The Internet Relies on People Working for Free
September 18, 2019 8:06 AM   Subscribe

"cURL is used on billions of devices. It's included in every modern car. It's integrated into every iPhone. It's integrated in millions of TVs. Also, it's been maintained by one man, for 20 years, for free."
posted by Sokka shot first (65 comments total) 39 users marked this as a favorite
 
Seems like a pretty simple solution: stop making updates until the companies dependent on it decide to pay for what they're using, or start employing their own people to contribute to the code maintenance. I get the good intention behind open source, but if you've created something that these companies that sit on mountains of money are using for free, I don't feel that much sympathy for well intentioned but frustrated coders who expect these companies to do the right thing.
posted by allkindsoftime at 8:21 AM on September 18, 2019 [5 favorites]


stop making updates until the companies dependent on it decide to pay for what they're using

The problem is that if you're the kind of person who's put in the time to create a utility that's as crucial as something like cURL, it's hard to force yourself not to maintain it because the satisfaction of making something useful is what motivated you in the first place.

I have written some trivial little utilities that are useful to a tiny handful of people, and when I find out that somebody somewhere is having trouble using them, it makes me want to drop everything and figure out what's going wrong so I can fix it and help them. That's not necessarily a universal experience, but I think it is a pretty common one to this particular kind of software.
posted by Sokka shot first at 8:34 AM on September 18, 2019 [74 favorites]


Seems like a pretty simple solution: stop making updates

That's an easy thing to say about somebody else's life's work.
posted by J.K. Seazer at 8:35 AM on September 18, 2019 [58 favorites]


Also, presumably, sometimes these projects’ users outlive their creators. What then?

But I also feel like open source/creative commons ought to have some kind of enterprise-level clause like “this is free for anybody to use but I’d your company is worth more than 25M and you’re using this in a product there’s some strings”
posted by Jon_Evil at 8:38 AM on September 18, 2019 [5 favorites]


"Many in the open-source community are opposed to the idea that they should be paid in any way"

Um, what? I mean, some people in open source may be opposed but ... that is not my experience. People may be confused about how to be paid, but the idea of open source being done by an army of volunteers who are just about pushing code into the world is seriously outdated.

There are a few efforts to support infrastructure software like cURL, e.g. the Linux Foundation's Core Infrastructure Initiative, Software in the Public Interest (SPI), and Software Freedom Conservancy all try to support projects that are not tied to corporate interests.

The proposed "simple solution" is... yeah, not going to work. Here's what happens if something like cURL stops being maintained "upstream" - various vendors will fork the code and apply patches as needed (which may happen anyway, but...) and maybe (or maybe not) someone at a vendor may start a new repo as the new central repo for others to draw from (in the context of, say, Linux distributions, say).

I am wholly in favor of maintainers being paid. OTOH, having a single maintainer for a major project would be considered an anti-pattern. If you have a project that's truly crucial to the Internet, as cURL is, it should have a succession plan and all that goodness.

(There's also the problem of things like cURL being plunked into embedded systems and never updated regardless of the status of the upstream project... that's a whole 'nother can of worms, though.)
posted by jzb at 8:47 AM on September 18, 2019 [22 favorites]


Since cURL is free and open source there is, of course, nothing preventing the companies from making fixes themselves to push back into the core project. Some companies aren't doing the sort of work where it makes sense to hire developers that would/could work on cURL. But for other companies, the fact that they can't be arsed to do this is a telling detail.
posted by at by at 8:49 AM on September 18, 2019 [4 favorites]


In some ways this feels like the flip side of the RMS/ERS thread from the other day. On one side of FOSS you have a bunch of toxic behavior and on the other side you have an enormous amount of hard work, skill, and dedication for little or no renumeration outside of a belief in the worth of the FOSS philosophy.
posted by gwint at 8:50 AM on September 18, 2019 [22 favorites]


The Medium article doesn't exactly help the situation by choosing, for whatever reason, to hyperlink to the source repo which is owned by corporate interests, and to not hyperlink to the one which isn't.
posted by Cardinal Fang at 8:52 AM on September 18, 2019 [11 favorites]


I also feel like open source/creative commons ought to have some kind of enterprise-level clause like “this is free for anybody to use but I’d your company is worth more than 25M and you’re using this in a product there’s some strings”

1) then it's not open source, by definition.
2) This sort of clause is toxic for adoption because good luck trying to track the "strings" when you're an enterprise worth more than $25M and you're using 100 different custom licensed projects. There's a reason there are accepted and standard open source licenses and companies avoid custom licenses like the plague.
3) Single maintainers that are not supported by any sort of company / organization are not going to be equipped to interface with 50 different companies that have to negotiate "strings" with that developer.

(Also also complications with taking in money from the organizations and being paid across various countries...)
posted by jzb at 8:53 AM on September 18, 2019 [11 favorites]


On one side of FOSS you have a bunch of toxic behavior and on the other side you have an enormous amount of hard work, skill, and dedication for little or no renumeration outside of a belief in the worth of the FOSS philosophy.

I don't think it's quite as much of a flipside as you think. I honestly categorize the degree to which the open source community valorizes being a "hero" and doing a bunch of un-remunerated work that is then used by companies to make a lot of money as pretty toxic.

I'm not saying open source is bad, but I think there can be a lot of pressure to be a "team player" (or, worse, "do it for the exposure") that asks a lot of people, often in ways that exclude those who can't afford to spend all that time on a thing they aren't getting paid for (which unsurprisingly means excluding historically marginalized groups).
posted by tocts at 9:02 AM on September 18, 2019 [6 favorites]


FOSS on one hand is a wonderful way of getting people who have more time than money involved with the IT ecosystem.

On the other hand, it's shit, because people who give away professional level work for free to entities who could absolutely afford to buy it are taking money away from themselves and/or (more importantly) other people who'd have to be paid to write it.

I have mixed feelings about it, not even considering the toxic waste dump miasma atmosphere.
posted by seanmpuckett at 9:22 AM on September 18, 2019 [5 favorites]


Mistaking or conflating the freedom to fix or otherwise modify the software you use at your own will for software being available at zero charge is a common error, but they really are entirely different things.

Personally, I'm happy, or at least content, paying for software I find useful. I'm much less happy running software built from source code I can't see without very large sums of money being exchanged, if at all.
posted by wierdo at 9:35 AM on September 18, 2019 [11 favorites]


I think there's a strong argument to be made that if many of the Free or Open pieces of software did not exist, everyone's lives would be a fair bit shittier. No Internet over IP, but a token ring network, Apple running Copeland, not MacOS, some Newton-like thing on the iPhone, No Android, but something based on Symbian or WinCE, no toolchains, except Microsoft's (hey maybe Borland would still exist). And so on. Everything we have now but slightly/a lot more shittier, less compatible, harder to use, and more expensive.

Compare the mess of video/messaging apps to the universality of email, for example. WhatsApp can't talk to Facebook Messanger can't talk to iMessage can't talk to whatever nonsense Google is trying to make work this week. That's how well everything works. It's not just direct monetary costs. Probably more importantly is the economy of your attention. Do you want to use the AoL network, Verizon's or Apple's? I'm super glad we don't have to make that kind of choice.
posted by bonehead at 9:35 AM on September 18, 2019 [20 favorites]


Also, cURL author Daniel Stenberg still can't travel to the US and the DHS won't tell him why.
posted by mbrubeck at 9:54 AM on September 18, 2019 [14 favorites]


> Compare the mess of video/messaging apps to the universality of email, for example.

That's not quite a software issue as much as a standards issue, but it's an important point and totally relevant to the current discussion. The IETF, W3C, and so on rely on volunteers to draft internet standards (uncompensated work) which at the IETF at least are only ratified by consensus (a whole lot more uncompensated work).

Email succeeded because of the unpaid* efforts of dozens of people working on the standards that every company rolling their own email apps could refer to. And network technology continues to advance because of the volunteer efforts of people dealing with the gnarly and unsexy problems fundamental to how large volumes of data get moved around.

*(Some people are employed specifically to write their companies' interests into standards, but then again there are other people there to ensure it doesn't happen.)
posted by at by at 9:56 AM on September 18, 2019


I dunno. Lots of firms open-source their products; free tier and paid tiers. There's some VC out there who wants a piece of those paid tiers.
posted by j_curiouser at 10:06 AM on September 18, 2019 [2 favorites]


When companies abuse sidewalks by leaving their scooters all over the place, the answer isn't to privatize the sidewalks (well, I guess some people probably do think that is the answer), but to figure out how to make the companies pay their fair share for upkeep. The technological commons that open source software represents is of enormous benefit not only to giant corporations, but even more so to independent developers: Microsoft, Apple, and Google could afford to rewrite the entire tech stack, but without open source, independent developers would find it nearly impossible to do anything at all.
posted by Pyry at 10:07 AM on September 18, 2019 [17 favorites]


Stripmine the billionaires and redistribute their assets so everyone can live comfortably no matter what they "contribute," and nobody will have to worry about getting paid.
posted by Faint of Butt at 10:12 AM on September 18, 2019 [19 favorites]


We have models in Science and the Arts that work for these sorts of things: granting councils/bodies that provide even multi-year funds for some projects (not everything is annual). They don't have to be run by governments. There are other models too, like Patreon.

There are ways to do these things, in industry-based coop/consortia if there were interest. It certainly happens in other industries. There's no requirements for governments here at all.
posted by bonehead at 10:24 AM on September 18, 2019 [2 favorites]


If we wanna optimize for FOSS then that requires us first committing to building luxury gay space communism so we at least have a chance of getting to the fully automated part.
posted by nikaspark at 10:32 AM on September 18, 2019 [12 favorites]


The entire point about the unpaid work is that the only reason it's even remotely feasible is because of all the other unpaid work.

Free software is a gift economy, not an exchange economy. Trying to think about it as if it were an exchange economy will never yield a workable understanding of how it keeps doing what it does, because doing that makes the act of giving indistinguishable from the act of exploitation.

Gift economies are far, far more productive per person hour than exchange economies, purely because they don't waste person-hours on the administrative overhead involved in making sure everybody gets remunerated. In fact no exchange economy could ever self-perpetuate without riding on top of an underlying gift economy; they're just too inefficient. Hell, just paying for breastfeeding would bring the US monetary economy to its knees.

As you'd have to expect from any system that makes no formalized attempt to enforce fairness at all, gift economies suck at it and they certainly do burn people out. But then again, exchange economies have been in operation for long enough and have become so dominant that every single one of them is now totally gamed, and it's pretty easy to mount an argument that trading both burns people out and sucks at fairness at least as badly as giving.

The main problem with cURL isn't because it's open source; commercial products regularly get support withdrawn too. The problem is designers who rely on any single component that they have no plan in place to work around the loss or failure of. cURL itself reflects this philosophy: you can build it against any of eleven subtly incompatible SSL libraries, for example.

To the extent that being open source does cause problems, it causes them only for users who really don't understand that cURL is a gift and that the language in its licence about being offered with zero guarantees as to performance or adequacy means exactly what it says. If you're selling stuff built from components for which source code is freely available, and it's vital to your enterprise that those components keep working they way you expect them to, it's absolutely on you to pay for the programmer time your enterprise needs to make sure that happens. If you don't like that deal, just go buy something commercially licensed instead and spend your money on support contracts and SLAs instead of in-house programming talent. But I'm tipping you'll get better value from in-house programming talent, especially if you keep it happy by encouraging it to push genuine improvements upstream.
posted by flabdablet at 10:36 AM on September 18, 2019 [33 favorites]


This to me runs the risk of throwing the baby out with the bathwater. Sure, multi-billion-dollar companies can download and use cURL for free, but so can a teenager in a developing country, and so can you. We're finally getting to the point where there is a good amount of mature, stable, maintained open-source software. (Inkscape, as just one example, is about to release version 1.0.)
posted by reductiondesign at 10:42 AM on September 18, 2019 [6 favorites]


Could 2019 be the Year of Linux On The Desktop!!???!??!!!?????
posted by flabdablet at 10:43 AM on September 18, 2019 [12 favorites]


There are companies trying to fill this funding gap; one that I'm aware of is Tidelift. The idea being that there's room to bridge the free / open source world with commercial support models in a way that lets them both succeed. I'm rooting for it, as I have several friends who do F/OSS work and should be paid for it, and I work for a gargantuan tech megacorp that would be well-served to do better in funding that work.

🤞🏻
posted by ChrisR at 10:49 AM on September 18, 2019 [4 favorites]


When companies abuse sidewalks by leaving their scooters all over the place, the answer isn't to privatize the sidewalks

The solution I favour is welding the scooters together into large and striking installations of public art.
posted by flabdablet at 10:54 AM on September 18, 2019 [12 favorites]


I've coded some stuff over the years. I do not support it. If someone asks me to help, I will, for pay. Really, it's open source just read the code if you need to change something. You have a problem with a program I wrote? Read it and fix it imho.
posted by baegucb at 11:46 AM on September 18, 2019 [1 favorite]


God willing, 2019 will be the year that tired joke finally lies down and returns its last exit code.
posted by Wolfdog at 11:47 AM on September 18, 2019


Keep in mind that FOSS and working for free are not always the same. I've contributed to FOSS while being paid by a giant corporation, as have many people.

FOSS itself is about how the software is licensed and distributed.

While some people do it for fun or experience or whatever, some people write open source software as part of their day job.
posted by thefoxgod at 11:54 AM on September 18, 2019 [12 favorites]


That's an easy thing to say about somebody else's life's work.

That they did for free, and now they're frustrated when the companies using said freely contributed work aren't happy to pony up money to pay for bug-fix or updates.

Am I missing something here?
posted by allkindsoftime at 12:30 PM on September 18, 2019 [1 favorite]


Keep in mind that FOSS and working for free are not always the same. I've contributed to FOSS while being paid by a giant corporation, as have many people.



Same here. If you're using my code, you're beta testing software my employer relies on.
posted by ocschwar at 12:40 PM on September 18, 2019 [11 favorites]


The authors are being blamed by the public, press and those big corps for not updating/supporting/fixing critical bugs for free. The expectation is that they'll just keep on giving because they have in the past.
posted by bonehead at 1:55 PM on September 18, 2019 [3 favorites]


Am I missing something here?

Feels like you're missing the realities of peoples emotions— I've seen so many good people burn out on the back of small projects that got big, and it's a hard problem to live, it's this burden that grows until it consumes you. When you get going it's probably to scratch your own itch, and for the first tens, hundreds or thousand people using your project you feel excited to keep progressing as your development mirrors the majority case.

But at some point you hit this inflection point where you're likely only continuing to drive the development train because you don't want someone else to crash it, I kinda get the feeling it's when you start having to worry about breaking changes. You know people are now dependent on your work, and hell, you're still proud of it too--but now your project is so popular that your issue tracker has turned into StackOverflow, with repeated basic questions and people have long built your past generosity as the default expectation.

It's very easy at that point to look at the vast value you've provided in aggregate, looking at literally billion dollar companies who would probably reject you at the interview stage (with your own project being silently considered a liability to your dedication?) and know that if you put up a donation page you'd be lucky to cover the costs of the coffee you drink reviewing pull requests.

I say this as a Patreon backer of a project that I hold very dear-- it saves me countless hours of pain, and is used hugely throughout the tech companies-- how much is that developer making a month from that Patreon? Less then $100. I'm also weirdly, part of a /very/ popular library for a language, who are trying to work out the global complexities of 'How do we actually take donations for this, like, properly? As in, the project taking donations, not one individual', it's not easy.
posted by Static Vagabond at 1:56 PM on September 18, 2019 [12 favorites]


probably at some moment in the 1980s or whatever there was the faintest chance that free software could end up being a positive force in the world — that the original version of the gpl could have ended up ensuring that all worthwhile software everywhere became and remained free, thereby effectively seizing the means of digital production forever.

but unfortunately rms squandered the moment and here we are.

writing free software / open source software is at best a quirky hobby for people who like helping capitalism extract value more efficiently.
posted by Reclusive Novelist Thomas Pynchon at 2:32 PM on September 18, 2019 [2 favorites]


I think it's really disingenuous to blame one person, no matter how dogmatic or odious, for failing to keep an enormous source of power from being appropriated by literally all of capitalism.
posted by J.K. Seazer at 2:38 PM on September 18, 2019 [15 favorites]


writing free software / open source software is at best a quirky hobby for people who like helping capitalism extract value more efficiently.

I mean, some of it is, but keep in mind that the sciences increasingly use open source software to power their experiments (Python, Linux-based supercomputers), data analysis (R/Julia/Python), and publications (Latex). This is a boon not only for often cash-strapped departments (those $10k Matlab licenses add up), but also makes results easier to replicate and more broadly available. There is more to open source than just bullshit web startups.
posted by Pyry at 3:34 PM on September 18, 2019 [16 favorites]


This seems like a relevant place to mention something I've been considering as a potential FPP.

Eric S. Raymond gave a recent talk on Load-Bearing Internet People (LBIPs), and launched an initiative to share the load effectively by setting up loadsharers networks to get these people paid.
"An LBIP is a person who maintains the software for a critical Internet service or library, and has to do it without organizational support or a budget backing him up."
A loadsharers network is:
"...a volunteer network of people agreeing to fund Load Bearing Internet People so the Internet’s infrastructure will stay healthy."
So it's a kind of crowdfunding initiative. I find the LBIP concept useful for several reasons:

* It's generalizable. While ESR's project focuses on LBIPs involved in FOSS, that's a tiny subset of all LBIPs. What about, say, volunteer web forum moderators, or the people who do the "ghost work" of keeping various horrors out of your Facebook feed, for example?

* It's fairly self-explanatory. Most people who are bearing part of this load of unpaid or poorly paid work are likely to quickly recognize what it means.

* Crucially, it helps to normalize the concept of being a loadsharer. Those who benefit from their work, and are in a position to do so, can and should support them.

* It gives a memorable name and acronym to hidden labor that needs to become more visible. Some potential funders may be unaware of what LBIPs do and what it costs them to do it, and this initiative may help put it on their radar.

* It can help build community and solidarity among workers.

This also brings to mind earlier feminist initiatives such as Wages for Housework, because the important point isn't just about payment; it's about calling attention to the human costs of "shadow work" that capital relies upon, but does not adequately remunerate.
posted by velvet winter at 4:23 PM on September 18, 2019 [6 favorites]


I think it's really disingenuous to blame one person, no matter how dogmatic or odious, for failing to keep an enormous source of power from being appropriated by literally all of capitalism.

I think it's really disingenuous for the one person who has that enormous source of power to complain about all of capitalism appropriating it when they are literally the only person that could, you know, do something about it.

I can't do anything to stop Apple from using his open source code to run my iphone. I just want a running iPhone, and I pay Apple a thousand dollars every few years for one. If they make it run using something he wants to give them for free, how does that involve your end use of the iphone? If he wants to set up a go-fund-me or whatever to beg the average consumer to pay for his work, that's all well and good, and he'll probably get like you know, maybe 5 of the billions of iphone owners out there to actually shoot him some pocket change.

But he can do something to force a company like Apple to it's knees. Multiple companies. Much of capitalism (I think "literally all" is maybe a bit of a stretch). Instead he wants to complain about it.
posted by allkindsoftime at 4:30 PM on September 18, 2019


I also think it's disingenous and rather shitty to make sweeping dismissive statements of other user's comments on Metafilter without explaining why you disagree with their idea in a way that fosters helpful discussion and maybe helps educate others in the community rather than shaming and ostracizing them publicly. But that's just me.
posted by allkindsoftime at 4:32 PM on September 18, 2019 [1 favorite]


2) This sort of clause is toxic for adoption because good luck trying to track the "strings" when you're an enterprise worth more than $25M and you're using 100 different custom licensed projects. There's a reason there are accepted and standard open source licenses and companies avoid custom licenses like the plague.
3) Single maintainers that are not supported by any sort of company / organization are not going to be equipped to interface with 50 different companies that have to negotiate "strings" with that developer.


License Zero is trying to solve some of these problems. They provide infrastructure to automate paying for license exceptions, and a pair of licenses to choose from: Prosperity, a non-commercial software license, or Parity, a strict copyleft license. The developer picks one, and then if you want to use it in a commercial project, or without contributing your modifications (depending), you use the API to purchase that exception.
posted by vibratory manner of working at 5:13 PM on September 18, 2019 [2 favorites]


One person has the ability to upload an update with a backdoor onto billions of devices? Lex Luthor gets paid.
posted by justsomebodythatyouusedtoknow at 5:13 PM on September 18, 2019 [5 favorites]


Eric S. Raymond gave a recent talk
I had to doublecheck which thread we were in, because if we were talking "famously misogynistic tech men who see themselves saints of the field", ESR makes Stallman look polite and well-behaved. From the other thread:
ESR was a little less obviously assholish at first except he was a doctrinaire libertarian (back in the 1990s that struck me as charmingly ethnic-American and eccentric rather than instant-killfile fodder) and a gnu enthusiast. At one Penguicon (combo SF convention and open source conference) I went to around 2005, there was a "geeks with guns" trip to a firing range. I went along (because: author here, got to do my research somewhere) and so did ESR. Who proceeded to regurgitate the most barkingly offensive anti-muslim propaganda at me for the entire trip (at least when I wasn't wearing ear defenders). Stuff that I'd have characterized as neo-Nazi propaganda if you substituted "Jews" for "Muslims". I'm talking full blown "Eurabia" conspiracy garbage here, just a short step away from contemporary identarianism/white supremacism. I'd be utterly unsurprised to discover that these days he's golfing buddies with David Duke. But when not outing himself as a not-so-closet racist ESR was able to be superficially charming and relatable, so ouch.
(Or, y'know, his many famous rants over the years about his disbelief in the concept of "rape")
posted by CrystalDave at 5:27 PM on September 18, 2019 [7 favorites]


Ack, I clipped the other part of my point in quote-grabbing.
But yeah. Maybe the idea proposed is something that doesn't connect to his plans regarding subjugation of women and we can collectively agree that it came from the ether like Minecraft; but I'm hoping we can listen to literally anyone else before we have to resort to someone who likes to sprinkle in unhealthy doses of "Women: Always lying, or just telling the truth when The Other is to blame?" in with his ideas about software funding.
posted by CrystalDave at 5:36 PM on September 18, 2019


if we were talking "famously misogynistic tech men who see themselves saints of the field", ESR makes Stallman look polite and well-behaved.

Oy! I haven't been keeping up with FOSS lately (and only occasionally since 1999 when I read The Cathedral and the Bazaar and showed up at a Linux user group where I was the only woman), and I've been pretty scarce lately on MeFi too. The only reason I happened to know about the LBIP concept is that it was mentioned in a recent issue of NormCore Tech by Vicki Boykis.

Thank you for that pointer, CrystalDave. I completely missed that thread. I will go read it now.
posted by velvet winter at 5:52 PM on September 18, 2019 [5 favorites]


Yeah, let me be super clear: ESR is on record as saying that "Women in Tech" groups were going to conferences to try to trick important male members of open source projects into sleeping with them so they could then make up rape accusations against them. I give zero fucks about anything he has to say. If it's important, find someone to say it who isn't a fucking garbage fire of a human being.
posted by tocts at 7:22 PM on September 18, 2019 [9 favorites]


writing free software / open source software is at best a quirky hobby for people who like helping capitalism extract value more efficiently.

Or, you know, a tool for people who want their computers to work in a way that makes their lives easier, rather than just living with the bugs that eat up a significant fraction of their lives and tools/workflows that make things much harder than they need to be.

It's totally fine if that's not your thing, but maybe don't be dismissive of people who can do/enjoy doing that kind of thing.
posted by wierdo at 8:30 PM on September 18, 2019 [9 favorites]


Reporting back after reading the thread that CrystalDave linked about Stallman being driven out of the FSF. I wish I'd seen that before I posted to this thread quoting ESR, but I'm grateful that I've seen it now. I'm super glad that I didn't make the LBIP idea into an FPP.

I still love the concept of load-bearing people and loadsharers networks, though, for the reasons I outlined. As I mentioned, it's Vicki at Normcore Tech who called it to my attention and got me to think about it in a feminist context, so I'll take her framing of it and see what else I can do with it. I've been slowly working on an essay about the complex systemic factors and ideologies that contribute to the scarcity of arts funding, and I was planning to use this acronym to make a point. Back to the drawing board. That section of my essay draft is now on the cutting-room floor.

I'm also feeling very grateful for the #MeToo movement right now for shifting the cultural climate in the direction of accountability, and for this comment from warriorqueen:
...at 48, I realize how many women and probably some men as well have just...settled for a different career path because of the heavy weight of continual, low-grade sexist and harassing bullshit.

Like, the people who actually have been denied career advancement overtly are just the tip of the iceberg of people who have just gradually, gradually, gradually either lowered their expectations or made choices -- some deliberate, some probably subconsciously -- which eventually removed them from top-flight participation in fields of work and study. Not because they were incapable or unambitious, but because the price is too high even when paid in pennies every day.
Is me.

I'm 51. While I haven't been overtly denied career advancement, and I wouldn't exactly call myself ambitious in a career sense, I'm definitely one of the women whose life path drifted away from tech because of near-ubiquitous low-grade, run-of-the-mill sexist bullshit. As I wrote in the geek feminism thread, I loved math and excelled at it as far back as the fourth grade, and in high school I was involved in the computer club (this was circa 1983-1984). My dad owned a Commodore 64 and 128 in those days, and was happy when I showed an interest in it. But out in the real world, there was a constant stream of subtle and not-so-subtle messaging reminding me that while I might be technically capable enough, I didn't really belong. Looking back, I can't help but wonder what might have been with my early aptitude for math and computers...if only.

That said, I now work as a professional editor after a recent promotion that came with a nice pay raise and some effusive praise of my skills, and I'm happier than ever. I just wish it hadn't taken me 51 years to garner this kind of professional respect and decent pay. And I'm well aware that one of the reasons I'm so happy is that I'm able to work remotely. Remote work enables me to surreptitiously dodge a lot of the ageism and sexism that drove me away from offices, and contributed to my failure to get a job in web development after I completed a coding bootcamp.

I'm also thinking a lot more these days about how much the internet relies on the unpaid work of people like me (I've been a moderator of various internet forums since 1999, for example), and what I can do to help other marginalized people get paid fairly.
posted by velvet winter at 8:32 PM on September 18, 2019 [10 favorites]


... the sciences increasingly use open source software to power their experiments (Python, Linux-based supercomputers), data analysis (R/Julia/Python), and publications (Latex). ...

Much of this software is written by lab staff as part of their paid work -- they aren't working for free. It is now typical practice in some sciences that software developed in the course of (funded) research projects (with paid staff) is made available with open source licenses. Some of these scientific open-source software projects are very large-scale and long-lived; they go far beyond the lone hobbyist. For example the EPICS control system framework has been in development (by paid staff at national laboratories and elsewhere) since the 1990s and helps run large particle accelerators, astronomical observatories, and the LIGO gravity wave experiments.
posted by JonJacky at 9:03 PM on September 18, 2019 [4 favorites]


But he can do something to force a company like Apple to it's knees.

That sound you hear is 1000's of compliance lawyers in Redmond/Mountain View/Cupertino ordering every engineering team to remove all references to cURL out of every codebase.

I mean, I'm kinda joking, but I seriously I wouldn't be surprised if the "he hopes to convince" line in this article leads to an email in my inbox in the next week or so.
posted by sideshow at 11:35 PM on September 18, 2019


he can do something to force a company like Apple to it's knees

No he can't. He really can't. cURL as it stands, doing all the things people are already using it for, exists now and nobody can make it un-exist. The only negative thing that the lead author could possibly do at this point is to stop making contributions to it, and that's a gap that would get rapidly filled from multiple directions.

Once source code has been released under a permissive licence, the only thing that can be done to put restrictions on it going forward is to release new versions under a less permissive licence. There is no technical nor legal method that stops anybody who has been granted the right to copy and alter a particular chunk of source code under a permissive licence from maintaining it themselves in perpetuity.

If a code author wanted to get all black-hat about the thing they could fill their code with back doors and logic bombs and whatnot, then wait ten years to give the compiled results time to be widely embedded before starting to exercise their exploits and/or issuing threats to do so. But the entire point of source code being open is that people would find that shit before it got anywhere even close to being a serious threat. I can't think of a single instance of this pattern actually occurring with open-source code; it's far more commonly encountered in closed systems in-house, in outfits where management is shitty enough to encourage devs to risk being equally shitty in return.

Using components for which you have the source code lowers risk, especially if those same components are in widespread use elsewhere.
posted by flabdablet at 12:57 AM on September 19, 2019 [7 favorites]


I'm also thinking a lot more these days about how much the internet relies on the unpaid work of people like me

I would strongly encourage anybody who has begun to think along these lines to ponder the extent to which humanity at large relies on the unpaid work of people like their mother, and respond not so much by wasting time on figuring out how to pay parents for parenting, but by choosing to do more unpaid work themselves.

There is nothing wrong and a lot right with unpaid work as long as it is a freely offered gift.

Expecting to stay showered in freely offered gifts by any single person for the rest of your life, though, just because they've been doing that up until now? That's an error.

The essence of the trade economy trade is paying stuff back. The essence of the gift economy is paying stuff forward. Do as much of that as your circumstances allow. It feels good and works better.
posted by flabdablet at 1:09 AM on September 19, 2019 [3 favorites]


It's a sympathetic line of reasoning, and as a big socialist myself, I agree in principle, but until we get landlords who pay it forward, doctors and teachers and farmers who pay it forwards, any kind of gift economy that negatively affects the earnings potential of others is playing right into the hands of the rentier class. There's a balance to be found. Give to people; companies pay.
posted by seanmpuckett at 3:39 AM on September 19, 2019 [1 favorite]


Something else that is worth at least being aware of is that all this nights and weekends coding (done mostly by men) to support FOSS projects also is supported by the emotional and physical labor of others (almost exclusively women) to keep the house working, the laundry done, and the everyone fed and taken care of.

My projects at work are entirely open source (finally abandoning oracle as a database, yay!), and we have done some small upstream contributions, but it’s a hard sell to management to justify contributing to the maintenance of things that seem free.
posted by rockindata at 4:00 AM on September 19, 2019 [2 favorites]


as a big socialist myself, I agree in principle

I don't see a whole lot of differences between the way the gift economy works when the trade economy is primarily socialist and the way it works when the trade economy is primarily capitalist. The gift economy remains the bedrock on which any of these trade-based organizational forms rests.

playing right into the hands of the rentier class

A rentier class can only ever emerge from the trade branch of the whole economy, because rent-seeking essentially amounts to gaming the trade economy's administrative overhead. As soon as trade exists in any form, rentiers will find ways to game it; every primarily socialist trade economy in history has had at least as many, doing at least as much damage, as any primarily capitalist trade economy.

I don't think it's possible to avoid playing into the hands of the rentier class and participate in trade in any capacity, simply because there are and always will be so many skilled rentiers and because any administrative process can always be subverted by sufficiently unscrupulous administrators. Gifting isn't subject to rent-seeking because gifting in and of itself needs no administration in order to make it happen. People can and do just do it.

Attempting to undermine rentier business models by running a pure gift economy and no trade economy is probably not feasible; I'm certainly not aware that it's ever been tried. The other way around, with trade only and no gifting, I'm dead certain is not feasible because the administrative overhead would just kill it. But it does seem to me that these complementary economies do have quite different motivating principles and that clarity of understanding demands that they not be smooshed together.

The main promoters of the view that gifting is antithetical to anybody's interests are, in my experience, those most solidly committed to seeing trade and competition as the only correct lens through which to view all human activity, straight-up ignoring the fact that any of them had mothers.

The Institute of Public Affairs, for example (turn thrice, spit, curse - perhaps nobody involved there did have a mother), has long championed the idea that Australia's public broadcaster "competes unfairly" with the commercial news media. They completely ignore the value in having a broadcaster whose main aim is to serve the community at large rather than to make a dollar for its participants.

I tend to dislike people like that and my policy is to regard their views as unsound until clearly proven otherwise.

So if your trading model involves selling something that other people are happy to offer as gifts, it seems to me that the appropriate solution is not to lobby for shutting down the gifting, but to find something more in-demand to trade.

As an ex-working programmer, the employment that made me happiest was that which involved being paid to show up and attend to problems I could solve, where it was clear to all concerned that what I was trading was my time and skill and attention, not my work product.

I'm old enough to remember what things were like before the GPL existed and watch how they've developed since, and I can tell you for a fact that the advent of that licence marked a clear inflection point between an era where access to good tools was either really fucking expensive or required breaking the law, and one where tools ranging from perfectly adequate to truly excellent just litter the landscape and only need picking up. There is no doubt in my mind at all that free software has been an absolute boon to the entire IT profession. Copyleft is a very adeptly crafted compatibility shim between the gift and trade economies, and I think we owe Stallman a genuine debt of gratitude for it regardless of how socially inept he's shown himself to be otherwise.

As for whether the IT profession itself has been an absolute boon to humanity: that remains to be seen. So far, results have been mixed. I'm quite liking the medical stuff, but ubiquitous surveillance and 24x7 personal availability I could easily do without.
posted by flabdablet at 6:24 AM on September 19, 2019 [7 favorites]


I can tell you for a fact that the advent of that licence marked a clear inflection point between an era where access to good tools was either really fucking expensive or required breaking the law, and one where tools ranging from perfectly adequate to truly excellent just litter the landscape and only need picking up

You're assuming this wouldn't have happened without the GPL, and I don't think that's a safe assumption. For one thing, there's a bunch of other open source licenses, before and after it. For another, if you look at the licensing landscape today, nearly nobody chooses the GPL for new projects. (Example: surveys of npm packages have shown something like 60% MIT License, 20% "No License", maybe 10% GPL, etc)

The idea it put forth -- of sharing code for others to use -- may have been nice, but the actual implementation has not met the needs of most people, and it hasn't been an important factor in the propagation of tools that are free to use and modify for quite a long time outside of older codebases that can't be divorced from it.
posted by tocts at 7:27 AM on September 19, 2019


Much of this software is written by lab staff as part of their paid work

This has been true for decades, prior to even the whole Free Software Manifesto (late eighties, I think). Codes were passed around and published, often without any mention of copyright or licence. FOSS licencing has formalized the software distribution and become a norm. There is a licence file that goes around with most sources now. It's probably the least opened file in any package. It's still the case that most codes are available either through repositories or by the asking, particularly the analysis frameworks for Python or R.

Indeed they're often part of a publication now.
posted by bonehead at 7:34 AM on September 19, 2019


You're assuming this wouldn't have happened without the GPL

Not at all; merely noting that it did happen with the GPL, and that the advent of the GPL specifically did mark a very noticeable shift in the attitudes frequently expressed by IT-associated people toward software you didn't have to pay money to acquire.

Whether the GPL was primarily a cause or a consequence of that shift is always going to be a matter of debate, but there is no doubt in my mind that it was then and remains now the most influential software license of all time.

older codebases that can't be divorced from it

are the absolute bedrock of today's IT landscape. The sheer quantity of currently running code that's been compiled with gcc just boggles the imagination.
posted by flabdablet at 8:03 AM on September 19, 2019 [2 favorites]


they could fill their code with back doors and logic bombs and whatnot

I am reminded, in a very low-key way (and this is perhaps relevant to the whole "how should those using a free resource interact with the long-term maintainer) of the long-simmering tiff between jwz and Debian over nagging warnings in xscreensaver.
posted by jackbishop at 8:27 AM on September 19, 2019 [2 favorites]


I think that tiff is hilarious. Because although jwz is undoubtedly insightful and talented, he has his blind spots just like anybody else, and one of those is fully on display in the linked Debian bug tracker thread. For somebody as consistently rude as jwz to expect other people to comply with his my-way-or-the-highway preferences as a matter of courtesy? Yeah no, probably won't happen, and watching him crack the sads when it doesn't is pretty bloody funny. As James May has observed, you cannot build a tent by shouting.

I am of course completely sympathetic to his desire to avoid wasting time dealing with bug reports for versions of his software that are many generations back from current, and to see versions containing long-fixed security holes removed from general use in order to protect his reputation. But his attempted solution - the end-user nag warning - is both deeply irritating to the vast majority of his userbase and highly unlikely to effect either of his desired outcomes. He'd have been much much better off cultivating cordial relationships with his downstream package maintainers instead of trying to fix the wrong problem on his own.

I mean, he's good and all, but he has no actual superpowers.
posted by flabdablet at 11:29 PM on September 19, 2019


However, many projects are trapped somewhere in the middle: large enough to require significant maintenance, but not quite so large that corporations are clamoring to offer support. These are the stories that go unnoticed and untold. From both sides, these maintainers are told they are the problem: Small project maintainers think mid-sized maintainers should just learn to cope, and large project maintainers think if the project were “good enough,” institutional support would have already come to them.
Roads and Bridges: The Unseen Labor Behind Our Digital Infrastructure (PDF or ePub) by Nadia Eghbal for the Ford Foundation
posted by Monochrome at 2:34 PM on September 28, 2019 [1 favorite]




Jesus wept.

For fuck's sake, people. If you're bummed out by putting endless hours of work into wonderful stuff that self-serving capitalists just hoover up and give nothing back for, stop releasing it under licences that explicitly permit them to do that. The idea of instead choosing to insert advertising - aka the capitalist economy's most blatant form of rent-seeking - into an open-source package's dependency list reveals a profundity of economic and social illiteracy that on reflection is pretty much what I'd expect from the Stupidest Timeline.
posted by flabdablet at 10:25 PM on October 4, 2019 [2 favorites]


Yes, how dare a person have interests and desires that compete against each other. It's a travesty!

Or maybe, just maybe, if someone else is spending hours of their life to make something they find useful, I don't get to complain about the parts I don't like if/when they share it with me. Thanks to their permissive license, I am perfectly free to change it to work however I want, use it, not use it, whatever.

It might even be possible that not all advertising is abusive advertising, though I can certainly understand why people would believe otherwise.
posted by wierdo at 8:32 AM on October 5, 2019


maybe, just maybe, if someone else is spending hours of their life to make something they find useful, I don't get to complain about the parts I don't like if/when they share it with me. Thanks to their permissive license, I am perfectly free to change it to work however I want, use it, not use it, whatever.

The point of the GPL, and the thing that sets it apart from most of the other permissive licences, is that if you do choose to take advantage of somebody else's unpaid work for the furtherance of your own business interests, you don't get to deny anybody downstream of you a similar opportunity.

If more software that's currently released under permissive licenses were released under copyleft licenses instead, the relationship between the trade and gift economies in software development would start to shift from the essentially parasitic one that prompts the kind of concerns expressed in the OP toward a rather healthier symbiosis.

This is because software, unlike physical gifts, has the property of being perfectly and limitlessly replicable. If I choose to give you a thing without also imposing any kind of obligation on you in the event that you choose to pass on that gift, then I have effectively also given it to countless people I don't personally know. That's potentially a much more consequential act than it would at first appear, and human beings are just not good at evaluating consequences of that magnitude.

Your point about not complaining about the oral hygiene of gift horses that come with a complete set of dentistry tools is one I fully agree with, but once any piece of gifted software gets invisibly absorbed into something that's sold, then its nature as a gift has effectively been buried, and the expectations that apply to it by buyers become those that apply to things which are sold: fitness for purpose, ongoing support and all the rest of it.

For software released under the GPL, this doesn't happen to anywhere near the same extent. When Red Hat originally started distributing Linux, the business model was very very clear: the software itself was free, totally equivalent to what you could get elsewhere and with all source code fully available, but Red Hat would sell you their expertise in supporting it and give you a guarantee that the free software plus their expertise would buy you something fit-for-purpose.

Red Hat has been running this business model for over 25 years and has recently been bought by IBM for $34B. There's no doubt that it works, and continues to do so even though the CentOS project exists, providing parallel gift-economy support for the exact same software that Red Hat sells support for.

The vast preponderance of the software that forms Red Hat Enterprise Linux is licensed under the GPL. And you know what you won't find inside RHEL? A reliance on uncompensated single maintainers responsible for vital, non-interchangeable parts.
posted by flabdablet at 12:34 AM on October 7, 2019 [2 favorites]


Theory: average bus factor = 1
The LWN article is not talking about silly things like a chess clock or a feed reader: we're talking about the Linux input drivers. A very deep, core component of the vast majority of computers running on the planet, that depend on that single maintainer.

My theory is this: our average bus factor is one. I don't have any hard evidence to back this up, no hard research to rely on. I'd love to be proven wrong. I'd love for this to change.

And if that doesn't scare you, it damn well should. As a user, one thing you can do is, instead of wondering if you should buy a bit of proprietary software, consider using free software and donating that money to free software projects instead. Lobby governments and research institutions to sponsor only free software projects.
posted by Bangaioh at 2:47 PM on October 17, 2019 [1 favorite]


A very deep, core component of the vast majority of computers running on the planet, that depend on that single maintainer.

Another way to look at this is to embrace the view that anything that can be maintained by a single person, should be maintained by a single person.

Software maintained by one person is either doing work that's simple enough for one person to get their head around, or horribly broken; in my experience, there's not much in between. Single-author drivers that make it into mainline tend to be in the former category and most of them are somewhere between reasonably clean and really nice.

Maintenance-wise, there are clear distinctions to be made between kernel components with limited scope, like device drivers, and open-ended extensible protocol handlers like cURL.

Also, the extent to which failure of "very deep, core components" is consequential is a pretty good predictor of the speed with which a new maintainer will become motivated to jump on them when their existing maintainers drop them for whatever reason.
posted by flabdablet at 1:13 AM on October 18, 2019 [1 favorite]


« Older “Sometimes it pays to just be along for the ride.”   |   Stuntmen React to Bad and Great Hollywood Stunts Newer »


This thread has been archived and is closed to new comments