DEV Community

Cover image for Open-Source Exploitation

Open-Source Exploitation

David Whitney on December 13, 2021

Combative title. I don’t have a title for this that works. It’s horrible, it’s difficult, and it’s because all of the titles sound so r...
Collapse
 
jayjeckel profile image
Jay Jeckel

There is a lot in this article, so I'll start with a summarized response and then get into responding to specific points.


The purpose of open source is to ensure all users the freedom to do as they please with the software they have access to. Nothing more, nothing less. Open source isn't here to make people money. If one is participating in open source to make money, then they are doing it wrong.

Libre, free as in freedom, is the core concept of open source and anything that interferes or opposes that concept, such as limiting who has the freedom or restricting that freedom to only those that pay (whether explicitly or by convention), is against open source.

While gratis, free as in beer, isn't the core concept of open source, it is the prevailing attitude for good reason; it is the first line of defense to ensure that everyone has access to their libre freedoms, not just those with a sufficient size of bank account.

The open source community is a wonder of the world. One would be hard pressed to find another that exemplifies the concept of openness and sharing to a greater degree than the open source community. Sharing is Caring, after all, and anyone that truly loves open source understands that. It doesn't matter if the one being shared with is a billion dollar company or a dirt poor kid in Dirthole, Nowhere, software should be free as in freedom for all.

In the end, one can claim all they want that they love open source, but suggesting we lessen or abandon the gratis attitude or the libre philosophy brings that claim in question.


Multi-national organisations do not give a single solitary fuck about you.
Businesses do not care about you.

Good, because I don't give a single solitary fuck about them, and that includes not caring if they use open source software as long as they do so in accordance with the software's license.

They care about free “value” that they are able to commercially exploit. The wide proliferation of software in businesses is a direct result of licenses like the Apache license, and the MIT license being leveraged into closed source, proprietary and for-profit work.

Yep, that is why we won. That is why open source is better than closed source. I use my own open source code in my own for-profit projects, because that's kinda the entire point, making the software ecosystem better for everyone by sharing code freely and openly.

Go into your office tomorrow and try adding some GPL’d code to your companies' applications and see how your line manager responds.

Right, so? Try introducing some GPLed code into an open source MIT project and see how far you get. The answer is not far at all. GPL served its purpose in its time, but now it's an outdated bloated mess of a virus that should generally be avoided and not wanting that virus in one's codebase suggests nothing other than good judgement.

Permissive licenses explicitly and without recourse shift the balance of power towards large technical organisations and away from individual authors and creators.

No, they don't. They "explicitly" level the playing field so that people with money and people without money have exactly the same access to and freedoms with open source software. Neither has more or less access or freedoms than the other. That is practically the definition of equality.

Oh come on, exploited? That’s a bit much isn’t it?
Nope. It’s entirely accurate.

No, it isn't. If you give your software away openly (libre) and for free (gratis), then it isn't exploitation when someone uses that software however they want without paying you.

There is no art without patronage. None.

If this was true then the open source community wouldn't exist and you wouldn't be here suggesting that open source will die without patronage. Not to mention all the great art that exists and was created by starving artists without patronage. Great art is created by those with passion, regardless of how much money they have.

The only successful open source projects in the world are either a) backed by enormous companies that use them for strategic marketing and product positioning advantage OR b) rely on the exploitation of free labour for the gain of organisations operating these products as services.

Oh yea? Notepad++ would like to have a word with you. It's an open source best-in-class product that isn't backed by enormous companies and isn't operating as a product as a service. That was just the first open source end-user product that jumped to mind. If we expand to include libraries/packages and other developer-focused products, then the list would be almost endless. In other words, you are wrong, there are tons and tons of successful open source projects that aren't backed by enormous companies and don't have anything at all to do with SaaS.

Obviously I was downvoted to oblivion because people seemed to interpret “perhaps multinational organisations should pay you for your work” as “I don’t think software freedom is good”.

You may not realize it, but that is exactly what you are saying. Once you start treating one type of user different from another, the software is no longer libre. Once you start charging for software you're doing basically the same thing, saying those who can pay have freedom to use the software and those without money don't have that freedom. That's fine if that's how you want to roll, but don't fool yourself into thinking that the software is still open.

But I was more astonished by people suggesting that charging for software was somehow in contradiction with the “ethos” of open source, when all that position really shows is an astonishing lack of literacy of what open source really means.

Open source means freedom. Simple as. Anything that limits that freedom is in opposition with it.

Lars Ulrich Was Right

No he wasn't. He was a rich ass and should have kept his mouth shut.

The music business had become a corporate fat cat, nickel and diming everyone with exorbitant prices for CDs

Yep, spot on.

I spent my mid-teens pirating music on Napster, and AudioGalaxy, and Limewire, and Kazaa, and Direct Connect

Same here.

If anyone had spent time listening to what Lars Ulrich (Metallica’s drummer) was actually saying at the time, they’d realise he was absolutely, 100% correct, and in the two decades since has been thoroughly vindicated.

No he wasn't correct and no he hasn't been vindicated.

After ~1999, the music industry was never the same. Small touring bands that would make comfortable livings scrape by in 2020. Niche and underground genres, while more vibrant than ever, absolutely cannot financially sustain themselves. It doesn’t scale. We devalued the work by giving it all away.

And when you give it all away, the only people that profit are the large organisations that are in power.

Spotify, today, occupies the space that music labels once did, a vastly profitable large organisations while artists figuratively starve.

Sorry for quoting so much text, but where in any of that is Lars proved right? There are lots of reasons that bands have a hard time making money (a vastly increased pool of competition and easier consumer access to that competition being two of the main ones), but the biggest reason is that they are exploited by the corporations. If pirating of music was at fault, then the music industry itself wouldn't be making money hand over fist. None of this is the fault of free music, pirated or otherwise, and since musicians were never intending to give their music away freely or openly, comparing it to the open source world is like comparing a bird to a book.

We all made a tragic mistake in thinking that the ownership model that was great for our local computing club could scale to plant-sized industry.

It scales just fine. The only ones that seem to have a problem are those that think a company making money off their FOSS is somehow an affront to humanity. A company making money off your FOSS is no different than another dev making money off your FOSS. Both represent the system working exactly as intended, ensuring the freedom of all people to do as they wish with the software they have.

Every time a small organisation or creator tries to license their software in a way that protects them from the exploitation of big business – like Elastic, or recently Apollo, or numerous others over the years – the community savages them, without realising that it’s the community savaging itself.

Yea, what a surprise. The open source community gets mad when a developer builds their software on our backs under our name and then abandons our philosophies while also still wanting to use our name for its "marketing benefit".

It's simple. You want to be open source? Then be open source. You don't want to be open source, then don't be open source and keep our name out of your marketing mouths.

We need to be better at supporting each other, at knowing whenever a creator cries burn-out, or that they can’t pay rent in kudos, or that they need to advertise for work in their NPM package, that they mean it. That it could easily be you in that position.

Open source isn't here to pay your rent. Open source is here to protect and promote your right to do with software as wish. Plain and simple, nothing more and nothing less, hands down, QED, end of.

We need new licenses, and a new culture, which prioritises the freedom of people from exploitation, over the freedom of software.

Cool, then go do that, write those licenses and create that culture. Just don't pretend that what you're doing is open source and don't be surprised when your strategy fails against the gratis libre philosophy.

The open-source software that you produce is not the same kind of open-source software that they do, and it’s foolish to perceive it to be the same thing.

If their software is permissively licensed like my software is, then they are the same as both protect my freedom to do what I want with the code.

Support creators

Sure. If a dev offers a way to buy them a coffee or to donate to their efforts and you like what they do and you have money to spare, then throw them some coins. Nothing wrong with that.

But, instead of giving money to the project creator, it would be a lot better if you gave back to the entire open source community by improving the project itself.

The next time each of you is about to send a shitty tweet because Docker desktop made delaying updates a paid feature, perhaps, just for a second, wonder why they might be doing that.

Anyone about to tweet should stop and just not, but that is beside the point. Instead of sending that shitty tweet, they should instead go find an open source alternative that respects their freedoms and doesn't charge money for already implemented features. If there isn't an open source alternative, then they should create one to show that the freedom of everyone to access and use software is more important than anyone's profits.

The next time you see a library you like adopting an “open-core” licensing model, where the value-added features, or the integrations are paid for features – consider paying for the features.

No. Instead, go find a real open source alternative that respects your freedoms. Or go find a real proprietary alternative that provides a major bang for your buck. But don't support these wishy washy semi-open products that want your money but also want all the accolades and marketing benefits of pretending to be open source. Either have your cake or eat it, but you can't do both.

Don’t be entitled, don’t shout down your peers, don’t troll them for trying to make a living. If we all behaved like this, the software world would be a lot kinder.

Agreed, the software world would be a lot better without those that think they are entitled to both money and open source status.

For users! For teachers! For your friends!

No, not just for users, teachers, and friends. Libre applies to everyone, even people you don't like and even people you don't like doing things you don't like. Because either everyone has software freedom or no one does.

I feel like I need to double down on what I said at the start. I love open-source software dearly. I want it to survive.

You say you love open source, but you've just written a bunch of words that suggest you want to abandon the core tenet of what makes open source what it is, the freedom for anyone (even dirty evil corporations) to do whatever they want with the software they have access to.

In music, there’s the idea of supporting our scene, our heritage, the shared place where “the art” comes from.
This is our culture.

Cool, good for the music scene. We programmers have a Free and Open Source culture and while your culture is dieing under the boot of the corporate world, we won our war and now the corporate world is at our door begging us to let them play in our pool. That considered, maybe your scene should take some hints from us and you might have a fighting chance against the RIAA and the rest of your corporate establishment.

Collapse
 
david_whitney profile image
David Whitney

The central point of the piece is my disagreement with this:

It doesn't matter if the one being shared with is a billion dollar company or a dirt poor kid in Dirthole, Nowhere, software should be free as in freedom for all.

It does matter. It should matter. And the lassiez fair attitude that suggests software freedom is more important than freedom from exploitation is wrongheaded.

I appreciate your well reasoned reply, but I (obviously) disagree. Buying people coffee isn't the same as paying rent, and if the prevailing attitude (gratis) is tyrannical, it has to change.

The FSF fundamentally understood this at the very start, before the open-source movement tried to open up free software to corporate exploitation.

Collapse
 
jayjeckel profile image
Jay Jeckel • Edited

It does matter. It should matter. And the lassiez fair attitude that suggests software freedom is more important than freedom from exploitation is wrongheaded.

And that is what I don't understand. Where is the line that makes it exploitation? If I make a for-profit app using an open source piece of software, that's not exploitation, but if Microsoft or Amazon make the same app it is exploitation? Or am I wrong and it would also be exploitation if I made the app since my company was successful enough for me to retire in my thirties? What is the deciding factor between exploiting and not explointing?

Thread Thread
 
david_whitney profile image
David Whitney

Exploitation is all about a power imbalance (in almost every context).

When the organisation exploiting your work is several orders of magnitude more equipped to do so than you are, your choice and agency is removed. In those very specific examples - a small for-profit organisation may well be literally exploiting your work, but they are much more likely to interact in reasonable / good faith than a large organisation that's able to litigate you out of existence, or replace your entire position in the market on a whim.

It's not cut and dry, but the larger the imbalance of power, the more it trends towards exploitation by the original metric - "the action or fact of treating someone unfairly in order to benefit from their work".

Folks that work in software are often deeply uncomfortable with that non-absolute, grey ambiguity, but it doesn't make it any less true. The scale of exploitation available to the largest organisations on earth who have the might to do as they wish, is vastly different than a small vague co-operative sibling org adding value to your work.

Even as a trite example "totally free, unless your company makes more than $3m a year" would probably be a better licensing term than anything that exists at the moment w.r.t exploitation. Sharing supports nobody, in that relationship.

Thread Thread
 
jayjeckel profile image
Jay Jeckel

So from your perspective it is the existence of the power imbalance that makes it exploitation regardless of the actions actually taken, or perhaps because of that actions that the more powerful party could take in the future. That's interesting, I've never considered it from that angle.

Folks that work in software are often deeply uncomfortable with that non-absolute, grey ambiguity

Yep, that describes my feeling of it to a tee. I'm much more comfortable with an absolute stance, ala anyone can make money or no one can make money type of license.

Thanks for your response. I still don't agree, but you have given me some things worth thinking about. :)

Thread Thread
 
david_whitney profile image
David Whitney

This is the kind of good faith conversation I'm here for 🖤

Collapse
 
markrendle profile image
Mark Rendle ❄

The only ones that seem to have a problem are those that think a company making money off their FOSS is somehow an affront to humanity. A company making money off your FOSS is no different than another dev making money off your FOSS. Both represent the system working exactly as intended, ensuring the freedom of all people to do as they wish with the software they have.

Why is it OK for everyone to make money off your FOSS except you?

Collapse
 
thumbone profile image
Bernd Wechner • Edited

This is not an uncommon modern observation. But methinks it suffers a little from the myopic effect. Which is no crisis, most things do. There's real challenge to putting on a pair of good glasses and seeing the broader landscape.

In this smaller landscape though I think you are on the money (pun noted), that one way to lighten the issues observed is to make it much easier to contribute. A consistent and simple minimal hassle way of contributing to any package one uses regularly. I am a regular contributor for Wikipedia and PyDev and occasionaly other software but it always a combination of:

  • the utility I perceive I'm getting,
  • how much I'm earning with it (generally nix) and
  • how easy it is to pay.

Github is helping a little with Issue bounties but we can go further, and there should be convenient donation buttons almost everywhere FOSS can be had that supports every conceivable means of payment there is. There's a FOSS project in developing that framework - we have approximations but nothing quite there yet and certainly not so easy to implement (as easy as falling off a log) that I see it everywhere. I see a diverse mixed landscape of sparsely implemented options to contribute and sometimes I want to and don't because they don't accept PayPal which is basically all I'll use to pay online (and no I don't need any advice or preaching on what I can do or how I need to broaden my payment means - I don't shop Amazon for that reason and I'm good with it, no skin off my nose).

But back to glasses just donned, and landscape this all rests in. It rests in a broken world economy, one in which we simply don't know how to work with money and monetary policy is poorly managed almost everywhere under some pretense that it operates like a household budget. Alas I'm not sure how many IT geeks here (I use the term affectionately, I am one) are well enough versed in money theory to understand what monetary policy is (as distinct from fiscal policy).

The briefest of primers: Fiscal policy is about revenue and expenses and managing budgets and a little like a household budget indeed. Monetary policy is about the production and distribution of money. The only institutions with monetary policy in hand are national governments. Internal states and councils and other structures are all constrained to fiscal policy. Banks were given a much greater role in monetary policy over the past half century, but essentially it rests with those who control the definition of currency.

That may seem, a digression but it's not. The only reason you can see corporate abuse of FOSS is because of the haves and have notes in the landscape. The corporate haves and the FOSS developing have nots. The solution is blur that distinction.

My personal approach is simple enough but rests on good fortune and privilege as so many freedoms do. I simply have a part time job, not 40 hours a week, 25. And that is what I'm paid for. That affords me the opportunity to use the skills I have to further my own needs and on the periphery clubs that I support and in the process to develop a few things and contribute to other things etc. But that is just "a" solution, not "the" solution. it shares properties with "the" solution which is general and as stated to blur the boundaries between have and have not.

And it's not all bad. I mean one reason FOSS is doing so well must surely also be the failure of corporate efforts. That is, significant products(Mozilla?) are FOSS because they did not commercialise successfully and rather than being buried were released into the wild. And on the tail of that we saw bigger companies releasing non-core internal tech to the wild, Bootstrap, React etc. Not core, meaning they weren't selling it, had no desire to go into that market but needed internal tools which the figured might live longer and better if they went into more widespread use and had more contributors.

Anyhow, I may be awry in some of that and am always open to better historians piping up.

My point though remains that part of your call to more ethical use of FOSS by corporations rests in easier payment, and possibly also in licenses that are less liberal. Rat include terms that lay claim to %age of profit of any business that profits from its use say as tricky as it would be to enforce it could start by being requested - but create a problem also in who to pay, or how to distribute any income among developers ... the point being the whole landscape needs review and there aren't good guys and bad guys and exploiters and victims so much as there is need to contributes better rewarded monetarily so as to ensure they continue flowing as the phenomenon of FOSS maintainer burnout is part of what is driving these observations.

Collapse
 
jon_rowett profile image
Jon Rowett

Great stuff. It's a common category error to see "Person" and "Business" as concrete implementations of abstract "Entity". People and businesses (or to be Marxist about it, workers and and those who profit from our labour) have nothing in common and their motivations will always be fundamentally antagonistic for as long as this embarassing episode of human history continues, with its woefully implemented algorithms governing the fair distribution of resources.

Collapse
 
ianturton profile image
Ian Turton

An interesting article and some interesting responses - my view point is a little different. I'm an open source developer and have been since the 1990s - I work for an primarily open source company that provides (amongst other things) support contracts for open source software. So it can be argued that I make my living from my (and others) open source code - we mostly support companies and local government orgs using GeoServer (which I started and continue to develop) there is one proprietary competitor and one open source one - I like to think that GeoServer is the best of those, but I have no problem with people (and my employer) using MapServer (the other open source one), and people who go with those are happy to buy training and support because the alternative is to pay big bucks to ESRI (for in my opinion an inferior product).

However, not all is roses. This week end the LOG4J2 debacle hit and dozens of companies that use GeoServer suddenly appeared on the user list asking for a fix, these are people who had never contributed a dime to development or technical debt reduction or even new features - but suddenly they thought that the could expect me (and the rest of the devs) to work at the weekend to fix their problem!

Also, we still use GPL and LGPL on the grounds I am happy for people to use my code for free (and gratis) but if they modify it I want those improvements back for everyone rather than being hoarded by corporations trying to get rich on my labour.

Collapse
 
hbgl profile image
hbgl • Edited

How can you claim that people get exploited when it is them who release their work into the public with a permissive license? We live in a copyright world so just slap on whatever license you want and be done with it. But then you cannot complain when nobody adopts your work.
The bottom line is that you need to come up with a good business model if you want to monetize your work. You cannot blame big companies or the people who don't donate when it's your business model that sucks.

Collapse
 
david_whitney profile image
David Whitney

People can be exploited without being aware of it.

Collapse
 
liftoffstudios profile image
Liftoff Studios • Edited

This is a really good article
And I genuinely have your perspective on this
This deserves more likes 😃