GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    smxi (smxi@fosstodon.org)'s status on Thursday, 04-Apr-2024 21:10:11 JST smxi smxi

    Excellent article: I am NOT A SUPPLIER!
    https://www.softwaremaxims.com/blog/not-a-supplier

    You are all on the hobbiest maintainers turf now
    https://www.softwaremaxims.com/blog/open-source-hobbyists-turf

    This guy nails it. If you want me to be your supplier then pay me. Period. Most of this comes from a pathological corporate mindset where sociopathic greed is considered normal. Plus a failure to read the licenses in first place: #gpl: software supplied with no warranty of fitness, not even implicit.

    Focus more on #FreeSoftware and less on Open.

    In conversation Thursday, 04-Apr-2024 21:10:11 JST from fosstodon.org permalink

    Attachments



    • clacke likes this.
    • Embed this notice
      NiceMicro (nicemicro@fosstodon.org)'s status on Friday, 05-Apr-2024 01:50:21 JST NiceMicro NiceMicro
      in reply to

      @smxi I think that the huge rate of burnout in developers that cause issues time and time again can be traced back to this attitude of "I will license it permissively to get it into everything". When the code gets into everything without compensation, the pressure of responsibility mounts, and bad things happen.

      It is my personal belief that one's mental health doesn't worth the "bragging right" of one's code getting into a wide range of proprietary garbage.

      #FreeSoftware #GPL

      In conversation Friday, 05-Apr-2024 01:50:21 JST permalink

      Attachments


      clacke likes this.
    • Embed this notice
      smxi (smxi@fosstodon.org)'s status on Friday, 05-Apr-2024 01:50:22 JST smxi smxi
      in reply to
      • NiceMicro

      @nicemicro valid use cases for bsd type licenses: single project (apache,nginx,openssh) where priority is get that tech into everything. Outside those you are working for free for corporations who will never give back. Truly freed code survives because you can't steal it without obligation. This stopped being a debate years ago:
      #Gpl: linux,libreoffice,khtml>applewebkit>blink
      Bsd/mit: Bsds,openoffice,mozilla

      It's funny to see people pretend this is a debate when success of gpl transparent.

      In conversation Friday, 05-Apr-2024 01:50:22 JST permalink
    • Embed this notice
      NiceMicro (nicemicro@fosstodon.org)'s status on Friday, 05-Apr-2024 01:50:23 JST NiceMicro NiceMicro
      in reply to

      @smxi if at least developers used #GPL / #AGPL, the corporations at least were forced to contribute back in one way or an other, but due to the rampant use of MIT and BSD licenses, they can literally get away without doing anything beneficial for the wider ecosystem while using other people's code (those other people let them do it).

      I think the proliferation of MIT and BSD licenses really made the #FreeSoftware free rider problem much worse than it should be.

      In conversation Friday, 05-Apr-2024 01:50:23 JST permalink
    • Embed this notice
      Caleb (caleb@hachyderm.io)'s status on Friday, 05-Apr-2024 16:59:32 JST Caleb Caleb
      in reply to
      • Thomas Depierre

      @Di4na just wanted to say I enjoyed your post 👏

      In conversation Friday, 05-Apr-2024 16:59:32 JST permalink
      clacke likes this.
    • Embed this notice
      Thomas Depierre (di4na@hachyderm.io)'s status on Friday, 05-Apr-2024 16:59:33 JST Thomas Depierre Thomas Depierre
      in reply to

      @smxi I would point out that I am not asking for money.

      I am stating the reality. I doubt money will help that much or that it could be sustainable.

      What I am saying is that you cannot make me a supplier and you need to accept that. Stop bending the world to your view. Accept it as it is and find out what to do from there.

      Also. I am definitely not someone that would advise to focus on Free vs Open.

      In conversation Friday, 05-Apr-2024 16:59:33 JST permalink
    • Embed this notice
      clacke (clacke@libranet.de)'s status on Friday, 05-Apr-2024 16:59:36 JST clacke clacke
      in reply to
      • Thomas Depierre
      @Di4na @smxi What I'm taking away is, not because you're saying it, but because it's my conclusion, is that if people want a supplier, they can either ask you the original author, or if you are not interested, hire someone else to do whatever compliance work they want done.
      In conversation Friday, 05-Apr-2024 16:59:36 JST permalink
    • Embed this notice
      clacke (clacke@libranet.de)'s status on Friday, 05-Apr-2024 16:59:37 JST clacke clacke
      in reply to

      Many bigger projects, especially stuff in the circles near the Cloud Native Computing Foundation, have distros of open projects.

      Just want to run OpenStack and Kubernetes, or want to contribute changes? Get it from upstream, work with upstream.

      Want an SLA, an SBOM, support etc? Buy a distro from a commercial vendor. Upstream will get fixes in the pace that works for upstream and distros provide whatever their clients want to pay for.

      To call it a product distro is appropriate, because community OS distros like Debian and Fedora do this too, they don't just package things, they also track bugs and act as a first-level support line, they backport fixes, etc, and when appropriate it all bubbles up to upstream, which can stay focused on the latest version and the upstream product vision. And of course commercial distros like RHEL do this too, or perhaps even more so, and are definitely willing to sell the service of doing so.

      In conversation Friday, 05-Apr-2024 16:59:37 JST permalink

      Attachments


    • Embed this notice
      clacke (clacke@libranet.de)'s status on Friday, 05-Apr-2024 16:59:37 JST clacke clacke
      in reply to
      • Thomas Depierre

      ... So: Commercial software vendors can repackage upstream, they can softfork upstream, if necessary they can hardfork upstream, and if people want their supply chain they can find a vendor willing to do it in one of these ways. I'm surprised this route isn't discussed very loudly every time this kind of exploit is made.

      @smxi @Di4na

      In conversation Friday, 05-Apr-2024 16:59:37 JST permalink
    • Embed this notice
      Thomas Depierre (di4na@hachyderm.io)'s status on Friday, 05-Apr-2024 19:47:15 JST Thomas Depierre Thomas Depierre
      in reply to
      • clacke

      @clacke @smxi It is not discussed a lot because it mostly does not work.

      The most obvious aspect is that they use open source precisely to avoid having to deal with the legal and procurement journey because it is slow and painful, and no one wants to talk to procurement.

      The less obvious fact is that you cannot sustainably maintain most of these projects this way. You cannot get a vendor for long. And you cannot hardfork them, because maintaining them necessitate an expertise you cannot hire

      In conversation Friday, 05-Apr-2024 19:47:15 JST permalink
      clacke likes this.
    • Embed this notice
      clacke (clacke@libranet.de)'s status on Friday, 05-Apr-2024 19:47:18 JST clacke clacke
      in reply to
      • Thomas Depierre

      @Di4na @smxi Good points, and true for most companies.

      But then you also have companies who desperately want to pay someone but don't know who and how. Maybe not enough of them.

      #tidelift obviously is trying to cater to those companies, and it's not unsuccessful, but also not the smashing success that I'd want it to be.

      And what I'm talking not is not exactly Tidelift, which takes more of a facilitator approach rather than a vendor approach.

      Maybe not everything can be covered by Tidelift-but-vendor, but I'd like to think there is a missed opportunity with some core projects for which this would work better than Tidelift or foundations financing grants.

      In conversation Friday, 05-Apr-2024 19:47:18 JST permalink
    • Embed this notice
      clacke (clacke@libranet.de)'s status on Friday, 05-Apr-2024 19:47:18 JST clacke clacke
      in reply to
      • Thomas Depierre

      @Di4na @smxi That's exactly where the third-party vendor makes sense. Focus on what interests you, and a business charges people and takes care of the "boring" stuff, the supplier role.

      (Personally I'm super excited by the "boring" stuff and would love to work for this fictional "Code Gnomes Inc" company)

      Where the model falls down, apart from the obvious issue of finding people who want to pay, is, as you pointed out, if the problem domain and intrinsic complexity make the supplier parts difficult for anyone other than the deeply skilled original author to manage.

      If that's the truest for the projects that would need help the most, that could be why nobody else is talking about this.

      In conversation Friday, 05-Apr-2024 19:47:18 JST permalink
    • Embed this notice
      Thomas Depierre (di4na@hachyderm.io)'s status on Friday, 05-Apr-2024 19:47:19 JST Thomas Depierre Thomas Depierre
      in reply to
      • clacke

      @clacke @smxi I mean the problem is also on the other side.

      As a maintainer, i cannot take that supplier posture except if i have a quite high and stable income.

      I need at least 80% of my salary income coming from it in a stable way before i can spend more time on it. Paying me does not help under that.

      Because I cannot find the time. I have a job. Family. Pets. A house. Friends. Hobbies.

      I cannot cut them sustainably. The only thing that can be cut is my work. And it is inflexible

      In conversation Friday, 05-Apr-2024 19:47:19 JST permalink

      Attachments


    • Embed this notice
      clacke (clacke@libranet.de)'s status on Friday, 05-Apr-2024 19:47:22 JST clacke clacke
      in reply to
      • Thomas Depierre
      @Di4na @smxi There has to be a critical mass of demand for a commercial supplier, for sure. If nobody is demanding it, any attempt to provide it is doomed.
      In conversation Friday, 05-Apr-2024 19:47:22 JST permalink
    • Embed this notice
      Thomas Depierre (di4na@hachyderm.io)'s status on Friday, 05-Apr-2024 19:47:23 JST Thomas Depierre Thomas Depierre
      in reply to
      • clacke

      @clacke @smxi And that makes a tall step from zero to being able to take money in. A step that cannot be met easily by a few companies wanting a cheap vendor support.

      In conversation Friday, 05-Apr-2024 19:47:23 JST permalink
    • Embed this notice
      clacke (clacke@libranet.de)'s status on Friday, 05-Apr-2024 19:47:25 JST clacke clacke
      in reply to
      • Thomas Depierre

      If all the companies that claim to want a supplier would be willing to put their money where their mouth is, there would be a market for #CodeGnomesInc to partner with and shield the maintainer rather than to add to their burden.

      If people are just trying to add duties to existing maintainers, those people can get lost and get back when they have something to contribute.

      @smxi @Di4na

      In conversation Friday, 05-Apr-2024 19:47:25 JST permalink
    • Embed this notice
      clacke (clacke@libranet.de)'s status on Friday, 05-Apr-2024 19:47:26 JST clacke clacke
      in reply to
      Even better, of course: #CodeGnomesCoop
      In conversation Friday, 05-Apr-2024 19:47:26 JST permalink
    • Embed this notice
      Thomas Depierre (di4na@hachyderm.io)'s status on Saturday, 06-Apr-2024 13:39:51 JST Thomas Depierre Thomas Depierre
      in reply to
      • clacke

      @clacke @smxi that is true of nearly all of them. So yep

      In conversation Saturday, 06-Apr-2024 13:39:51 JST permalink
      clacke likes this.
    • Embed this notice
      valhalla (valhalla@social.gl-como.it)'s status on Saturday, 06-Apr-2024 13:39:55 JST valhalla valhalla
      in reply to
      • clacke

      @clacke for some things, I think that paying people to work inside existing distributions can also work; it is e.g. already possible to pay somebody to work on maintaining specific debian packages past the time the official support for a certain release has ended (and probably also way past the official *upstream* support has ended).

      It has to be managed carefully, but I believe that Freexian / Debian LTS is a good example which could apply to other cases (and is probably completely not suitable for others).

      The main advantage here would be that the results of such paid work would be available also for other people, and thus they could be less expensive for each individual customer.

      In conversation Saturday, 06-Apr-2024 13:39:55 JST permalink
      clacke likes this.
    • Embed this notice
      clacke (clacke@libranet.de)'s status on Saturday, 06-Apr-2024 13:39:59 JST clacke clacke
      in reply to
      • valhalla

      @valhalla This is awesome! First time I hear of it.

      Yet another "if you think of it, someone on the internet did it". This is exactly what I'm talking about.

      freexian.com/lts/debian/detail…

      "Several Debian developers who are willing to provide security updates for Debian on a paid basis got together and created the service presented on this page. Freexian, a French company managed by 3 Debian developers, collects money from all parties willing to financially support the LTS effort, and uses this money to pay the Debian contributors who are providing security updates."

      🤩

      In conversation Saturday, 06-Apr-2024 13:39:59 JST permalink

      Attachments


    • Embed this notice
      clacke (clacke@libranet.de)'s status on Saturday, 06-Apr-2024 13:40:00 JST clacke clacke
      in reply to
      • Thomas Depierre

      So, anyone who wants a Debian supplier can just jump on this and that's exactly what they get.

      "Any contribution gives you the right to submit a list of packages that you rely on, and that should be prioritized in terms of security support."

      "If your funding level is at least Bronze 1, Freexian will subscribe the person listed as technical contact to a private mailing list that all contributing companies can use to discuss their needs and share their experience."

      "If your funding level is at least Silver 1, you can submit your queries and requests about Debian LTS in general and/or any security update in particular to us."

      "If your funding level is Platinum, you can submit to us functional tests covering the set of packages that you care about, and we will run those tests on updated packages to detect undesired regressions"

      #Freexian #DebianLts

      @smxi @Di4na

      In conversation Saturday, 06-Apr-2024 13:40:00 JST permalink
    • Embed this notice
      clacke (clacke@libranet.de)'s status on Saturday, 06-Apr-2024 14:24:04 JST clacke clacke
      in reply to
      • Thomas Depierre

      @smxi So you don't. You do you. And someone else who accepts money for gnome work shields you from the people inside the capital funnel machinery who want a supply chain.

      If you're worried about code pollution from corporate concerns, the gnomes can look at how OpenSSH does it as a model: The upstream is clean and OpenBSD-specific, and then there's a downstream distro that adds abstractions and adaptations to make OpenSSH run on GNU, POSIX and elsewhere.

      @Di4na

      In conversation Saturday, 06-Apr-2024 14:24:04 JST permalink
    • Embed this notice
      smxi (smxi@fosstodon.org)'s status on Saturday, 06-Apr-2024 14:24:05 JST smxi smxi
      in reply to
      • clacke
      • Thomas Depierre

      @clacke @Di4na In terms of hiring, I think I follow with Thomas D, I am NOT a supplier. I have zero interest in damaging my code to make it work around bugs created by a billion dollar corporation (yes, looking at ibm-redhat). Nor am I interested in their problem set unless it directly matches what I want the software to do for its users. And no, corporations are NOT users, they are legal fictions assembled to funnel capital, and generate profit. And I don't volunteer for that, at any price.

      In conversation Saturday, 06-Apr-2024 14:24:05 JST permalink
    • Embed this notice
      NiceMicro (nicemicro@fosstodon.org)'s status on Saturday, 06-Apr-2024 14:24:18 JST NiceMicro NiceMicro
      in reply to
      • clacke

      @clacke @smxi The GPL does not have any clause that makes a user entitled to any future versions or any tech support.

      Therefore, it is not a violation of the GPL to terminate business relationship based on an action that is allowed by the license but not allowed by the business agreement.

      Red Hat can't come and take away the code they already gave you, and can't stop you redistributing it. They have all the rights to not talk to you any more though.

      In conversation Saturday, 06-Apr-2024 14:24:18 JST permalink
    • Embed this notice
      clacke (clacke@libranet.de)'s status on Saturday, 06-Apr-2024 14:24:18 JST clacke clacke
      in reply to
      • NiceMicro

      @nicemicro @smxi If the license requires them to allow redistribution, and if they ensure redistribution has negative consequences, then a reasonable bystander would say they are not allowing redistribution, but are in effect imposing "further restrictions".

      But nobody has gone to court over it yet.

      In conversation Saturday, 06-Apr-2024 14:24:18 JST permalink
    • Embed this notice
      NiceMicro (nicemicro@fosstodon.org)'s status on Saturday, 06-Apr-2024 14:24:19 JST NiceMicro NiceMicro
      in reply to
      • clacke

      @clacke @smxi I don't think what you describe here is correct. I think what you describe here is true for their publicly available repositories. As a customer you have the right to ask for the exact source code that your binary packages were compiled from, and I am not aware of any instance of them not honoring them.

      In conversation Saturday, 06-Apr-2024 14:24:19 JST permalink
    • Embed this notice
      NiceMicro (nicemicro@fosstodon.org)'s status on Saturday, 06-Apr-2024 14:24:20 JST NiceMicro NiceMicro
      in reply to

      @smxi honestly, I don't really mind that much what RedHat is doing. No one is entitled to get updates to a software from you just because you gave them an earlier version.

      As long as they don't restrict your GPL guaranteed rights for the software itself, they can condition the future business relationship with their customers on whatever they want.

      In conversation Saturday, 06-Apr-2024 14:24:20 JST permalink

      Attachments


    • Embed this notice
      clacke (clacke@libranet.de)'s status on Saturday, 06-Apr-2024 14:24:20 JST clacke clacke
      in reply to
      • NiceMicro

      @nicemicro You seem to be referring to how Red Hat conducted business before they shut down CentOS 8/9.

      With their current setup, you as a paying customer get the binary packages, but you don't get the Complete and Corresponding Source Code for your packages.

      All you get from them is "[it all comes from the git repos for CentOS Stream, some commits in there, you'll figure it out]". In theory you can find the information, but it's obscured for no reason other than obscuring.

      If you redistribute what you got from them, as the GPL requires them to give you the right to do, they will terminate your support contract and access.

      @smxi

      In conversation Saturday, 06-Apr-2024 14:24:20 JST permalink
    • Embed this notice
      smxi (smxi@fosstodon.org)'s status on Saturday, 06-Apr-2024 14:24:21 JST smxi smxi
      in reply to
      • NiceMicro

      @nicemicro Any company that avoids #gpl is openly admitting they want to take without giving back. Those are not desirable partners long term as has been proved over and over. Nor are they reliable or trustworthy. Every gpl project has a possible long term future builtin and every non enforced sharing license project can go like a poof of smoke because it has no true code permanence protection beyond last public commit. Like rhel is trying to do while stealing our code to use their stupid word

      In conversation Saturday, 06-Apr-2024 14:24:21 JST permalink
    • Embed this notice
      smxi (smxi@fosstodon.org)'s status on Saturday, 06-Apr-2024 14:24:22 JST smxi smxi
      in reply to
      • NiceMicro

      @nicemicro to me the core mindbug is open source. Vs #FreeSoftware. If you fall for that trap then one license is as good as another so you'll burn out once reality sets in. I make free software to help the bits of free software ecosystem I can. Free software of course is open source by definition but as ibm-redhat recently showed us the contrary is not necessarily true. Since I've never had any interest in doing unpaid work for billion dollar corporations I used gpl from first day I found it.

      In conversation Saturday, 06-Apr-2024 14:24:22 JST permalink
    • Embed this notice
      smxi (smxi@fosstodon.org)'s status on Saturday, 06-Apr-2024 14:24:25 JST smxi smxi
      in reply to
      • NiceMicro

      @nicemicro it's corporations who want to avoid gpl code because that imposes obligations. Developers not in #OpenBSD who care about survival of #FreeSoftware should use licences that enforce code survival and growth. There's a reason bsds are now a blip of a percent of total os now and linux is in and on everything. You have to force sharing and giving back when dealing with the sociopathic corporate sector. Anything else is naive. Except for special cases like openssh, libressl etc.

      In conversation Saturday, 06-Apr-2024 14:24:25 JST permalink
      clacke and Linux Walt (@lnxw37j1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} like this.
    • Embed this notice
      clacke (clacke@libranet.de)'s status on Saturday, 06-Apr-2024 14:24:28 JST clacke clacke
      in reply to
      • Thomas Depierre

      @smxi @Di4na That's the "if you are not interested, [they can] hire someone else" part of what I said.

      Don't push duties on original authors. Pay *someone* to dot the Is and cross the Ts and whatever else corporate risk analysis requires.

      In conversation Saturday, 06-Apr-2024 14:24:28 JST permalink
    • Embed this notice
      smxi (smxi@fosstodon.org)'s status on Saturday, 06-Apr-2024 14:24:29 JST smxi smxi
      in reply to
      • clacke
      • Thomas Depierre

      @clacke @Di4na Basically, if you want me to deal with boring problems that I'd never ever dream of touching in my free time, then yes, pay me, and I'll get those working for you, wincing at the stupidity of the problem in terms of the bigger world. But if it's for me, I am going to write it the way I want, to solve the problems I (and positive people I respect from experience) want, and make the code as good as I can make it, which can take up to 10x longer to do than with commercial code.

      In conversation Saturday, 06-Apr-2024 14:24:29 JST permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.