on his software, etc. The whole thing still rubs me the wrong way, and I think some of the presented arguments are, to say the least, biased.
>> “But then I have to build from source to get what I want.”
> Yes… that’s the point. Welcome to open source.
> I do find it ironic that the open source community is so irate about having to compile software from source to customize it the way they want.
I trust the author is using LFS or Gentoo, and is personally building his Go toolchain and not using any Google-provided binaries?
>> “So I have to pay to remove ads from my web server.”
> This was one of the biggest misconceptions.
Half-credit, you're both wrong. Users could pay or build themselves to avoid ads. So to a hobbyist who was using Caddy specifically because of the tiny learning curve, this is not a misconception. Thankfully this is a mostly moot point since they took the ads back out.
EDIT: Fixed formatting. One day, I will post and not have to fix newlines...
Oh, and for bonus points, after telling us that we should just compile it ourselves, he highlights that there is a helpful build server, which "was once open source"... but no, you can't have it; they've closed it up. And even though it was "open source" at one point (his words), "If you find some old source code still online, be aware that no license file was added to the code, and we have not granted others any license to use it." It could be open source or unlicensed, pick one.
You're right, looking again at it, that paragraph is poorly worded. I should have said something more like "the source code was on GitHub" instead of "it was open source".
At the time it was "on GitHub" -- regardless of the presence of a LICENSE file -- was your intention that it be considered and/or treated as "open source"?
I don't use Caddy and never have so I'm mostly a disinterested third-party so it doesn't matter to me either way. I'm more curious if you honestly never intended it to be open source or if you're simply using the fact (now, later, when it's convenient) that a LICENSE file was never explicitly included as an "out".
> I trust the author is using LFS or Gentoo, and is personally building his Go toolchain and not using any Google-provided binaries?
There's a big difference between (a) not paying for something while being grateful to the maintainers for allowing you to get away with not paying, and (b) not paying for something while sneering at the maintainers and ironically calling them "classy" in hopes to cash in on short term community karma.
Software licensing is damn hard. When it come to certain tools people wont use them if they are not open source or don't get active maintenance. But they are also willing to pay for it.
Every popular project gets this kind of crap. The best response is to push back on these entitled fools.
I don't see how this is a better business model for Caddy than donations (which didn't work.) This is still basically a donation model, since they are not creating a separate closed-source edition. This is a way to automatically solicit for donations, making them look more like licenses.
Why is a new web server so important that there were going to be commercial users paying for it over established alternatives. When I saw that it was written in Go and replete with the latest buzzwords, I realized that this was written for ninjas. The intersection of ninjas plus commercial users may be too small for a business. (I hope I'm wrong for the author's sake)
FWIW, the changes to Caddy mean I won't be using it going forward.
* I'm not going to build from source - the key differentior for me was that Caddy was _simple_. If I need to build from source, that goes away. ("I do find it ironic that the open source community is so irate about having to compile software from source to customize it the way they want" misses the point IMO - a key selling point of Caddy was HTTP2/SSL with minimal configuration, attracting people far beyond the "open source community").
* The promotional header is a non-starter for me. My current site very deliberately shows no ads and relies on as few external services/resources as possible, so I'm not happy embedding an ad in every request (I know it has been reverted, but it's still shown on https://caddyserver.com/pricing which would make me concerned about it coming back).
* The personal/commercial licence split is something I don't want to have to worry about. Currently the personal licence is fine, but what if I decide to add ads to get a few pounds a month back? It's not something I really want to have to think about.
* Pricing - I would consider paying to avoid the header/concerns about personal/commercial split, but starting at $1200/year (billed annually) is a complete non-starter. It's nowhere near what I could afford, but I'm also not seeing why you would pay that - basic email support doesn't seem compelling, there are no additional features over the free version, and it seems any company who could afford to pay it would also be in a place to build from source (or pay for an nginx consultant and get a comparable feature set).
Of course the Caddy devs are entitled to make these changes, but they make it into something I don't want to use.
Two other quick points while I'm here:
* Brand guidelines of "Please do not call it Caddy Server" seem strange when the main domain is caddyserver.com
* Linking to an EULA (from the footer of caddyserver.com) that contains e.g. "{{if eq .Type "personal"}}" is less than useful.
FYI, there is no FOSS -- that expression is a misunderstanding. There is the free (libre) software movement, and there is the open source non-movement: two different viewpoints based on different values.
No doubt many people here are already aware of Richard Stallman and his views about open source software, but needless to say his perspective is the beginning, not the end, of a discussion.
It's just wrong to say that that "there is no FOSS" as if you were correcting someone's spelling mistake. The debate about the direction of open source/Libre software is too important to be treated in the way you chose for your post.
Slight addition to your post, RMS isn't really the beginner of free software. He did start GNU, but the idea of free software existed long before him. He is the most well known vocal proponent, of course.
He has done much for the movement and this isn't meant to denigrate him. It's just that there was free software proponents before him and he's just the famous one. I'm sure Wikipedia has an article on the history of free software. It should go back at least as far as SHARE, from the 1950s, as I recall.
Again, this isn't meant to denigrate RMS, or his work. He's a nice enough fellow. In fact, we went to school together. This is just a bit of a lead for those who wish to look deeper.
He is the beginner of "Free Software," which is a term he defined. He isn't the first person who let people look at source code, allowed people to freely use and remix a particular piece of source code, or who didn't charge for software.
The turn of phrase is something you can attribute to him, if you want. He's done great things, but he's not really the beginning. I was addressing that part of the statement.
I want to get a t-shirt that says in block letters, "STALLMAN IS CORRECT".
Scolding on tone aside, the comment by RomanPushkin is also correct:
> FYI, there is no FOSS -- that expression is a misunderstanding. There is the free (libre) software movement, and there is the open source non-movement: two different viewpoints based on different values.
This is very much the literal truth at least in my little world. Stallman's vision and response (the GNU license/weapon) are very much the "alpha and omega" of Free Software. In contrast, the entire "Open Source" non-movement either doesn't get it or doesn't care. From the POV of a free software true believer (Hello there!) there is no point to Open Source.
> "From the POV of a free software true believer (Hello there!) there is no point to Open Source."
The key differentiator between open source and free software is ideological. If you value ideology over pragmatism, then I'd see your point, otherwise it's kind of a misguided statement.
There's nothing in the ideals of free software that prevents what the Caddy authors have done. Stallman has made it clear time and time again that the 'free' in free software is a matter of liberty rather than price. The freedom to charge money for free software has been made very clear to anyone paying attention. Here's an article from the GNU Project website about selling free software:
> There's nothing in the ideals of free software that prevents what the Caddy authors have done.
You're right. By coincidence, I had just gone to look at caddy after the announcement was made, which I missed, and I confess, the header in the binary turned me off for reasons I can't quite articulate. It hurt my feels a little. Some how it felt wrong.
Still, the folks who flipped out and flipped the table are out of line, in my opinion.
You're absolutely correct about selling Free software. I wish more people did it. Matt Holt and co. should get money for their hard work. I'm tooling up a thing right now and I'll probably use and pay for Caddy.
Now that they removed the header that decision is much easier for me personally, but my emotional response wasn't due to a violation of Free Software principles (after all you could compile your own binary!) It had more to due with squishy, unquantifiable things that don't make a lot of sense when you dredge them up and look at them in the light of day.
> The key differentiator between open source and free software is ideological.
I very much disagree. There is a pragmatic difference. The ideology of capital-F Free Software derives from a pragmatic goal.
RMS wanted to fix a printer.
Today, we live in a world where the computers in our cars have been programmed to lie to us about the hardware they control. (Not to mention the lies were in service of poisoning the air for personal gain.)
RMS designed the GPL as a weapon against these people.
"Open Source" at best weakens this tool, and as we've seen today, spreads confusion.
> ""Open Source" at best weakens this tool, and as we've seen today, spreads confusion."
How does it spread confusion? How does it weaken free software? Open source and free software are just two different approaches to collaborative software development. There's no confusion in my mind about the benefits they both offer.
As for the GPL as a weapon, there's a reason why GPL is falling out of favour. If open source did not exist, most companies simply wouldn't bother sharing source code. How would that help you?
No. That's not correct at all. I am pro-business. I like capitalism (as an API not an ideology.) If I thought the GPL was "hostile" to making a buck I wouldn't advocate it.
A business model based on providing software and keeping it secret is fundamentally anti-social and stupid. This is even before we encounter things like cars that lie about their emissions, still at the stage where you can't repair your own tractor.
Okay, so what is your argument? What makes free software a 'fire extinguisher' and open source a 'bottle of seltzer water'? The only arguments you've made to separate them so far are...
"RMS designed the GPL as a weapon against these people."
> "The key differentiator between open source and free software is ideological."
You said...
> "I very much disagree."
You then explain your position with a link that says...
> "The two terms describe almost the same category of software, but they stand for views based on fundamentally different values. Open source is a development methodology; free software is a social movement. For the free software movement, free software is an ethical imperative, essential respect for the users' freedom. By contrast, the philosophy of open source considers issues in terms of how to make software “better”—in a practical sense only. It says that nonfree software is an inferior solution to the practical problem at hand. Most discussion of “open source” pays no attention to right and wrong, only to popularity and success; here's a typical example.
For the free software movement, however, nonfree software is a social problem, and the solution is to stop using it and move to free software."
In other words, you link to an article that spells out in plain English that the difference is ideological. The approach to software is almost the same, but the reasons behind it differ. That's an ideological difference.
> "That laden false dichotomy died a long time ago. At best, one can speak of "short term pragmatism" vs "long term pragmatism"."
In general yes, but not in this case.
There's very little practical difference between free software and open source. Both have access to source code and freedom to distribute/modify/use that source code at their core. For the most part, the rules built up around open source and free software only have a practical impact on how it interacts with non-free software. So for example, having binary blobs in the Linux kernel. Note that whilst the Linux kernel is GPL2, it's still run as an open source project. Regardless of whether a project uses a free software licence, it's the ideological approach to non-free software that splits free software and open source.
You could argue that binary blobs in the Linux kernel are a case that can't be described as long term pragmatism, but what's the alternative? That the device without a free driver goes unused until it has one. It could be argued that the existence of binary-only driver releases hold back the long term goals of free software if they take away the desire to write free software drivers, but we can see that people still want free software drivers regardless. Nouveau is a good example, it's a project that's been going for years with almost nonexistent assistance from NVIDIA, and has never matched the performance of the closed source NVIDIA drivers, but people still continue developing it despite the obstacles, and people continue using it despite the lower performance. If short term pragmatism damaged long term pragmatism then projects like Nouveau most likely wouldn't exist, as it's hard to argue against the fact that the NVIDIA closed-source drivers are the superior choice in the short term.
The alternative is not to use the device, and/or find a replacement.
That may sound fairly dogmatic, but over the course of a decade or so, its pragmatic value becomes more apparent. If a piece of hardware works with free drivers, it will likely continue working until the magic smoke escapes. With binary blobs this is not a given, as various kernel upgrades (or even user land changes) might break the environment.
I realise that people no longer count the usability of their hardware in decades, but still, there is immense practical value in knowing that the thing you set up to work once will continue doing so allowing you to focus on the task you set it up for without requiring your attention.
This, of course, goes against the use case of chasing for example (graphical) performance through the use of proprietary drivers, but that raises the question of what that performance is used for, and whether these use cases are inherently pragmatic (catering to the newest generation of desktop environments, etc. It might be a good argument that these DE increase productivity for the user, but still, the "pragmatic" argument doesn't fall automatically to one side here).
On a larger collective scale, the long term pragmatic effects of using free drivers over proprietary drivers are not really disputed I think.
As a less technical example (because OS en FS are, as you mentioned, almost indistinguishable there):
Getting off FB is a recurring theme here on HN. Free Software values have always led me to eschew that particular site at the expense of social convenience. As I now read these various stories, I can safely conclude for myself that I indeed made the long term pragmatic choice.
Open Source here doesn't really have anything to say on the matter, where Free Software has always recognised sofware as a social institution as well as a practical tool. As such, it might be easier to recognise any long term detrimental social effects resulting in a long term pragmatic approach for individuals.
And, the really awful thing is that if the project continues, it'll never stop. Every once in a while someone or some group will get a bee in their bonnet about the thing not being open enough, or the authors not following or not understanding the license (as though the copyright holder needs a license), charging too much for the one little thing they reserve for paying customers (no matter how small that amount is...we charge as little as $6/month, and we still get complaints about price).
And, there's always a huge misconception that because an OSS project has a lot of users it must be making a lot of money, especially among the people who won't tolerate any action that would actually make money for the project.
What I'm trying to say is that OSS is a hard-as-hell way to make a living (I've done it for my entire professional life, over two decades now), and there's gonna be a handful of users who will make it unpleasant. I love it when I can build some one-off thing and just throw it over the wall onto Github and never think about it again...where I can take a "use it or don't, but don't ask for my time" attitude. Making a business out of an OSS project makes it harder to select good users (who become good customers), though you have to in order to survive.