Open source, closed wallets, big profits – nobody wins the OSS rock, paper, scissors game
Stop horsing around. Pony up
Opinion There's much talk of the Open Source Sustainability Problem. From individual developers to Google's White House lobbying, the issue seems simple but intractable. Is the willingness of volunteer coders a solid enough basis for the long-term health of essential infrastructure?
This is, of course, balderdash. It's not an open source problem, it's a software problem. All software needs resources to adapt as the working environment changes, resources the changed environment may not provide. Look how many out-of-support versions of Windows still limp on like superannuated footy players in the Sunday leagues.
According to StatCounter, as of December 2021, one in seven PCs still runs Windows 7. One in 200 is on XP. Try getting Microsoft to update either.
Why this is, is more complicated than just Microsoft's revenue model, although that's a part of it. The details aren't important. Paid-for software is not magically sustainable, any more than OSS is uniquely vulnerable. If anything, it's the other way around. If you really need it, you can pick up a dropped OSS ball and run with it. Try doing that with commercial abandonware. Yet nevertheless, there are plenty of OSS creators who'd like to be paid.
The question becomes not whether resources can be made available to keep OSS components up-to-date, secure and relevant as needed. Rather, it is how can the industry come to realise that if it wants long-term security of supply in software components, OSS is the better choice?
It's not that organisations don't like paying for things even when the benefits are nebulous. They have no problem spaffing millions in executive compensation, marketing departments, mergers and acquisitions and major strategic refocuses that go nowhere. It's only hard to get money spent on stuff actual workers actually need.
Ask Tatiana in devops whether she thinks it's a good idea to push some shekels towards the team who keep her favourite framework cooking, and "hell yeah" will be the printable version. Can she make that happen? Only out of her own pocket. She's not the one making millions out of that devops pipeline.
There are many schemes for collecting and dispensing enterprise donations to open source projects, but none is proving a generic solution. One component may be used by a thousand companies for one small but important task; one component, as with Apache PLC4x, may have a natural market of a handful of places but with a potential value to them in the millions.
Some OSS teams do not and never will want monetary rewards; others grow weary of seeing their work be exploited with no tangible reward. Even if it wants to, how can a company budget for everything on that spectrum, or what to donate to a clearing-house scheme?
How about licences that make software free to use below a certain level of resultant profitability? That works for big things run by single companies, but becomes a contract with financial commitments in a way that most OSS licences are not. As a dev or an architect, you may get blanket permission to use corporately approved permissive OSS licences. You won't where there's cash involved.
As so often, history has the answer – a mixture of deep and recent history, in this case. Let's start with the recent. It is not uncommon for organisations to adopt and publicise progressive policies on equality in the workplace or commitments to environmental or political stances, not just through a burst of otherwise undetectable ethics, but because they help recruitment and plonk a halo on the god-like being of the CEO. They cost money, but mostly from coffers that don't have to show a return on investment.
The deep history component is the tithe, then 10-per-cent levy popular with deities, priests and kings from Mesopotamia to the present day. These days, the compulsory tithes are dressed up as taxation (at more than 10 per cent, oddly enough), but voluntary tithes are still thick on the ground to fund churches, charities and other communitarian concerns that don't give you back anything specific.
In the case of churches, the deal might seem like they collect the lucre to provide God-centric services for soul disaster recovery, but whichever deity is involved, they don't get to spend it. Rather, you're buying into a community, to rules that give you support when you need it and provide a certain status. There's no need for either side to define either in too much detail. That sounds a good fit for corporate use of OSS.
- No defence for outdated defenders as consumer AV nears RIP
- Log4j and Omicron: Brothers in harm, mothers of invention
- Calendars have gone backwards since the Bronze Age. It's time to evolve
- Apple is happy to diss the desktop – it knows who's got the most to lose
Here's the deal. A universal code of conduct for organisations that use OSS, saying they are enlightened entities who recognise the good of OSS for one and all, and pledging a small percentage of turnover, proportionate and revisited, to OSS support. A single common clause for OSS licences that make them part of this. An industry organisation that publishes OSS usage stats to help facilitate payments – but, crucially, does not take a cut, for that way lies rentier corruption.
The money – which needn't be much, OSS is very efficient – comes out of marketing. There's a simple legal framework for the book-keeping, and all sides accept it's voluntary and unenforceable. The code of conduct can include things like asking Tatiana for usage stats, and the whole thing runs on ego, openness and good will.
An impossible basis to do anything? Try telling that to the open source community. It's amazing what you can do when you feel the love. ®