“I’m looking at you, Fortune 1000 companies, the ones who have never lifted a finger to contribute to the open source community that gave you this gift."
FREE AS IN BEER: THE ECONOMIC FOUNDATIONS OF OPEN SOURCE SOFTWARE
Then in 1997, a programmer named Eric Raymond published The Cathedral and the Bazaar, an essay that analyzed the process of developing free software. At the core of Raymond’s seminal text is an idea that he has termed “Linus’s Law,” the idea that if enough people are working on a software program, any bugs hidden in the code will be caught and patched quickly. In essence, Raymond was making the case for the efficiency of free software development. Since it was developed out in the open, anyone could look under the hood of free software programs, which meant that any bugs that might be lurking in the code were more likely to be discovered quickly. A corollary to Linus’s Law was that free software could develop more rapidly since anyone could come up with their own improvements for the software and send them to the core developers on the project.Read More: The Culture War Comes to Linux
It’s difficult to overstate the impact that Raymond’s analysis had on the free software movement. After its publication, Netscape, a web browser that was one of the most valuable software properties in the world, made its source code public and cited Raymond’s essay as a “fundamental inspiration” for the decision. Clearly, Raymond’s manifesto had caught the attention of a number of Silicon Valley luminaries who realized the latent business potential in free software.There was just one problem: The free software movement was burdened with a major ethical component, and ethics are bad for business. So in 1998, at the behest of Raymond and the budding media titan and “meme hustler” Tim O’Reilly, a group of high profile free software evangelists gathered to figure out how to make free software attractive to industry. As Raymond later described the gathering, the developers at the meeting mounted a “marketing campaign” in order to “re-brand the product and build its reputation into one the corporate world would hasten to buy.”“It seemed clear to us in retrospect that the term ‘free software’ had done our movement tremendous damage over the years,” Raymond wrote in an essay published in Open Sources: Voices from the Open Source Revolution, noting the term’s “strong association with hostility to intellectual property rights” and “communism.” According to Raymond, "the success [of open source] after Netscape would depend on replacing the negative Free Software Foundation stereotypes with positive stereotypes of our own: Pragmatic tales, sweet to managers’ and investors’ ears, of higher reliability and lower cost and better features.”"The success [of open source] after Netscape would depend on replacing the negative Free Software Foundation stereotypes with positive stereotypes of our own: Pragmatic tales, sweet to managers’ and investors’ ears, of higher reliability and lower cost and better features."
THE ECONOMICS OF OPEN SOURCE
THE TRAGEDY OF OPEN SOURCE
Some open source maintainers have attempted to regulate how their software can be used in the past, such as by barring companies that work with Immigrations and Customs Enforcement from using the software. This was met with a strong negative reaction from the open source community and the decision was eventually reversed, a testament to the deeply held belief that open source software should be freely available to all. On the other hand, the regulation of access to the open source community has been floated as a possible solution to developer burnout. As the developer William Gross noted in a blog post, this model of “open source, closed community” would essentially charge users a fee if they want access to the community of developers working on a project."Tech companies make billions off OSS and give almost nothing back. They could solve the problem today and barely dent their bottom lines."
GitHub launched in 2008 and although it’s not the only place where programmers come to store, review, and discuss open source software it has become the closest thing that the FOSS community has to a town hall. Today, the online software repository hosts over 100 million code repositories created by some 25 million contributors from around the world. The motivations that compelled these 25 million souls to contribute to open source development are manifold, but according to David Hansson, the creator of the open source web development framework Ruby on Rails, over the last two decades there has been a fundamental shift in the profile of open source contributors.Read More: [The Last Independent Mobile Operating System
](https://motherboard.vice.com/en_us/article/pa5x9z/the-last-independent-mobile-os-sailfish-jolla)
“Googlers are encouraged to work on open source projects that are relevant to their work, fun, or interesting to them,” DiBona said. He pointed to data from 2018 that showed that Google employees accounted for more than 1 percent of all activity on GitHub as evidence of the company and its employees’ commitment to open source development.“You’d be hard pressed to find a technical Googler who hasn’t made a contribution to an open source project,” DiBona said.By mandating or encouraging some of their employees to work on open source code, companies like Google and IBM are directly contributing to the open source community. Many of the companies also dole out monetary contributions to non-profit organizations such as the Linux Foundation, Apache Foundation, or Mozilla Foundation, each of which have multimillion dollar endowments.The question raised by independent developers, however, is not whether major tech companies are contributing to open source. Rather, it is whether these companies are contributing enough, and whether these contributions are going to the right projects.Jacob Kaplan-Moss, the co-creator of the open source web development framework Django, has argued that these multi-billion dollar companies need to contribute much more to the open source community at large. Kaplan-Moss specifically pointed to GitHub, which was recently acquired by Microsoft for $7.5 billion, and suggested that if GitHub really cared about open source, it would give half the proceeds of that sale to the maintainers and contributors actually creating the software.“You’d be hard pressed to find a technical Googler who hasn’t made a contribution to an open source project"
“The root cause of OSS burnout is money,” Kaplan-Moss tweeted. “The only way to solve it is money. Tech companies make billions off OSS and give almost nothing back. They could solve the problem today and barely dent their bottom lines. If companies actually cared about OSS instead of virtue signaling, they’d turn those massive exits into windfalls for open source maintainers and foundations.”Hansson, although not opposed to more funding for open source projects in general, has taken a more cautious stance when it comes to the “perils of mixing open source and money.”“If you have a project that has a few hundred contributors and you start introducing specific monetary rewards for slices of work here and there I think you get into very dicey territory very quickly,” Hansson said. “People who haven’t valued their work in an economic sense, who were doing it for the community, for fun, or for the creativity, are all of a sudden forced to think about their investment of time in market terms. I think in many cases that can do a great disservice.”As an example of this disservice, Hansson cited his own contributions to Ruby on Rails. When he first started Rails, Hansson said he would get inundated with feature requests, bug reports and so on, and that many of those emails expected him to fix all these problems as if he were a software vendor. Yet by eschewing market values, Hansson was able to adopt a “fuck you” mentality, which he said has proved to be the “number one defense mechanism” against the developer burnout that runs rampant in the FOSS community. If he were to accept money for his work, he would be obligated to meet the demands of his customers. Yet because he is freely contributing to a community project, he isn’t beholden to anybody.Read More: Thousands of Projects Ditched GitHub for GitLab After Microsoft Acquisition
FREE SOFTWARE ISN’T FREE
So anyone is free to create their own Android operating systems from the open source code, but Google has a policy that forbids using its applications on any non-official Android OS. This policy was justified on the grounds that it would help app developers from having to modify their apps to fit dozens of slightly different versions of Android, but the most noticeable effect is that the open source Android OS has become inextricably bound to proprietary Google products. Companies are free to use a custom version of Android without Google products on their phone if they want, but it’s at their own peril. Amazon was foolhardy enough to try this in 2014 with the Fire phone, which ended up being a $170 million dollar mistake. Although the lack of Google apps wasn’t the only reason the phone failed, it was a major cause of its demise.
Tidelift is sort of like what Red Hat did for Linux, but for all the other FOSS projects: Businesses pay for support services related to the open source projects they’re using. As Fischer described it to me, Tidelift is applying the same logic to the FOSS community that AirBnb brought to the hospitality industry and Uber brought to the transportation industry.Tidelift uses a custom program to track changes across hundreds of open source libraries so it can track how code changes affect companies that have registered with the service. If a code change in one of those libraries result in security, licensing, or maintenance issue, developers that have signed up with Tidelift work on any issues associated with that change. Under this model, companies pay a flat rate to Tidelift, which then takes a cut and distributes the rest to the developers, who are paid according to how many companies are using the code that they are maintaining.Tidelift’s model is similar to one of the oldest funding mechanisms within open source: Bug bounties. These are basically an agreement to pay a developer who discovers and/or fixes a known bug in some open source code. A number of services have cropped up to fulfil this need ranging from Gitcoin, which pays out bounties on the blockchain, to the European Union, which launched its own bug bounty program for 14 open source projects in December. In 2017, a company called Code Sponsor aimed to monetize open source projects by connecting them with companies who could place advertisements in the readme files of the open source project. Code Source has since changed its business model and reorganized as CodeFund which is leveraging ethical digital advertising to fund open source projects.Some of the more active developers on popular open source projects have taken fundraising into their own hands by soliciting support through crowdfunding services like Patreon. For well-known developers working on well-known open source projects, this can be quite lucrative. Evan You, the creator of Vue.js, an open source JavaScript framework for creating user interfaces, pulls down over $17,000 a month on his Patreon, for example.Read More: Major Open Source Project Revokes Access for Companies That Work With ICE
You is, of course, something of an outlier among developers. Other programmers working on open source projects earn much more modest sums through crowdsourcing. Henry Zhu recently left his job to work full time on Babel.js, an open source JavaScript compiler. He relies entirely on crowd sourced support for his income, which is currently around $1,500 a month on Patreon.In January, GitHub’s open source project manager Devon Zuegel wrote a blog post on the site titled “Let’s talk about open source sustainability.” The post highlighted a number of problems in the open source community, which included inadequate resources and governance, lack of communication, and work overload. Zuegel implored the community to give input to the company on how it could improve these areas for open source maintainers and contributors.“For us it’s all about giving a lot of support to these developers who are building software, listening to them and building tools that are going to help them in the future,” Kathy Simpson, the senior director of product management at GitHub told me on the phone. “We have an obligation to protect the connective tissue between these projects and communities and help them grow it.”“Being a maintainer can be a really challenging and thankless job,” Simpson added. “We’re very aware of that and we want to do everything we can to move forward holistically.”Got a tip? You can contact this reporter at daniel.oberhaus@vice.com
Despite GitHub’s ostensibly earnest attempt to help the open source maintainers, the call for suggestions was met with mixed reactions. Some developers welcomed GitHub’s attempt to improve the experience of running an open source project while others took issue with the company’s insinuation that there is a sustainability problem in open source.“The sustainability argument in particular is grating for someone who has been here for two decades,” Hansson told me. “If you're going to make an argument that there's a sustainability crisis, you have to point to diminishing contributions, or fewer projects, or somehow more than just a handful of outlying events. I think there are projects that do fall into this weird space where there isn’t an active core of maintainers who can do it as freelance work and there isn’t an individual company that sees a need to sponsor it directly, but I don’t recognize that as the general story.”The issue of whether there is a generalized sustainability crisis in open source is a contentious one, but that doesn’t obviate the need to find a solution for open source projects that do struggle to find funding and volunteers to support development. Whether these are marginal examples or a rising epidemic, the fact that they continue to work on open source projects in spite of this shortcoming is a testament to their dedication to the goals of the project and open source development more generally. Yet most developers are in agreement that if there are ways to sustainably fund the open source community, this will ultimately lead to even better software.As Zhu noted on Hope in Source, a podcast series he hosted with Eghbal last year, the open source community is a lot like a religious community, especially where money is concerned. People give freely to organized religious institutions so that the people who work there can continue to carry on the organization’s work without having to find outside work. These organized religious communities need some money to function at a basic level, but their most important assets aren’t monetary—it’s the people coming together to make the religious community a reality. Even with all the money in the world, one person does not make a religion, nor can they sustain a widely used open source project.“We want to encourage people to be involved,” Zhu said. “In open source, time is way better than money.”Still, it is unfair of tech companies and other users to rely on poorly funded and overworked developers to maintain the open source software that powers modern society. While the extent to which this is a problem is an empirical question that deserves to be researched, the fact that it is happening is not. As Eric Raymond pointed out over twenty years ago, one of the best features of open source is that its openness and community-driven development model produces better software by reducing security risks and bolstering efficiency.The world is only becoming more dependent on open source software for both consumer products and critical internet security infrastructure—and it shouldn’t take a cataclysmic vulnerability like Heartbleed to convince companies and users that sustaining this open infrastructure is something worth paying for.“If you're going to make an argument that there's a sustainability crisis, you have to point to diminishing contributions, or fewer projects, or somehow more than just a handful of outlying events."