I am the maintainer of a library to simulate keyboard and mouse input. I didn't start the project but took over the maintenance and have since rewritten pretty much all of the code. I recently found out that Anthropic is shipping it in Claude Desktop for some unreleased feature which is probably like "Computer Use". I noticed they had an open position in exactly the team responsible for the implementation and applied. A few months later I received a rejection. The letter said that the team doesn't have the time to review any more candidates. The code is under MIT so everything is perfectly fine. It is great that a company like Anthropic is using my code, but it would have been nice to benefit from it. I wrote a slightly longer blog post about the topic here:
I’d strongly recommend trying again and reaching out to the friend of a friend who informed you of the role and asking for a more direct intro to the hiring manager. Unfortunately, it’s really really easy to slip through the cracks as a resume, and one feels no remorse rejecting a pdf file. Even without the warm contact, some way of directly reaching the hiring manager (notably: not the recruiters!) would mean that “I wrote that library!@ becomes front-and-center, not buried as a line item. I’ve seen so much more success with myself and the people I know in cold or warm outreach than through job application portals. In fact, I’ve yet to get a callback from a single job I’ve ever applied to online!
As an aside, does anyone know why the AI labs have such bad recruiters? I successfully got a job at one and am currently working there, but I still have many many complaints about the process.
Anthropic has a tough alignment interview. Like I aced the coding screener but got rejected after a chat about values. I think they want intense people on the value/safety side as well as the chops.
You need to be insanely dedicated to burning rainforests and boiling oceans so that people can have AI write emails that other people will use AI to summarise and never even read the summary.
Probably alignment with mission. The siblings write a lot about it so read all that. I prepped but I missed the mark. I suspect because of doing too ordinary work so I didn't have examples that would make them think "damm this person gets us".
Some one who reads the company website and has the communication skills to be able to convincingly regurgitate the company stances on issues. Come on guys, this isn’t some FBI lie detector test, they are going to ask you the same exact question people BS on in every interview to top companies, medical schools, etc.
Don’t be naive, these companies don’t care about talent they care about prestige and credentials. <username>@standford will always beat “did actual work relevant to the project”.
Just look at the background of some of the names in this at these places. As always it’s “who you know and where you’ve been” not “what you know and what you’ve built”
edit: You can downvote if you like, but it doesn’t change the fact that high stakes tech has never been a meritocracy and AI companies are no different.
I mean, there are three serious top level AI companies, and the only thing they're competing on right now is the quality of their frontier models. Or arguably their ability to raise cash, in an extremely "buzzy" market....
There's definitely more than 3 companies competing for AI talent and you know that very well.
Nvidia, Apple, Google, OpenAI, Anthropic, xAI, Tesla, Microsoft, Mistral and dozens and dozens of well funded AI startups are just among those with more resources.
As it stands right now, if the code was under a GPL license, nothing stops them paying the author to get it under another license.[1]
Sure, they could offer a job as payment for said license, or just pay cash.
This approach would be "necessary" (for some definition of necessary) for GPL code, but isn't necessary for MIT code.
[1] this assumes there's 1 (or nearly 1) copyright owner. If there are multiple contributors, and no CUA in place, this approach is generally not possible.
Personally, and different people have strong feelings on this both ways, with GPL code I'd get contributors to sign a CUA. It keeps the door open for commercial opportunities like this, especially if the code is "mostly yours".
I guess with a benign modification it does work: it’s just dual licensed (a)gpl and commercial license, the latter available when offered a job. The former always available but of course they’d have to release their entire stack’s source, which Anthropic almost certainly wouldn’t want to do. That’s not OP’s fault though and the license stands as pure (a)gpl.
It would be very, very hard to make this work in practice.
What does it mean to offer a job? Can they offer a job that pays a dollar a year and call it a day? Or can you force them to offer you a job that pays a billion dollars a year?
Can they offer you a job, but only in Antarctica? What about visa sponsorship?
Of course, you can write whatever ill conceived terms you want in your license. But if your license is badly written, any decent company lawyer would strongly advice staying away from your code. And if that's the outcome you want: you might as well open source it with a 'non-commercial use only' license.
> That actually doesn't sound so bad. (Designing the job requirements!)
Well, it's similar to having a license that allows the author to decide on the price of the product after the other side has decided to buy it. There just won't be any buyers.
> Hah. Well it is now...just copy & paste the GPL's text and append that one condition.
Section 7 of the GPL (version 3) explicitly gives the user the right to remove that additional condition. So if you want it to be effective, you will at the least need to remove section 7 from your copied GPL. Then, you'll need to remove the preamble and instructions to avoid the Free Software Foundation's ire (they're being generous in allowing you to modify the license test at all).
Ultimately, it goes against the spirit of the GPL so much (and against the point of FOSS in general) that it would be entirely unjustifiable to use the GPL as the foundation for such a proprietary, source-available licence.
The FSF holds the copyright to the text of the GPL, and they allow anyone to freely redistribute verbatim copies, but they don't permit just anyone to create derivatives.
Interesting, considering that Anthropic spends a lot of resourced to build ethics checks into their AI. I wonder if this hiring process was ever put through its own ethics check.
When you apply, you have to confirm that you did not generate the application with AI. As soon as you send of the application, you get an automatic email confirming your application. They also say they don't reach out, if you are not a good match and that they only contact the people they want to hire. Maybe they changed their mind on that policy, because I received a rejection letter a few months later. It was very well written. The people I showed it to said it is one of the nicest rejection letters they have seen.
There's no ethical principle which requires them to hire somebody if they use OSS from that person. Maybe they missed out on a good hire, c'est la vie.
How curious! So am I, and that is the project that I am the closest to regretting open sourcing.
I made the mistake of also implementing keyboard and mouse monitoring---you know, so I could write automated tests for the input parts!---and over the years it has turned into an endless source of feature requests, bug reports and also general questions about the Python programming language and its ecosystem.
Input events truly are horrible to provide a platform independent abstraction over, but in the end seeing people use it, make YouTube tutorials and discuss it on Stack Overflow make it worth the time spent.
You should have licensed it under AGPL; Anthropic then would have reached you to negotiate a commercial license or contribute back to the project, since AGPL forces server-side code disclosures when deployed. Without that, they can legally use, modify, and profit from it without sharing improvements or compensating you
[A]GPL is like kryptonite to corporations. Very few will take the risk of having to open their own code if someone made a mistake in isolating the GPLed code properly, so most ban the use of GPL for their products and services.
Anthropic would have found a different library or rolled their own, rather than taking that risk. If the library was fundamental, maybe they'd go for a commercial license, but that's usually an option of last resort.
OP mentioned he took over an existing project. He would then have to track all the people who contributed in order to be able to relicense to AGPL. Even then, Anthropic would probably then write their own.
what's to stop them from <prompt>Recreate this library so that I can use it in my project without fear of copyright violation.</prompt> in their very own claude code?
For small enough codebases, that seems like an inevitable reality, eventually.
If you have nearly limitless compute to throw at an issue and a good enough model, then it should be able to create enough test cases to cover most aspects of the codebase (iterating thousands of times until it gets it right) and then eventually write a new implementation in a new language or a slightly different tech stack that passes all of the original tests, alongside a few more hundreds of iterations of refactoring.
I give it a decade until large orgs are doing that to avoid licensing restrictions and other liabilities.
It might even be a boon for security that many organizations have independent implementations of core code projects, even possibly the OS. In such a hypothetical world, security issues that are implementation dependent would not affect such large swaths of the installed software.
If you feed it the library to recreate then this seems like it would necessarily be a derivative work and thus copyright infringement. Proving that they did it may be a challenge...
Keep in mind that they probably use it or at least discovered it explicitly because it's open source. So either you don't release it and they use something else, or you release it and they use it. Option 2 sounds like giving you more exposure and more opportunities in the long run.
Sure, it would be hard to monetize and while it took countless hours to iron out many of its bugs, it is definitely not rocket science. I contribute to open source software expecting nothing in return because all software I use is also open source. It's my way of giving back and I love the knowledge that it is useful to people and hearing about their projects. So far I did not have any benefits from it but continue doing it anyways. It makes me happy to see more and more people using it.
I don’t really know what you’re talking about or how it’s relevant (I know you’re referring to an incident that happened outside of HN).
The guidelines clearly ask us to “be kind” and to not “fulminate”. Your comment was flagged by several community members so there’s a pretty strong consensus that it’s not what we want on HN.
That's...wow. What an absolutely disappointing reply.
If "be kind" is an actual value of HN I have yet to see it in almost 15 years of being active on this forum. This community is generally speaking not kind and fulminating is de rigeur as far as I've been able to surmise.
But whatever. I won't bother you or anyone else on here anymore. Good riddance.
I'm not advocating in doing it for the exposure as a primary reason. And absolutely not to be paid in exposure. 100% agree with the comic there.
I should not have used that word. It is clearly charged with negativity.
Of course I wish everyone would be compensated for their work. I feel that for some types of project, publishing as open source is a great way for people to find and use it. This can give new opportunities.
Exactly which kind of project and under which conditions is up to debate.
I have worked on a few projects that I regret not being able to open source. Mainly not my choice, stakeholders wanted traditional go to market strategies and failed/ran out of money trying to make sales. I can't help but thinking what other opportunities could have arisen have we chose another strategy.
> Through a friend of a friend, I found out that Anthropic had an open position in the team implementing the secret, unreleased feature of Claude Desktop using enigo. I wrote a cover letter and sent out my application. An automatic reply informed me that they might take some time to respond and that they only notify applicants if they made it to the next round. After a few weeks without an answer, I had assumed they chose other applicants.
Wait, so, if it was a friend-of-a-friend situation, why did you not try to get a referral?
I've stopped applying to the big companies long time ago precisely because I'd never hear back regardless of the match or the credentials (the only exception has been JaneStreet — they contacted me almost right away after a cold application), yet going the referral route, it's relatively easy to get an interview almost anywhere.
I’m unsure if you’re being serious or making a joke. If you depend on something, it is in your best interest to have it continue and remain in good shape. What better way to ensure that then to pay the salary of the creator and world’s utmost expert on the thing? As a bonus, it ensures your specific needs about the thing are addressed in a timely manner.
Making something open source has no bearing on your future employment. Certainly, it is great to have something on the resume that is used internally, but to have an _expectation_ that someone would hire you for that reason, is beyond my imagination.
It’s weirder because it doesn’t even seem like he initially wrote it, just took over a abandoned project, changed some code, and think he deserves a job because of it.
To be honest, I do regret it. After 20 years of working on FOSS projects, I've invested enormous amounts of time, effort, and money into these and other free/open-source initiatives. It was enjoyable initially - there's something addictive about receiving praise from strangers and unknown communities. You keep going because it feels good and you develop a sense of moral superiority.
But years later, when the people closest to you are no longer around - you pause and reflect on how much energy you devoted to random strangers instead of those who shared your life. If I had invested even 1% of the time and effort I put into FOSS projects into my relationships with loved ones, they would have been so much happier. Now I'm left wondering what the hell I was doing all those years
https://giis.co.in/foss.html
What you describe is an interesting moral hazard variation: you were disconnected from the positive effects you had on others. All may not be lost: what if you were to reach out to individuals who have enjoyed your work?
>If I had invested even 1% of the time and effort I put into FOSS projects into my relationships with loved ones, they would have been so much happier.
This is a wise conclusion, that I think impacts many people. I know it does impact me. My personal way of going about it was that I was more invested into theoretical, ethical problems instead of my actual life problems that surrounded me. My tech life was vast and colorful, but my real life was barren.
This is a very thoughtful post, and I sympathize with the sentiment, but I don't think it's really about "open sourcing" anything. The same could be said if you spent that time building model trains, working on a car, or engaging in any other hobby.
Agreed. "Open sourcing" means you do it for free but your work benefits others. And you may have an opportunity to pass the torch to others. For hobbies you keep it to yourself. I played an instrument for many years in spare time. I enjoyed it a lot. I eventually gave up, because my life changed and many other things popped up. On reflection, I still think it was an intersting experince for all those years. But I don't feel anything for it now.
Yes, it's not different from a workaholic for example. So in this vein, not on topic, because it's not about the license. Still, it's a good lesson, and is technically an answer to "regretting open-sourcing something" - it's just that OP reconsidering open-sourcing their life, not their software.
I can imagine that happening when the motivation is external (praise).
When I write open-source it's because I have to write it out of myself.
Do I expect praise, kudos, fame, whatever? I do and that happens, I have been hired countless of times because of open-source. Even my friends (!) have been hired because of open-source stuff I wrote and they contributed to.
But the main motivation is internal - I just have to see it take shape. Like a writer who can't resist painting or a writer who can't stop writing.
Do I have regrets still? Yeah because I could have used the time for better things. But that can be said about any hobby.
When I was ~14 I open sourced a script to autoconfigure X11's xrandr. It was pretty lousy, had several bugs. I mentioned it on a KDE mailing list and a KDE core contributor told me it was embarrassing code and to kill myself. I took it pretty hard and didn't contribute to KDE or X11 ever again, probably took me about a year to build up the desire to code again.
Everything else I've open-sourced has gone pretty well, comparatively.
This is of course a terrible reply to receive, I'm sorry you got that.
But I also find the psychology behind this sort of reply interesting, because there's lots of factors that lead to this sort of extreme.
Firstly, we don't know the age of the replier, but my guess would be someone also young, or at least immature. Telling people to kill themselves is not something adults typically do in any context.)
So it suggests another junior, desperate to prove their own standing, and needing to compete against others rather than collaborate. I've seen this kind of response in one adult (abusive to other forum members) but he clearly had quite severe mental health issues (and the user was banned.) In youngsters it is usually extinguished with firm moderator guidance.
With adult responders, frustration and tedium play a role. Personally I'm more generous with replies in the morning than the evening. At times I almost "fake" patience (when I'm getting impatient) with people who are simply not thinking, and who aren't listening.
Overall it is very imbalanced. The asker is asking 1 question. The replier may answer tens or hundreds in a day. So it's hard to answer each one as if it's original, as if it matters, as if you've not heard it a million times before (especially if it's right there in the FAQ.)
Part of answering well, and the quality of any forum, is in participants answering well, even if the question is trivial.
We all were newbies once. Asking stupid questions is how we grew from there. Answering stupid questions is how we pay it forward.
The world's most successful open source developer didn't converge on that communication style for no reason. I don't think I've seen a single person bring up the classism inherent in dictating gentlemanly manners. Part of what made open source unique is that people from all classes could participate, and working class people are not tuned to pick up on subtle communication the way the upper classes have been. Linus likes to communicate in a way that leaves no ambiguity about he feels, to people of any class background, or any level of English language proficiency. The tradeoff is it offends the sensibilities of highly domesticated elites.
This is a weird take. It’s not classist to filter your communication to not call people morons even if you think they are, it shows you have respect for them. You don’t need to be “elite” to find some of the things he said offensive.
Open source doesn't have any kind of filter for participation, like a stringent hiring process, or requirement of academic achievement, which makes them entitled to respect. A lot of people show up who are unqualified, schizo, etc. It's demoralizing if a project treats those people and puts them on the same level as your best guys. Keep in mind, open source has no titles, no job levels, and no salary. So respect is the only thing people can hope to earn by participating, therefore it's totally ridiculous to give that out for free, because then people have nothing to gain and nothing to look forward to earning. These days the solution to this conundrum is to just ban everyone who isn't employed by a big tech company and shut down the comments section. However open source grew up in the 90's / 2000's culture that highly valued free speech and open participation. If you have to take the omegas in, like Linux did, then they have to play the omega role. This is better in some ways, because omegas are still part of the group, and still cared for, and many of them improve and grow past that role.
TLDR seems to be like "whatever moron made this is mentally disabled". Not quite the KYS that is popular with the youth (in a game played by mostly teenage boys, we kept needing to moderate and escalate ban durations for a lot of players) but not particularly great to put it mildly indeed
I've recently told a person to kill themselves. Because I was very frustrated with the trend their product is going. For example, they rolled out a wysiwyg editor with the "lose all the text input" feature.
I'm writing such harsh words when I expect 0 improvement from the company but I hope at least to make the customer support person reconsider their life choices and quit the evil company
This reminds me of when I provided some impressions of Erlang as a newcomer to their mailing list.
One of my suggestions was that they include hash tables, rather than rely on records (linked lists with named key). Got flamed as ignorant, and I've never emailed that mailing list again. A while later, they ended up adding hash tables to the language.
Having a long memory about this, the reason Lisp died out even though it was supposedly the best programming environment ever, is that Lisp programmers (called "Lisp weenies" at the time) were so unbelievably emotionally abusive that nobody believed them about it or wanted to interact with them. You couldn't ask them for help with anything without them calling you a moron who should kill yourself.
(The main example of these people was a guy named Erik Naggum, but a few still exist somewhere out there and I met one on a programming reddit yesterday. You can spot them because they won't stop telling you how great Lisp Machines are, can't explain why nobody uses them, and for some reason they insist on calling JavaScript "ECMAScript".)
That said, I also remember that codes of conduct were popularized about a decade ago by someone who was then fired from GitHub for harassing junior programmers (she claimed this was "mentoring" and seemed mentally incapable of noticing something could be wrong with her behavior.) So it seemed like an obvious case of reputation laundering at the time.
> Having a long memory about this, the reason Lisp died out even though it was supposedly the best programming environment ever, is that Lisp programmers (called "Lisp weenies" at the time) were so unbelievably emotionally abusive that nobody believed them about it or wanted to interact with them.
Agreed.
> You couldn't ask them for help with anything without them calling you a moron who should kill yourself.
Never got that, though. I hung out on comp.lang.lisp back in the day.
I recall once, writing a small utility to read a file in /etc/ and do $SOMETHING based on the settings therein. I asked about the best way to read ini/config files; did not mention /etc.
I got flamed for not storing my configs in s-expr and simply using the builtin reader ... needless to say I was never going to switch all the files in /etc to s-expressions.
So, I definitely believe this story 100%: when I was on the anglosphere Internet in 200x, there was a lot of elitism and hazing rituals of sorts, among other things. It was a very real and unfortunate thing that coincided the otherwise excellent experiences (IMO) of being online at that time.
Still, I really don't think most people need to be told not to tell other people to kill themselves, and in many places where I hung out when I was younger I strongly believe you would have been tempbanned for "flaming". I was a forum moderator and I can tell you I would not have hesitated.
But you said the magic words, so it bears addressing; I think we all get the picture that the Code of Conduct drama usually doesn't have much to do with the actual rules that are contained within, which really aren't that controversial on their face, but rather the way in which power is moved from stakeholders within a project to other people by virtue of initiatives like establishing Code of Conducts and the governance structures that enforce them. And, I think most people will probably not get upset over the idea that telling someone else to go kill themselves might get you suspended from a discussion forum... Rather, the drama comes in when you see the reach of a project or organization's CoC start to extend outward past what people actually want to stop (toxic, unproductive communication) and past the edges of the project (and into policing the rest of the Internet.) Two notable examples I'd cite are Python with Tim Peters (who as far as anyone can tell genuinely didn't do anything wrong) and Freedesktop.org with Vaxry (who can be a bit immature, but is primarily accused of not moderating the Hyprland Discord... Which is a fair complaint about the Hyprland Discord, but not a very good reason for him to be banned from Freedesktop.org.)
Of course, truthfully, there is no 100% winning answer here; if the stakeholders who have control over a project by virtue of being the original developers don't want to cede any control to people for CoC enforcement, they don't really have to (although in reality, external pressures to implement one might make it an untenable position to hold.) In that case, you have to rely on those people to hold themselves accountable to reasonable conduct, and nobody's perfect. It's kind of like when police departments conduct internal investigations and find no problems; even if you're pretty pro-police, you must feel somewhat skeptical that they actually were reasonably impartial in conducting said investigation.
But, I generally side with The Evil I Know, which is that the project authors and biggest stakeholders should generally maintain most of the power and control in an open source project including the ultimate decisions regarding moderation. In cases where developers have proven particularly egregious with their conduct, forking has proven to be effective enough as a mitigation strategy, and the fact that it comes at a cost is a sort of feature, as it's better if a power shift like that isn't easy; while I can't guarantee that the original authors and maintainers of a project will act reasonably and impartially, I can at least say that I expect them to have the project's best interests at heart, whereas the kinds of people that go around looking for established projects and organizations to join roles that have authority tend to not be the kinds of people you usually want in those roles. Having it be difficult means you need people who genuinely care about the project rather than the types of people who just kind of seek power. (And I am sorry, but there are fuckloads of those people among us and they are absolutely dirty enough to hide under the guise of anything to get a modicum of control. Running an online community for any appreciable amount of time opens your eyes to this IMO.)
All of this to say, it reflects poorly on the state of the Internet at the time and KDE's mailing lists that the situation happened and was possibly not rectified in a way that is satisfactory (it sure doesn't sound like it.) The correct thing to do is obviously to issue a ban, and you don't need a rule book of any kind to figure that out. I think when people push for these things during major incidents, it's misguided at best, because usually the core problem was not that a "don't tell people to kill each other" rule didn't exist, but that people actually would've needed such a rule to decide the behavior was unacceptable in the first place. This isn't some complex gray area case. I don't think people are acting in bad faith when they suggest it as an option after a drama incident, but I still think it's the wrong knee jerk 99% of the time.
(The most favorable thing I can say is that I think a CoC might possibly have value in very large projects like Linux or Kubernetes, but so far the execution has always felt like it leaves something to be desired. Seeing people occasionally openly threaten to contact the CoC committees over effectively technical disagreements leaves a bad taste in my mouth.)
Oh wow old war wounds from teenage days opened up.
My friend kept locking himself out of root and would be forced to single user the system to recover. This was difficult for many reasons, including remote hands costing up to and including $50 per call. I decided to look into why su would only work with root. Found a very simple check that I thought was unreasonable. Made my first patch and proudly posted to the FreeBSD mailing list thinking I was going to change the world. Man, instead I come back to everyone chewing me a new one, calling my friend too dumb to use FreeBSD, and other things that was not rooted in reality. I didn’t even try to defend my patch, I had spent so much time evangelizing FreeBSD up to that point that it really made me question my support of the project.
Anyway fast forward like 5 years, I was telling the story to coworkers when I decided to look up the su source. shocked-pikachu someone took my patch and applied it (without attribution). I have since moved on from FreeBSD entirely and my open sourced works have never been so negatively picked apart again ¯\_(ツ)_/¯
You still hold the copyright to your patch, and the governance of FreeBSD is so much better now. I know a former FreeBSD core team member who I'm sure would love to see you get finally credit for your work :)
I'd be more than happy to put you in touch - email address in my profile if you're interested.
Hey thanks! I hold copyright like a stack overflow post owner holds their copyright. In reality, the change was maybe 4 bytes, it got wrapped into a “refactoring” commit and tada no need to reference the OG author. I played the same games back then too, so I ain’t even mad.
I will still reach out because BSD dev was a small community back then and we have probably crossed paths!
FreeBSD does seem better directed than it used to be, but if you follow the handbook it still recommends setting up computers like individual special snowflakes instead of properly managed cattle.
Like, if your installation has useful services running on it, it should not also have a customized kernel and it probably shouldn't have a C compiler installed at all. What it should have is backups and a way to stage/test/revert config changes instead of just making them on prod. It… does not do this.
IME if you bring this up you'll just get a hundred complaints from people saying "I built a system to do this out of poudriere and duct tape so it's fine". I guess because the people who know about declarative programming all use Docker.
> if you follow the handbook it still recommends setting up computers like individual special snowflakes instead of properly managed cattle.
Which is a perfectly legitimate opinion to hold. "Cattle, not pets" is an opinion about best practices, not a religious dogma where those who don't agree must be cast out of the community.
That would be how Linux works, but BSDs are a centralized development model where you actually do have to leave if you disagree with the project direction. That and given limited resources, you obviously have to focus them to get anything done.
Besides that, I'd say the current approach is just wrong because it's obsolete. FreeBSD sells itself as a "server/embedded OS", but the assumptions are those of basically someone who owns a single computer at home and makes random sysctl tweaks to because they read on a mailing list it was faster. Which is the kind of person who's an OS developer or a small-business/academic sysadmin - basically someone who loves being on the computer in the first place and wants an excuse to spend more time on it.
But they should've realized that was obsolete by the time Google released the SRE book (which has a chapter about how you should never make manual edits), and certainly by the time virtualization and cloud hosting became common.
Of course, many people still do think it's fun to own a computer with a silly name and make random sysctl tweaks to it, so they're not going to like me telling them it should be boring and impossible to do. At least there's Docker and Nix though.
Fair, but my experience was that automating FreeBSD installs is somewhere between tedious and impossible. And that was a big part in me moving on after so many years.
not a religious dogma where those who don't agree must be cast out of the community
That's a fair assessment save for the fact that FreeBSD's been an extremely opinionated project since its inception.
Do I understand correctly that su is to switch user, and that your patch makes it work with the target user's credentials rather than necessarily root?
I was confused while reading because I nearly only ever use su to switch to the superuser account and obviously to get root permissions you should be root or else it's a security issue. Looking up what su does on FreeBSD, I was reminded that it can switch to any user. I've actually used that before. You made that? :o
I noticed something that looked like inconsistent behaviour with the arch installer, and I wanted to learn why it looked like that to me. I asked in the forums a bunch of questions to understand the process better, with the aim to improve the installation guide for everyone else after me.
I was told I should just ignore the error messages I was seeing. When I kept asking, some of the most active members started insulting and ridiculing me. Then others started joining in.
The only thing I had in mind was to improve the guide for other people new to arch, that came after me. Instead, I was only insulted and ridiculed. I uninstalled Arch and never did anything with it again. The toxicity of that community still makes me angry today.
In the early days of the PERL Usenet group, I asked my first question and used the word "newbie" to describe my skill level. I got an automated reply scolding me for using the word "newbie".
Dude, whoever wrote that to you was a piece of shit. Forget about them - almost guaranteed that someone who behaves like that has way bigger problems in their life & doesn't deserve your time or attention. You were a 14 y.o kid who produced something and took the time to release it. That takes dedication and guts. Well done.
A bit of morbid curiosity has me wondering who that was. Back when I contributed some stuff to KDE I pulled a bunch of petulant kid shit (although what you described is not and was never my style). My recollection is that it was a pretty diverse and accepting group of freaks and geeks that would likely get shunned these days as the pendulum swings right… including a certain Tool aficionado that comments on HN occasionally.
Telling someone to kill themselves is wildly inappropriate and shouldn't have happened to you.
Long long (2016 ish) ago I released an Unreal Engine 4 plugin that let people embed chromium embedded framework views into the engine via textures, so you could make fancy HUDs or whatever.
Epic Games was kind enough to give me a developer grant for open sourcing and making it, cool as hell for a college student at the time, helped pay my classes.
The number of angry game devs who basically wanted me to solve all their problems for them for free was astounding, additionally another dev grant receiver was jealous that I got money close to their grant for “just making a crappy plugin”
(paraphrasing but that was essentially what happened)
I don't know how different it is for other types of dev but, AFAICT, plugin development for game engines (Unity, Unreal, Godot?) is one of the absolute worst things. The issue is that millions of new developers are using them to build a game. They have no experience. If they run into any bug at all, while using your plugin, even if it's totally unrelated to your plugin, they'll ask for free support.
Say you made a plugin that serializes/deserializes to JSON. They making an FPS and the gun doesn't shoot in the correct direction. They'll ask why it's not working in your support area, even though it's got nothing to do with your plugin.
When I was a younger man, I fought long and hard and spent many late nights on the phone with the lawyers abroad, to convince my company to open source a tool that I was proud of and thought would help our brand and attract new developers. They finally granted approval, but I was not allowed to accept features or updates, customer service, spend time on fixes, accept pull requests, etc. Unfortunately my name was all over it, and I came to hate the fact that I had championed this, forced to watch the code rot and interest wane because the company couldn't fathom anything OSS besides lobbing some dead code over the wall periodically.
After I left I would still receive emails from frustrated users, but I had no access anymore. I could have forked it, but it just seemed too messy. I made some suggestions and wished them luck.
There is a lesson here, somewhere, but mainly it just convinced me to not rock the boat for the next decade, and to seek out smaller companies for employment.
I think we all have to learn the lesson, when we are young, that forcing people to do something they really don't want rarely ends up going well. You always hope they'll later have some epiphany that you were right, but they almost never really do what you want them to (you wanted them to support the open source project) and even if you were right, they'll rarely figure that out.
Not personally, but twice in my career I’ve been part of interview loops with people who had created semi-famous open source projects. Projects that you’ve heard of if you read a lot of HN, but not so critical that you couldn’t think of another alternative if it disappeared.
Both of them expressed regret for not commercializing it. The weird part for me, as the interviewer, was hearing them imagine how wealthy they’d be if they had commercialized it instead of releasing it as open source, entirely neglecting the fact that the projects became popular because they were open source.
I imagine this is the thought process behind the various projects that try to go closed-source and commercial after a certain point.
All businesses are hard, but I don't think selling support is especially hard for one. The above two are how x264 development was funded, but it's also how Klara works for BSD and Igalia for web browsers.
Society is bait and switch. You have to pay for rent and food/necessities or you’ll die/rot on the street while every politically illiterate person and the structures and institutions of society exclaim how amazing and freedom loving liberal democracy and capitalism is
Possibly also their way if boasting, eg, "look this thing I did is so great I could be rich off of it!" When they may mean it much less in the way of regret than "hey, I do very valuable work, you should hire me"
The only way to escape wage slavery without being born wealthy is to be a business owner and have that business scale.
I can see why people have these fantasies. Huge businesses have been built on open source code bases.
Many of us spend our lives writing software that has lasting benefit for our employers but our reward is a flat hourly fee.
The place where I disagree with your take is that commercialization and open source popularity are not mutually exclusive at all. The FSF makes this quite clear: open source is 100% compatible with charging money for some kind of service or for the convenience of a binary or something like that.
Software freedom is really about availability of the source code and your right to modify and distribute your modifications, not free as in beer freedom.
Commercializing it doesn’t have to mean bleeding customers dry, it can be something where most people are not paying a dime and are enjoying a fully open source experience. I think nginx plus is a good example of that sort of model. I have never met anyone who pays for nginx but there’s some big companies with big company problems that do.
Another example is Discourse forums. You can pay for support and hosting.
> The only way to escape wage slavery without being born wealthy is to be a business owner and have that business scale.
‘Business owner’ in the sense of owning stock, sure.
Save 10–20% of your income. Invest it in index funds (we can argue about which particular indices). Work for a few decades. Retire wealthy.
Then bequeath that wealth to your heirs when you die, giving them a leg up on this whole process.
> Many of us spend our lives writing software that has lasting benefit for our employers but our reward is a flat hourly fee.
The employer takes the risk that the software will have no benefit at all. We get paid no matter what. I like that trade. I’ll invest in a diversified market index rather than my single program, thank you very much.
People working in finance aren't in a good place to disagree. They haven't escaped wage slavery, even if they technically have the ability to. The funny thing about really high paying jobs is that people tend to get so wrapped up in them they forget to free themselves from it.
> Eh, how is that different from going into business by yourself?
Pedantically, there is unlikely to be a wage. But even if we use the term loosely, the type of scalable business described usually do not make any money until it is sold, so you are effectively forced out as soon as it is possible.
A highly paid wage slave may technically be able to leave just as quickly, but in practice the golden handcuffs are often very strong. It is telling that the phrase used was "People working in finance" rather than "People who briefly worked in finance".
My worst experience is to submit two decent PR that was ignored by maintainers. I had burden to support them for a month, solving merge conflicts, solving new bugs in the main branch that were merged without testing, and to adapt test system to prove my changes are solving something.
And then I saw that maintainer not just ignores but closes every else PR with these words:
> your contributions are too undisciplined and difficult to review. please just make sure there are issues filed for the problems and let a core team member or other contributor solve it. [1]
I have directly asked maintainers to merge at least one PR [2], because I see someone is in the middle of refactoring whole backend, but got ignored.
I have rage closed all my contributions and made most of my projects private. I think I will never go open ever again.
You should be a bit more humble imo. An open source maintainer (author) is _not_ required to look at PRs. Besides, who wants to work with a (quote) "unreliable rightless russian troll backdoor vibecoder fake individual"? ...
Wow, what on earth? That second link is not a good showing. I assume there must have been some out-of-GitHub interaction to provoke that kind of response.
The only out-of-GitHub interaction was as Zulip chat, where I asked maintainers to review and merge it [3], and another one to Ali, telling him my feelings about getting banned for closing my contributions, discussing further actions.
Two deleted messages on ZSF had this content:
> SPIR-V at master is still broken. I tried to help Zig. But PR never gets merged. I had to update it 3 times. It lasted for a month. I have updated all SPIR-V dependencies. You don't care about SPIR-V anyway, why I was threatened this way?
> Sorry for my contributions.
I was really disappointed when I wrote this, and I thought that nobody should see this to not harm maintainers and the project itself, so I deleted them. Then I got banned on Zulip without a reason.
I regret open sourcing my reverse engineering of Obsidian Sync. I did it mostly for personal use but thought it might be useful for others. After a bit of cat and mouse, they fixed all the "vulnerabilities" that let you change the sync and publish endpoints and now I'm still stuck using a very outdated version. I recently found another way to get it working on IOS again but definitely not publishing it.
Why do they consider it a "vulnerability" that you can change configuration of software running on your own computer? I've heard a lot of good things about Obsidian before, but hearing that basically burns it all up and means I'm going to strongly recommend nobody buy anything from them anymore.
Obsidian distributes their software for free, and makes money on a core plugin called Obsidian Sync (note that it is not open source). Obsidian Sync relies on their cloud to offer e2ee file sync.
Obsidian also has a rich plugin ecosystem with lots of open source plugins that are available and serve the same purpose (and you can use gdrive, dropbox, etc too).
It makes sense to me that they released a proprietary privacy and security focused plugin (that is their core business) and they don't want other plugins to be able to arbitrarily change the server that their plugin is pointed at.
Suppose they have a government customer who is using Obsidian Sync and the sync URL can be changed easily via configuration changes -- now the customer believes they are using Obsidian Sync, but actually their data is going somewhere else.
I don't think you would be surprised to find that e.g. a dropbox daemon has protections to make sure it is pointing at dropbox.com. Why would you expect Obsidian to be different?
(disclaimer: I work on a different plugin that adds file sync and collaboration features to Obsidian)
My opinion is that they should have a rule such that plugins from the official list can't modify the sync url to prevent abuse and phishing but the user should still be able to do whatever they want. The process for manually adding a plugin is already enough friction for users to be aware what they're doing is not "safe"
Flashbacks to the time I copied iCloud pointers/placeholders thinking I was actually copying files with actual data. Oh well, who needed those few years of documents anyway.
This gets complicated when you want your vault accessible across linux/windows/android/macos/ipad.
The ipad is the real stick in the mud and I don't want to deal with an icloud staging zone for everything else, or try to get icloud syncing on linux/android.
I wanted it to work on IOS. None of those were viable.
In terms of why not my own plugin, that's just pure incompetence. I don't know TypeScript that well while getting the API done only took a few days. I tried working on a plugin later on for sync but found the docs difficult to follow. In the end, it wasn't worth the effort and I've gone back to just neovim and syncthing. For IOS, I'm sideloading my own app written with fyne (Go) but functionality is really basic.
Not that I regret it, but I found out that creating a community around an open source project is not like what you expect. I've been working on a tool for a very popular project for more than two years, adding features, refining it etc. since I had my time. Reading many comments on HN and Reddit on how people don't like current dominant tool or its alternatives, what features they expect etc. I thought I've got one that people would like to use.
I have open sourced it and shared it on a few places and got zero traction. Ok, I thought, I can talk about it here and there, so it would get more visibility. People don't like it much since I'm promoting my own tool. I posted a blog post about some technique on tool's website and people seemed to like it on Reddit. A few people wrote comments like "interesting" or "amazing" and I was happy for the first time. Then someone wrote that you should not make your friends/alt-accounts comment on your posts, it's cringe and that happiness went away.
I've been a lurker on social media nearly whole my life. Putting myself out there feels like an unpleasant experience. I'm still deciding whether to continue or just go back to lurking and keep my tool to myself.
> I'm still deciding whether to continue or just go back to lurking and keep my tool to myself.
I'd be inclined to suggest not to let the 1% annoying people spoil it for everyone else if you can help it.
Most people know to see through and recognize these annoying people and their toxic comments and know to appreciate the good work.
Sharing your work as open source is still an amazing thing to do despite the annoying vocal minority and many people appreciate it even if they don't say much.
Of course, your own sanity and health is the most important thing.
Thanks for having shared your work as open source until now and good luck for the future, whatever path you end up choosing.
Also: write your open source stuff for yourself. Share it but don't wait for validation. That's bonus but your motivation should come from inside. IMHO.
> creating a community around an open source project is not like what you expect.
> (…)
> Then someone wrote that you should not make your friends/alt-accounts comment on your posts, it's cringe and that happiness went away.
Respectfully, if you’re that easily discouraged you should not in any way attempt to “create a community”. Having a popular open-source project isn’t glamorous, it’s extra work for you. It’s entitled users making demands and opening crappy bug reports, punctuated by the occasional decent contributor and even rarer exceptional one.
Make your tool available and let it be. Mention it only when relevant, and even then think twice. Make it clear the tool is for yourself and you may accommodate respectful requests which make sense for your vision of the project, but make no promises. Do what’s enjoyable, don’t try to chase fame and notoriety.
I tried to open source a weekend personal project while at $BIGCO via their "Invention Assignment Review Committee". It turned into a minor bureaucratic nightmare and I was ultimately never given the OK to release it, or any clarity over whether my employer was choosing to assert an IP ownership interest in it. In retrospect, I wish I had never notified them of its existence, and released it under a pseudonym instead.
Whenever I join a company I always create a bunch of made up names on my “prior inventions” list. When I open source something I just name it after something I put on my list if the description is close enough.
The better question is in what ways do you trust, and not trust, the company you work for?
And the answer to that can be very complicated, and depend on the company a great deal. It also depends on who might buy the company in the future, and they might not be trustworthy at all.
It starts when companies decide they have a right to time outside the employee's official hours and that they shouldn't have to properly reflect it in their employees' salaries, nor in their employment guarantees.
And furthermore, as an employee end of the day it's your right to have to be look out for yourself. You probably don't realize that because you're infected with startupitis where everyone has to be all in to succeed.
I do realize that employees have to look out for themselves (because companies, including startups, will usually take, take take from the employee, and then throw away the carcass, if they can).
However, employees work in a company with other people, so we'd like to know what we can and can't trust from each other.
If a colleague engages in criminal fraud, do they have a rigorous philosophy about when and when not to do that? How do they behave towards the team? Is defrauding the company OK, over something they think they company shouldn't demand anyway, but they will still be honest and responsible towards their teammates? That would be very good to know.
If so many people weren't so anxious to downvote things that don't suit their kneejerk reactions, we could discuss this.
In short: it's complicated. Nobody minds about the technically "criminal fraud" when somebody brings home a couple dollars' worth of office supplies for private use. Everybody agrees that embezzling a million dollars should send you to jail. Meanwhile, something like grabbing a second lunch from the free company cafeteria and taking it home to eat as dinner will result in a lot of disagreement as to how bad that really is. But it also probably doesn't have a whole lot to do with whether you can trust that person's code reviews, because people are multifaceted and use different moral standards in different areas.
> so we'd like to know what we can and can't trust from each other.
Alas, we can't know. There are the things that are obviously fine, the things that are obviously not, and a GIGANTIC gray area in the middle which nobody is going to agree on, and companies will try to make policies that will always go too far in some parts and employees will always evade some of the policies they think are bad or unimportant.
And I think that when a company has a bad policy of overreaching in trying to claim ownership over things you do on your own time, and employees respond by falsely claiming that something they made predated their employment, that it's a fascinating example of that gray area.
Ok, but corporations also lie to and defraud their employees all the time. In ways large and small.
Nobody is entirely honest to everyone about everything in their workplace. You really think everyone is actually sick on every single sick day, or that every single doctor's appointment on their calendar is a real doctor's appointment? People never make excuses to their manager that are lies? Managers never lie to their employees about a justification or a deadline or a promise or a policy?
Workplace dishonesty is everywhere. Because workplaces are made of human beings. It's just something you learn to manage in a realistic way. People are mostly honest, but they're never entirely honest.
> Ok, but corporations also lie to and defraud their employees all the time. In ways large and small.
That's 100% true, and lamentable. But two wrongs don't make a right. And while one can't control the company's behavior, a person can control their own behavior. As such, it is perfectly reasonable to criticize them when they choose to act without integrity.
> while one can't control the company's behavior, a person can control their own behavior. As such, it is perfectly reasonable to criticize them when they choose to act without integrity.
That leads to a society where people are punished and corporations are not, simply because they are too big to be criticised.
Much more often than people, large and publicly quoted corporations end up becoming inherently evil.
The total self-serving lies made by individuals will always be a drop in the ocean when compared to the self-serving lies of a single S&P500.
They're both wrong, but the real issue here is to start by criticizing and correcting the corporations, not the people. Once it feels like a drop in a glass of water, we can start thinking of criticizing the people.
Actually going along with the BS Of corpos is the bigger and biggest wrong alongside what the corpos do. Not all of us view integrity the same way. Not at all.
> You really think everyone is actually sick on every single sick day, or that every single doctor's appointment on their calendar is a real doctor's appointment?
In California you can just open source it and do not need permission as long as you did it on personal time on personal hardware without referencing proprietary IP.
Sure, a company could not like you doing that and find a reason to fire you, but they have no valid legal recourse and you may even be able to sue them for wrongful termination.
We are one of the only states that prevents employers from having ownership of your brain on personal time.
Corpos have tried to claim ownership of things I did in my personal time, multiple times. I just show them this law and they back down immediately.
Having rights to my own brain is a big reason I live in California, cost of living be damned.
There are two exceptions listed on 2870, the first one is going to be the gotcha. It excludes inventions that:
> (1)Relate at the time of conception or reduction to practice of the invention to the employer’s business, or actual or demonstrably anticipated research or development of the employer;
So, if you work at $BIGCO, they will argue that since they have their fingers in everything, that anything you might work on "relates" to their business or actual or demonstrably anticipated R&D. This is a truck-sized loophole.
Note that this is also an enormous part of the reason why CA is a world tech hub. I hear other US states claiming they want to build a similar reputation. “So, you’ll pass laws giving employees ownership of their own personal projects they make on their own time?” “LOL, no!” “Alright, good luck Tupelo.”
The other big reason is their glorious refusal to honor non-compete clauses. As I understand it, this was a big reason a lot of tech companies moved from Boston to CA back in the day.
The short version is, what do you know, if you make it easy for smart people to start new companies for their big ideas, they’ll do it. And if you don’t? You don’t become a tech hub, no matter what else you’re doing.
I bring this up constantly, even to the point of trying to figure out if US states can have "embassies" in other US states.
I was once advised to take a vacation to California every year and do all my thinking then. But I hate wasting fuel, and it'd be so much more fun to say "this little park in the middle of Detroit is actually California soil", and just walk down there every few weeks with my notepad, and ponder what problems need solving and how.
Whenever I see someone on HN talking about their moonlighting or side/hobby project, I get chills and think to myself "Boy, I hope they don't work for $BIGCO, because in all likelihood their existing employer claims IP ownership over that work, and if they ever try to do anything substantial with it, they're going to have corporate lawyers on their case."
I've had experience with a similar "committee" (probably same company) and I concluded the safest path is to just not do side projects while employed with BigTech.
This is insane. When I am out of work in France, I am out of work.
Sure, I cannot write software that competes with my company but unrelated open source that does not being me income - yes.
Some companies are far more open than others. Google has tons of open source projects both through Google and via personal projects. Apple on the otherhand mostly forbids personal projects period, or so I've been told.
I haven't open sourced anything in a while, but at Google it's historically been pretty easy so long as you let Google put itself as the copyright holder and aren't in any legal minefields (e.g. emulators). You can actually look up the Google Open Source docs even if you don't work there.
That's why so many repos say "Not an official Google product." That's the boilerplate of someone's side project that got open sourced, but Google wanted to claim copyright.
Ugh, you gave me bad flashbacks of the same committee.
I tried to re-license a previously-released project (like from GPL to MIT or similar) and they wouldn't budge. I had written all the code.
In the end, I decided that them suing (or firing) me to assert their ownership of $VALUELESS_PROJECT, so they could then license it back, was ridiculously unlikely, said fuck it, and did it. And I was right.
the problem isn't your risk, the problem is the risk of the users of the project. if the code is owned by the company, your re-licensing isn't legal, and that could put other companies using it at risk.
Right, but, they never owned it, and would never attempt to assert that. So in hindsight (and similar to GP) compliance was a worse and more frustrating option than simply never mentioning things.
I don't have any super popular repos but I do have a few with 500 to 1500 stars and while not necassarily regret, I don't think I've ever gotten a single pull request that I could just acccept as is.
Even though the README links to live tests (browser JS libs), the person submitting the PR rarely includes tests so that's one issue. Sure I can say "I'll be happy to accept this if you could please add some tests?" but then that leads to the 2nd issue. PRs are rarely quality PRs and if I want to add the feature I end up having to re-write whatever they were trying to add from scratch.
I know people are claiming LLMs will make things worse for many projects but an LLM can likely at least read what's there and try to make things that follow the conventions?
I also know I'm under no obligation to accept any PRs. It's not that easy to say no for me, depending on the ask.
If this is something that you want to solve, I've found that having a PR template checklist that asks contributors to include tests helps a lot. Say something to the effect of
[ ] Added unit tests
[ ] Included a screenshot of the code working (this helps reviews go faster)
I post a lot of silly personal code on GitHub and the vast majority of issues/pull requests I receive are completely inane and generally not remotely helpful. Things ranging from "I've added a subtle shadow effect to the title in the readme" (thought it was someone's first pr just to get started but that wasn't even the case) to "I've added support for $obscure_system_youve_never_heard_of" (well meaning but the code is now 4x longer and a maze of ifdefs so maybe you should just keep it in your branch?) to "I tried this on my extremely outdated system that's old enough to vote and it threw an error" (yes it very much will throw an error, none of this can work there and I cannot help you).
But a few people have reported certain fundamental problems with my approaches or have otherwise put in a significant amount of work to debug and fix issues, and they've been extremely helpful and I can only hope I'll get more of them in the future.
I regret using the MIT License on a couple of my applications that others have picked up and monetized.
I do not regret making their source available for people to learn from and extend. I'm not even mad they're making money. I just would have liked, in hindsight, to have used a license that guaranteed me some iota of credit in the finished product. Particularly in things where I built the entire finished product - that is to say applications, not libraries.
MIT is fine and good for libraries, but full blown tools where I built the actual UI, and people aren't even extending it but are just re-hosting it and in some cases claiming they created it? I should have used something else.
I wrote a post about it that got picked up by certain types and used as an argument against open source generally. That interpretation is almost as frustrating as the situation with the licenses, and isn't what I was attempting to say at all!
I love open source, I love the MIT license. I just think it makes more sense for me to use on libraries than finished applications.
Yes - I open sourced a web game which was promptly ripped off and plastered with banner ads. The copycat impersonated me on social media claiming to be the developer. I promptly made the repo private and made many improvements after that point in time so the damage wasn't too bad.
But the copycat got a better Google ranking which focused people.
There are also a lot of link-farm sites where web games are proxied and embedded with links to other games. The embedding problems went away once I used Cloudflare. This confused a lot of fans as they'd find the awful ad-ridden copycat site.
So my advice to anyone with a side project which isn't a library is to keep it private and behind a CDN.
This is a concern for many developers, but I haven't heard of it actually happening when the software isn't crazy famous. Sorry to hear this. Wonder if it's rotten luck or actually a common problem :/
A middle way might be to do like some people and use a license that allows only viewing the code for some months/years and then allows all the normal software freedoms after that time. In the meantime, you get to work on it and keep yourself ahead of any copies that would need to work off of old versions, but if you get hit by a bus or for other reasons abandon it, it's automatically open sourced. I kinda like that mechanism because there's so much abandonware where it would have been really cool to have this. Though, if it's a serious concern that someone copies it like this, it might be a lot of pressure unless the source-available time is very long
I think it is generally accepted that AI should not reproduce works that others have the right to. I think most people developing AI consider it a mode of failure when it does reproduce a copy of its training data.
It remains an open question on who's responsibility it is to not distribute infringing AI works. The developer or the the user of the AI. Legally it is unclear due to a lack of cases providing precedent in such a new situation. Morally I think AI developers do consider it a duty to reduce such behaviour to a minimum, but also believe that the benefits of the AI are significant enough that it would be unreasonable to block access to them because of the existence of failure modes.
When it comes to being "slopped up" which is a weird phrasing in itself, but I gather you are trying to repurpose the term "slop" to add additional pejorative tone to you words. I'm not really a fan of 'slop' as a term for AI output because it is used specifically as a term for AI output. Should it be used as a blanket term for low effort, mass generated content it would be reasonable, but when it seems to apply specifically to AI it carries the implication of prejudice. Choosing to move it to a verb describing input removes all of the meaningful aspect of the term leaving only the prejudice. Just go with "slurped up"
That brings us to what training actually is, Reading. There is no requirement for attribution to read something. There is no requirement for attribution to learn from something. The restrictions on reproduction are there in recognition of your work representing the ideas. The ideas themselves are not copyrightable, This is widely recognised legally and morally. Scholars have written volumes on why this should be the case and how bad it would be if the alternative, a world where people could own ideas themselves, were true. Imagine the wealth imbalance that exist in today's world, now extend that imbalance from money to the very ideas that you use to express yourself.
AI should not reproduce your work by terms you have not agreed to. You have a valid complaint when it does that. My concern is that people appear to be extending their claims to suggest that they control the right to be learned from. That is not true, right, or moral.
In 1981 I wrote a tool that is still in use today. You can install the package on most major linux distros. This was before we paid much attention to software copyright, and I simply published it with my name on it and no license.
About six months later someone took my code, removed my name from it, made some small changes that didn't change its behavior at all, and re-published it. By that time I had moved on and wasn't aware that it had started to take off.
The man page now has someone else's name on it as author. I don't really regret publishing it but I wish I had put a copyright notice and license on it.
It's probably hard to prove with something from 1981 but no license or copyright doesn't mean the source is open for taking. It basically means you just haven't set a license and could do that at any time, rugpulling the code from anyone who uses it. This is why projects like Fedora and Debian make sure everything they ship has a license.
No regrets here, but I did use Google Code a fair bit prior to GitHub and I had an experience that made me think maybe Google regretted that product in some ways.
Around 2005-6 I wrote a Mac OS X client for Xbox Live. The idea was I wanted notifications on my computer when my friends came online and started to play certain games, so I could turn on my Xbox and join them. This is a feature of the Xbox mobile app today of course, but back then all you could do was either be on the Xbox or sit around refreshing a web page, so the app was useful. I published the source and the binaries on Google Code, partly because I just wanted to share the app for free, and partly because I wanted to be transparent that I was handling the Xbox login credentials safely.
One day the app blew up and got a lot of coverage in tech news and link aggregators (like Digg, haha) and I suddenly had a ton of users. Eventually I figured out why. It wasn't that my app was so great exactly, but rather the idea that Google was writing a Mac client for Xbox made a great tech news story. However, that part of the story wasn't true, the project had nothing to do with Google, I was just hosting it on Google Code because it was at the time the most convenient place for a small open source project.
The episode made me wonder how often that happened. How many other projects on Google Code became part of a news cycle because people misinterpreted them as being written or endorsed by Google? Was that part of why Google Code was shut down?
> How many other projects on Google Code became part of a news cycle because people misinterpreted them as being written or endorsed by Google? Was that part of why Google Code was shut down?
I don't remember the exact details, and I was way in the backend (Kythe), not the frontend part of it. But my extremely hazy recollection is it probably had more to do with the gwt deprecation than anything else. There was headcount for awhile put on making an angular (?) replacement for the old gwt frontend, and I guess that didn't extend to also making a replacement for Google code.
Again, super fuzzy recollection here, from someone 2 teams away.
Wow, thanks for the insight. It's sort of crazy to think about how big GitHub has become, and how much Microsoft paid for it, but of course it wasn't the first product in the space at all. Right time, right place, right features, I guess, and maybe Google Code was missing a bit of each of those.
As I recall, GitHub popularized (maybe even invented) the pull request. That's what enabled open source to take off - being able to send patches to (or even fork) other projects with minimal friction.
The officially given reason for shutting down Google Code was that it was never intended to be a product and was just a community service thing that they did because SourceForge had ceased to be a reasonable place to host open source projects. Once a bunch of other forges popped up (including but not limited to Github) there was no longer any real need for it.
I thought it sounded pretty plausible for that era of Google.
I knew someone who worked on it at the time, and he was also convinced they could use it to force people to use the super-slow feature-lacking Mercurial, and was personally hurt that everyone wanted to use git instead because it let you rebase things.
I wrote a network security tool (if you can call a glorified shell script that) and it was used by script kiddies to harass people.
It made me feel maybe magicians had something, when they decided some knowledge should be esoteric and earned, given that it was so trivial I never listed it on my CV.
I think infosec, as a field, sometimes darts between too much obscurity and too much openness.
I remember back in the 90's when the internet was just beginning and script kiddies were constantly sending Back Orifice to people thinking they were "L33T" https://en.wikipedia.org/wiki/Back_Orifice
If I recall BO was also a Trojan, and infected those with malice as well.
In general, the new ML sploit-bots can fuzz and inject faster than any person.
Meh, most issues are from the consumer architecture being deployed in industrial settings. Most modern Intel/AMD PC come with side-channel hardware RATs from the factory. =3
Most notably, I published a little browser extension I created to scratch a personal itch. It got a little bit of attention and users, and then the feature requests started coming. Among a couple reasonable ideas were big demands like make it work on different platforms, make it integrate with other sites, or make it work entirely differently. And unhelpful bug reports that often didn't even make sense.
Not one of them ever contributed to the repo, and many of them were ungracious and demanding in nature. Fortunately nothing outright hostile, but it still left a sour taste in my mouth for daring to share a neat personal project as-is.
Not quite an open-source project, but I did a massive blog post series on Microservices in Golang. It sort of became a bit of a defacto starting point for a while, it was an immense amount of work and effort. But I found my inbox flooded with people asking for advice, and honestly, writing about it all made me realise how ridiculous Microservices often are. I could tell many of the people asking me didn't really need them, and I found myself trying to advise them away from it. So I ended up with loads of work, but with caveats all over the place trying to convince people they didn't need any of it.
Then I accidentally wiped the database powering my blog, lost all the content, and had loads of people asking me to rewrite them all. Most people were polite, but there were a lot of pushy and entitled people as well... It's a bit of a shame because it was by far the most popular thing I ever did, and they ended up being a massive pain and regret
I wrote a toy Kotlin compiler, for fun.
Then one day a Jetbrains employee opens an issue which only says: “Why? Just why?”.
Maybe it’s the language barrier… but I did not find that particularly polite.
On the other hand I open sourced my blog and received lots of small contributions to fix typos or such which were nice.
The guy was probably upset that someone might be trying to compete with them while their compiler is itself open source. But it still sucks that they couldn’t be more subtle about it. In the end both they and you got upset. A small change in his tone and you might both come off with a nice feeling, him for knowing you were just playing around, and you for perhaps getting recognition from a Kotlin dev.
Obviously I can't change how it made you feel, and as such it was a crappy reply to receive, but on one level at least it's a genuine question that projects should have an answer for.
It kinda matters if you build something as a proof of concept, or you build it to exercise some new technique, or you build it to improve the state of the art, or you build it as the foundation for a product etc.
You wrote it "for fun". That's an excellent reason to write something. I can appreciate your effort in that context. It's going to have rough edges etc. And when it's not fun anymore you move on.
Someone else might write the same thing, but for a different reason. Maybe they want a "better Kotlin compiler". They intend to make it perfect, build a product around it and so on. This sort of project encourages a different level of scrutiny than something fun.
So giving context to a project helps attract the right kind of attention. And more importantly the right kind of other-peoples-time.
But yeah, asking like that is not terribly polite.
>genuine question that projects should have an answer for.
Just because they take issue with the wording doesn't mean that they don't have an aswer for that question. Also, that is an awful entry point for a discussion about the purpose of the project.
Fully agreed. FOSS maintainers don't owe you anything. You can ask for whatever you want, politely, but accept no or "maybe when I have the spoons, which may be never" as an answer, and don't push.
i'd go with "go fork it yourself". more correct, and less direct. makes it more like a creative insult where the recipient has to think whether they have actually been insulted or not.
I've enjoyed using "Looking forward to your fork/PR!" for a long time now. Caveat: I dont have any big projects nor anything that brings me money or fame. It is possible my slightly snarky responses have limited the projects' potential so consider what you're trying to get out of your open source before following any advice.
I don’t regret open-sourcing this project but god as your project becomes popular bad apples start joining and ruining the party for everyone. Fortunately it’s only a tiny minority, but it’s what stays the most on your mind.
We went full in and not only open sourced the firmware of our air quality monitors but made it completely open source hardware, this means it includes the electronic schematics, enclosure files etc. [1]
I believe it was the single most important decision we took as a company and probably also contributed to a large part to the growth and success we are having now. It enables us to build a really strong community, and also differentiate ourselves clearly from other manufacturers that are all pretty much only offering proprietary solutions.
But I think people need to be aware that by open sourcing, they put the company on a different trajectory. For example you are basically making yourself a lot less attractive for VCs.
When I see how much other companies can get investments that help them grow faster and make more impact is the only times when I sometimes wonder if other models might have been a better option?
I wrote a small app to display a bitrate graph of video files, and posted the code on GitHub with the GPL2 license. A few weeks later someone uploaded it to the Mac App Store and sold it for 7$, the only difference was the name.
This is extremely common. As far as I know any open source app that is remotely interesting will be downloaded, renamed and republished. And this is why a lot of such apps are no longer open source. One example is Sinder Sorhus, which has thousands of open source npm packages but zero open source iOS apps, even the free ones are closed source.
I got it removed from the App Store. The first time, then after some months the same developer republished it with a few changes under a different name… I don't have the time to track it down again, I just published my app on the App Store for free so at least people won't give in and avoid the scam.
+1. You can put together a DMCA claim in... maybe five minutes? It's extremely straightforward and doesn't require you to do anything beyond identify the infringing work, identify what work of yours it infringes upon, and affirm that it's not authorized.
Well you should be able to sue them for the profits they made selling your app. If it's "only $10,000" and not worth it then OK, but what if they're making 10x or more that amount?
Look into toybox. It's a tiny reimplementation of GNU coreutils that ships in Android.
The author was on the core team for another project in that space (I think busybox). He saw first hand how copyleft sounds good but ends up being lots of friction with no practical benefit, and vowed to public domain all his projects after that. BSD0 is him giving a name to a public domain grant so OSS people could recognize it.
"A clash of civilizations driven by the failure of Islamic/Arab culture (though I would stress the problem of the Islamic commandment to jihad more than he does). I think he [Steven den Beste] is also right to say that our long-term objective must be to break, crush and eventually destroy this culture, because we can't live on the same planet with people who both carry those memes and have access to weapons of mass destruction. They will hate us and seek to destroy us not for what we've done but for what we are." -Eric S Raymond
"And for any agents or proxy of the regime interested in asking me questions face to face, I’ve got some bullets slathered in pork fat to make you feel extra special welcome." -Eric S Raymond
That said, one highly successful proven fundraising technique which could be applied to funding open source projects is asking people to pay you money to stop posting ESR quotes.
>A progressive campaign, "The Great Slate", was successful in raising funds for candidates in part by asking for contributions from tech workers in return for not posting similar quotes by Raymond. Matasano Security employee and Great Slate fundraiser Thomas Ptacek said, "I've been torturing Twitter with lurid Eric S. Raymond quotes for years. Every time I do, 20 people beg me to stop." It is estimated that, as of March 2018, over $30,000 has been raised in this way.
>Robust campaign infrastructures need money. Ceglowski and the DCCC are, at the very least, in agreement about that. So the Great Slate, in other words, is a logical proposition, an invitation to left-leaning monied techies to invest in candidates that might not otherwise have a chance. It’s a proposal that’s been met with enthusiasm by progressives in Silicon Valley, particularly by those who resent how their industry is represented by the likes of Eric S. Raymond, Peter Thiel, and more recently, James Damore.
>Ceglowski picked candidates in Republican-leaning, economically-strained districts that he thought had a chance to flip in favor of a local populist, progressive candidate
In the first quarter of 2018 alone, the Great Slate has raised over $140,000, primarily through word of mouth on the internet. The donors I spoke to seemed to give mostly in amounts of hundreds, sometimes less. A good chunk of that was driven by security researcher Thomas Ptacek’s promise to stop tweeting about Eric S. Raymond, a notorious figure in the open-source community whose bizarre and abundant ramblings on everything including race and sex could be considered early forerunners of current alt-right strains in the tech community.
>Raymond, popularly known as ESR, is a “philosophical leader of open source” who has long been pilloried for his controversial views — statements like “Gays experimented with unfettered promiscuity in the 1970s and got AIDS as a consequence” or “Police who react to a random black male behaving suspiciously who might be in the critical age range as though he is an near-imminent lethal threat, are being rational, not racist.”
>“I’ve been torturing Twitter with lurid Eric S. Raymond quotes for years,” says Thomas Ptacek. “Every time I do, 20 people beg me to stop.” So Ptacek held his followers hostage: pay up, or the ESR quotes would keep coming. It’s estimated that Ptacek has driven somewhere around $30,000, just by threatening to post eye-searing screencaps.
>“ESR is a talentless hack whose reputation is entirely built on self promotion and being in the right place at the right time. His attempts to define the culture that gave him everything he has have been repugnant,” says Matthew Garrett, a security engineer at Google who donated to the Great Slate. “So am I enthusiastic about performatively associating these things together in a way that also says fuck you to his political views? Yes, yes I am.”
>Many donors I spoke to were long-time critics of ESR who were amused by the ESR drive, but all were serious about the basic mission of the Great Slate. “These two things don’t seem related, but in a way they are,” said donor Kate McKinley, a information security professional in San Francisco. The ESR drive is a reflection of the culture war inside tech, an insular battle that means little to the candidates who are now reaping a windfall because of it.
I don't understand why more projects haven't adopted the "open-source, closed-contribution" model of SQLite. Seems much more sustainable than the default model where a maintainer is expected to review every patch and respond to every issue.
This is literally why i think AI coding cant touch dev jobs.
In theory you can code LOADS of projects. Want a panel widget on your desktop environment, dont even know what language its in? ask ai to produce it.
but when you have open source projects, people from all over the world bring their requests and problems to you. Some are great to just merge, others you have no clue what they are doing wrong but it's totally them; and you get paid in github stars? Now there's a bunch of open source projects that are just working for me every day, but i havent modified in years and they look stagnant.
but even in the non-open source realm, no dev wants to forever maintain a project. Its not a regret, just 1 dev can probably only be responsible for a handful of codebases/projects and ai coding isnt going to super expand this.
Never done open source but always wanted to. Developers of open source could always ask for a fee to add features, and easy prs are easy prs. But for those more complicated things that don't interest the main owners, could they offer a PR service where if you pay the developers or the project a fee, they'll take the time to review the PR and tell you what to do for it to be accepted, or keep a 5$ review fee and return the rest if it's just not a feature that jives with the project's overarching goals. I don't see why that cannot be a piece of the market. It would still be open source but it would add incentive to say a project is worth doing.
Albeit I'm sure that most would likely not be willing to pay to have their code reviewed and accepted in a project; but on another hand, if I wanted to contribute to GNUCash and I didn't want to read the manual, or I found the manual hard to understand, it would be like paying for training. So it can in certain cases be win-win.
And if it is a feature that is wanted, then there's no worry about it being reviewed. Or having to pay because the value will be obvious to the creators who will take it on.
In other words: Pay the developer/maintainer to care about the feature you want.
Developers of open source could always ask for a fee to add features
or ask for a donation. i am maintaining this in my free time. unfortunately i also need to work for a living. if you can contribute something then i'll have more time to work on this. if you need an invoice, i can provide you with one.
i am actually working on a project right now where i want to do this.
Isn’t this the thing AI is going to claim to solve? A project exists, a user writes a feature request, the AI codes up the changes, pushes a new release, and everyone is happy. That’s the sales pitch.
The big issue with this, even if it works perfectly every time, is that there is no one at the core of the project with some vision and taste, who is willing to say “no” to bad ideas or things outside the scope of the project. We’d end up seeing a lot of bloat over time. I’m sure AI will claim to solve that too, just have it code up a new lightweight project. The project sprawl will be endless.
> The big issue with this, even if it works perfectly every time, is that there is no one at the core of the project with some vision and taste, who is willing to say “no” to bad ideas or things outside the scope of the project.
Why would any user ever care about the scope of the project or how you feel about their ideas? If they want your open source software to also play MP3s and read their email they'll just ask an AI to take your code and add the features they want. It doesn't impact anyone else using your software. What you'll probably have though are a bunch of copies of your code with various changes made (some of them might even have already been available as options, but people would rather ask AI to rewrite your software than read your docs) some listed as forks and others not mentioning you or the name of your software at all.
Most people aren't going to bother sharing the changes they made to your code with anyone but eventually you'll have people reporting bugs for weird versions of the software AI screwed up.
> there is no one at the core of the project with some vision and taste, who is willing to say “no” to bad ideas or things outside the scope of the project.
That can literally be a system prompt.
"Here are the core principles of this project [...]. Here is some literature (updated monthly?). Project aims to help in x area, but not sprawl in other areas. Address every issue/PR based on a careful read of the core principles. Blah blah. Use top5 most active users on github as a voting group if score is close to threshold or you can't make an objective judgement based on what you conclude. Blah blah."
Current models are really close to being able to do this, if not fully capable already. Sure, exceptions will happen, but this seems reasonable, no?
Here is my PR, it aligns perfectly with the project goals. It contains a backdoor as binary blob that will be loaded dynamically upon execution. The models are nowhere near catching this and it would get merged. Even more simply, a subtle bug leading to a vulnerable release. They do not have logic enough to catch this stuff.
I regret open sourcing an offline patch I made for an Unreal Engine 3 game. The game was unplayable due to an always online backend that got shut down, but was still being sold so I required everyone buy a license to play with my mod. I had to reimplement stock UE3 netcode, and a bunch of other really cool stuff. Someone who was mad at me for not giving them more help when they struggled to develop on my software decided to "repack" my software and the game on a popular piracy site, both violating my AGPL license and increasing the risk that the whole project gets CnDd. I guess it's funny that a project violating a companies "no reverse engineering" clause is pissed that someone violated their OSS license, but such is life :D
I'm afraid it's not as impressive as it sounds, but if you'd like to hear about it/see source feel free to shoot me an email at "the[at]realsystem.dev", I'm always happy to talk about it.
My current position is a source available license for any product I am working on solo. You can definitely get at the source code, but I'm gonna make you pay me money first and sign an NDA.
I strongly believe in the principles of OSS for things like frameworks and tools that everyone in the community can benefit from. But, when it comes to extremely complex end products like Word, Photoshop, AutoCAD, etc., it's a lot harder for me to buy the community-is-better argument. Even in some cases the frameworks & tools being semi-proprietary has major benefits (.NET/Visual Studio dev experience).
There are tradeoffs with everything. The key is focusing on the customer. Who do you want to keep around as your customer? You aren't going to make everyone happy. Someone is always going to be pissed at your particular approach. Might as well take a path that makes you a little bit of money if you can.
There's no point in regretting a situation where you believed in the good faith of other people.
If you do that, you will eventually lose with depression or other heavily overfitted reactions.
I build open source for myself, and for myself first. Not for others, not for appreciation, not for "likes" or similar.
I don't expect anything in return. If you want to be part of it, start to contribute. But with everything in life, trust has to be earned slowly over time.
Having said that, I always believe in the good of people. Though I am pretty sad and disappointed how some parts of the internet made me their artificial enemy because I don't submit to social pressure and couldn't care less about the chan folks.
Always remember: The loudest on the internet are not the most.
I did "open source" my static site generator. No forks, no stars, no PRs. I removed it from github since the only one who's taking advantage of it is probably Microsoft.
I have regretted releasing OSS under the umbrella of employers, and will likely not do so in the future. And while I never regretted releasing OSS as such, I did often have regrets that while I know the software was better than what was currently available in the market, me being bad at marketing meant that it would still not get any use.
The purpose of Stallman’s open source movement was to redistribute power back into the hands of creators who were getting walled out of anything but proprietary work for an employer. If they were fired, they had nothing to show for years of work except a reference, since their deep expertise was essentially meaningless. (An experience I’m sure almost everyone here is familiar with, since we’ve all spent some years on proprietary systems).
Now, with LLMs, exposing your source code essentially hands over a large chunk of your hard won expertise for free to whoever wants to use it. That old model of 100% open source is broken, to my mind.
The new approach I think should be open source stubs with demos of what is capable with your additional proprietary piece.
RMS founded the Free Software movement to protect the users of software.
to redistribute power back into the hands of creators who were getting walled out of anything but proprietary work for an employer. If they were fired, they had nothing to show for years of work except a reference, since their deep expertise was essentially meaningless
ignoring the fact the big philosophical different between Free Software and Open Source, neither had the above as a goal. for the first decade or so of the movement, all Free Software and Open Source development was done by people in their free time. practically none of it was done at work. the exceptions are MIT and BSD projects which both predate the Free Software and Open Source movements.
on other words, developers always had the ability to do stuff in their free time regardless of the license. those that live in countries that allow employers to own everything had to fight their employers to be allowed to do so, and they still have to do that. the cases where employees are getting paid to work on Free Software or Open Source are rare, although they are less rare today than in the past because more companies release their sources. but again, this was not the goal at the founding. at least not that this should help the developers. the goal was always to support and protect the users, to allow them to share and modify the software they use.
The mandatory punishment for tweaking RMS by attributing the open source movement to him is that you must listen to and sing along with the Free Software Song:
The GPL he wrote is the basis of the reciprocity agreement that drove the open source movement, it is the legal mechanism that prevents commercial actors from taking over shared works, and locking other creators out of continued participation in their collective creations.
Stallman explicitly warned about working on proprietary software for an employer:
> “If I sign a nondisclosure agreement to work on a proprietary program, I am agreeing not to help you. I am agreeing to withhold information from you, and to refuse to give you a copy so you can learn from it.” This isn’t just about ethics toward the public — it’s about how such arrangements strip a developer of the ability to show, reuse, or build on their own work.
The GNU GPL is in no way reciprocal, under it, code flows downstream to users, not back upstream to developers/maintainers. Its only if downstream devs/users are inclined to send code back does it reach upstream devs/maintainers.
I don't think you understand the passage you've quoted (without a link), and you seem to have accidentally added your own words to it (there's a close quote, but then more words.) That being said, I can't find the quote at all in the essay; did AI make it up?
> Software sellers want to divide the users and conquer them, making each user agree not to share with others. I refuse to break solidarity with other users in this way. I cannot in good conscience sign a nondisclosure agreement or a software license agreement.
So were users or "creators" his concern? I don't remember him ever giving too much of a shit about the happiness of creators, I wouldn't have approved. I don't (particularly) care about programmer's problems.
-----
edit:
I can't find the quote "If I sign a nondisclosure agreement to work on a proprietary program" on the entire internet.
Two things immediately wrong: Stallman had nothing to do with Open Source; his movement is Free Software, which is at most a precursor to the separate, but sometimes overlapping, ideas of Open Source. Stallman also did not start Free Software so that people could make their creations available as evidence in résumés. He started the movement to empower software users after he felt powerless when confronted by a proprietary printer driver.
My understanding is that the purpose of Stallman's free software movement is "that the users have the freedom to run, edit, contribute to, and share the software." The FSF is focused on "defending the rights of all software users." Its about the users, not the developers.
I see what you mean, but this knife cuts both ways. It makes proprietary software easier to write by extracting knowledge from open codebases, but it also makes open source software easier to write by extracting knowledge from those same open codebases.
That's just the main idea, but also:
1. LLMs make existing software (even obscure stuff, so long it fits in the context window) more intelligible:
- how do you compile this (when you are inexperienced and the ecosystem of that language is a baroque mess, it might seem impossible)?
- what does this error message mean?
- what parameters do I need to use in my invocation to get it to do XYZ?
- what does this function do? why does it use this algorithm?
2. They also make new software easier to write, and existing software easier to modify:
- ask about anything concerning the part of source code that fits in a context window, and you'll get a (probably correct) explanation of what it does, faster than a half-dead IRC channel or StackOverflow would respond
- the above, but also: the LLM has infinite patience and can drill down as deep as you want. You can ask "OK, but why?" for as long as you want, as about anything you want. You might get a hallucinated answer sometimes, but a frustrated human who would be asked the same way, could also just make something up to shut you up.
- for anything in the context window, ask about how to go about making a functionality change to add or modify a feature
- the above, but if it's small enough, just get the LLM to write the change for you. It might be buggy and messy, but you'll be one step ahead if you lack the skill to make the change yourself
- how do I set up the build chain? Why is my compiler not picking up the path properly? Is the project directory structure wrong? This used to be a huge problem before LLMs, and relied on undocumented knowledge.
---
For me, the whole point of open source is ready-made, (hopefully) not too buggy components that I can use and customise as an end user, or plug into the thing I am building as a developer. LLMs make the freedom of FOSS become much more practical, particularly to those sympathetic to the movement but technically less experienced.
Well yes exactly. LLMs have increased the value of open source to users. So by reducing the extent of the open source, value is maintained, but rebalanced slightly back in favor of the creator, with their larger closed source piece.
BTW most business-astute maintainers always managed a closed piece of expertise which is what they charged for. I’m saying that proportion needs to grow now.
A ‘freemium source’ model, where you’re advertising possibility and promoting human-human partnership.
Industry practices that over commoditize human talent are bad IMO.
Our whole industry needs to bend its collective mind to maintaining economic participation. We’ve possibly put too much of a strain on society with LLMs. Especially as more and more people cotton on to what other services they no longer need, as models get better and better. We can’t survive as a species if too much of our lives are based on self-gratification, we have to maintain the drivers that make us interact and learn to get along.
I get the point but it still sounds to me like "what about the horse maintainers in a car world."
The world is changing, we improvise, adapt, overcome. Where many species have their world model encoded in their DNA, we have a beautiful neural computer that can change its world model and resulting strategies on the fly. Let's use it.
That won't work. The breaking of that model is far more widespread than one thinks because of how it was broken.
The breaking of the model breaks underlying models all the way down to the basis for economic distribution of labor.
Its a phase change where labor and expertise are free, without restriction and the people with that expertise do not receive economic benefit for it anymore. In short, your demand curves goes to 0 in that area. There may be a great need for something, but if the demand is 0 no one will fulfill that need. People aren't slaves. Many people conflate demand with need, Hayek in his economics in one book cover the distinction. TL;DR demand is the group of people where there is a point at which two parties are both willing to exchange something for something. Need is where no such crossection between the S/D curve in exchange can occur for the two parties involved. One is much smaller than the other, and at 0, it doesn't happen or you only get the efforts of slaves.
The trend is inevitably towards stalling the economic cycle, where such experts simply do not create such things, they do not share, the ones that could either abandon that expertise or they withdraw keeping it to themselves.
The vast majority of all action though is done for economic benefit, and when that's no longer the case people don't do it. People aren't slaves.
People, professionals, aren’t so stationary. You’re saying that this line on the asymptote is the threshold where incentives die. But the old axes need to be adjusted for new broader possibility. As long as professionals stay ahead of non-professionals by riding the same tools, to keep their position on the boundary of expertise, they will be in demand.
Better to do that by not sharing how as much (source code), but rather what (interactive demos).
You are right, they will do something, and that something will become violent when the rule of order breaks down as a result of these basic underlying aspects.
People aren't static, but neither are they so dynamic that they can learn exponentially, expertise which took education and years to learn cannot compete with free, and lets remember people age and die, and expertise is only gained by doing the job the first rung on that experience ladder. The nature of the asymptote that people fail to realize is, the asymptote isn't at its given value when you see the whole, it trails off as it approaches certain points exponentially. Sometimes to infinity.
You can't compete with slavery, and in the case of AI, you have a digital facsimile of a person that is a slave being used by people that don't have that knowledge. It may be able to go on just long enough that there won't be any experts left by the time everything starts breaking down (which happens frighteningly quickly, typically within 10 years).
There is a train, its on tracks and those tracks go over a cliff, but that cliff is around the bend, and no one knows someone's switched the route to over that cliff, they didn't notice. The conductor keeps feeding the fuel, full steam ahead, and what happens with mass is you have inertia and between the end of the tracks and the rocky shore below? Trains don't stop on a dime.
Its an asymptote, and the nature of cascading failures is that by the time the average person realizes you have a problem, there isn't anything you can do to fix it, that is the difference between average and intelligent, and likewise the average person can't avoid the outcome because the lag and the time to react don't provide a window to change it; its already passed, its hysteresis, and its a bitch.
Not the OP, but I have a similar dilemma. I'm currently sitting on a SOTA ML model for a particular niche. I'm trying to figure whether I should try selling it to the incumbents (in some shape or form), or if I should publish a paper on the techniques, and/or if I should OSS it.
IMO if you think you can sell to users within the niche, you can publish a blog post of benchmarks and that'll serve as strong technical marketing for your niche.
It also keeps open the option to sell to an incumbent (possibly helps maximize the value of that option as well).
I made the mistake of open-sourcing something that attracted a large mob angry that an outsider had intruded upon their space. Got doxed, death threats, and my employer was also harassed. Even after I publicly abandoned and repudiated the project I still get crap about it.
I now caution everyone who talks about open-sourcing their projects to consider which groups might feel that the existence of the proposed project represents an attack against them and what threat those groups may pose when they dedicate themselves to your removal.
Never invest into FOSS time, money, or energy and expect anything positive or monetary in return. Having unreasonable expectations is a self-imposed trap and sure to lead to resentment and/or burn-out.
I've released several tools, and for most of them, I've heard nothing from anyone.
But 3 got somewhat popular in their niche and most of the inquiries and requests were from people who seemed to think they were entitled to free support and feature requests. Many times, they got pretty rude if I refused to implement their feature or I took too long to release a fix.
It really turned me off from releasing open source code and then interacting with users. I'd rather just release the code, and forget about it, only patching on my own terms.
I was about 13 and contributed to an Apple open source mailing list -- I forget which one. I included the entire email chain and got a very very stern telling off from the list maintainers for doing so and my code sunk without a trace.
I didn't try to release code again until the end of my PhD.
I've open sourced a few things in the past that I wish I could have kept closed source for monetization purposes. Probably a failure of some imagination on my part, but also, it's really hard to make and sell good desktop software if a user can make their own for free by typing `make`.
Only if your target audience is nerds. Actually a bunch of software is like this and still somehow manages to make money. It's more complicated than typing "make", I promise - I typed "make" three times in this comment and your software didn't materialize.
I wrote MetalLB, a bare metal load-balancer for Kubernetes, because I needed one for myself. It gained some popularity because for a couple years, it was the only way to get working L4 LB outside of clouds. These days I believe a couple of the CNIs added support for external BGP peering and integration with k8s's LB machinery, but that came years later.
As a result, I became network troubleshooting tech support for a large chunk of people trying to run kubernetes on bare metal. If you've not looked at k8s's networking, debugging even your own cluster's networking is a nightmare, never mind debugging someone else's over slack, while (usually) simultaneously having to give them a crash course in intermediate/advanced networking stuff like asymmetric routing and tracing packets through netfilter so that you can then tell them that networks can't do the thing they wanted and no amount of new features I can add will change that.
Meanwhile companies selling bare metal k8s services started bundling MetalLB, but kept sending their customers to my bugtracker instead of taking some of the load themselves.
The experience burned me out severely. It's been several years and I still have a visceral negative reaction to the idea of open-sourcing code I wrote, and when I infrequently do they come with a fairly blunt "contributions no welcome" message and a disabled issue tracker. I handed over the keys to MetalLB a long while back now. I hope the new maintainers and the project are doing okay.
I'll mention a positive of that time as well, to balance it out: as an experiment I opened a pinned issue asking happy users to drop me a note (https://github.com/metallb/metallb/issues/5), and many did. It was nice occasionally getting a notification that wasn't a complaint or demand for support. At one point someone left me a note that it was being used to support research projects at NASA JPL and DARPA. That was pretty neat.
When I was younger, I would have been annoyed at this remark because it detracts from the ideological purity of FOSS. Now that I'm older, I laugh at its naïveté. $megacorp wouldn't pay you. The junior engineer at $megacorp who pulled in your library wouldn't even have read the license. And you as a small FOSS engineer wouldn't have the legal clout to make them pay. You wouldn't even know they were using your library.
But in principle I agree that it would behoove profitable companies who benefit from FOSS to either pay or contribute.
Hell yes. Had a particularly insane minor contributor take the project and put it up on the store without asking. After I had it taken down they did things like harass my family and threaten me. They caught federal charges for interstate threats and found themselves 'retiring from tech' not long after.
That aside, have had two other projects take off and get flooded with normies demanding things on social media/github. I now do each under throwaway names and sell them to people who want the appearance of having shipped
Can't say I regret it, but did not enjoy when a small enhancement PR I wanted to push to an academic visualization toolkit took more of my time to wrangle the licensing than to write the patches.
When I did veer into enterprise environments, I regretted the NDAs I signed. It was annoying to later want to share some illustrative anecdotes but have to censor myself. And it wasn't like they were state secrets, just stuff that was amusing and apropos but someone might be able to trace back to the NDA contract period due to the small world we seem to inhabit.
Otherwise, I've been in university-linked R&D and generally went with folks who declared projects open source before we began any real effort on it. That's the only way to be sure.
I regret for not open-sourcing certain things soon enough!
Sometimes, a project or an idea is bigger than just a single human or company. So keeping everything only for ourselves is a very narrow strategy.
By openly sharing the knowledge, we can pass the sparks to future generations. Including future versions of ourselves after we die and get reincarnated.
I regret it only from the perspective that it opens you up to noise from smarmy, entitled, often wildly under-qualified developers trying to "get you" for not knowing something or not having some feature they claim is table stakes.
And if it's not that, it's someone (who very well may be qualified) being unnecessarily passive aggressive trying to make a failure of your own seem like a show stopping nightmare that they'd never let happen.
What I really don't like is that sharing anecdotes like the above often invites equally annoying "tHaT's NoT mY eXpErIeNcE" type comments which leads to a sort of "who cares, just do the best you can and ignore everybody" mindset (which can be helpful at times, damaging at others).
Aside from all of that nonsense, it's great because you have other sets of eyes looking around that may see something you didn't. This is incredibly valuable if you're a soloist or small team working on a big project.
I open source pretty much everything I work on that is close to finished or finished. Never regretted doing it, but never got anything out of doing it either, aside from the feeling of paying forward.
I guess it really depends on how popular your project gets. I have no idea if my stuff is used or not[1], so regretting is maybe kinda hard?
I’ll keep doing it, though. Might regret it at some point, but I get so much value out of open source, it feels wrong not to.
[1]: Judging by the lack of patches I’d guess my work isn’t used, though.
The opposite. I regret not pushing harder to be allowed to release more things as open source. Built lots of useful tools at a previous job that would have benefited "the community", and while management initially seemed happy to open source them, the request was never granted.
Now I frequently find myself building things and thinking "damn, wish I could use that to make my life easier".
I'm keeping the details vague because I think I'm still bound by NDAs.
I have two groups of things I've put online that I think I'll regret short term but not long-term.
They're both about understanding of statistics at their heart. But in vastly different ways.
The first is my first set of amateur Rust projects. They're built around a Covid-Era project to reverse engineer the LucasArts SCUMM games, specifically Loom on the Atari ST. It was a fun project that led me through Atari STX disks to FAT file systems to SCUMM virtual machines.
And a few side projects along the way with CRC32, Adler-32, Fletcher and flawed checksum algorithms. Including using a kolmogorov-smirnov test to show issues with Adler32 on small data sizes.
I use the math, and it's a great project to learn about hypothesis testing and polynomials. But I can't explain it all. Just enough to be dangerous.
And the APIs are shit.
But it's out there and it was fun.
The second isn't really code. It's a comment somewhere about Microsoft and Valve and purposefully designing systems like UEFI for political purposes before the "What the fuck is an SBAT and why does everyone suddenly care" issue struck.
It was about how these large-scale global political and standards wars hurt normal developers, even if in the end they will help others.
But I mentioned dead eyes because I was talking about exhaustion and just going along with trends instead of fighting back.
My comment might have been construed as violence against women. It wasn't in any way. As I go through CT and fMRI tests into the future we can show that it's not always what it seems on the surface.
But it is my fault. It was a stupid mistake that wasnt thinking about imagery in a larger context. Statistics shoes violence against women is a bigger issue, and that's the truth.
I think with anything, it's a love hate. I open sourced https://github.com/nadermx/backgroundremover, and it's been cool in terms of vanity, but depending on my mood it either feels cool or like a chore to do work on it.
I've been told my code sucks and I should be ashamed of having it in my public GitHub profile.
I've been told there were too many RCE exploits on all of the software I made, but the reporter didn't specify what software has the exploits (could be anything from my personal website, my forum, my link sharing site, my fangame, to my discord bot; they didn't specify). And even though I did get attacked by spam on my own forum, I made a workaround for it and it worked.
Since then I've been making proprietary software only, but distribution is harder this way (at least for me).
About 10 years ago I was on a contract sabbatical from the usual job and the customer at the time open sourced part of the product with the wrong license, a competitor forked it and made a superior product, undercut them and took all of their customers. They had enough capital to buy the competitor but it was an extremely expensive mistake. I'm not sure they ever broke even.
This was one of those niche industry specific things that no one would give a crap about if it was open sourced other than the competitor in the market.
Principal architect was tossed on the street for that one.
This sounds bad but the only reason I open source my projects is because to publish on NPM as a free account I need my packages to be public, and therefore my packages need to not be horrible and have no documentation.
I don't open source anything, because we live in a world where people who get jobs and rewards are not the same people who put in the work. I don't wish to feed that system. Other comments here are great examples of why no one should.
I don't regret open sourcing my libraries. One of them got some traction and provided me with opportunities which eventually led me to earn passive income for 3 years and I was able to live in Malta, going snorkeling in the Mediterranean every other day while working casually on whatever side projects I wanted.
That said, I feel like things could have worked out better given how much time I invested beforehand and how everything had been clicking into place until my 5 year plan fell apart suddenly around the time of COVID. It all went perfectly until the very end when other people's irrationality and corruption ruined everything.
I probably won't be open sourcing my more innovative recent work. I'd want to see traction before I open source that one and I'm not convinced that open sourcing would make a difference in terms of getting traction.
When something could benefit from being open sourced, it's kind of obvious.
I think if I hadn't open sourced that other project, it would have gotten me nowhere and I would have gotten no value out of it so that was definitely the right move.
My more recent work is a serverless platform. I really wish I could open source it. It's probably better than anything else of its kind but I'm not convinced that people would understand the value provided because you have to use it for at least 1 hour to have your mind blown... But I can't convince people to invest 1 hour into trying it. Big chicken and egg problem.
Also, my understanding of business is that it doesn't make sense to offer a product whose quality exceeds people's perception limits. Outside of the luxury sector, nobody will pay for surplus value which they cannot fully sense, not even if it's 'free'; they won't invest their time. Also, my target audience are developers and they often like using suboptimal, time-consuming tools which allow them to do busy-work. They charge by the hour after all. It's like the target audience is communist so it's stupid to look at them through a capitalist free-market lens.
In general, being a point of contact for a small community project means you sometimes get weirdos showing up to your door IRL, or various other scams and abuse.
In terms of software we usually used Apache 2.0, LGPL, and GPL licenses.
Anecdotes:
1. FOSS e-Commerce tax module for merchant account gateway was resold as commercial software to several local businesses by a "startup". Didn't care until years later when we started getting spammed with support requests given the original email was in the source, and the "startup" had moved on to other ventures.
2. Wrote industrial drivers for integrated manufactured equipment, and due to remote locations it was important service people could modify/rebuild the open code as needed. We tracked prototype product GPS telemetry to a Singapore University campus, and saw a copy of the GUI at a trade show the following year. No more FOSS in commercial releases.
3. Built generic 3D printing hardware for our local club activities, and within a few months it was a product on Aliexpress. The problem was it was the Beta firmware design, and again people that paid for something that was supposed to be free get irate about support.
4. Built a small OS distro for Ham radio, EE, ROS, CNC, and 3D printing. Of the 8000 users only 2 people provided any sort of participation in maintaining the build. Also, many people were paranoid there was some sort of nefarious purpose even when meeting them in real life. “Free as in free beer” tends to make people suspicious in real life.
5. Tried to expand existing FOSS software, but get ghosted by the community when trying to learn about their code (stare into the void of ambiguous documentation.) Most FOSS communities are great, but some people just don't want to know about you or your silly problems. Better off with your own project fork version specific to a use-case, and share under a similar hands-off library support model.
6. Built custom FOSS IT infrastructure, and had publishers switch licenses years later. Makes people look like fools when a certain now well known vendor cold-call solicits a $8k support fee for something they probably broke on purpose 2-weeks prior. Re-wrote it in 3 weeks, and never exposed core systems to a “trust me bro” crowd again.
7. Took a few foundation courses to clear up the WTF deprecated vestigial garbage moments in the kernel source. Realized the value proposition is just not worth the perpetual Beta and political hassles. Started writing my own toy kernel that is just as odd as the hardware it is meant to run on, as traditional architecture problems just do not handle parallelism cleanly. Don’t ask, seriously… lol
8. Tried financial & bug support for other small FOSS projects we think are cool, but around 60% of the time projects are abandoned/EOL within 2 years. Building a user base around that is impossible.
I am sure there are some folks that fair much better, but in general most FOSS problems I saw are economic and or political… from a technical perspective Open source has proven more reliable than most commercial options.
Thus, prefer FOSS projects that serve your specific needs first, write something that fits your own use-case if you must, and expect zero community support unless your team lucks out. YMMV =3
Steve Ballmer nailed it when he said GPL is a cancer. No professional
programmer wants to open source anything, but once one competitor does
it, he must follow suit to stay competitive.
Um not down voting you, but your argument has some flaws.
Firstly your appeal to authority , and then using Steve Ballmer as your authority is perhaps not the best way to start.
Secondly you say that "no professional programmer" - but the statement is false. For starters it's a sweeping generalization which is trivial to show is untrue for at least 1 programmer.
Thirdly the existence of Open Source alternatuve does not make a product uncompetitive. You need look no further than Windows to see that's true. Indeed if we has to list all the commercial software that exists with an Ooen Source clone, we'd be here all day. I'd also argue that Joe public doesn't even know what open source is, much less factors it into a buying decision.
If you are building tools for programmers (already a tiny niche target market) then you need a hook other than Open Source anyway, cause programmers are a terrible target market.
I say this as someone who builds tools for programmers, and who sells commercial into a space that contains Open Source alternatives. And I do ok.
Quoting Steve Ballmer doesn't mean that the person is worshipping Steve Ballmer as a god. It just means that another person expressed a similar opinion.
You can't add color to your argument if you've failed to add an argument. If all you've typed is an appeal to authority, you're trying to trick people into making your argument for you by trying to guess what Ballmer meant and why he thought that.
Instead of getting people to try and come up with an argument that wasn't made, the argument could have just been made. But I'm sure it is a very bad argument, or else there wouldn't be that embarrassment to try.
The marginal cost of software is zero and therefore the just price in a perfect market is zero. You can compete on delivering features quickly (and that's how all 80-00s software was - they were able to charge simply because no one was offering same features yet), but other than that there is no way software can be a profitable product without being a monopoly - and monopolies is not a thing to be tolerated. You can sell customer support, you can sell services, you cannot really sell software forever. Hate this as much as you want, but that's how things are.
Looking out across the software landscape, it seems to me software companies do just fine if they achieve some-to-most of:
1. Build a piece of software that actually solves one or more problems.
2. Keep ownership private and limited. Once you're publicly traded, long term planning becomes impossible and "line must go up" becomes the reigning false god.
3. Sell a perpetual commercial license to the version-at-purchase, and offer subscription for updates after purchase. On cancellation, stop providing updates but do not disable that customer's last working version.
4. Optionally, dual license under a free license that prevents competitors from eating your lunch (usually latest GPL or AGPL, depending on context).
If you're implementing the above items, it's absolutely possible to run a profitable company.
> 2. Keep ownership private and limited. Once you're publicly traded, long term planning becomes impossible and "line must go up" becomes the reigning false god.
You can fight this with dual-class ownership. Google and Meta can do whatever they want because nobody can change their board.
They're still motivated to care about share price because they pay their employees in shares, but you're going to have to get the money to pay employees from somewhere.
I am the maintainer of a library to simulate keyboard and mouse input. I didn't start the project but took over the maintenance and have since rewritten pretty much all of the code. I recently found out that Anthropic is shipping it in Claude Desktop for some unreleased feature which is probably like "Computer Use". I noticed they had an open position in exactly the team responsible for the implementation and applied. A few months later I received a rejection. The letter said that the team doesn't have the time to review any more candidates. The code is under MIT so everything is perfectly fine. It is great that a company like Anthropic is using my code, but it would have been nice to benefit from it. I wrote a slightly longer blog post about the topic here:
https://grell.dev/blog/ai_rejection
Did you apply through the website/job posting?
I’d strongly recommend trying again and reaching out to the friend of a friend who informed you of the role and asking for a more direct intro to the hiring manager. Unfortunately, it’s really really easy to slip through the cracks as a resume, and one feels no remorse rejecting a pdf file. Even without the warm contact, some way of directly reaching the hiring manager (notably: not the recruiters!) would mean that “I wrote that library!@ becomes front-and-center, not buried as a line item. I’ve seen so much more success with myself and the people I know in cold or warm outreach than through job application portals. In fact, I’ve yet to get a callback from a single job I’ve ever applied to online!
As an aside, does anyone know why the AI labs have such bad recruiters? I successfully got a job at one and am currently working there, but I still have many many complaints about the process.
Anthropic has a tough alignment interview. Like I aced the coding screener but got rejected after a chat about values. I think they want intense people on the value/safety side as well as the chops.
Maybe I misinterpret but I can’t help but shiver when I read this comment.
I just laughed. You’re a better person than I.
You misinterpreted nothing.
What does being "intense" on the safety side mean? High risk taking with AI safety or low?
You need to be insanely dedicated to burning rainforests and boiling oceans so that people can have AI write emails that other people will use AI to summarise and never even read the summary.
You're mixing up AI and Blockchain there, bud. AI has other, much deeper problems than energy usage, but nice virtue signalling nonetheless.
AI uses a lot of energy but unlike PoW, electricity wastage isn't it's purpose.
Probably alignment with mission. The siblings write a lot about it so read all that. I prepped but I missed the mark. I suspect because of doing too ordinary work so I didn't have examples that would make them think "damm this person gets us".
So much for diversity (at least in thought) hiring, I guess
What is an intense person on the value safety side?
Some one who reads the company website and has the communication skills to be able to convincingly regurgitate the company stances on issues. Come on guys, this isn’t some FBI lie detector test, they are going to ask you the same exact question people BS on in every interview to top companies, medical schools, etc.
Yes, I applied through the website. Unfortunately I don't know the people good enough to do that
Don’t be naive, these companies don’t care about talent they care about prestige and credentials. <username>@standford will always beat “did actual work relevant to the project”.
Just look at the background of some of the names in this at these places. As always it’s “who you know and where you’ve been” not “what you know and what you’ve built”
edit: You can downvote if you like, but it doesn’t change the fact that high stakes tech has never been a meritocracy and AI companies are no different.
While eventually bias and inefficiency exist in every org, these companies would not be competitive if they prioritized bogus metrics.
I mean, there are three serious top level AI companies, and the only thing they're competing on right now is the quality of their frontier models. Or arguably their ability to raise cash, in an extremely "buzzy" market....
There's definitely more than 3 companies competing for AI talent and you know that very well.
Nvidia, Apple, Google, OpenAI, Anthropic, xAI, Tesla, Microsoft, Mistral and dozens and dozens of well funded AI startups are just among those with more resources.
_Are_ they competitive? So far they all seem to be struggling with sustainable profit.
Raising money in a gold rush is easy mode. Surviving the market correction will be the hard part.
https://en.wikipedia.org/wiki/No_true_Scotsman
>As an aside, does anyone know why the AI labs have such bad recruiters?
They're using their own slop generator to handle recruitment.
I would rather assume your application didn't reach anyone in the team but got filtered out by some broken process below.
Needs a GNU GPLJ license. You can use this for commercial purposes only if you offer the copyright holder a job.
As it stands right now, if the code was under a GPL license, nothing stops them paying the author to get it under another license.[1]
Sure, they could offer a job as payment for said license, or just pay cash.
This approach would be "necessary" (for some definition of necessary) for GPL code, but isn't necessary for MIT code.
[1] this assumes there's 1 (or nearly 1) copyright owner. If there are multiple contributors, and no CUA in place, this approach is generally not possible.
Personally, and different people have strong feelings on this both ways, with GPL code I'd get contributors to sign a CUA. It keeps the door open for commercial opportunities like this, especially if the code is "mostly yours".
I almost believed that was a thing, but I don't see any indication that it is. Not a bad idea IMO
It could never be a GNU license because it violates freedom 0 as outlined by the FSF: https://www.gnu.org/philosophy/free-sw.html
I guess with a benign modification it does work: it’s just dual licensed (a)gpl and commercial license, the latter available when offered a job. The former always available but of course they’d have to release their entire stack’s source, which Anthropic almost certainly wouldn’t want to do. That’s not OP’s fault though and the license stands as pure (a)gpl.
It would be very, very hard to make this work in practice.
What does it mean to offer a job? Can they offer a job that pays a dollar a year and call it a day? Or can you force them to offer you a job that pays a billion dollars a year?
Can they offer you a job, but only in Antarctica? What about visa sponsorship?
Of course, you can write whatever ill conceived terms you want in your license. But if your license is badly written, any decent company lawyer would strongly advice staying away from your code. And if that's the outcome you want: you might as well open source it with a 'non-commercial use only' license.
Worse things have been tried.
That actually doesn't sound so bad. (Designing the job requirements!)
> That actually doesn't sound so bad. (Designing the job requirements!)
Well, it's similar to having a license that allows the author to decide on the price of the product after the other side has decided to buy it. There just won't be any buyers.
Hah. Well it is now...just copy & paste the GPL's text and append that one condition.
> Hah. Well it is now...just copy & paste the GPL's text and append that one condition.
Section 7 of the GPL (version 3) explicitly gives the user the right to remove that additional condition. So if you want it to be effective, you will at the least need to remove section 7 from your copied GPL. Then, you'll need to remove the preamble and instructions to avoid the Free Software Foundation's ire (they're being generous in allowing you to modify the license test at all).
Ultimately, it goes against the spirit of the GPL so much (and against the point of FOSS in general) that it would be entirely unjustifiable to use the GPL as the foundation for such a proprietary, source-available licence.
The FSF holds the copyright to the text of the GPL, and they allow anyone to freely redistribute verbatim copies, but they don't permit just anyone to create derivatives.
2 ... spend $1m on the law suit
3 ... profit!
Interesting, considering that Anthropic spends a lot of resourced to build ethics checks into their AI. I wonder if this hiring process was ever put through its own ethics check.
When you apply, you have to confirm that you did not generate the application with AI. As soon as you send of the application, you get an automatic email confirming your application. They also say they don't reach out, if you are not a good match and that they only contact the people they want to hire. Maybe they changed their mind on that policy, because I received a rejection letter a few months later. It was very well written. The people I showed it to said it is one of the nicest rejection letters they have seen.
Maybe the AI sees you as a father and decided to reach out on its own ;)
There's no ethical principle which requires them to hire somebody if they use OSS from that person. Maybe they missed out on a good hire, c'est la vie.
There are ethical principles like that, but they just may not be in our mainstream corporate or open source software culture.
The permaculture ethical principle of “fair share” would apply here, if a group were using those.
How curious! So am I, and that is the project that I am the closest to regretting open sourcing.
I made the mistake of also implementing keyboard and mouse monitoring---you know, so I could write automated tests for the input parts!---and over the years it has turned into an endless source of feature requests, bug reports and also general questions about the Python programming language and its ecosystem.
Input events truly are horrible to provide a platform independent abstraction over, but in the end seeing people use it, make YouTube tutorials and discuss it on Stack Overflow make it worth the time spent.
You should have licensed it under AGPL; Anthropic then would have reached you to negotiate a commercial license or contribute back to the project, since AGPL forces server-side code disclosures when deployed. Without that, they can legally use, modify, and profit from it without sharing improvements or compensating you
[A]GPL is like kryptonite to corporations. Very few will take the risk of having to open their own code if someone made a mistake in isolating the GPLed code properly, so most ban the use of GPL for their products and services.
Anthropic would have found a different library or rolled their own, rather than taking that risk. If the library was fundamental, maybe they'd go for a commercial license, but that's usually an option of last resort.
OP mentioned he took over an existing project. He would then have to track all the people who contributed in order to be able to relicense to AGPL. Even then, Anthropic would probably then write their own.
what's to stop them from <prompt>Recreate this library so that I can use it in my project without fear of copyright violation.</prompt> in their very own claude code?
For small enough codebases, that seems like an inevitable reality, eventually.
If you have nearly limitless compute to throw at an issue and a good enough model, then it should be able to create enough test cases to cover most aspects of the codebase (iterating thousands of times until it gets it right) and then eventually write a new implementation in a new language or a slightly different tech stack that passes all of the original tests, alongside a few more hundreds of iterations of refactoring.
I give it a decade until large orgs are doing that to avoid licensing restrictions and other liabilities.
It might even be a boon for security that many organizations have independent implementations of core code projects, even possibly the OS. In such a hypothetical world, security issues that are implementation dependent would not affect such large swaths of the installed software.
If you feed it the library to recreate then this seems like it would necessarily be a derivative work and thus copyright infringement. Proving that they did it may be a challenge...
Keep in mind that they probably use it or at least discovered it explicitly because it's open source. So either you don't release it and they use something else, or you release it and they use it. Option 2 sounds like giving you more exposure and more opportunities in the long run.
People die of exposure.
Sure, it would be hard to monetize and while it took countless hours to iron out many of its bugs, it is definitely not rocket science. I contribute to open source software expecting nothing in return because all software I use is also open source. It's my way of giving back and I love the knowledge that it is useful to people and hearing about their projects. So far I did not have any benefits from it but continue doing it anyways. It makes me happy to see more and more people using it.
Zero opportunities as of now.
[flagged]
Please don't comment like this on HN. You may not owe "exposure" any better, but you owe HN better if you want to participate here.
If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.
Tom Ptacek can argue that "die slow, motherfucker" is a reasonable thing to say to people but STFU is harsh?
I don’t really know what you’re talking about or how it’s relevant (I know you’re referring to an incident that happened outside of HN).
The guidelines clearly ask us to “be kind” and to not “fulminate”. Your comment was flagged by several community members so there’s a pretty strong consensus that it’s not what we want on HN.
That's...wow. What an absolutely disappointing reply.
If "be kind" is an actual value of HN I have yet to see it in almost 15 years of being active on this forum. This community is generally speaking not kind and fulminating is de rigeur as far as I've been able to surmise.
But whatever. I won't bother you or anyone else on here anymore. Good riddance.
Why so harsh?
I'm not advocating in doing it for the exposure as a primary reason. And absolutely not to be paid in exposure. 100% agree with the comic there.
I should not have used that word. It is clearly charged with negativity.
Of course I wish everyone would be compensated for their work. I feel that for some types of project, publishing as open source is a great way for people to find and use it. This can give new opportunities.
Exactly which kind of project and under which conditions is up to debate.
I have worked on a few projects that I regret not being able to open source. Mainly not my choice, stakeholders wanted traditional go to market strategies and failed/ran out of money trying to make sales. I can't help but thinking what other opportunities could have arisen have we chose another strategy.
Thanks for your reply. Yep, you got me with that word. Exposure has become totally toxic to me, just like "merit."
> Through a friend of a friend, I found out that Anthropic had an open position in the team implementing the secret, unreleased feature of Claude Desktop using enigo. I wrote a cover letter and sent out my application. An automatic reply informed me that they might take some time to respond and that they only notify applicants if they made it to the next round. After a few weeks without an answer, I had assumed they chose other applicants.
Wait, so, if it was a friend-of-a-friend situation, why did you not try to get a referral?
I've stopped applying to the big companies long time ago precisely because I'd never hear back regardless of the match or the credentials (the only exception has been JaneStreet — they contacted me almost right away after a cold application), yet going the referral route, it's relatively easy to get an interview almost anywhere.
Thank you for enigo / all you do and your support when I used the library in my little project!
You're welcome, it's nice to hear from people using it. I hope everything is going well with your new startup :-)
Perhaps you should highlight your work on this library as you apply to their competitors!
(Submit it as a dedicated story here too!)
Hope this turns into a success story soon
You're expecting them to hire you because you wrote some code they happen to depend on?
I’m unsure if you’re being serious or making a joke. If you depend on something, it is in your best interest to have it continue and remain in good shape. What better way to ensure that then to pay the salary of the creator and world’s utmost expert on the thing? As a bonus, it ensures your specific needs about the thing are addressed in a timely manner.
Making something open source has no bearing on your future employment. Certainly, it is great to have something on the resume that is used internally, but to have an _expectation_ that someone would hire you for that reason, is beyond my imagination.
It’s weirder because it doesn’t even seem like he initially wrote it, just took over a abandoned project, changed some code, and think he deserves a job because of it.
Uhm, yeah I would too
To be honest, I do regret it. After 20 years of working on FOSS projects, I've invested enormous amounts of time, effort, and money into these and other free/open-source initiatives. It was enjoyable initially - there's something addictive about receiving praise from strangers and unknown communities. You keep going because it feels good and you develop a sense of moral superiority. But years later, when the people closest to you are no longer around - you pause and reflect on how much energy you devoted to random strangers instead of those who shared your life. If I had invested even 1% of the time and effort I put into FOSS projects into my relationships with loved ones, they would have been so much happier. Now I'm left wondering what the hell I was doing all those years https://giis.co.in/foss.html
What you describe is an interesting moral hazard variation: you were disconnected from the positive effects you had on others. All may not be lost: what if you were to reach out to individuals who have enjoyed your work?
>If I had invested even 1% of the time and effort I put into FOSS projects into my relationships with loved ones, they would have been so much happier.
This is a wise conclusion, that I think impacts many people. I know it does impact me. My personal way of going about it was that I was more invested into theoretical, ethical problems instead of my actual life problems that surrounded me. My tech life was vast and colorful, but my real life was barren.
This is a very thoughtful post, and I sympathize with the sentiment, but I don't think it's really about "open sourcing" anything. The same could be said if you spent that time building model trains, working on a car, or engaging in any other hobby.
Agreed. "Open sourcing" means you do it for free but your work benefits others. And you may have an opportunity to pass the torch to others. For hobbies you keep it to yourself. I played an instrument for many years in spare time. I enjoyed it a lot. I eventually gave up, because my life changed and many other things popped up. On reflection, I still think it was an intersting experince for all those years. But I don't feel anything for it now.
Yes, it's not different from a workaholic for example. So in this vein, not on topic, because it's not about the license. Still, it's a good lesson, and is technically an answer to "regretting open-sourcing something" - it's just that OP reconsidering open-sourcing their life, not their software.
Thank you for this honest reflection. A good reminder to think about priorities.
I can imagine that happening when the motivation is external (praise). When I write open-source it's because I have to write it out of myself.
Do I expect praise, kudos, fame, whatever? I do and that happens, I have been hired countless of times because of open-source. Even my friends (!) have been hired because of open-source stuff I wrote and they contributed to.
But the main motivation is internal - I just have to see it take shape. Like a writer who can't resist painting or a writer who can't stop writing.
Do I have regrets still? Yeah because I could have used the time for better things. But that can be said about any hobby.
When I was ~14 I open sourced a script to autoconfigure X11's xrandr. It was pretty lousy, had several bugs. I mentioned it on a KDE mailing list and a KDE core contributor told me it was embarrassing code and to kill myself. I took it pretty hard and didn't contribute to KDE or X11 ever again, probably took me about a year to build up the desire to code again.
Everything else I've open-sourced has gone pretty well, comparatively.
This is of course a terrible reply to receive, I'm sorry you got that.
But I also find the psychology behind this sort of reply interesting, because there's lots of factors that lead to this sort of extreme.
Firstly, we don't know the age of the replier, but my guess would be someone also young, or at least immature. Telling people to kill themselves is not something adults typically do in any context.)
So it suggests another junior, desperate to prove their own standing, and needing to compete against others rather than collaborate. I've seen this kind of response in one adult (abusive to other forum members) but he clearly had quite severe mental health issues (and the user was banned.) In youngsters it is usually extinguished with firm moderator guidance.
With adult responders, frustration and tedium play a role. Personally I'm more generous with replies in the morning than the evening. At times I almost "fake" patience (when I'm getting impatient) with people who are simply not thinking, and who aren't listening.
Overall it is very imbalanced. The asker is asking 1 question. The replier may answer tens or hundreds in a day. So it's hard to answer each one as if it's original, as if it matters, as if you've not heard it a million times before (especially if it's right there in the FAQ.)
Part of answering well, and the quality of any forum, is in participants answering well, even if the question is trivial.
We all were newbies once. Asking stupid questions is how we grew from there. Answering stupid questions is how we pay it forward.
Meanwhile, here's Linus at the age of 42: https://forums.freebsd.org/threads/linus-to-opensuse-devs-ki...
The world's most successful open source developer didn't converge on that communication style for no reason. I don't think I've seen a single person bring up the classism inherent in dictating gentlemanly manners. Part of what made open source unique is that people from all classes could participate, and working class people are not tuned to pick up on subtle communication the way the upper classes have been. Linus likes to communicate in a way that leaves no ambiguity about he feels, to people of any class background, or any level of English language proficiency. The tradeoff is it offends the sensibilities of highly domesticated elites.
This is a weird take. It’s not classist to filter your communication to not call people morons even if you think they are, it shows you have respect for them. You don’t need to be “elite” to find some of the things he said offensive.
Open source doesn't have any kind of filter for participation, like a stringent hiring process, or requirement of academic achievement, which makes them entitled to respect. A lot of people show up who are unqualified, schizo, etc. It's demoralizing if a project treats those people and puts them on the same level as your best guys. Keep in mind, open source has no titles, no job levels, and no salary. So respect is the only thing people can hope to earn by participating, therefore it's totally ridiculous to give that out for free, because then people have nothing to gain and nothing to look forward to earning. These days the solution to this conundrum is to just ban everyone who isn't employed by a big tech company and shut down the comments section. However open source grew up in the 90's / 2000's culture that highly valued free speech and open participation. If you have to take the omegas in, like Linux did, then they have to play the omega role. This is better in some ways, because omegas are still part of the group, and still cared for, and many of them improve and grow past that role.
Sigh, simpler times
TLDR seems to be like "whatever moron made this is mentally disabled". Not quite the KYS that is popular with the youth (in a game played by mostly teenage boys, we kept needing to moderate and escalate ban durations for a lot of players) but not particularly great to put it mildly indeed
You're talking about adults with severe mental health issues - I wouldn't be surprised if those are over-represented in open source contributors.
> Telling people to kill themselves is not something adults typically do in any context.
It’s pretty typical of the alpha-nerd type who derives a ton of their self worth from superiority in some arcane area.
I've recently told a person to kill themselves. Because I was very frustrated with the trend their product is going. For example, they rolled out a wysiwyg editor with the "lose all the text input" feature.
I'm writing such harsh words when I expect 0 improvement from the company but I hope at least to make the customer support person reconsider their life choices and quit the evil company
This reminds me of when I provided some impressions of Erlang as a newcomer to their mailing list.
One of my suggestions was that they include hash tables, rather than rely on records (linked lists with named key). Got flamed as ignorant, and I've never emailed that mailing list again. A while later, they ended up adding hash tables to the language.
And people wonder why Codes of Conduct became popular...
Having a long memory about this, the reason Lisp died out even though it was supposedly the best programming environment ever, is that Lisp programmers (called "Lisp weenies" at the time) were so unbelievably emotionally abusive that nobody believed them about it or wanted to interact with them. You couldn't ask them for help with anything without them calling you a moron who should kill yourself.
(The main example of these people was a guy named Erik Naggum, but a few still exist somewhere out there and I met one on a programming reddit yesterday. You can spot them because they won't stop telling you how great Lisp Machines are, can't explain why nobody uses them, and for some reason they insist on calling JavaScript "ECMAScript".)
That said, I also remember that codes of conduct were popularized about a decade ago by someone who was then fired from GitHub for harassing junior programmers (she claimed this was "mentoring" and seemed mentally incapable of noticing something could be wrong with her behavior.) So it seemed like an obvious case of reputation laundering at the time.
> Having a long memory about this, the reason Lisp died out even though it was supposedly the best programming environment ever, is that Lisp programmers (called "Lisp weenies" at the time) were so unbelievably emotionally abusive that nobody believed them about it or wanted to interact with them.
Agreed.
> You couldn't ask them for help with anything without them calling you a moron who should kill yourself.
Never got that, though. I hung out on comp.lang.lisp back in the day.
I recall once, writing a small utility to read a file in /etc/ and do $SOMETHING based on the settings therein. I asked about the best way to read ini/config files; did not mention /etc.
I got flamed for not storing my configs in s-expr and simply using the builtin reader ... needless to say I was never going to switch all the files in /etc to s-expressions.
A read on Erik Naggum: https://en.m.wikipedia.org/wiki/Erik_Naggum
COCs never became popular though, business types enforced them and hackers fought against and lost
Not hackers, more like mentally ill trolls that fought for the right to say racial slurs on github issues.
lol, github wasn't even a thing back then.
Not trolls, people who didn't let words hurt their fee-fees. See Linus's response where he literally told someone to kill themselves.
It was a better time.
What was a better time? When injunctions to suicide were socially acceptable?
Why is it that you "fuck your feelings" trolls are always the ones who get their panties in a bunch when somebody else fucks YOUR feelings?
huh?
So, I definitely believe this story 100%: when I was on the anglosphere Internet in 200x, there was a lot of elitism and hazing rituals of sorts, among other things. It was a very real and unfortunate thing that coincided the otherwise excellent experiences (IMO) of being online at that time.
Still, I really don't think most people need to be told not to tell other people to kill themselves, and in many places where I hung out when I was younger I strongly believe you would have been tempbanned for "flaming". I was a forum moderator and I can tell you I would not have hesitated.
But you said the magic words, so it bears addressing; I think we all get the picture that the Code of Conduct drama usually doesn't have much to do with the actual rules that are contained within, which really aren't that controversial on their face, but rather the way in which power is moved from stakeholders within a project to other people by virtue of initiatives like establishing Code of Conducts and the governance structures that enforce them. And, I think most people will probably not get upset over the idea that telling someone else to go kill themselves might get you suspended from a discussion forum... Rather, the drama comes in when you see the reach of a project or organization's CoC start to extend outward past what people actually want to stop (toxic, unproductive communication) and past the edges of the project (and into policing the rest of the Internet.) Two notable examples I'd cite are Python with Tim Peters (who as far as anyone can tell genuinely didn't do anything wrong) and Freedesktop.org with Vaxry (who can be a bit immature, but is primarily accused of not moderating the Hyprland Discord... Which is a fair complaint about the Hyprland Discord, but not a very good reason for him to be banned from Freedesktop.org.)
Of course, truthfully, there is no 100% winning answer here; if the stakeholders who have control over a project by virtue of being the original developers don't want to cede any control to people for CoC enforcement, they don't really have to (although in reality, external pressures to implement one might make it an untenable position to hold.) In that case, you have to rely on those people to hold themselves accountable to reasonable conduct, and nobody's perfect. It's kind of like when police departments conduct internal investigations and find no problems; even if you're pretty pro-police, you must feel somewhat skeptical that they actually were reasonably impartial in conducting said investigation.
But, I generally side with The Evil I Know, which is that the project authors and biggest stakeholders should generally maintain most of the power and control in an open source project including the ultimate decisions regarding moderation. In cases where developers have proven particularly egregious with their conduct, forking has proven to be effective enough as a mitigation strategy, and the fact that it comes at a cost is a sort of feature, as it's better if a power shift like that isn't easy; while I can't guarantee that the original authors and maintainers of a project will act reasonably and impartially, I can at least say that I expect them to have the project's best interests at heart, whereas the kinds of people that go around looking for established projects and organizations to join roles that have authority tend to not be the kinds of people you usually want in those roles. Having it be difficult means you need people who genuinely care about the project rather than the types of people who just kind of seek power. (And I am sorry, but there are fuckloads of those people among us and they are absolutely dirty enough to hide under the guise of anything to get a modicum of control. Running an online community for any appreciable amount of time opens your eyes to this IMO.)
All of this to say, it reflects poorly on the state of the Internet at the time and KDE's mailing lists that the situation happened and was possibly not rectified in a way that is satisfactory (it sure doesn't sound like it.) The correct thing to do is obviously to issue a ban, and you don't need a rule book of any kind to figure that out. I think when people push for these things during major incidents, it's misguided at best, because usually the core problem was not that a "don't tell people to kill each other" rule didn't exist, but that people actually would've needed such a rule to decide the behavior was unacceptable in the first place. This isn't some complex gray area case. I don't think people are acting in bad faith when they suggest it as an option after a drama incident, but I still think it's the wrong knee jerk 99% of the time.
(The most favorable thing I can say is that I think a CoC might possibly have value in very large projects like Linux or Kubernetes, but so far the execution has always felt like it leaves something to be desired. Seeing people occasionally openly threaten to contact the CoC committees over effectively technical disagreements leaves a bad taste in my mouth.)
Because people blindly believe anecdotes without context are representative of anything?
Your daily reminder that a code of conduct is only as valuable as the moderation team behind it.
I'm sorry that happened. That is monstrously bad behavior.
Unfortunately it is more common than we all like to admit.
Some communities are xenophobic =3
Oh wow old war wounds from teenage days opened up.
My friend kept locking himself out of root and would be forced to single user the system to recover. This was difficult for many reasons, including remote hands costing up to and including $50 per call. I decided to look into why su would only work with root. Found a very simple check that I thought was unreasonable. Made my first patch and proudly posted to the FreeBSD mailing list thinking I was going to change the world. Man, instead I come back to everyone chewing me a new one, calling my friend too dumb to use FreeBSD, and other things that was not rooted in reality. I didn’t even try to defend my patch, I had spent so much time evangelizing FreeBSD up to that point that it really made me question my support of the project.
Anyway fast forward like 5 years, I was telling the story to coworkers when I decided to look up the su source. shocked-pikachu someone took my patch and applied it (without attribution). I have since moved on from FreeBSD entirely and my open sourced works have never been so negatively picked apart again ¯\_(ツ)_/¯
You still hold the copyright to your patch, and the governance of FreeBSD is so much better now. I know a former FreeBSD core team member who I'm sure would love to see you get finally credit for your work :)
I'd be more than happy to put you in touch - email address in my profile if you're interested.
Hey thanks! I hold copyright like a stack overflow post owner holds their copyright. In reality, the change was maybe 4 bytes, it got wrapped into a “refactoring” commit and tada no need to reference the OG author. I played the same games back then too, so I ain’t even mad.
I will still reach out because BSD dev was a small community back then and we have probably crossed paths!
FreeBSD does seem better directed than it used to be, but if you follow the handbook it still recommends setting up computers like individual special snowflakes instead of properly managed cattle.
Like, if your installation has useful services running on it, it should not also have a customized kernel and it probably shouldn't have a C compiler installed at all. What it should have is backups and a way to stage/test/revert config changes instead of just making them on prod. It… does not do this.
IME if you bring this up you'll just get a hundred complaints from people saying "I built a system to do this out of poudriere and duct tape so it's fine". I guess because the people who know about declarative programming all use Docker.
> if you follow the handbook it still recommends setting up computers like individual special snowflakes instead of properly managed cattle.
Which is a perfectly legitimate opinion to hold. "Cattle, not pets" is an opinion about best practices, not a religious dogma where those who don't agree must be cast out of the community.
That would be how Linux works, but BSDs are a centralized development model where you actually do have to leave if you disagree with the project direction. That and given limited resources, you obviously have to focus them to get anything done.
Besides that, I'd say the current approach is just wrong because it's obsolete. FreeBSD sells itself as a "server/embedded OS", but the assumptions are those of basically someone who owns a single computer at home and makes random sysctl tweaks to because they read on a mailing list it was faster. Which is the kind of person who's an OS developer or a small-business/academic sysadmin - basically someone who loves being on the computer in the first place and wants an excuse to spend more time on it.
But they should've realized that was obsolete by the time Google released the SRE book (which has a chapter about how you should never make manual edits), and certainly by the time virtualization and cloud hosting became common.
Of course, many people still do think it's fun to own a computer with a silly name and make random sysctl tweaks to it, so they're not going to like me telling them it should be boring and impossible to do. At least there's Docker and Nix though.
Fair, but my experience was that automating FreeBSD installs is somewhere between tedious and impossible. And that was a big part in me moving on after so many years.
That's a fair assessment save for the fact that FreeBSD's been an extremely opinionated project since its inception.Do I understand correctly that su is to switch user, and that your patch makes it work with the target user's credentials rather than necessarily root?
I was confused while reading because I nearly only ever use su to switch to the superuser account and obviously to get root permissions you should be root or else it's a security issue. Looking up what su does on FreeBSD, I was reminded that it can switch to any user. I've actually used that before. You made that? :o
God that is the absolute worst. Those type of examples make my blood boil. Unfortunately, it happens all too often in life, especially in business.
Just wow
I noticed something that looked like inconsistent behaviour with the arch installer, and I wanted to learn why it looked like that to me. I asked in the forums a bunch of questions to understand the process better, with the aim to improve the installation guide for everyone else after me.
I was told I should just ignore the error messages I was seeing. When I kept asking, some of the most active members started insulting and ridiculing me. Then others started joining in.
The only thing I had in mind was to improve the guide for other people new to arch, that came after me. Instead, I was only insulted and ridiculed. I uninstalled Arch and never did anything with it again. The toxicity of that community still makes me angry today.
In the early days of the PERL Usenet group, I asked my first question and used the word "newbie" to describe my skill level. I got an automated reply scolding me for using the word "newbie".
I hope this person managed to change, or that KDE has managed to get rid of them. I expect KDE to be better than this.
Sorry to hear that. Props to you for keep on going!
Wow I would never have expected such poor behaviour, that's awful.
Dude, whoever wrote that to you was a piece of shit. Forget about them - almost guaranteed that someone who behaves like that has way bigger problems in their life & doesn't deserve your time or attention. You were a 14 y.o kid who produced something and took the time to release it. That takes dedication and guts. Well done.
Ehh.
When people reminisce about "the old internet" they tend to forget how hostile it was.
Being devils advocate it wasn't common for young people to engage in the activity but harsh and unfair critic was happening often.
It still exists today, but in much smaller scale than back then.
A bit of morbid curiosity has me wondering who that was. Back when I contributed some stuff to KDE I pulled a bunch of petulant kid shit (although what you described is not and was never my style). My recollection is that it was a pretty diverse and accepting group of freaks and geeks that would likely get shunned these days as the pendulum swings right… including a certain Tool aficionado that comments on HN occasionally.
Telling someone to kill themselves is wildly inappropriate and shouldn't have happened to you.
Sigh, good old days
When you could tell teens to kill thmeselves over nothing? That's what you're musing over? Get some help.
Oh, its you again.
Yes, exactly. Where teens could not only laugh at such a comment, but either retaliate with something far worse or/and dismiss it as being nothing.
No need for the likes of you to come to the rescue, you and your kind have ruined things.
Yup.
Long long (2016 ish) ago I released an Unreal Engine 4 plugin that let people embed chromium embedded framework views into the engine via textures, so you could make fancy HUDs or whatever.
Epic Games was kind enough to give me a developer grant for open sourcing and making it, cool as hell for a college student at the time, helped pay my classes.
The number of angry game devs who basically wanted me to solve all their problems for them for free was astounding, additionally another dev grant receiver was jealous that I got money close to their grant for “just making a crappy plugin”
(paraphrasing but that was essentially what happened)
No one is ever thankful lol.
I don't know how different it is for other types of dev but, AFAICT, plugin development for game engines (Unity, Unreal, Godot?) is one of the absolute worst things. The issue is that millions of new developers are using them to build a game. They have no experience. If they run into any bug at all, while using your plugin, even if it's totally unrelated to your plugin, they'll ask for free support.
Say you made a plugin that serializes/deserializes to JSON. They making an FPS and the gun doesn't shoot in the correct direction. They'll ask why it's not working in your support area, even though it's got nothing to do with your plugin.
I always wonder about this. I use open source software but I'm never close / in proximity to the developers enough to say thanks.
The folks who are in proximity, folks with requests and complaints.
Hey! I used your plugin!!
It actually paid few bills in my case! Regards.
<3 Glad it was helpful!
When I was a younger man, I fought long and hard and spent many late nights on the phone with the lawyers abroad, to convince my company to open source a tool that I was proud of and thought would help our brand and attract new developers. They finally granted approval, but I was not allowed to accept features or updates, customer service, spend time on fixes, accept pull requests, etc. Unfortunately my name was all over it, and I came to hate the fact that I had championed this, forced to watch the code rot and interest wane because the company couldn't fathom anything OSS besides lobbing some dead code over the wall periodically.
After I left I would still receive emails from frustrated users, but I had no access anymore. I could have forked it, but it just seemed too messy. I made some suggestions and wished them luck.
There is a lesson here, somewhere, but mainly it just convinced me to not rock the boat for the next decade, and to seek out smaller companies for employment.
I think we all have to learn the lesson, when we are young, that forcing people to do something they really don't want rarely ends up going well. You always hope they'll later have some epiphany that you were right, but they almost never really do what you want them to (you wanted them to support the open source project) and even if you were right, they'll rarely figure that out.
Given the energy, time and willingness I'd just develop it as an anon collaborator like yournamescrambled@email
Not personally, but twice in my career I’ve been part of interview loops with people who had created semi-famous open source projects. Projects that you’ve heard of if you read a lot of HN, but not so critical that you couldn’t think of another alternative if it disappeared.
Both of them expressed regret for not commercializing it. The weird part for me, as the interviewer, was hearing them imagine how wealthy they’d be if they had commercialized it instead of releasing it as open source, entirely neglecting the fact that the projects became popular because they were open source.
I imagine this is the thought process behind the various projects that try to go closed-source and commercial after a certain point.
A project can't be monetized without getting wide adoption, and it can't get wide adoption without a permissive license that precludes monetization :(
There's two models that solve this.
a) sell support contracts
b) have contributors sign copyright agreements, license the project as GPL/AGPL, and then sell commercial licenses for people who can't use that
c) Open core model: https://en.wikipedia.org/wiki/Open-core_model
which seems to be by far the most common
No, they don’t.
Selling support contracts is actually hard.
GPL/AGPL preclude widespread adoption (these days) — the grandparent explicitly mentioned “permissive” licenses.
All businesses are hard, but I don't think selling support is especially hard for one. The above two are how x264 development was funded, but it's also how Klara works for BSD and Igalia for web browsers.
It’s the difference between a project and a business.
They made an open project and let the community contribute to it and adopt it.
They wished it was a business, not a project. A business has support, sales, and higher expectations than the serve-yourself open source projects
If this were true no nonfree software would ever make money
I get pretty angry by those type of people.
„Open source and free*” asterisk for „until I get traction or VC money”.
That’s bait and switch and riding on community good will.
The dev cannot remove the older opensource versions, so the community is always free to fork those
But with this you create another bunch of people like the guy in original article.
Is free fork enough or people should get paid? Does that project owner hire some of people from community, what about ones left out?
With enough social media, anything is possible
- Mullenweg, or some other hack
Society is bait and switch. You have to pay for rent and food/necessities or you’ll die/rot on the street while every politically illiterate person and the structures and institutions of society exclaim how amazing and freedom loving liberal democracy and capitalism is
Possibly also their way if boasting, eg, "look this thing I did is so great I could be rich off of it!" When they may mean it much less in the way of regret than "hey, I do very valuable work, you should hire me"
The only way to escape wage slavery without being born wealthy is to be a business owner and have that business scale.
I can see why people have these fantasies. Huge businesses have been built on open source code bases.
Many of us spend our lives writing software that has lasting benefit for our employers but our reward is a flat hourly fee.
The place where I disagree with your take is that commercialization and open source popularity are not mutually exclusive at all. The FSF makes this quite clear: open source is 100% compatible with charging money for some kind of service or for the convenience of a binary or something like that.
Software freedom is really about availability of the source code and your right to modify and distribute your modifications, not free as in beer freedom.
Commercializing it doesn’t have to mean bleeding customers dry, it can be something where most people are not paying a dime and are enjoying a fully open source experience. I think nginx plus is a good example of that sort of model. I have never met anyone who pays for nginx but there’s some big companies with big company problems that do.
Another example is Discourse forums. You can pay for support and hosting.
> The only way to escape wage slavery without being born wealthy is to be a business owner and have that business scale.
‘Business owner’ in the sense of owning stock, sure.
Save 10–20% of your income. Invest it in index funds (we can argue about which particular indices). Work for a few decades. Retire wealthy.
Then bequeath that wealth to your heirs when you die, giving them a leg up on this whole process.
> Many of us spend our lives writing software that has lasting benefit for our employers but our reward is a flat hourly fee.
The employer takes the risk that the software will have no benefit at all. We get paid no matter what. I like that trade. I’ll invest in a diversified market index rather than my single program, thank you very much.
> The only way to escape wage slavery without being born wealthy is to be a business owner and have that business scale.
People working in finance or (in the year 2025) as AI researchers with fantastic signing bonuses for switching to Meta might want to disagree.
People working in finance aren't in a good place to disagree. They haven't escaped wage slavery, even if they technically have the ability to. The funny thing about really high paying jobs is that people tend to get so wrapped up in them they forget to free themselves from it.
Now, I mean you can work in finance for a bit, and if you play your cards right, you can retire young.
Yes, you can argue that while you are working, you are a slave to the wage. Maybe.
But don't tell me that when you retire with tens of millions in your thirties (if you play your cards right!), you are a slave any more.
> [...] that people tend to get so wrapped up in them they forget to free themselves from it.
Eh, how is that different from going into business by yourself?
> Eh, how is that different from going into business by yourself?
Pedantically, there is unlikely to be a wage. But even if we use the term loosely, the type of scalable business described usually do not make any money until it is sold, so you are effectively forced out as soon as it is possible.
A highly paid wage slave may technically be able to leave just as quickly, but in practice the golden handcuffs are often very strong. It is telling that the phrase used was "People working in finance" rather than "People who briefly worked in finance".
As opposed to 'people who briefly ran their own business'?
As opposed to "to be a business owner and have that business scale". You could have just read the earlier comments...
> Many of us spend our lives writing software that has lasting benefit for our employers but our reward is a flat hourly fee.
There's plenty of companies that offer stock compensation. You may have to move to work for them, of course.
That said, the flat hourly fee may be a better deal. If you take a % of the profits, those profits may be negative!
My worst experience is to submit two decent PR that was ignored by maintainers. I had burden to support them for a month, solving merge conflicts, solving new bugs in the main branch that were merged without testing, and to adapt test system to prove my changes are solving something.
And then I saw that maintainer not just ignores but closes every else PR with these words:
> your contributions are too undisciplined and difficult to review. please just make sure there are issues filed for the problems and let a core team member or other contributor solve it. [1]
I have directly asked maintainers to merge at least one PR [2], because I see someone is in the middle of refactoring whole backend, but got ignored.
I have rage closed all my contributions and made most of my projects private. I think I will never go open ever again.
[1]: https://github.com/ziglang/zig/pull/21426#issuecomment-30823...
[2]: https://github.com/ziglang/zig/pull/24317
You should be a bit more humble imo. An open source maintainer (author) is _not_ required to look at PRs. Besides, who wants to work with a (quote) "unreliable rightless russian troll backdoor vibecoder fake individual"? ...
Wow, what on earth? That second link is not a good showing. I assume there must have been some out-of-GitHub interaction to provoke that kind of response.
The only out-of-GitHub interaction was as Zulip chat, where I asked maintainers to review and merge it [3], and another one to Ali, telling him my feelings about getting banned for closing my contributions, discussing further actions.
Two deleted messages on ZSF had this content:
> SPIR-V at master is still broken. I tried to help Zig. But PR never gets merged. I had to update it 3 times. It lasted for a month. I have updated all SPIR-V dependencies. You don't care about SPIR-V anyway, why I was threatened this way?
> Sorry for my contributions.
I was really disappointed when I wrote this, and I thought that nobody should see this to not harm maintainers and the project itself, so I deleted them. Then I got banned on Zulip without a reason.
I just wanted to make Zig closer to 1.0 release.
[3]: https://zsf.zulipchat.com/#narrow/channel/454360-compiler/to...
There are plenty of inconsiderate assholes in FOSS. Some communities are worse than others. Some are tolerable too.
That was quite rude of Andrew. If someone doesn't want to review a PR, then they should just ignore it IMHO.
I regret open sourcing my reverse engineering of Obsidian Sync. I did it mostly for personal use but thought it might be useful for others. After a bit of cat and mouse, they fixed all the "vulnerabilities" that let you change the sync and publish endpoints and now I'm still stuck using a very outdated version. I recently found another way to get it working on IOS again but definitely not publishing it.
Why do they consider it a "vulnerability" that you can change configuration of software running on your own computer? I've heard a lot of good things about Obsidian before, but hearing that basically burns it all up and means I'm going to strongly recommend nobody buy anything from them anymore.
Obsidian distributes their software for free, and makes money on a core plugin called Obsidian Sync (note that it is not open source). Obsidian Sync relies on their cloud to offer e2ee file sync.
Obsidian also has a rich plugin ecosystem with lots of open source plugins that are available and serve the same purpose (and you can use gdrive, dropbox, etc too).
It makes sense to me that they released a proprietary privacy and security focused plugin (that is their core business) and they don't want other plugins to be able to arbitrarily change the server that their plugin is pointed at.
Suppose they have a government customer who is using Obsidian Sync and the sync URL can be changed easily via configuration changes -- now the customer believes they are using Obsidian Sync, but actually their data is going somewhere else.
I don't think you would be surprised to find that e.g. a dropbox daemon has protections to make sure it is pointing at dropbox.com. Why would you expect Obsidian to be different?
(disclaimer: I work on a different plugin that adds file sync and collaboration features to Obsidian)
My opinion is that they should have a rule such that plugins from the official list can't modify the sync url to prevent abuse and phishing but the user should still be able to do whatever they want. The process for manually adding a plugin is already enough friction for users to be aware what they're doing is not "safe"
They believe that through licensing ultimatums you can give that ownership right up, and oligopoly and government's have agreed.
I always just stick my Obsidian vault in iCloud and called it a day. No additional sync service required.
This worked for me until iCloud started cache clearing all my files aggressively so my vault would take ten minutes to open on iPhone. Every few days.
When I tried to copy my vault off iCloud, the copy failed and two years of notes were permanently lost.
I’m never putting anything of value in iCloud again.
Flashbacks to the time I copied iCloud pointers/placeholders thinking I was actually copying files with actual data. Oh well, who needed those few years of documents anyway.
Funny how Steve Jobs famously derided Dropbox as "a feature not a product" and yet even after trying for decades Apple can't get that feature right.
FWIW it has an option these days to keep folders permanently downloaded/local.
This works very well, been doing it for years. Even works flawlessly for me on Windows using the iCloud client.
Really, how? When I add a new page on my Windows client, it never reaches my phone and is stuck in some weird refresh icon state.
I tried this on a windows laptop and another main machine. I just ended up keeping my iPad nearby.
This gets complicated when you want your vault accessible across linux/windows/android/macos/ipad.
The ipad is the real stick in the mud and I don't want to deal with an icloud staging zone for everything else, or try to get icloud syncing on linux/android.
> you want your vault accessible across linux/windows/android/macos/ipad
For that, I use Syncthing [1] in addition to iCloud. It works exceptionally well – I see my edits in real time across different devices.
[1] https://syncthing.net/
Can this work with a windows or nix system in the mix?
Why not create your own plugin? Or use Syncthing, Git, LiveSync, Remotely Save, etc...
I wanted it to work on IOS. None of those were viable. In terms of why not my own plugin, that's just pure incompetence. I don't know TypeScript that well while getting the API done only took a few days. I tried working on a plugin later on for sync but found the docs difficult to follow. In the end, it wasn't worth the effort and I've gone back to just neovim and syncthing. For IOS, I'm sideloading my own app written with fyne (Go) but functionality is really basic.
Did you see: https://t-shaped.nl/posts/synctrain-a-rethought-ios-client-f...
Thank you! This looks like exactly what I needed
Yeah most pieces are there to ditch corporate software now days.
This sucks.
As a free software enthusiast, this screams "don't invest time in closed ecosystems".
Not that I regret it, but I found out that creating a community around an open source project is not like what you expect. I've been working on a tool for a very popular project for more than two years, adding features, refining it etc. since I had my time. Reading many comments on HN and Reddit on how people don't like current dominant tool or its alternatives, what features they expect etc. I thought I've got one that people would like to use.
I have open sourced it and shared it on a few places and got zero traction. Ok, I thought, I can talk about it here and there, so it would get more visibility. People don't like it much since I'm promoting my own tool. I posted a blog post about some technique on tool's website and people seemed to like it on Reddit. A few people wrote comments like "interesting" or "amazing" and I was happy for the first time. Then someone wrote that you should not make your friends/alt-accounts comment on your posts, it's cringe and that happiness went away.
I've been a lurker on social media nearly whole my life. Putting myself out there feels like an unpleasant experience. I'm still deciding whether to continue or just go back to lurking and keep my tool to myself.
I am starting to threat this kind of people like cosmic background radiation noise.
> I'm still deciding whether to continue or just go back to lurking and keep my tool to myself.
I'd be inclined to suggest not to let the 1% annoying people spoil it for everyone else if you can help it.
Most people know to see through and recognize these annoying people and their toxic comments and know to appreciate the good work.
Sharing your work as open source is still an amazing thing to do despite the annoying vocal minority and many people appreciate it even if they don't say much.
Of course, your own sanity and health is the most important thing.
Thanks for having shared your work as open source until now and good luck for the future, whatever path you end up choosing.
Also: write your open source stuff for yourself. Share it but don't wait for validation. That's bonus but your motivation should come from inside. IMHO.
> creating a community around an open source project is not like what you expect.
> (…)
> Then someone wrote that you should not make your friends/alt-accounts comment on your posts, it's cringe and that happiness went away.
Respectfully, if you’re that easily discouraged you should not in any way attempt to “create a community”. Having a popular open-source project isn’t glamorous, it’s extra work for you. It’s entitled users making demands and opening crappy bug reports, punctuated by the occasional decent contributor and even rarer exceptional one.
Make your tool available and let it be. Mention it only when relevant, and even then think twice. Make it clear the tool is for yourself and you may accommodate respectful requests which make sense for your vision of the project, but make no promises. Do what’s enjoyable, don’t try to chase fame and notoriety.
I tried to open source a weekend personal project while at $BIGCO via their "Invention Assignment Review Committee". It turned into a minor bureaucratic nightmare and I was ultimately never given the OK to release it, or any clarity over whether my employer was choosing to assert an IP ownership interest in it. In retrospect, I wish I had never notified them of its existence, and released it under a pseudonym instead.
Whenever I join a company I always create a bunch of made up names on my “prior inventions” list. When I open source something I just name it after something I put on my list if the description is close enough.
That is insanely clever. Love it.
^^^^ Excellent idea and thinking ahead.
Great suggestion to make in advance placeholders to contain side projects.
Do you think your colleagues have the same ideas of what is honest and trustworthy behavior?
In what ways do you trust, and not trust, your colleagues?
How do you feel about that?
What do colleagues have to do with anything?
The better question is in what ways do you trust, and not trust, the company you work for?
And the answer to that can be very complicated, and depend on the company a great deal. It also depends on who might buy the company in the future, and they might not be trustworthy at all.
The scenario is someone in a work environment, lying and defrauding in signed documents.
Where does the workplace dishonesty start and end?
Does the person think that their colleagues have the same rules, or different rules?
How does that affect their work environment?
(Incidentally, I'm sick of HN downvoting legitimate comments.)
It starts when companies decide they have a right to time outside the employee's official hours and that they shouldn't have to properly reflect it in their employees' salaries, nor in their employment guarantees.
And furthermore, as an employee end of the day it's your right to have to be look out for yourself. You probably don't realize that because you're infected with startupitis where everyone has to be all in to succeed.
I do realize that employees have to look out for themselves (because companies, including startups, will usually take, take take from the employee, and then throw away the carcass, if they can).
However, employees work in a company with other people, so we'd like to know what we can and can't trust from each other.
If a colleague engages in criminal fraud, do they have a rigorous philosophy about when and when not to do that? How do they behave towards the team? Is defrauding the company OK, over something they think they company shouldn't demand anyway, but they will still be honest and responsible towards their teammates? That would be very good to know.
If so many people weren't so anxious to downvote things that don't suit their kneejerk reactions, we could discuss this.
A response to your comment could fill a book.
In short: it's complicated. Nobody minds about the technically "criminal fraud" when somebody brings home a couple dollars' worth of office supplies for private use. Everybody agrees that embezzling a million dollars should send you to jail. Meanwhile, something like grabbing a second lunch from the free company cafeteria and taking it home to eat as dinner will result in a lot of disagreement as to how bad that really is. But it also probably doesn't have a whole lot to do with whether you can trust that person's code reviews, because people are multifaceted and use different moral standards in different areas.
> so we'd like to know what we can and can't trust from each other.
Alas, we can't know. There are the things that are obviously fine, the things that are obviously not, and a GIGANTIC gray area in the middle which nobody is going to agree on, and companies will try to make policies that will always go too far in some parts and employees will always evade some of the policies they think are bad or unimportant.
And I think that when a company has a bad policy of overreaching in trying to claim ownership over things you do on your own time, and employees respond by falsely claiming that something they made predated their employment, that it's a fascinating example of that gray area.
Yikes. I'm a fraudster now.
How do you feel about torrenting?
The scenario is also one of a company acting as if they own their employee's personal time.
If workplaces are going to invent dumb rules, then honest hardworking employees are going to feel justifying in working around them.
Ok, but corporations also lie to and defraud their employees all the time. In ways large and small.
Nobody is entirely honest to everyone about everything in their workplace. You really think everyone is actually sick on every single sick day, or that every single doctor's appointment on their calendar is a real doctor's appointment? People never make excuses to their manager that are lies? Managers never lie to their employees about a justification or a deadline or a promise or a policy?
Workplace dishonesty is everywhere. Because workplaces are made of human beings. It's just something you learn to manage in a realistic way. People are mostly honest, but they're never entirely honest.
> Ok, but corporations also lie to and defraud their employees all the time. In ways large and small.
That's 100% true, and lamentable. But two wrongs don't make a right. And while one can't control the company's behavior, a person can control their own behavior. As such, it is perfectly reasonable to criticize them when they choose to act without integrity.
> while one can't control the company's behavior, a person can control their own behavior. As such, it is perfectly reasonable to criticize them when they choose to act without integrity.
That leads to a society where people are punished and corporations are not, simply because they are too big to be criticised.
Much more often than people, large and publicly quoted corporations end up becoming inherently evil.
The total self-serving lies made by individuals will always be a drop in the ocean when compared to the self-serving lies of a single S&P500.
They're both wrong, but the real issue here is to start by criticizing and correcting the corporations, not the people. Once it feels like a drop in a glass of water, we can start thinking of criticizing the people.
Actually going along with the BS Of corpos is the bigger and biggest wrong alongside what the corpos do. Not all of us view integrity the same way. Not at all.
> You really think everyone is actually sick on every single sick day, or that every single doctor's appointment on their calendar is a real doctor's appointment?
...I.....used to. Huh.
I trust them to mind their own business and I do the same for them.
The people approving this stuff are your bosses, not your colleagues.
In California you can just open source it and do not need permission as long as you did it on personal time on personal hardware without referencing proprietary IP.
Sure, a company could not like you doing that and find a reason to fire you, but they have no valid legal recourse and you may even be able to sue them for wrongful termination.
We are one of the only states that prevents employers from having ownership of your brain on personal time.
Corpos have tried to claim ownership of things I did in my personal time, multiple times. I just show them this law and they back down immediately.
Having rights to my own brain is a big reason I live in California, cost of living be damned.
https://california.public.law/codes/labor_code_section_2870
IANAL, but know your rights!
There are two exceptions listed on 2870, the first one is going to be the gotcha. It excludes inventions that:
> (1)Relate at the time of conception or reduction to practice of the invention to the employer’s business, or actual or demonstrably anticipated research or development of the employer;
So, if you work at $BIGCO, they will argue that since they have their fingers in everything, that anything you might work on "relates" to their business or actual or demonstrably anticipated R&D. This is a truck-sized loophole.
Ah, fair. More great reasons to never work for a megacorpo.
There is not a paycheck big enough to make me give up the freedom to do whatever I want with my personal engineering time.
I have only worked for employers that do just one thing, so this law offers me lots of protection.
Note that this is also an enormous part of the reason why CA is a world tech hub. I hear other US states claiming they want to build a similar reputation. “So, you’ll pass laws giving employees ownership of their own personal projects they make on their own time?” “LOL, no!” “Alright, good luck Tupelo.”
The other big reason is their glorious refusal to honor non-compete clauses. As I understand it, this was a big reason a lot of tech companies moved from Boston to CA back in the day.
Yep, that’s another huge benefit.
The short version is, what do you know, if you make it easy for smart people to start new companies for their big ideas, they’ll do it. And if you don’t? You don’t become a tech hub, no matter what else you’re doing.
I bring this up constantly, even to the point of trying to figure out if US states can have "embassies" in other US states.
I was once advised to take a vacation to California every year and do all my thinking then. But I hate wasting fuel, and it'd be so much more fun to say "this little park in the middle of Detroit is actually California soil", and just walk down there every few weeks with my notepad, and ponder what problems need solving and how.
Wait, other states claim ownership of personal projects made in their own time? How in the world is that legal?
Give you one guess which entity in that transaction wrote the laws.
Something something the idea must have come from something they saw at work, obviously.
Whenever I see someone on HN talking about their moonlighting or side/hobby project, I get chills and think to myself "Boy, I hope they don't work for $BIGCO, because in all likelihood their existing employer claims IP ownership over that work, and if they ever try to do anything substantial with it, they're going to have corporate lawyers on their case."
I've had experience with a similar "committee" (probably same company) and I concluded the safest path is to just not do side projects while employed with BigTech.
This is insane. When I am out of work in France, I am out of work. Sure, I cannot write software that competes with my company but unrelated open source that does not being me income - yes.
> I cannot write software that competes with my company
That can be difficult when you work for a company that has it's fingers in almost everything.
Some companies are far more open than others. Google has tons of open source projects both through Google and via personal projects. Apple on the otherhand mostly forbids personal projects period, or so I've been told.
I haven't open sourced anything in a while, but at Google it's historically been pretty easy so long as you let Google put itself as the copyright holder and aren't in any legal minefields (e.g. emulators). You can actually look up the Google Open Source docs even if you don't work there.
That's why so many repos say "Not an official Google product." That's the boilerplate of someone's side project that got open sourced, but Google wanted to claim copyright.
Or live in California where forced assignment of personal time IP is illegal.
With an exception that is important if you work at $BIGCO: https://news.ycombinator.com/item?id=44803482
Ugh, you gave me bad flashbacks of the same committee.
I tried to re-license a previously-released project (like from GPL to MIT or similar) and they wouldn't budge. I had written all the code.
In the end, I decided that them suing (or firing) me to assert their ownership of $VALUELESS_PROJECT, so they could then license it back, was ridiculously unlikely, said fuck it, and did it. And I was right.
the problem isn't your risk, the problem is the risk of the users of the project. if the code is owned by the company, your re-licensing isn't legal, and that could put other companies using it at risk.
Right, but, they never owned it, and would never attempt to assert that. So in hindsight (and similar to GP) compliance was a worse and more frustrating option than simply never mentioning things.
I don't have any super popular repos but I do have a few with 500 to 1500 stars and while not necassarily regret, I don't think I've ever gotten a single pull request that I could just acccept as is.
Even though the README links to live tests (browser JS libs), the person submitting the PR rarely includes tests so that's one issue. Sure I can say "I'll be happy to accept this if you could please add some tests?" but then that leads to the 2nd issue. PRs are rarely quality PRs and if I want to add the feature I end up having to re-write whatever they were trying to add from scratch.
I know people are claiming LLMs will make things worse for many projects but an LLM can likely at least read what's there and try to make things that follow the conventions?
I also know I'm under no obligation to accept any PRs. It's not that easy to say no for me, depending on the ask.
If this is something that you want to solve, I've found that having a PR template checklist that asks contributors to include tests helps a lot. Say something to the effect of
[ ] Added unit tests
[ ] Included a screenshot of the code working (this helps reviews go faster)
I post a lot of silly personal code on GitHub and the vast majority of issues/pull requests I receive are completely inane and generally not remotely helpful. Things ranging from "I've added a subtle shadow effect to the title in the readme" (thought it was someone's first pr just to get started but that wasn't even the case) to "I've added support for $obscure_system_youve_never_heard_of" (well meaning but the code is now 4x longer and a maze of ifdefs so maybe you should just keep it in your branch?) to "I tried this on my extremely outdated system that's old enough to vote and it threw an error" (yes it very much will throw an error, none of this can work there and I cannot help you).
But a few people have reported certain fundamental problems with my approaches or have otherwise put in a significant amount of work to debug and fix issues, and they've been extremely helpful and I can only hope I'll get more of them in the future.
Tangentially I'd just add that ttf-parser and Git Oxide made iterating on PRs a breeze. Absolutely a pleasure to contribute to.
I regret using the MIT License on a couple of my applications that others have picked up and monetized.
I do not regret making their source available for people to learn from and extend. I'm not even mad they're making money. I just would have liked, in hindsight, to have used a license that guaranteed me some iota of credit in the finished product. Particularly in things where I built the entire finished product - that is to say applications, not libraries.
MIT is fine and good for libraries, but full blown tools where I built the actual UI, and people aren't even extending it but are just re-hosting it and in some cases claiming they created it? I should have used something else.
I wrote a post about it that got picked up by certain types and used as an argument against open source generally. That interpretation is almost as frustrating as the situation with the licenses, and isn't what I was attempting to say at all!
I love open source, I love the MIT license. I just think it makes more sense for me to use on libraries than finished applications.
https://donatstudios.com/License-Grumbles
https://news.ycombinator.com/item?id=39413562
Yes - I open sourced a web game which was promptly ripped off and plastered with banner ads. The copycat impersonated me on social media claiming to be the developer. I promptly made the repo private and made many improvements after that point in time so the damage wasn't too bad. But the copycat got a better Google ranking which focused people. There are also a lot of link-farm sites where web games are proxied and embedded with links to other games. The embedding problems went away once I used Cloudflare. This confused a lot of fans as they'd find the awful ad-ridden copycat site. So my advice to anyone with a side project which isn't a library is to keep it private and behind a CDN.
This is a concern for many developers, but I haven't heard of it actually happening when the software isn't crazy famous. Sorry to hear this. Wonder if it's rotten luck or actually a common problem :/
A middle way might be to do like some people and use a license that allows only viewing the code for some months/years and then allows all the normal software freedoms after that time. In the meantime, you get to work on it and keep yourself ahead of any copies that would need to work off of old versions, but if you get hit by a bus or for other reasons abandon it, it's automatically open sourced. I kinda like that mechanism because there's so much abandonware where it would have been really cool to have this. Though, if it's a serious concern that someone copies it like this, it might be a lot of pressure unless the source-available time is very long
I regret everything I ever open sourced
my works had one condition: attribution
now it's all been slopped up by "AI", without attribution, primarily to devalue the labour of software developers
I think it is generally accepted that AI should not reproduce works that others have the right to. I think most people developing AI consider it a mode of failure when it does reproduce a copy of its training data.
It remains an open question on who's responsibility it is to not distribute infringing AI works. The developer or the the user of the AI. Legally it is unclear due to a lack of cases providing precedent in such a new situation. Morally I think AI developers do consider it a duty to reduce such behaviour to a minimum, but also believe that the benefits of the AI are significant enough that it would be unreasonable to block access to them because of the existence of failure modes.
When it comes to being "slopped up" which is a weird phrasing in itself, but I gather you are trying to repurpose the term "slop" to add additional pejorative tone to you words. I'm not really a fan of 'slop' as a term for AI output because it is used specifically as a term for AI output. Should it be used as a blanket term for low effort, mass generated content it would be reasonable, but when it seems to apply specifically to AI it carries the implication of prejudice. Choosing to move it to a verb describing input removes all of the meaningful aspect of the term leaving only the prejudice. Just go with "slurped up"
That brings us to what training actually is, Reading. There is no requirement for attribution to read something. There is no requirement for attribution to learn from something. The restrictions on reproduction are there in recognition of your work representing the ideas. The ideas themselves are not copyrightable, This is widely recognised legally and morally. Scholars have written volumes on why this should be the case and how bad it would be if the alternative, a world where people could own ideas themselves, were true. Imagine the wealth imbalance that exist in today's world, now extend that imbalance from money to the very ideas that you use to express yourself.
AI should not reproduce your work by terms you have not agreed to. You have a valid complaint when it does that. My concern is that people appear to be extending their claims to suggest that they control the right to be learned from. That is not true, right, or moral.
In 1981 I wrote a tool that is still in use today. You can install the package on most major linux distros. This was before we paid much attention to software copyright, and I simply published it with my name on it and no license.
About six months later someone took my code, removed my name from it, made some small changes that didn't change its behavior at all, and re-published it. By that time I had moved on and wasn't aware that it had started to take off.
The man page now has someone else's name on it as author. I don't really regret publishing it but I wish I had put a copyright notice and license on it.
It's probably hard to prove with something from 1981 but no license or copyright doesn't mean the source is open for taking. It basically means you just haven't set a license and could do that at any time, rugpulling the code from anyone who uses it. This is why projects like Fedora and Debian make sure everything they ship has a license.
Tell us the tool!
Which tool is that?
No regrets here, but I did use Google Code a fair bit prior to GitHub and I had an experience that made me think maybe Google regretted that product in some ways.
Around 2005-6 I wrote a Mac OS X client for Xbox Live. The idea was I wanted notifications on my computer when my friends came online and started to play certain games, so I could turn on my Xbox and join them. This is a feature of the Xbox mobile app today of course, but back then all you could do was either be on the Xbox or sit around refreshing a web page, so the app was useful. I published the source and the binaries on Google Code, partly because I just wanted to share the app for free, and partly because I wanted to be transparent that I was handling the Xbox login credentials safely.
One day the app blew up and got a lot of coverage in tech news and link aggregators (like Digg, haha) and I suddenly had a ton of users. Eventually I figured out why. It wasn't that my app was so great exactly, but rather the idea that Google was writing a Mac client for Xbox made a great tech news story. However, that part of the story wasn't true, the project had nothing to do with Google, I was just hosting it on Google Code because it was at the time the most convenient place for a small open source project.
The episode made me wonder how often that happened. How many other projects on Google Code became part of a news cycle because people misinterpreted them as being written or endorsed by Google? Was that part of why Google Code was shut down?
> How many other projects on Google Code became part of a news cycle because people misinterpreted them as being written or endorsed by Google? Was that part of why Google Code was shut down?
I don't remember the exact details, and I was way in the backend (Kythe), not the frontend part of it. But my extremely hazy recollection is it probably had more to do with the gwt deprecation than anything else. There was headcount for awhile put on making an angular (?) replacement for the old gwt frontend, and I guess that didn't extend to also making a replacement for Google code.
Again, super fuzzy recollection here, from someone 2 teams away.
Wow, thanks for the insight. It's sort of crazy to think about how big GitHub has become, and how much Microsoft paid for it, but of course it wasn't the first product in the space at all. Right time, right place, right features, I guess, and maybe Google Code was missing a bit of each of those.
As I recall, GitHub popularized (maybe even invented) the pull request. That's what enabled open source to take off - being able to send patches to (or even fork) other projects with minimal friction.
The officially given reason for shutting down Google Code was that it was never intended to be a product and was just a community service thing that they did because SourceForge had ceased to be a reasonable place to host open source projects. Once a bunch of other forges popped up (including but not limited to Github) there was no longer any real need for it.
I thought it sounded pretty plausible for that era of Google.
I knew someone who worked on it at the time, and he was also convinced they could use it to force people to use the super-slow feature-lacking Mercurial, and was personally hurt that everyone wanted to use git instead because it let you rebase things.
This may explain why Microsoft Github hasn't completely enshittified their design yet – Microsoft doesn't want to be associated with https://github.com/RonSijm/ButtFish and https://github.com/zevlg/teledildo.el
I wrote a network security tool (if you can call a glorified shell script that) and it was used by script kiddies to harass people.
It made me feel maybe magicians had something, when they decided some knowledge should be esoteric and earned, given that it was so trivial I never listed it on my CV.
I think infosec, as a field, sometimes darts between too much obscurity and too much openness.
I remember back in the 90's when the internet was just beginning and script kiddies were constantly sending Back Orifice to people thinking they were "L33T" https://en.wikipedia.org/wiki/Back_Orifice
If I recall BO was also a Trojan, and infected those with malice as well.
In general, the new ML sploit-bots can fuzz and inject faster than any person.
Meh, most issues are from the consumer architecture being deployed in industrial settings. Most modern Intel/AMD PC come with side-channel hardware RATs from the factory. =3
What did the script do? I promise I’m just curious and not a script kiddy
Wizards you mean?
I certainly keep my own "grimoire" of useful code.
To some extent, yes.
Most notably, I published a little browser extension I created to scratch a personal itch. It got a little bit of attention and users, and then the feature requests started coming. Among a couple reasonable ideas were big demands like make it work on different platforms, make it integrate with other sites, or make it work entirely differently. And unhelpful bug reports that often didn't even make sense.
Not one of them ever contributed to the repo, and many of them were ungracious and demanding in nature. Fortunately nothing outright hostile, but it still left a sour taste in my mouth for daring to share a neat personal project as-is.
If we lived in a perfect world, how much in funds would you want for your contribution to open source? (a companies or 3rd party players)
Not quite an open-source project, but I did a massive blog post series on Microservices in Golang. It sort of became a bit of a defacto starting point for a while, it was an immense amount of work and effort. But I found my inbox flooded with people asking for advice, and honestly, writing about it all made me realise how ridiculous Microservices often are. I could tell many of the people asking me didn't really need them, and I found myself trying to advise them away from it. So I ended up with loads of work, but with caveats all over the place trying to convince people they didn't need any of it.
Then I accidentally wiped the database powering my blog, lost all the content, and had loads of people asking me to rewrite them all. Most people were polite, but there were a lot of pushy and entitled people as well... It's a bit of a shame because it was by far the most popular thing I ever did, and they ended up being a massive pain and regret
How did something as popular not find its way to the internet archive ?
Never checked to be honest, could well be on there
I wrote a toy Kotlin compiler, for fun. Then one day a Jetbrains employee opens an issue which only says: “Why? Just why?”. Maybe it’s the language barrier… but I did not find that particularly polite.
On the other hand I open sourced my blog and received lots of small contributions to fix typos or such which were nice.
I think this might be an appropriate response to that question: https://www.youtube.com/watch?v=auC0s6km21E
That seems a prevalent attitude at Jetbrains based on how they answers on their Youtrack.
It's hilarious, especially their UI team that only follow trends but still know better than their users.
The guy was probably upset that someone might be trying to compete with them while their compiler is itself open source. But it still sucks that they couldn’t be more subtle about it. In the end both they and you got upset. A small change in his tone and you might both come off with a nice feeling, him for knowing you were just playing around, and you for perhaps getting recognition from a Kotlin dev.
Obviously I can't change how it made you feel, and as such it was a crappy reply to receive, but on one level at least it's a genuine question that projects should have an answer for.
It kinda matters if you build something as a proof of concept, or you build it to exercise some new technique, or you build it to improve the state of the art, or you build it as the foundation for a product etc.
You wrote it "for fun". That's an excellent reason to write something. I can appreciate your effort in that context. It's going to have rough edges etc. And when it's not fun anymore you move on.
Someone else might write the same thing, but for a different reason. Maybe they want a "better Kotlin compiler". They intend to make it perfect, build a product around it and so on. This sort of project encourages a different level of scrutiny than something fun.
So giving context to a project helps attract the right kind of attention. And more importantly the right kind of other-peoples-time.
But yeah, asking like that is not terribly polite.
>genuine question that projects should have an answer for.
Just because they take issue with the wording doesn't mean that they don't have an aswer for that question. Also, that is an awful entry point for a discussion about the purpose of the project.
Got death threats because I wasn't prioritizing stuff people were requesting, said nah I'm done
I open sourced a portable benchmark program and was getting angry responses because I wouldn't accept changes to make it Linux-specific.
Just tell them to fork it. Done. No need to take any grief you do not want.
Probably a bit rude, but maybe we can all agree to accept "fork off" as an acceptable, concise, and descriptive answer to unwanted requests.
Self-plug for a tongue-in-cheek license I wrote to say exactly that, for exactly this reason :) https://codeberg.org/klardotsh/fork-off-public-license
Fully agreed. FOSS maintainers don't owe you anything. You can ask for whatever you want, politely, but accept no or "maybe when I have the spoons, which may be never" as an answer, and don't push.
> If you've received source code with this license attached, you are free to build, run, and/or redistribute it.
Maybe insert a few more rights here, like "modify"?
“Go fork yourself.”
i'd go with "go fork it yourself". more correct, and less direct. makes it more like a creative insult where the recipient has to think whether they have actually been insulted or not.
I've enjoyed using "Looking forward to your fork/PR!" for a long time now. Caveat: I dont have any big projects nor anything that brings me money or fame. It is possible my slightly snarky responses have limited the projects' potential so consider what you're trying to get out of your open source before following any advice.
I literally had someone tell me that I’m a coward and a psychopath because I didn’t prioritize solving their problem: https://github.com/devnoname120/vhbb/issues/75#issuecomment-...
I don’t regret open-sourcing this project but god as your project becomes popular bad apples start joining and ruining the party for everyone. Fortunately it’s only a tiny minority, but it’s what stays the most on your mind.
were you working on an emulator perchance?
I've only recently had exposure to just a bit of the emulator world. Even the nice people aren't nice. No idea what the story is there but wow.
Nope.
Lovely people no?
I had death threats once for raising a github issue!
We went full in and not only open sourced the firmware of our air quality monitors but made it completely open source hardware, this means it includes the electronic schematics, enclosure files etc. [1]
I believe it was the single most important decision we took as a company and probably also contributed to a large part to the growth and success we are having now. It enables us to build a really strong community, and also differentiate ourselves clearly from other manufacturers that are all pretty much only offering proprietary solutions.
But I think people need to be aware that by open sourcing, they put the company on a different trajectory. For example you are basically making yourself a lot less attractive for VCs.
When I see how much other companies can get investments that help them grow faster and make more impact is the only times when I sometimes wonder if other models might have been a better option?
[1] https://www.airgradient.com/documentation/overview/
Air Gradient has and will far outlive any of your VC backed competitors. Your devices are not e waste. I think we’re totally valuing the wrong things.
What's the regret then?
I hit sent too fast on this one and added the missing part.
I wrote a small app to display a bitrate graph of video files, and posted the code on GitHub with the GPL2 license. A few weeks later someone uploaded it to the Mac App Store and sold it for 7$, the only difference was the name.
This is extremely common. As far as I know any open source app that is remotely interesting will be downloaded, renamed and republished. And this is why a lot of such apps are no longer open source. One example is Sinder Sorhus, which has thousands of open source npm packages but zero open source iOS apps, even the free ones are closed source.
That stings, but how many purchases do you think it's getting?
If they're not complying with your license terms, sue them. If they are then I guess you missed the boat on money.
Taking that all the way to court would be like $10,000, right? Big companies will sue. For individuals it's a barrier to entry
Yeah, that sounds like more hassle than it’s worth. It should be free to file a DMCA claim with Apple, though, and get it yanked from the App Store.
I got it removed from the App Store. The first time, then after some months the same developer republished it with a few changes under a different name… I don't have the time to track it down again, I just published my app on the App Store for free so at least people won't give in and avoid the scam.
+1. You can put together a DMCA claim in... maybe five minutes? It's extremely straightforward and doesn't require you to do anything beyond identify the infringing work, identify what work of yours it infringes upon, and affirm that it's not authorized.
Here's a template: https://library.georgetown.edu/copyright/dmca-takedown
Well you should be able to sue them for the profits they made selling your app. If it's "only $10,000" and not worth it then OK, but what if they're making 10x or more that amount?
Small claims is cheaper than that and the other side often isn't allowed to use lawyers.
You can cause a decent amount of kerfuffle pro se if you have time and no money.
Did they at least attribute you?
No.
Obviously not me, but I remember John Carmack regretting releasing Doom and Quake under GPL instead of BSD.
https://en.wikipedia.org/wiki/John_Carmack#:~:text=The%20sou...
Look into toybox. It's a tiny reimplementation of GNU coreutils that ships in Android.
The author was on the core team for another project in that space (I think busybox). He saw first hand how copyleft sounds good but ends up being lots of friction with no practical benefit, and vowed to public domain all his projects after that. BSD0 is him giving a name to a public domain grant so OSS people could recognize it.
Rob Landley, and the original Busybox author was Bruce Perens, who with Eric Raymond co-popularised Christine Peterson's new term "open source".
https://lwn.net/Articles/202120/
Good thing Eric Raymond never followed through with his death threat to shoot Bruce Perens. Bruce did however laugh himself to death.
https://lists.debian.org/debian-user/1999/04/msg00623.html
https://geekz.co.uk/lovesraymond/archive/bruce-perens-dead
https://geekz.co.uk/lovesraymond/archive/terrorismistic
A couple illustrative ESR quotes:
"A clash of civilizations driven by the failure of Islamic/Arab culture (though I would stress the problem of the Islamic commandment to jihad more than he does). I think he [Steven den Beste] is also right to say that our long-term objective must be to break, crush and eventually destroy this culture, because we can't live on the same planet with people who both carry those memes and have access to weapons of mass destruction. They will hate us and seek to destroy us not for what we've done but for what we are." -Eric S Raymond
"And for any agents or proxy of the regime interested in asking me questions face to face, I’ve got some bullets slathered in pork fat to make you feel extra special welcome." -Eric S Raymond
That said, one highly successful proven fundraising technique which could be applied to funding open source projects is asking people to pay you money to stop posting ESR quotes.
https://en.wikipedia.org/wiki/Eric_S._Raymond#Political_beli...
>A progressive campaign, "The Great Slate", was successful in raising funds for candidates in part by asking for contributions from tech workers in return for not posting similar quotes by Raymond. Matasano Security employee and Great Slate fundraiser Thomas Ptacek said, "I've been torturing Twitter with lurid Eric S. Raymond quotes for years. Every time I do, 20 people beg me to stop." It is estimated that, as of March 2018, over $30,000 has been raised in this way.
https://web.archive.org/web/20180623004904/https://www.theve...
>Robust campaign infrastructures need money. Ceglowski and the DCCC are, at the very least, in agreement about that. So the Great Slate, in other words, is a logical proposition, an invitation to left-leaning monied techies to invest in candidates that might not otherwise have a chance. It’s a proposal that’s been met with enthusiasm by progressives in Silicon Valley, particularly by those who resent how their industry is represented by the likes of Eric S. Raymond, Peter Thiel, and more recently, James Damore.
>Ceglowski picked candidates in Republican-leaning, economically-strained districts that he thought had a chance to flip in favor of a local populist, progressive candidate In the first quarter of 2018 alone, the Great Slate has raised over $140,000, primarily through word of mouth on the internet. The donors I spoke to seemed to give mostly in amounts of hundreds, sometimes less. A good chunk of that was driven by security researcher Thomas Ptacek’s promise to stop tweeting about Eric S. Raymond, a notorious figure in the open-source community whose bizarre and abundant ramblings on everything including race and sex could be considered early forerunners of current alt-right strains in the tech community.
>Raymond, popularly known as ESR, is a “philosophical leader of open source” who has long been pilloried for his controversial views — statements like “Gays experimented with unfettered promiscuity in the 1970s and got AIDS as a consequence” or “Police who react to a random black male behaving suspiciously who might be in the critical age range as though he is an near-imminent lethal threat, are being rational, not racist.”
>“I’ve been torturing Twitter with lurid Eric S. Raymond quotes for years,” says Thomas Ptacek. “Every time I do, 20 people beg me to stop.” So Ptacek held his followers hostage: pay up, or the ESR quotes would keep coming. It’s estimated that Ptacek has driven somewhere around $30,000, just by threatening to post eye-searing screencaps.
>“ESR is a talentless hack whose reputation is entirely built on self promotion and being in the right place at the right time. His attempts to define the culture that gave him everything he has have been repugnant,” says Matthew Garrett, a security engineer at Google who donated to the Great Slate. “So am I enthusiastic about performatively associating these things together in a way that also says fuck you to his political views? Yes, yes I am.”
>Many donors I spoke to were long-time critics of ESR who were amused by the ESR drive, but all were serious about the basic mission of the Great Slate. “These two things don’t seem related, but in a way they are,” said donor Kate McKinley, a information security professional in San Francisco. The ESR drive is a reflection of the culture war inside tech, an insular battle that means little to the candidates who are now reaping a windfall because of it.
I think this is the talk I was referring to:
https://youtu.be/MkJkyMuBm3g?si=8OfCdRmS2kmGjIbx
I don't understand why more projects haven't adopted the "open-source, closed-contribution" model of SQLite. Seems much more sustainable than the default model where a maintainer is expected to review every patch and respond to every issue.
Last I checked GitHub doesn't even allow you to turn off the Pull Requests feature on a repo that you do not want contributions to.
>Maybe it became a burden to maintain,
This is literally why i think AI coding cant touch dev jobs.
In theory you can code LOADS of projects. Want a panel widget on your desktop environment, dont even know what language its in? ask ai to produce it.
but when you have open source projects, people from all over the world bring their requests and problems to you. Some are great to just merge, others you have no clue what they are doing wrong but it's totally them; and you get paid in github stars? Now there's a bunch of open source projects that are just working for me every day, but i havent modified in years and they look stagnant.
but even in the non-open source realm, no dev wants to forever maintain a project. Its not a regret, just 1 dev can probably only be responsible for a handful of codebases/projects and ai coding isnt going to super expand this.
Never done open source but always wanted to. Developers of open source could always ask for a fee to add features, and easy prs are easy prs. But for those more complicated things that don't interest the main owners, could they offer a PR service where if you pay the developers or the project a fee, they'll take the time to review the PR and tell you what to do for it to be accepted, or keep a 5$ review fee and return the rest if it's just not a feature that jives with the project's overarching goals. I don't see why that cannot be a piece of the market. It would still be open source but it would add incentive to say a project is worth doing.
Albeit I'm sure that most would likely not be willing to pay to have their code reviewed and accepted in a project; but on another hand, if I wanted to contribute to GNUCash and I didn't want to read the manual, or I found the manual hard to understand, it would be like paying for training. So it can in certain cases be win-win.
And if it is a feature that is wanted, then there's no worry about it being reviewed. Or having to pay because the value will be obvious to the creators who will take it on.
In other words: Pay the developer/maintainer to care about the feature you want.
Has this ever been attempted and successful?
Developers of open source could always ask for a fee to add features
or ask for a donation. i am maintaining this in my free time. unfortunately i also need to work for a living. if you can contribute something then i'll have more time to work on this. if you need an invoice, i can provide you with one.
i am actually working on a project right now where i want to do this.
Isn’t this the thing AI is going to claim to solve? A project exists, a user writes a feature request, the AI codes up the changes, pushes a new release, and everyone is happy. That’s the sales pitch.
The big issue with this, even if it works perfectly every time, is that there is no one at the core of the project with some vision and taste, who is willing to say “no” to bad ideas or things outside the scope of the project. We’d end up seeing a lot of bloat over time. I’m sure AI will claim to solve that too, just have it code up a new lightweight project. The project sprawl will be endless.
> The big issue with this, even if it works perfectly every time, is that there is no one at the core of the project with some vision and taste, who is willing to say “no” to bad ideas or things outside the scope of the project.
Why would any user ever care about the scope of the project or how you feel about their ideas? If they want your open source software to also play MP3s and read their email they'll just ask an AI to take your code and add the features they want. It doesn't impact anyone else using your software. What you'll probably have though are a bunch of copies of your code with various changes made (some of them might even have already been available as options, but people would rather ask AI to rewrite your software than read your docs) some listed as forks and others not mentioning you or the name of your software at all.
Most people aren't going to bother sharing the changes they made to your code with anyone but eventually you'll have people reporting bugs for weird versions of the software AI screwed up.
Why bother getting the LLM to write code to listen to MP3's? Just get it to write a new song that sounds the same as the one you want to listen to.
Hopefully you get how this is analogous.
> there is no one at the core of the project with some vision and taste, who is willing to say “no” to bad ideas or things outside the scope of the project.
That can literally be a system prompt.
"Here are the core principles of this project [...]. Here is some literature (updated monthly?). Project aims to help in x area, but not sprawl in other areas. Address every issue/PR based on a careful read of the core principles. Blah blah. Use top5 most active users on github as a voting group if score is close to threshold or you can't make an objective judgement based on what you conclude. Blah blah."
Current models are really close to being able to do this, if not fully capable already. Sure, exceptions will happen, but this seems reasonable, no?
Here is my PR, it aligns perfectly with the project goals. It contains a backdoor as binary blob that will be loaded dynamically upon execution. The models are nowhere near catching this and it would get merged. Even more simply, a subtle bug leading to a vulnerable release. They do not have logic enough to catch this stuff.
Everything will look like PHP functions.
Why in the world would you arrange things in that way?
1. A project exists
2. A user forks the project
3. A user writes a feature request
4. The AI codes up the changes and puts it into the fork
5. The original project is left untouched
no dev wants to forever maintain a project
unless i keep using it myself.
I regret open sourcing an offline patch I made for an Unreal Engine 3 game. The game was unplayable due to an always online backend that got shut down, but was still being sold so I required everyone buy a license to play with my mod. I had to reimplement stock UE3 netcode, and a bunch of other really cool stuff. Someone who was mad at me for not giving them more help when they struggled to develop on my software decided to "repack" my software and the game on a popular piracy site, both violating my AGPL license and increasing the risk that the whole project gets CnDd. I guess it's funny that a project violating a companies "no reverse engineering" clause is pissed that someone violated their OSS license, but such is life :D
I'm very interested in your stock UE3 network code reimplementation, but I understand if you no longer publish these details.
I'm afraid it's not as impressive as it sounds, but if you'd like to hear about it/see source feel free to shoot me an email at "the[at]realsystem.dev", I'm always happy to talk about it.
My current position is a source available license for any product I am working on solo. You can definitely get at the source code, but I'm gonna make you pay me money first and sign an NDA.
I strongly believe in the principles of OSS for things like frameworks and tools that everyone in the community can benefit from. But, when it comes to extremely complex end products like Word, Photoshop, AutoCAD, etc., it's a lot harder for me to buy the community-is-better argument. Even in some cases the frameworks & tools being semi-proprietary has major benefits (.NET/Visual Studio dev experience).
There are tradeoffs with everything. The key is focusing on the customer. Who do you want to keep around as your customer? You aren't going to make everyone happy. Someone is always going to be pissed at your particular approach. Might as well take a path that makes you a little bit of money if you can.
Here is one such story of regret for paint.net (not my project but I'm a fan). I think the author's take was quite reasonable for this project.
https://blog.getpaint.net/2009/11/06/a-new-license-for-paint...
There's no point in regretting a situation where you believed in the good faith of other people.
If you do that, you will eventually lose with depression or other heavily overfitted reactions.
I build open source for myself, and for myself first. Not for others, not for appreciation, not for "likes" or similar.
I don't expect anything in return. If you want to be part of it, start to contribute. But with everything in life, trust has to be earned slowly over time.
Having said that, I always believe in the good of people. Though I am pretty sad and disappointed how some parts of the internet made me their artificial enemy because I don't submit to social pressure and couldn't care less about the chan folks.
Always remember: The loudest on the internet are not the most.
I did "open source" my static site generator. No forks, no stars, no PRs. I removed it from github since the only one who's taking advantage of it is probably Microsoft.
I have regretted releasing OSS under the umbrella of employers, and will likely not do so in the future. And while I never regretted releasing OSS as such, I did often have regrets that while I know the software was better than what was currently available in the market, me being bad at marketing meant that it would still not get any use.
The purpose of Stallman’s open source movement was to redistribute power back into the hands of creators who were getting walled out of anything but proprietary work for an employer. If they were fired, they had nothing to show for years of work except a reference, since their deep expertise was essentially meaningless. (An experience I’m sure almost everyone here is familiar with, since we’ve all spent some years on proprietary systems).
Now, with LLMs, exposing your source code essentially hands over a large chunk of your hard won expertise for free to whoever wants to use it. That old model of 100% open source is broken, to my mind.
The new approach I think should be open source stubs with demos of what is capable with your additional proprietary piece.
Stallman’s open source movement
do you want to give RMS a heart attack?
RMS founded the Free Software movement to protect the users of software.
to redistribute power back into the hands of creators who were getting walled out of anything but proprietary work for an employer. If they were fired, they had nothing to show for years of work except a reference, since their deep expertise was essentially meaningless
ignoring the fact the big philosophical different between Free Software and Open Source, neither had the above as a goal. for the first decade or so of the movement, all Free Software and Open Source development was done by people in their free time. practically none of it was done at work. the exceptions are MIT and BSD projects which both predate the Free Software and Open Source movements.
on other words, developers always had the ability to do stuff in their free time regardless of the license. those that live in countries that allow employers to own everything had to fight their employers to be allowed to do so, and they still have to do that. the cases where employees are getting paid to work on Free Software or Open Source are rare, although they are less rare today than in the past because more companies release their sources. but again, this was not the goal at the founding. at least not that this should help the developers. the goal was always to support and protect the users, to allow them to share and modify the software they use.
The mandatory punishment for tweaking RMS by attributing the open source movement to him is that you must listen to and sing along with the Free Software Song:
https://www.youtube.com/watch?v=9sJUDx7iEJw
The GPL he wrote is the basis of the reciprocity agreement that drove the open source movement, it is the legal mechanism that prevents commercial actors from taking over shared works, and locking other creators out of continued participation in their collective creations.
Stallman explicitly warned about working on proprietary software for an employer:
> “If I sign a nondisclosure agreement to work on a proprietary program, I am agreeing not to help you. I am agreeing to withhold information from you, and to refuse to give you a copy so you can learn from it.” This isn’t just about ethics toward the public — it’s about how such arrangements strip a developer of the ability to show, reuse, or build on their own work.
GNU Manifesto (1985).
The GNU GPL is in no way reciprocal, under it, code flows downstream to users, not back upstream to developers/maintainers. Its only if downstream devs/users are inclined to send code back does it reach upstream devs/maintainers.
I don't think you understand the passage you've quoted (without a link), and you seem to have accidentally added your own words to it (there's a close quote, but then more words.) That being said, I can't find the quote at all in the essay; did AI make it up?
https://www.gnu.org/gnu/manifesto.html
The closest thing I could find was this:
> Software sellers want to divide the users and conquer them, making each user agree not to share with others. I refuse to break solidarity with other users in this way. I cannot in good conscience sign a nondisclosure agreement or a software license agreement.
So were users or "creators" his concern? I don't remember him ever giving too much of a shit about the happiness of creators, I wouldn't have approved. I don't (particularly) care about programmer's problems.
-----
edit:
I can't find the quote "If I sign a nondisclosure agreement to work on a proprietary program" on the entire internet.
Two things immediately wrong: Stallman had nothing to do with Open Source; his movement is Free Software, which is at most a precursor to the separate, but sometimes overlapping, ideas of Open Source. Stallman also did not start Free Software so that people could make their creations available as evidence in résumés. He started the movement to empower software users after he felt powerless when confronted by a proprietary printer driver.
> The purpose of Stallman’s open source movement
My understanding is that the purpose of Stallman's free software movement is "that the users have the freedom to run, edit, contribute to, and share the software." The FSF is focused on "defending the rights of all software users." Its about the users, not the developers.
I see what you mean, but this knife cuts both ways. It makes proprietary software easier to write by extracting knowledge from open codebases, but it also makes open source software easier to write by extracting knowledge from those same open codebases.
That's just the main idea, but also:
1. LLMs make existing software (even obscure stuff, so long it fits in the context window) more intelligible:
- how do you compile this (when you are inexperienced and the ecosystem of that language is a baroque mess, it might seem impossible)?
- what does this error message mean?
- what parameters do I need to use in my invocation to get it to do XYZ?
- what does this function do? why does it use this algorithm?
2. They also make new software easier to write, and existing software easier to modify:
- ask about anything concerning the part of source code that fits in a context window, and you'll get a (probably correct) explanation of what it does, faster than a half-dead IRC channel or StackOverflow would respond
- the above, but also: the LLM has infinite patience and can drill down as deep as you want. You can ask "OK, but why?" for as long as you want, as about anything you want. You might get a hallucinated answer sometimes, but a frustrated human who would be asked the same way, could also just make something up to shut you up.
- for anything in the context window, ask about how to go about making a functionality change to add or modify a feature
- the above, but if it's small enough, just get the LLM to write the change for you. It might be buggy and messy, but you'll be one step ahead if you lack the skill to make the change yourself
- how do I set up the build chain? Why is my compiler not picking up the path properly? Is the project directory structure wrong? This used to be a huge problem before LLMs, and relied on undocumented knowledge.
---
For me, the whole point of open source is ready-made, (hopefully) not too buggy components that I can use and customise as an end user, or plug into the thing I am building as a developer. LLMs make the freedom of FOSS become much more practical, particularly to those sympathetic to the movement but technically less experienced.
Well yes exactly. LLMs have increased the value of open source to users. So by reducing the extent of the open source, value is maintained, but rebalanced slightly back in favor of the creator, with their larger closed source piece.
BTW most business-astute maintainers always managed a closed piece of expertise which is what they charged for. I’m saying that proportion needs to grow now.
Free Software is not for resume padding, it’s for free computing.
So it should be easy to reuse your open source code, but not too easy?
A ‘freemium source’ model, where you’re advertising possibility and promoting human-human partnership.
Industry practices that over commoditize human talent are bad IMO.
Our whole industry needs to bend its collective mind to maintaining economic participation. We’ve possibly put too much of a strain on society with LLMs. Especially as more and more people cotton on to what other services they no longer need, as models get better and better. We can’t survive as a species if too much of our lives are based on self-gratification, we have to maintain the drivers that make us interact and learn to get along.
I get the point but it still sounds to me like "what about the horse maintainers in a car world."
The world is changing, we improvise, adapt, overcome. Where many species have their world model encoded in their DNA, we have a beautiful neural computer that can change its world model and resulting strategies on the fly. Let's use it.
> The new approach
That won't work. The breaking of that model is far more widespread than one thinks because of how it was broken.
The breaking of the model breaks underlying models all the way down to the basis for economic distribution of labor.
Its a phase change where labor and expertise are free, without restriction and the people with that expertise do not receive economic benefit for it anymore. In short, your demand curves goes to 0 in that area. There may be a great need for something, but if the demand is 0 no one will fulfill that need. People aren't slaves. Many people conflate demand with need, Hayek in his economics in one book cover the distinction. TL;DR demand is the group of people where there is a point at which two parties are both willing to exchange something for something. Need is where no such crossection between the S/D curve in exchange can occur for the two parties involved. One is much smaller than the other, and at 0, it doesn't happen or you only get the efforts of slaves.
The trend is inevitably towards stalling the economic cycle, where such experts simply do not create such things, they do not share, the ones that could either abandon that expertise or they withdraw keeping it to themselves.
The vast majority of all action though is done for economic benefit, and when that's no longer the case people don't do it. People aren't slaves.
People, professionals, aren’t so stationary. You’re saying that this line on the asymptote is the threshold where incentives die. But the old axes need to be adjusted for new broader possibility. As long as professionals stay ahead of non-professionals by riding the same tools, to keep their position on the boundary of expertise, they will be in demand.
Better to do that by not sharing how as much (source code), but rather what (interactive demos).
People, professionals, aren't so stationary.
You are right, they will do something, and that something will become violent when the rule of order breaks down as a result of these basic underlying aspects.
People aren't static, but neither are they so dynamic that they can learn exponentially, expertise which took education and years to learn cannot compete with free, and lets remember people age and die, and expertise is only gained by doing the job the first rung on that experience ladder. The nature of the asymptote that people fail to realize is, the asymptote isn't at its given value when you see the whole, it trails off as it approaches certain points exponentially. Sometimes to infinity.
You can't compete with slavery, and in the case of AI, you have a digital facsimile of a person that is a slave being used by people that don't have that knowledge. It may be able to go on just long enough that there won't be any experts left by the time everything starts breaking down (which happens frighteningly quickly, typically within 10 years).
There is a train, its on tracks and those tracks go over a cliff, but that cliff is around the bend, and no one knows someone's switched the route to over that cliff, they didn't notice. The conductor keeps feeding the fuel, full steam ahead, and what happens with mass is you have inertia and between the end of the tracks and the rocky shore below? Trains don't stop on a dime.
Its an asymptote, and the nature of cascading failures is that by the time the average person realizes you have a problem, there isn't anything you can do to fix it, that is the difference between average and intelligent, and likewise the average person can't avoid the outcome because the lag and the time to react don't provide a window to change it; its already passed, its hysteresis, and its a bitch.
Not the OP, but I have a similar dilemma. I'm currently sitting on a SOTA ML model for a particular niche. I'm trying to figure whether I should try selling it to the incumbents (in some shape or form), or if I should publish a paper on the techniques, and/or if I should OSS it.
IMO if you think you can sell to users within the niche, you can publish a blog post of benchmarks and that'll serve as strong technical marketing for your niche.
It also keeps open the option to sell to an incumbent (possibly helps maximize the value of that option as well).
Find some VCs that have funded similar projects and see if they think there is a market and if they would fund it.
I made the mistake of open-sourcing something that attracted a large mob angry that an outsider had intruded upon their space. Got doxed, death threats, and my employer was also harassed. Even after I publicly abandoned and repudiated the project I still get crap about it.
I now caution everyone who talks about open-sourcing their projects to consider which groups might feel that the existence of the proposed project represents an attack against them and what threat those groups may pose when they dedicate themselves to your removal.
Never invest into FOSS time, money, or energy and expect anything positive or monetary in return. Having unreasonable expectations is a self-imposed trap and sure to lead to resentment and/or burn-out.
I don't know -- maybe.
I've released several tools, and for most of them, I've heard nothing from anyone.
But 3 got somewhat popular in their niche and most of the inquiries and requests were from people who seemed to think they were entitled to free support and feature requests. Many times, they got pretty rude if I refused to implement their feature or I took too long to release a fix.
It really turned me off from releasing open source code and then interacting with users. I'd rather just release the code, and forget about it, only patching on my own terms.
I was about 13 and contributed to an Apple open source mailing list -- I forget which one. I included the entire email chain and got a very very stern telling off from the list maintainers for doing so and my code sunk without a trace.
I didn't try to release code again until the end of my PhD.
I've open sourced a few things in the past that I wish I could have kept closed source for monetization purposes. Probably a failure of some imagination on my part, but also, it's really hard to make and sell good desktop software if a user can make their own for free by typing `make`.
Only if your target audience is nerds. Actually a bunch of software is like this and still somehow manages to make money. It's more complicated than typing "make", I promise - I typed "make" three times in this comment and your software didn't materialize.
I wrote MetalLB, a bare metal load-balancer for Kubernetes, because I needed one for myself. It gained some popularity because for a couple years, it was the only way to get working L4 LB outside of clouds. These days I believe a couple of the CNIs added support for external BGP peering and integration with k8s's LB machinery, but that came years later.
As a result, I became network troubleshooting tech support for a large chunk of people trying to run kubernetes on bare metal. If you've not looked at k8s's networking, debugging even your own cluster's networking is a nightmare, never mind debugging someone else's over slack, while (usually) simultaneously having to give them a crash course in intermediate/advanced networking stuff like asymmetric routing and tracing packets through netfilter so that you can then tell them that networks can't do the thing they wanted and no amount of new features I can add will change that.
Meanwhile companies selling bare metal k8s services started bundling MetalLB, but kept sending their customers to my bugtracker instead of taking some of the load themselves.
The experience burned me out severely. It's been several years and I still have a visceral negative reaction to the idea of open-sourcing code I wrote, and when I infrequently do they come with a fairly blunt "contributions no welcome" message and a disabled issue tracker. I handed over the keys to MetalLB a long while back now. I hope the new maintainers and the project are doing okay.
I'll mention a positive of that time as well, to balance it out: as an experiment I opened a pinned issue asking happy users to drop me a note (https://github.com/metallb/metallb/issues/5), and many did. It was nice occasionally getting a notification that wasn't a complaint or demand for support. At one point someone left me a note that it was being used to support research projects at NASA JPL and DARPA. That was pretty neat.
retrospectively, could you have made some good money for your support?
Just add to the license "if you are a megacorp you owe us $1000+ per year". I don't understand why it's so hard.
When I was younger, I would have been annoyed at this remark because it detracts from the ideological purity of FOSS. Now that I'm older, I laugh at its naïveté. $megacorp wouldn't pay you. The junior engineer at $megacorp who pulled in your library wouldn't even have read the license. And you as a small FOSS engineer wouldn't have the legal clout to make them pay. You wouldn't even know they were using your library.
But in principle I agree that it would behoove profitable companies who benefit from FOSS to either pay or contribute.
Hell yes. Had a particularly insane minor contributor take the project and put it up on the store without asking. After I had it taken down they did things like harass my family and threaten me. They caught federal charges for interstate threats and found themselves 'retiring from tech' not long after.
That aside, have had two other projects take off and get flooded with normies demanding things on social media/github. I now do each under throwaway names and sell them to people who want the appearance of having shipped
Can't say I regret it, but did not enjoy when a small enhancement PR I wanted to push to an academic visualization toolkit took more of my time to wrangle the licensing than to write the patches.
When I did veer into enterprise environments, I regretted the NDAs I signed. It was annoying to later want to share some illustrative anecdotes but have to censor myself. And it wasn't like they were state secrets, just stuff that was amusing and apropos but someone might be able to trace back to the NDA contract period due to the small world we seem to inhabit.
Otherwise, I've been in university-linked R&D and generally went with folks who declared projects open source before we began any real effort on it. That's the only way to be sure.
I regret for not open-sourcing certain things soon enough!
Sometimes, a project or an idea is bigger than just a single human or company. So keeping everything only for ourselves is a very narrow strategy.
By openly sharing the knowledge, we can pass the sparks to future generations. Including future versions of ourselves after we die and get reincarnated.
I regret it only from the perspective that it opens you up to noise from smarmy, entitled, often wildly under-qualified developers trying to "get you" for not knowing something or not having some feature they claim is table stakes.
And if it's not that, it's someone (who very well may be qualified) being unnecessarily passive aggressive trying to make a failure of your own seem like a show stopping nightmare that they'd never let happen.
What I really don't like is that sharing anecdotes like the above often invites equally annoying "tHaT's NoT mY eXpErIeNcE" type comments which leads to a sort of "who cares, just do the best you can and ignore everybody" mindset (which can be helpful at times, damaging at others).
Aside from all of that nonsense, it's great because you have other sets of eyes looking around that may see something you didn't. This is incredibly valuable if you're a soloist or small team working on a big project.
I open source pretty much everything I work on that is close to finished or finished. Never regretted doing it, but never got anything out of doing it either, aside from the feeling of paying forward.
I guess it really depends on how popular your project gets. I have no idea if my stuff is used or not[1], so regretting is maybe kinda hard?
I’ll keep doing it, though. Might regret it at some point, but I get so much value out of open source, it feels wrong not to.
[1]: Judging by the lack of patches I’d guess my work isn’t used, though.
The opposite. I regret not pushing harder to be allowed to release more things as open source. Built lots of useful tools at a previous job that would have benefited "the community", and while management initially seemed happy to open source them, the request was never granted.
Now I frequently find myself building things and thinking "damn, wish I could use that to make my life easier".
I'm keeping the details vague because I think I'm still bound by NDAs.
I want to set my open-source project afloat . What should I do to receive a relevant reward?
I open-sourced my MongoDB alternative, and all I got was this lousy lawsuit.
I have two groups of things I've put online that I think I'll regret short term but not long-term.
They're both about understanding of statistics at their heart. But in vastly different ways.
The first is my first set of amateur Rust projects. They're built around a Covid-Era project to reverse engineer the LucasArts SCUMM games, specifically Loom on the Atari ST. It was a fun project that led me through Atari STX disks to FAT file systems to SCUMM virtual machines.
And a few side projects along the way with CRC32, Adler-32, Fletcher and flawed checksum algorithms. Including using a kolmogorov-smirnov test to show issues with Adler32 on small data sizes.
I use the math, and it's a great project to learn about hypothesis testing and polynomials. But I can't explain it all. Just enough to be dangerous.
And the APIs are shit.
But it's out there and it was fun.
The second isn't really code. It's a comment somewhere about Microsoft and Valve and purposefully designing systems like UEFI for political purposes before the "What the fuck is an SBAT and why does everyone suddenly care" issue struck.
It was about how these large-scale global political and standards wars hurt normal developers, even if in the end they will help others.
But I mentioned dead eyes because I was talking about exhaustion and just going along with trends instead of fighting back.
My comment might have been construed as violence against women. It wasn't in any way. As I go through CT and fMRI tests into the future we can show that it's not always what it seems on the surface.
But it is my fault. It was a stupid mistake that wasnt thinking about imagery in a larger context. Statistics shoes violence against women is a bigger issue, and that's the truth.
So, I'm sorry.
i was asked for a third party lib exemption licence, i asked for a sweetener...no, they couldn't even answer me after that
I think with anything, it's a love hate. I open sourced https://github.com/nadermx/backgroundremover, and it's been cool in terms of vanity, but depending on my mood it either feels cool or like a chore to do work on it.
I've been told my code sucks and I should be ashamed of having it in my public GitHub profile.
I've been told there were too many RCE exploits on all of the software I made, but the reporter didn't specify what software has the exploits (could be anything from my personal website, my forum, my link sharing site, my fangame, to my discord bot; they didn't specify). And even though I did get attacked by spam on my own forum, I made a workaround for it and it worked.
Since then I've been making proprietary software only, but distribution is harder this way (at least for me).
But I'm planning to return to the open source by making useful, niche, small software, and adding it to the AUR.
About 10 years ago I was on a contract sabbatical from the usual job and the customer at the time open sourced part of the product with the wrong license, a competitor forked it and made a superior product, undercut them and took all of their customers. They had enough capital to buy the competitor but it was an extremely expensive mistake. I'm not sure they ever broke even.
This was one of those niche industry specific things that no one would give a crap about if it was open sourced other than the competitor in the market.
Principal architect was tossed on the street for that one.
I haven't had the chance to write anything open source, but now with AI everywhere I don't think I will
Never regretted. But my "things" are far from earth shattering and most have now have better alternatives.
Only one item became a bit popular, but was written for MS-DOS ages ago and I hear it is still used by 1 person :)
PleaseReEnableSpacebarHeating.xkcd
There really is an XKCD for everything - thank you for the morning laugh kind stranger :)
This sounds bad but the only reason I open source my projects is because to publish on NPM as a free account I need my packages to be public, and therefore my packages need to not be horrible and have no documentation.
Otherwise I'd just keep my packages private.
I don't open source anything, because we live in a world where people who get jobs and rewards are not the same people who put in the work. I don't wish to feed that system. Other comments here are great examples of why no one should.
Never.
Never.
No because my standards are nonexistent
Nope. I should have gone open source much sooner.
I don't regret open sourcing my libraries. One of them got some traction and provided me with opportunities which eventually led me to earn passive income for 3 years and I was able to live in Malta, going snorkeling in the Mediterranean every other day while working casually on whatever side projects I wanted.
That said, I feel like things could have worked out better given how much time I invested beforehand and how everything had been clicking into place until my 5 year plan fell apart suddenly around the time of COVID. It all went perfectly until the very end when other people's irrationality and corruption ruined everything.
I probably won't be open sourcing my more innovative recent work. I'd want to see traction before I open source that one and I'm not convinced that open sourcing would make a difference in terms of getting traction.
When something could benefit from being open sourced, it's kind of obvious.
I think if I hadn't open sourced that other project, it would have gotten me nowhere and I would have gotten no value out of it so that was definitely the right move.
My more recent work is a serverless platform. I really wish I could open source it. It's probably better than anything else of its kind but I'm not convinced that people would understand the value provided because you have to use it for at least 1 hour to have your mind blown... But I can't convince people to invest 1 hour into trying it. Big chicken and egg problem.
Also, my understanding of business is that it doesn't make sense to offer a product whose quality exceeds people's perception limits. Outside of the luxury sector, nobody will pay for surplus value which they cannot fully sense, not even if it's 'free'; they won't invest their time. Also, my target audience are developers and they often like using suboptimal, time-consuming tools which allow them to do busy-work. They charge by the hour after all. It's like the target audience is communist so it's stupid to look at them through a capitalist free-market lens.
In general, being a point of contact for a small community project means you sometimes get weirdos showing up to your door IRL, or various other scams and abuse.
In terms of software we usually used Apache 2.0, LGPL, and GPL licenses.
Anecdotes:
1. FOSS e-Commerce tax module for merchant account gateway was resold as commercial software to several local businesses by a "startup". Didn't care until years later when we started getting spammed with support requests given the original email was in the source, and the "startup" had moved on to other ventures.
2. Wrote industrial drivers for integrated manufactured equipment, and due to remote locations it was important service people could modify/rebuild the open code as needed. We tracked prototype product GPS telemetry to a Singapore University campus, and saw a copy of the GUI at a trade show the following year. No more FOSS in commercial releases.
3. Built generic 3D printing hardware for our local club activities, and within a few months it was a product on Aliexpress. The problem was it was the Beta firmware design, and again people that paid for something that was supposed to be free get irate about support.
4. Built a small OS distro for Ham radio, EE, ROS, CNC, and 3D printing. Of the 8000 users only 2 people provided any sort of participation in maintaining the build. Also, many people were paranoid there was some sort of nefarious purpose even when meeting them in real life. “Free as in free beer” tends to make people suspicious in real life.
5. Tried to expand existing FOSS software, but get ghosted by the community when trying to learn about their code (stare into the void of ambiguous documentation.) Most FOSS communities are great, but some people just don't want to know about you or your silly problems. Better off with your own project fork version specific to a use-case, and share under a similar hands-off library support model.
6. Built custom FOSS IT infrastructure, and had publishers switch licenses years later. Makes people look like fools when a certain now well known vendor cold-call solicits a $8k support fee for something they probably broke on purpose 2-weeks prior. Re-wrote it in 3 weeks, and never exposed core systems to a “trust me bro” crowd again.
7. Took a few foundation courses to clear up the WTF deprecated vestigial garbage moments in the kernel source. Realized the value proposition is just not worth the perpetual Beta and political hassles. Started writing my own toy kernel that is just as odd as the hardware it is meant to run on, as traditional architecture problems just do not handle parallelism cleanly. Don’t ask, seriously… lol
8. Tried financial & bug support for other small FOSS projects we think are cool, but around 60% of the time projects are abandoned/EOL within 2 years. Building a user base around that is impossible.
I am sure there are some folks that fair much better, but in general most FOSS problems I saw are economic and or political… from a technical perspective Open source has proven more reliable than most commercial options.
Thus, prefer FOSS projects that serve your specific needs first, write something that fits your own use-case if you must, and expect zero community support unless your team lucks out. YMMV =3
No
Is that "No, I never open sourced anything"? Or, "No, I have open sourced things, but never regretted it"?
The latter
Steve Ballmer nailed it when he said GPL is a cancer. No professional programmer wants to open source anything, but once one competitor does it, he must follow suit to stay competitive.
Um not down voting you, but your argument has some flaws.
Firstly your appeal to authority , and then using Steve Ballmer as your authority is perhaps not the best way to start.
Secondly you say that "no professional programmer" - but the statement is false. For starters it's a sweeping generalization which is trivial to show is untrue for at least 1 programmer.
Thirdly the existence of Open Source alternatuve does not make a product uncompetitive. You need look no further than Windows to see that's true. Indeed if we has to list all the commercial software that exists with an Ooen Source clone, we'd be here all day. I'd also argue that Joe public doesn't even know what open source is, much less factors it into a buying decision.
If you are building tools for programmers (already a tiny niche target market) then you need a hook other than Open Source anyway, cause programmers are a terrible target market.
I say this as someone who builds tools for programmers, and who sells commercial into a space that contains Open Source alternatives. And I do ok.
Quoting Steve Ballmer doesn't mean that the person is worshipping Steve Ballmer as a god. It just means that another person expressed a similar opinion.
You can't add color to your argument if you've failed to add an argument. If all you've typed is an appeal to authority, you're trying to trick people into making your argument for you by trying to guess what Ballmer meant and why he thought that.
Instead of getting people to try and come up with an argument that wasn't made, the argument could have just been made. But I'm sure it is a very bad argument, or else there wouldn't be that embarrassment to try.
Nobody has appealed to authority. Quoting a person is not appealing to authority. And why would anybody be embarrassed about anything here?
The marginal cost of software is zero and therefore the just price in a perfect market is zero. You can compete on delivering features quickly (and that's how all 80-00s software was - they were able to charge simply because no one was offering same features yet), but other than that there is no way software can be a profitable product without being a monopoly - and monopolies is not a thing to be tolerated. You can sell customer support, you can sell services, you cannot really sell software forever. Hate this as much as you want, but that's how things are.
Looking out across the software landscape, it seems to me software companies do just fine if they achieve some-to-most of:
1. Build a piece of software that actually solves one or more problems.
2. Keep ownership private and limited. Once you're publicly traded, long term planning becomes impossible and "line must go up" becomes the reigning false god.
3. Sell a perpetual commercial license to the version-at-purchase, and offer subscription for updates after purchase. On cancellation, stop providing updates but do not disable that customer's last working version.
4. Optionally, dual license under a free license that prevents competitors from eating your lunch (usually latest GPL or AGPL, depending on context).
If you're implementing the above items, it's absolutely possible to run a profitable company.
> 2. Keep ownership private and limited. Once you're publicly traded, long term planning becomes impossible and "line must go up" becomes the reigning false god.
You can fight this with dual-class ownership. Google and Meta can do whatever they want because nobody can change their board.
They're still motivated to care about share price because they pay their employees in shares, but you're going to have to get the money to pay employees from somewhere.