Open Source Software has a funding problem.

I actually disagree with the claim that CTOs would not want to contribute to open source libraries to get a job done. Any CTO worth their salt in this industry should know that open source is often a lot more reliable than ad hoc solutions their developers can cobble together. On top of that, the sheer cost savings of downloading a vetted solution instead of developing an in-house solution that will need development and testing time allocated (and the maintenance time going forward, too) is an easy math problem to solve. As a developer myself who often reaches for open source stuff, I am as guilty as anyone else of taking for granted the existence of these things. I think this video is a good reminder to those of us who work for a company to pitch it to our bosses to make contributions to the software we most rely on. Start small - it will make a huge difference to some solo developers giving their time!

atreusduvelll

On the other hand, buying a commercial, proprietary software product doesn’t mean you get a better service experience. Ever tried to get help from Microsoft for an issue with their software if you are a small/medium sized company or home user? 😉

succubiuseisspin

This is reminiscent of what musicians can go through. When say a bar owner wants live music, he will try to hire musicians for slave-like wages if he pays them at all, saying it will give them exposure to get other jobs. In the meantime, exposure does not feed them nor pay rent or other expenses. Developers face the same kind of thing with an added declaration that "anyone can do it." Artists face the same sort of thing too. The trouble is that the people holding the money seem to think they don't have to pay for services rendered. I've been programming for money since 1985 and I've lost count of all the people who thought my experience and knowledge was worthless, despite them finding out that not anyone can do it.
.

peterthecoderd.

This is one of the best videos I've ever seen! The content is so important, especially in times where we are facing the possibility of cyber war in Europe. As a developer I am extremely thankful for your educational content on open source for average people! Keep up the good work 👍

johannes

I just hope that the solution for the open source funding problem, is not that distros start coming with Candy Crush or Raid Shadow Legends pre-installed.

kelvinhbo

This is why we need a middle ground. Companies like Red Hat, Canonical, and even Suse are absolute necessities. Their ability to increase adoption and generate revenue around FOSS is essential as it provides the capital to invest in development and the financial incentive to retain top-talent developers. The more we support them, the more they can support FOSS. This is why I always suggest to newcomers Fedora or Ubuntu. If we're talking distros, then Debian and Arch seem to be the only ones that are purely community driven and built from the ground up. With little to no major sponsors they've done pretty well for themselves.

---GOD---

This controversy arises both from people inside and outside the opensource community. How can we expect people outside the community to take us seriously if the Foss community think Foss is gratis? Any time a project tries to incorporate any serious form of monetization, they are met with great resistance from within the community with responses like "how dare they charge me for this". The irony is that these people are gonna slander proprietary software but economically that's what makes the opensource developers sustain themselves. Most of the actual work contribution comes from opensource. Most of the economic contribution comes from proprietary technology. Which makes both interdependent on each other. And the people that think opensource software developers don't need money they are the worst. Someone's gotta pay the bills.

subhadeepjasu

A key benefit of free/libre software as well as open source software is the availability of the source code. Nothing stops a user (person or organization) from fixing or improving the software.

xA

We need sponsorships to devs and on github just like we have in youtube.

ADITYA-zcbd

In my opinion the mishap is when a corporation (or anyone, really) expect the developer to fix stuff for free. The code is Foss and can be used as such, but the developer's time and continued efforts are not free. Use the project as is (the license only covers that, not the access to the developer), when it needs fixing, fix it, or pay someone to do it... perhaps the developer.
If specific features are wanted, request them, but surely money towards that development will get you there faster.
The developer does not have any obligation to keep at it once the code is out there. The corporation's expectations are not matching reality.

I guess I kinda side with the developer in regards to their continued efforts on a project with maintenance and so on.
Thanks for another great video!

IGqy

Good review of the issues. I do want to point out that the npm download figures are terrible as an indicator of popularity - common (and horrible) npm use case is to push your package.json file to production and let your production servers download the npm packages you need (often unpinned). As a result one user with a few thousand servers (not uncommon) that pushes updates several times a day (considered good practice these days) can easily add 100K to the download counter after less than a year.

guss

Maybe a reward / bounty system can help a little bit for some open source projects. It will allow devs get some money when the community wants some specific feature

gjoe

The Apache mantra is "Community over code" because you need a healthy community to maintain the software. The ideal would be for the companies to be a part of that community. In the case of Log4J, it used to have a healthy community but it did dissolve over time. After all, just how much work does a logging package need? The reality is that the log4j library had too much functionality--and it got exploited.

berinloritsch

The issue is that nobody teaches about open source in this way. Open source is about sharing resources, sharing means giving back too and if that isn't understood or nobody tells that, then of course people will expect free as in price stuff. I think open source projects should remind the users more often to contribute in some way. And there is a huge problem when politicians and company leaders don't know how important that open source code is. I have been in a situation multiple times where I had to teach politicians what is free software and that even thought it's "free" they cannot just rip it off for free. For me this has been so much work that I am planning to build a website to explain things.

jimbo-dev

I can't always afford to pay for FOSS, but I can contribute by supporting others who are trying to use a package, which also has value. I made my living as an Enterprise Level IT Help Desk & beta (and alpha) tester for the past 25+ years. Most of the time, when I offer my services, the owner/creator/developer sees value in not having to constantly answer basic usage questions, finding out if an issue is PEBKAC or bug, etc., and I get the reward of helping said user or O/C/D.

kevinshumaker

10:11 there is still a limit in there tho
for example under german law the "no warranty clause" only works, if you don't do anything knowingly wrong
so, Let's say somebody finds a security vulnerability in your library
you then need to (start to) fix that, because if you would decide to not fix it, you would do something knowingly wrong and as such can be hold liable for received damage after that time

kuhluhOG

Thanks for making this video, Nick. Projects being dropped due to developer burnout or a lack of support is a real issue. Now I’d like to see a video similar to this one, but with regards to desktop open source applications.

Cuperino

A developer is always free to change it's license. he can even abandon FOSS, fork it and start something new (as long as keeps the license obligations for the imported code), or even sell it to a big corporation. When a developer starts in open source he knows where he is heading, he knows all the rules upfront...so there is no foulplay here... if it becomes famous, he can even capitalize on that and end up getting a job with a nice pay.
One possible way would be to sell "TimedAccess" levels. It should be something easy to implement on GIT. like a tier based access. IF you want to have access to dailies you pay an X yearly supscription, if you want to pay less you get access to 6 month code, if you want to access a free tier, you get code with 9 months.
So if a security issue arises, the company that wants to patch it faster will have to pay more.
It kind of sucks, but I am sure there are still some companies that have the log4J lying around, so "free" user would be aplenty... and in the end, it is still FOSS as you get access (eventualy) to the code.
About the big corporations using FOSS... it also is not always free for a big corporation to use it (but it can be, offcourse if you are small and don't have the means, but those are not the targets of this issue), that is usualy a misconception that many FOSS developers have. From all big corps I have passed there is always a full team analysing FOSS for license compliance, and security issues in all of the projects that are used. In one of them we even developed a tool to do code checks and validate the package dependencies (java) for known vulnerabilities in 2 or 3 different services that provide open security report apis, that would break our CI/CD pipeline.
And the culture of giving back to the community is almost never a 100% CTO/Company decision. just like many developers choose whatever FOSS libs they want to use, these same developers can patch and give back to comunity... I have never seen anyone in a company complain about developers solving an issue and spending half a day doing a commit and discussing with other devs... so saying that "Corporations" don't contribute upwards should really be said about the developers that use and promote the same code to be used in those corps.
Just my PO thoughts... maybe a little biased by my "Managerial" position.

Big companies should definitely donate/contribute to the open source projects they use. Even if they paid something large (like 100k) in a one time donation, thats only one year (if even that) of a local developers salary at some FAANG companies. Plus the strength and weakness of open source is that once its published, it's somewhat on EVERYONE to try and maintain it since we are all using it. Its a community effort, not the single responsibility of one person or company.

FloodSnow

Hackers are slowly teaching tech companies the lesson of supply chain. Know what makes up your offering and what enables you to deliver what you promise. An attack against a supplier (including open source software and libraries) can compromise your operation and what you can realistically offer. Sadly, this lesson needs to be re-learned from time to time.

I hope big companies would follow the lead of the EU and make funds available to open source projects that they use. Honestly, the developer does not owe you anything. It should be a collaborative effort and companies should offer support, not demand fixes or changes with no contribution.

matthewsjardine