Shut up and code. Or make a donation and be patient.

Sometimes, while I was taking a 6-year break from college to try my hand at what Linus Torvalds later did much more successfully than I, cousins, friends, and other well-meaning people would ask me why I didn't work.

I was working. Really hard.

Yeah, the mathematical games were interesting, and I actually found them more enjoyable than the social games most guys my age (mid-twenties) were learning how to play. (I do find the social puzzles much more interesting now, by the way.)

But trying to figure out (for example) a way to use a trie-like index structure as the index for a programming language's user-defined symbol table took a lot of effort and time. Several 16 hour days sank to prove I did not want to do that. Predefined symbols, maybe. User-defined symbols, no.

And my results were scrawls of hand-written notes, calculations and diagrams that I would have to spend a lot of time explaining. I didn't have a functioning C compiler for a lot of that time, but I'm not sure why I didn't try to produce example code using Forth.

Effort and time is work. The big difference between me and my fellow students who graduated and got jobs was that they were getting paid. And the product of their labor was something other people would use.

I left a lot of my results in the wilderness of those six years, where I found them, because I didn't have access to a group of people with common interests, and because I didn't have access to tools to put my results into a form that others could read and understand.

The gnu project had started, but I hadn't heard about it. (And they would probably have gotten me involved in LISP, which may have been good, but would have drastically altered the direction I was headed.) The Internet itself was not accessible to me. All I had was the crude imitation that was Delphi (the network service), and the local Color Computer users' group.

There have been many people in the computer industry who have spent much time doing things that aren't classed as "normal jobs". Their primary pay is not in money, but in the satisfaction of producing tools that they, and sometimes others, can use.

The free/libre/open-source community is how they share their results, and most of the tools they use are the libre tools developed in this community.

I was not able to produce any tools that others use, really. Part of the reason is that I didn't have family or other connections who could afford to fund the tools I needed to turn the mathematical work I did into actual tools. And I was too focused on the problems, too impatient, maybe too lacking in self-confidence, to go out and sling hamburgers to save up the money to buy the tools myself.

Another part of the reason was the approach I was taking. Even now (especially now) I'd be unable to use stock off-the-shelf hardware or software directly. The industry has gone completely different directions from the approach I was trying to take.

A very small part of my results are sitting on sourceforge's downed servers when I write this, waiting for the techs to make sure the data has not been corrupted by the hardware problems from last week, or perhaps digging out the most recent backup. When they come back up, they should be accessible at bif-c, asm68c, and ranbunhyou.

But this rant is not really about me.

It's about all the people who work in free/libre software and open source software.

There are huge parts of the industry that depend heavily on unfunded or underfunded private research projects, projects that are often spurned as "not real jobs".

Sourceforge itself is one example. My projects aren't really going anywhere right now, but there are thousands of projects hosted there which are focal points of the sort of research that I'm talking about -- people helping each other to figure out difficult engineering questions, and, every now and then, one of those projects becomes interesting and useful to the broader community.

Even then, these are mostly projects that corporations under the watchful eyes of their accountants, and under obligations of monetary profit to their shareholders would not be able to work on directly. But there are also a few projects that become profit generators for some company somewhere.

There are twenty or so similar source code repositories available to ordinary people like me, including github and gnu Savannah. They are great resources for sharing results of work that is hard to make money at.

And they are all generating small bits and pieces of much of the technology that will become tomorrows leading-edge. None of them, that I am aware of, operate regularly at a profit.

If I were making real money, I'd be a paying user at sourceforge. Too many of those of us who are making real money are putting off paying for the public repositories that we use.

More to the point, too many companies who are using project source code hosted on sourceforge and the others are seeing those as "gratis" and not paying for the services they receive.

I've got a rant or two somewhere around that talk about the conundrum -- gratis has its costs, and so does freedom. And, eventually, you get what you pay for.

As another example, perhaps you'll remember the "heartbleed" vulnerability that threatened to take the industry to its knees recently.

It's not like the members of the openssl project hadn't warned anyone. They had repeatedly asked for help. But the industry was quite happy to use the tools they developed, gratis.

This really should be simple:

If you use some tool that you got for free and it enables you to make money, you have an obligation to yourself to see that the value you get from it is rewarded.

Yeah. You can use it for free. But if you want it to keep working, if you want to be able to continue to use it, you have to pay.

Most of the libre software projects are happy to be paid in-kind. That's part of what the GPL license means -- giving back to the community. And you'll see it in the policies of non-GPL open/libre projects such as openbsd. If you want help, join up. Give help.

Sometimes they are rather kurt:
If you have things you want the project to do, do your part:
Shut up and code. Give us bug reports.
Or make a donation and be patient.
There is an imbalance that is not recognized. Perhaps it's deliberately ignored.

When Microsoft or Intel or Cisco or Oracle, et. al. are using these tools on a regular basis, they are gaining value from them. The value goes way beyond the apparent savings from not using the commercial alternatives.

The commercial alternatives have value in terms of indemnities and such. If there are problems, somebody is supposed to be paid to try to fix them. But they are also limited by their beancounters.

I'm not trying to insult accountants. They serve a useful purpose in helping corporations keep their focus (when they are doing their jobs right).

But the libre/open projects have a different focus, and they should. And that focus is very valuable. Keeping it independent from the corporations is essential, or they can't keep working beyond the cutting edge of the industry.

OpenSSL and OpenSSH are prime examples. These tools are in very heavy use all over the industry now. Without these tools, the industry could literally disappear in a puff of smoke, taking much of our civilization with it.

But they are developed for free and used gratis.

The commercial counterparts are limited in their functionality. Otherwise, they can't guarantee that they can fix things. They are also very stable in their usability, and come with some guarantees about that usability.

The libre/open projects, on the other hand, are constantly exploring the edges of things. Not unstable in the sense of it blowing up on you, but a little unstable in the sense that the way you use it sometimes changes when you didn't expect it to.

And then you'll often hear such things as that the OpenSSH team has already dealt with a vulnerability before it got discovered, just because those guys are good engineers that enjoy what they do. They have a sense of what should be done, and they often don't really need to think about the vulnerability that lurks beneath to fix the code that hid the vulnerability. It's just good engineering.

In truth, what they do is too valuable to be able to enter properly in the accountants ledgers. Maybe that can help explain why they have to exist separately from the corporations.

Maybe it also helps explain why it's so easy for us to keep using their stuff gratis. If we know we can't pay what it's really worth, it's just easier to use gratis than to figure out what we can do to support the projects.

But they can't do their fun jobs if they are starving, and they can't work very effectively without tools.

It's important for members of the industry to fund these projects. (Yeah, I'm repeating myself.)

Focusing for a bit on OpenBSD, who are the parent project of OpenSSH:

When Microsoft donated money to the OpenBSD project (the parent project of the OpenSSH project) this year, I was not rapturous. (And my posts on the subject were rather embarrassing, I have to admit.)

Microsoft is late to the table, and they have a record of using large donations to either co-opt or undermine projects.

Fortunately, their contribution in this case was in the tens of thousands, and that is a range where we can hope they actually intend to generate goodwill and not harm.

Google has a record of donating to the OpenBSD project that goes back several years. This is very sensible. They use a bunch of OpenBSD code in Android, not to mention other places. Good for them. They could donate more.

And this appears to be Facebook's second year. Good for them, too. They directly use some of the sub-projects from OpenBSD.

But every leading member of the industry should be funding OpenBSD:

Apple, Cisco, Dell, HP, Sony, Oracle, Adobe, IBM, Twitter, etc.

All of these could be sending the OpenBSD Foundation money equivalent to at least one engineer's wages, for services rendered, and considering themselves to be getting more than full value for their money, just for OpenSSH. Even if they don't directly use OpenBSD, they all use OpenSSH.

There was at one time some apparent animosity between SSH Communications Security, the commercial venture that initially developed the ssh protocol, and the OpenBSD team, over the use of the term "SSH".  But I think it is becoming fairly clear now that even they benefit from the OpenSSH project.

SSH Communications has a number of products that go beyond the basics of a secure shell server and client, and simple key generation. These are products that many corporations need.

OpenSSH provides cross-platform access to a necessary set of functionality that operating systems vendors could not develop on their own. It takes cooperation that can't exist when one company controls the whole set of tools.

Without OpenSSH, SSH Communications could not have nearly the customer base it has.

And, more to the point, with OpenSSH, when the "heartbleed" vulnerability was discovered, we had a temporary way around the vulnerable software. The industry stayed relatively functional while fixes were found, and the damage was minimal.

The OpenBSD team, not coincidentally, was and is a large part of the effort to fix things, to keep the SSL technology usable and meaningful. They have their own LibreSSL fork of OpenSSL, now, and they've been working out ways for the two projects to cooperate.

This is the way competition works in the free/libre/open-source world, and the rest of the world would do well to take note that cooperation does not kill competition, when done correctly.

OpenBSD exists for a number of reasons, but one reason it exists is to be a development framework and testbed for the other projects the OpenBSD team digs into. It happens to be useful as an operating system, as well.

The Linux kernel is similar. It provides a common framework for independent operating systems to be developed on.

And the Linux and BSD OSses provide a common environment in which applications can be developed independently of the influence of single (often effective monopoly) corporations. This keeps the information industry healthy and active.

(Android and iOS are exceptions to this common environment, even though they were both born in it. Microsoft's OSses were also born in the nascent free/libre/open-source environment, in a time when "Intellectual Property" was still commonly considered an oxymoron, or, at best, a misnomer.)

Gratis is only temporarily free of cost. If we need the tools, we must be willing to pay our share, however we can.

That includes bug reports, testing, and participation on user-support mailing lists.

It also includes individual donations to the projects that produce the software we use.

And it includes corporations recognizing and admitting their dependency on the free/libre/open ecosystem outside the walls of their marketplaces. And it includes corporations finding ways to fund the projects that make up that ecosystem.

Popular Posts