This seems to mostly be a policy piece, targeted at political folks rather than technical ones. The laborious establishment of a couple analogies was particularly hard to get through, but I suppose it will be useful for the target audience.
A concern with this sort of thing is that it will have weird expectations about developer responsibility in securing the, as they like to call it, “software supply chain.” It was nice to see that that they reiterated the open source developers basically have no responsibility.
I don’t see too much objectionable here, no idea if they proposals would actually help but they seem mostly harmless.
An analogy that occurred to me while reading was: open source developers could be seen as more like a natural resource, something like wild animals. In particular wild bees. People don’t really expect bees to follow many instructions. You can set up nice places for them to put their hives. But mostly you should just leave them alone and be happy to collect the honey they produce, which they produce as a side effect of existing — you can check if you want to eat it.
«You can domesticate programmers the way beekeepers tame bees. You can't exactly communicate with them, but you can get them to swarm in one place and when they're not looking, you can carry off the honey.» (Orson Scott Card)
It looks like a piece of poetic fiction, appropriate for the author.
The largest piece of context I could find online is [1], dated 1995, and written apparently earlier, at the time when programming was seen as wizardry, not really engineering, and definitely not as a knowledge-heavy but mundane money-making occupation, on par with a stock trader.
We have no obligation to pay their rent because they explicitly waived such desires.
EDIT: I realize I failed at reading comprehension. Apologies.
Free-as-in-libre runs counter to asking for payment because they, as far as my layman understanding is concerned, are mutually exclusive. Code can't be free-as-in-libre if you have to pay monies to get any rights thereof.
Open source, on the other hand, is just that: The source is open for viewing. You can read the code at your leisure, but what you can do with the code or the knowledge gained from reading it is an entirely different matter.
So a free dev fundamentally can't charge for his code, but an open source dev can charge for his code.
Open source, on the other hand, is just that: The source is open for viewing
No. You're confusing source-available with open source (several large software corporations are very grateful to you for perpetuating their FUD). The monetization rules are identical for Open Source and Free Software. From the horse's mouth:
1. Free Redistribution
The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale.
> We have no obligation to pay their rent because they explicitly waived such desires.
It's not about obligation. Nobody is claiming we're legally obliged to pay developers of free or open-source projects. It's about interest. As in it's in society's interest to pay for valuable infrastructure that's available to the public.
As an example, consider weather data. It's a huge benefit to all sorts of people to have good weather and climate data. It supports not just the activity of citizens, but of many businesses. Are we obligated to pay for that? No. But is it in our interest to? Definitely. If we want things to be sustained, we need to make them sustainable.
Otherwise, eventually the person in Nebraska will decide they have something better to do: https://xkcd.com/2347/
Seeing as NASA and NOAA are paid for by taxes, it actually is. Now with the (decidely American) pedantics aside...
I agree with you in principle, but ultimately if people want to be paid they need to make that need or desire explicitly clear and on the record. Voluntary generosity can and will only go so far.
If someone releases their code under free-as-in-libre and/or -beer licensing, they don't get to subsequently complain if acts of voluntary generosity are "insufficient".
Currently weather data is paid for by taxes. Although it hasn't always been, and it's currently under threat, so it's not a given going forward. But that's all beside the point.
The point is that it is in society's interest to just pay for some things that are widely benefited from. Weather data's just one example.
> if people want to be paid they need to make that need or desire explicitly clear and on the record
Nope!
> they don't get to subsequently complain
Also nope! You are not a person who gets to decide that for everybody.
A free license isn't a suicide pact or a ball gag. People can do things and then complain if it's not working out. Or not, as they prefer! But that too is beside the point. Which is that as a society we should figure out ways to support public goods like certain open-source software. Whether or not a given package maintainer asks.
> If someone releases their code under free-as-in-libre and/or -beer licensing, they don't get to subsequently complain if acts of voluntary generosity are "insufficient".
You are hitting shortcomings of copyright, rather than mistakes if the authors
Could it be possible to create an open-source license that allows hobbyists and researchers to use the software for free, but would require commercial users to pay? Or does something like this already exist?
Of course, enforcing that might be pretty difficult in practice.
You might be able to accomplish more or less the same goal by dual licensing under AGPL and paid proprietary if you require a contributor agreement. QT (a GUI library for C++) is dual licensed LGPL and proprietary because some corporate users are uncomfortable using LGPL software (LGPL allows software to be dynamically linked but not statically linked to proprietary code).
The reason why I suggest AGPL is because it closes the "running it on a web server isn't distribution" loophole in GPL and that makes AGPL code persona non grata at Google and most SAAS companies. This license scares many companies either because they want to modify GPLed code without sharing changes or because they're afraid of having to open source other code that the AGPLed code is integrated with. This would effectively be virtually the same as a non-commercial/proprietary dual license but you'd be able to rely on the Software Freedom Conservancy's lawyers to enforce your copyrights for you and you'd have the support of the existing FOSS community.
The key however is that you have to do the contributor agreement and secure copyright or an unrestricted license to all code before merging it into your project. Otherwise offering the proprietary license option would be copyright infringement on your part if any contributor objects because you'd only have rights to their contributions under AGPL. (It's also a good idea in general to make sure any employed contributor's employer isn't going to attempt to claim copyright to their FOSS contributions before accepting the pull request.)
I think it's a good question, and would mirror the spirit of some of the Creative Commons licenses [1] but I don't think the core problem is the license as such. The problem is that writing good open-source software and running a successful business are entirely different and somewhat contradictory skill sets.
Were I a billionaire, I'd just set up a program of grants to individual developers with proven track records of making things useful to the world. Something like the MacArthur Fellows program [2] (also known as "genius grants"). There's a lot of library code that we feel should just be free, and for whom pricing and charging for it would be such a giant pain in the ass that it's uneconomical.
Sometimes that work gets big enough that it can support the overhead of a non-profit that can go out and hustle grants and donations. E.g., numpy. [3] But it's not easy for a project to get to that level and then to attract the new set of right people to make it happen. I still think there's a huge gap between what we are funding and what's societally optimal to fund.
Certainly. Despite what some people might tell you, the only real requirement behind something being Open Source is that its Source code be Open for viewing. Nothing more, nothing less.
There are plenty of "free for personal use; restrictions apply for commercial use" type products and licenses out there. To use a specific software example, almost all mods for Kerbal Space Program are open source with a "free for personal use, commercial use prohibited; redistribution prohibited" license.
Also note how there are plenty of free-as-in-beer, closed source software out there. Commercial, open source software is simply a mirror opposite of them.
Free-as-in-beer vs. Commercial, and Open vs. Closed source, are separate concepts that can co-exist in any combination.
This is incorrect, by no means does the Open Source Definition require that source code be open for viewing by the public, only by recipients of the software.
I never specified public viewing, nor does any code require the blessings of "Open Source Initiative" or their "Open Source Definition" to be open source code.
Open source code is simply source code that is open. Nothing more and nothing less.
Free-as-in-libre means you don't have to pay for code itself, as it exists at a given moment. You can, but don't have to. However, that doesn't mean Free Software becomes completely detached from the economy - on the contrary, it's actually meant to empower the economy, in particular smaller and local economies. That's because labor isn't free.
Say the code, as is, solves 90% of the problem. To get to 100%, you need some changes to be made. That is, you need to get someone - the original author(s), or a third party - to make them for you. They're not obliged to do it for free - only to release such changes for free to everyone's benefit. So you have to pay someone. The license just makes sure everyone benefits, and that incremental benefits need to be only paid for once.
Additionally, code alone isn't a solution. Any kind of deployment, hosting, management, etc. involves labor, whether in-house, hired, or from a service provider. Again, the code commands money to be moved to those providing value by building up on it. The license only makes sure nobody gets to treat the code itself as their exclusively-owned capital.
no! free as in libre means free as in freedom like the word liberation, not anything to do with paying.
because, it gives the user the freedom to use a program and then modify it to suit their own taste, and to give that same freedom to any person using their version.
> no! free as in libre means free as in freedom like the word liberation, not anything to do with paying.
That's a naive, dreaming view. RMS and others at FSF were and are realists. GPL isn't an empty political statement.
> it gives the user the freedom to use a program and then modify it to suit their own taste, and to give that same freedom to any person using their version
Yes, that's what the license says, more or less. But that alone isn't interesting. Look instead at the first-order consequences. Look at what these statements do.
Or, in other words, as you read code, don't focus on syntax but on what the program will actually do when run.
No, he’s right. The GPL has everything to do with freedom. Money and monetary aspects are entirely orthogonal to the GPL and the FSF as a whole. This is said by Stallman and the GNU projects itself.
https://www.gnu.org/philosophy/selling.en.html
Thanks for linking. I re-read that article just now, and I interpret it differently. In a completely abstract view, GPL indeed says nothing about money. However, there's a reason the very article you linked exists - GPL exists in the real world, world defined by money and markets. As such, the article reminds us that being able to sell the software is a part of the end-user freedoms that Free Software protects. The article in fact explicitly recognizes people need to make money, and encourages them to try making money on Free Software.
My claim here is that Stallman and the FSF have a very realistic view of the world. The Free Software isn't about empowering individuals - it's about empowering communities. And communities, in the real world, always have some form of internal economy - be it favor-based, gift-based or money-based. They have a form of specialization of labor. They're also embedded in the larger local and global economies, and to survive, they need to be productive participants. Free Software isn't preventing people from making money on software - it's just counteracting the natural tendency for software to turn into capital and concentrate in the hands of the few. That is, it protects people's ability to make money via the software (should they choose to) from the interests that would build on it, establish exclusive ownership, and use it to seek rent.
FWIW, this became clear to me when I started to look into what the "right to repair" movement is really about. There's a common argument against RtR, that's very similar to a common argument against Free Software: that it assumes or mandates everyone to be a specialist able to fix and improve their devices on their own. But the RtR crowd had a very clear counter to this: it's not about you becoming a hardware engineer so you can fix your own devices. It's about you being able to get a friend, or find a local repair shop, and pay them to fix your device for you. RtR is also expressed in terms of individual freedoms and seemingly orthogonal to monetary issues - but it's been made clear all this is primarily about making the economics of local community repairs work.
Once I grokked that, I realized Free Software has always been about the same thing, but for software.
you've written a great comment i agree with, but you completely did not understand my comment. keep fighting the good fight, you have no fight with me.
isn't it interest that people say "you're just arguing over semantics" when they actually mean "you're just arguing over syntax"?
I'm saying that "free as in libre means free as in freedom like the word liberation, not anything to do with paying" is true in the same way a random piece of C++ code has nothing to do with CPUs, screens and keyboards. The code itself doesn't talk about hardware explicitly, but it's also not a poem - it's been made to be run on some hardware, and do things that are entirely about doing stuff to hardware. Same with Free Software - it talks about freedoms, but those freedoms are being exercised in the real, money-driven world, and they affect that world in specific ways.
> isn't it interest that people say "you're just arguing over semantics" when they actually mean "you're just arguing over syntax"?
I think I didn't make this mistake here. Or did I? Either way, it's just another unfortunate case of language drift, very similar to "literally" vs. "figuratively".
It's not discrimination because everyone has to pay the price tag. Equality is about equal opportunities, not equal outcomes.
That said, commercial open source software by and large fail because the primary reason people want open source software is because they all tend to be free-as-in-beer. Nobody truly cares about libre and cooperation and auditing, it's all about the monies.
Don't believe me? The first thing nearly all large-scale FOSS deployments tout is how much they will save in Windows and Office licenses.
It seems to me that there ought to be a principle of "opacity entails responsibility".
An open-source project and its developers can easily claim to have no liability because it's possible for downstream users to fully inspect the source code. However, it's harder to argue the same thing for a closed-source product or service.
If a company claims to provide a closed-source service according to certain specifications, and then fails to, then they're liable for that failure. In other words, if you want to fence your code off to more effectively generate profit from it, OK -- but now you are liable for any disasters caused by it.
It becomes particularly interesting if and when a closed-source project depends on open-source dependencies upstream, especially if these dependencies are not declared. Can the downstream company then deflect responsibility? It seems that not.
Of course, it's not a black and white thing. A developer that deliberately inserts malicious code into an open-source codebase should still be held liable for this. I'm sure one could craft a similar argument for limitations on liability of even closed-sourced codebases.
Many countries like to ensure a certain level of food security by growing essential foods domestically or importing them from good allies. Yet, farmers also don't have any responsibility. They only respond to incentives set up by the government.
> Yet, farmers also don't have any responsibility.
Em, no, your food has to adhere to numerous rules around use of pesticides, livestock loving conditions, disease (can't sell infected meat) and statutory reporting.
Developers on the other hand have no responsebility about quality of their code, unless it's outright malevolent i.e. a virus
Yes, but that's because farmers are selling the food. If developers sell software, they should be liable for providing software according to spec. In both case, the act of selling is done under an implicit or explicit contract.
But if they are FOSS developers, there is no contract, because there is no exchange. In this case, developers should have about as much responsibility as say authors who write books for the public. They should be liable if they go out of their way to write harmful information/software, but if they took reasonable precautions, they should be fine.
I mean, you can always quit your job of course, but if you sell food I guess you have some responsibility to make a reasonable effort to ensure it isn’t poisonous.
The EU Cyber-Resilience Act would mandate expensive 3rd-party audits for some categories of software (including open-source) before they can be sold commercially, https://news.ycombinator.com/item?id=33594440
> the big players who can afford certification will be able to use ANY open-source component for free but the people who built it will have a tough time to go to the market because they will require the funds they don't necessarily have.
The list of "critical" software categories can be updated by the EU based on perceived cybersecurity risk. It currently includes:
Operating systems (server/client/mobile)
Hypervisors and container runtimes
Public key infrastructure
Firewalls for industrial use
Routers for industrial use
What a strange wandering analogy-laden article. The actual benefits of open-source software to governments are pretty clear:
1) Many government services and programs rely heavily on software. Private vendors who supply proprietary software solutions to governments at high cost could be replaced by open-source solutions maintained by government employees, with the core code for each critical package updated regularly and checked constantly for security flaws by a separate entity.
2) Note that in this scenario, a great many techs across a wide variety of government agencies would be responsible for installing, monitoring, updating etc. their local systems, but the actual job of developing and maintaining the code body would be the job of another entity - something like a government-funded academic foundation.
So yes, uninstall Windows across the board and install Linux. Huge savings right there. See Brazil, 2005:
As far as the actual software-infrastructure interface, i.e. the code that critical infrastructure from the FAA to the trains to the electricity grid relies upon, let alone the nuclear power plants, well, "Stuxnet" is the first thing that should come to mind. That's a situation were security thinking should come first, and open-source avoids the 'security-through-obscurity' flaw, at least.
I'm always a bit ambivalent about these sorts of articles.
On the one hand if free software is got the greater good, then it makes sense that collective payment would be effecient - and the existing collective payment system we have currently is taxes and govt funding. So yay, let's tap into that.
On the other hand this system is grossly ineffecient, and is subject to political oversight. Do we really want them picking and choosing winners and losers?
This sort of funding also leads to stagnation. United Launch Alliance has been happily consuming govt $ for 5 decades, with very little improvement in tech. SpaceX comes along to show what can be done by adding a bit of ambition. (and I understand they sell to govt now, but they started with private money.)
At the root of this discussion is the fact that Open Source / Free Software has yet to figure out the right funding model. We all agree that the current outcomes are positive, that competition is healthy, that Open access is desirable, but after 4 decades of trying we still don't know how to effeciently fund it.
Donations are a bust. Companies aren't set up to pay for things altruistically, and govt funding would (IMO) likely corrupt the system, and incentize gaming-for-grants rather than making better software. Plus those you most need the $ will discover that applying and getting govt funds can result in a lot (I mean a LOT) of extra paperwork.
So yeah, on the one hand more $ in the system is good. But govt $ comes at a cost.
And that's before we discuss who actually gets paid if a "project" is funded.
We already have people in big companies picking winners and losers via the kinds of projects that they fund. Having more funding can only lead to more winners, hopefully of a different kind than what companies are picking.
Direct contributions are a solved problem too, most projects have pull requests for technical contributions and donations buttons for financial contributions.
The hard part is indeed to convince people to contribute, but the Blender Development Fund shows that people who care do contribute financially.
>At the root of this discussion is the fact that Open Source / Free Software has yet to figure out the right funding model.
It has. The biggest one is that tech companies work on open source software either to accomplish their business needs, commoditizing their complement, recruiting, etc. The money to do this comes from that companies business model / investors.
I find a lot of things tending towards "governments should fund this". I agree in principal that, at least in this case, everyone should collectively fund this. I don't understand how diverging ability to tax (given gross, massive, uncontrolled tax avoidance) and increasing pressures to fund as society grows more complex (and just/fair/compassionate?) and we realize we have difficult, not-profit-solution-compatible problems are ever going to meet. What's the all-encompassing solution? Our problems are that we cannot continue into debt infinitely, we are struggling to implement basic global tax norms (real, true minimums), there will always be inter-country competition for capital, people will always hate being taxed, we cannot ignore problems indefinitely.
A couple of points. Govt's dont make what they fund, its nearly always outsourced including but not exclusively the decision making. You want Govt's to fund roads, a roads laying and maintenance is nearly always outsourced to a business.
On the point of this software, does open source software really matter when its still going to be run on a closed source cpu of sorts. Your network switches, are just highly optimised cpu's for the job of routing, which is still closed source. Even something like ARM on the RaspberryPi is closed source BLOB's.
At best, this is like arguing for legislation to made available online when previously it was only available from the parliamentary library's or some of limited and specific journal like the thegazette.co.uk for company related announcements.
However all my internet access comes from private businesses, so how would open source software be of benefit to me, when most people are still using a private provider. Even Broadcom provide most of the broadband cabinets here in the UK which is a private business last time I checked.
The cover image, of grievously mutated minifigs, surrounded by the guts of surreal machinery strewn about the floor... represents a dire situation of open source infrastructure?
(I can't tell whether it's Stable Diffusion or intentional.)
That's crazy that this group (Of VIPs IMO) got involved in this topic. I wonder what this spells? I'd love to be optimistic but the phrases that come to mind are: something wicked this way comes; and, slumbering toward Bethlehem to be born...
The fact that policy folks (essentially non-productive folks living off other people's work) are considering making unpaid volunteers criminally liable for security bugs leads to a question: how did we end up here?
This policy paper argues pretty strongly against making unpaid volunteers criminally liable for security bugs.
People in the political realm think of tech as "big tech" (their term for FAANG) and are currently trying to come up with solutions to address the societal problems caused by the FAANGs. That's why it's important for people who understand tech to explain the full consequences of their policy ideas to politicians, regulators and others discussing how to regulate tech. It would also help if there were more people from the tech world going into politics because there's a real risk that computer illiterate politicians will pass something stupid or will inadvertently allow FAANG to capture a regulatory agency and use it to crush their smaller competitors.
Just posing the question of criminal liability for FOSS devs is weird. Moreover, all the proposed solutions are "keep the samaritans non-liable", but prevent them from making any money (or just a very low sum/year) off FOSS. What gave these policy makers right to do this? What kind of perverted mind must be present to come up with these arguments?
Only read the executive summary, but that far it just reinforces my view of open source as the road to serfdom for talented engineers. Sure, there’s a line here and there about funding maintenance and security audits, but writing it in the first place should of course be free.
I have the greatest respect for Richard Stallman sleeping under his desk at MIT so he could write gcc. But I like to get paid. I like to do business. I would like to write challenging and interest software while living in a house, and yes: partaking in the capitalist system. I don’t like the idea that any challenging and interest work in software must be given away for free.
There is no reason to not get paid for writing Free Software in the first place too. Some Free Software companies do that, but there are also things like grants.
Yes! Wonderful. While my friends who are exceptional lawyers or doctors can look forward to a career with more and more challenging work, an elevated position in society and exceptional earnings, I can look forward to: begging for grants or being employed on the lowest rung of some mega corp. It’s truly wonderful the position we have gotten ourselves into as a profession. ;) /s
You are confusing Open Source and Free Software. Richard Stallman always pushed for reciprocal licensing e.g. GPL. Companies have been pushing against that because they love taking without giving back.
A concern with this sort of thing is that it will have weird expectations about developer responsibility in securing the, as they like to call it, “software supply chain.” It was nice to see that that they reiterated the open source developers basically have no responsibility.
I don’t see too much objectionable here, no idea if they proposals would actually help but they seem mostly harmless.
An analogy that occurred to me while reading was: open source developers could be seen as more like a natural resource, something like wild animals. In particular wild bees. People don’t really expect bees to follow many instructions. You can set up nice places for them to put their hives. But mostly you should just leave them alone and be happy to collect the honey they produce, which they produce as a side effect of existing — you can check if you want to eat it.