There's a falsely-attributed-to-Gandhi quote, "First they laugh at you, then they ignore you, then they fight you, then you win." Fifteen years ago, when open source—and Linux in particular— was in the "fight you" phase, Steve Ballmer at Microsoft had a lot to say about it:
In the end, there's no one to be held accountable for flawed software in an open-source model. There's no roadmap for Linux. There's nobody to hold accountable for security issues with Linux. We think it is an advantage that a commercial company can bring. We stand behind the products. We indemnify for the intellectual property that's in the product. We provide that product with a roadmap. If there are problems and people do have security issues, I'm SteveB@microsoft.com. They know where to send e-mail and give somebody a hard time about it.— Steve Ballmer, 2003
Fortunately for Linux, Red Hat and other companies went on to offer all of those things for Linux. In the same interview, Ballmer continued:
Microsoft spends about $6.9 billion a year in R&D to improve its software, an effort that could not be funded under an open-source model.
At the time, I'd have been the first to say "FUD!"—but today, let me start a fight: Ballmer was right about these problems with open source.
Yet even though he was right, in 2018 Microsoft embraces open source—and they're also right to do that.
Maintenance and sustainability
Ballmer's criticisms are two-sided. There's a problem for software users: lack of vendor stability and assurances. There's also a problem for software creators: no funding.
Both sides have been addressed for some specific open source projects—high-profile stuff such as the Linux operating system and databases (like MySQL and MongoDB). But those exceptions don't prove the rule.
There are exponentially more open source projects today than there were in 2003. Most of these projects don't have much of a roadmap, don't have anyone to hold accountable, don't have legal guarantees, and don't have funding.
For building a business around open source, the "open core" and "hosted" models have won. This means there's shared infrastructure code, but vendors make their money on something unshared—whether proprietary software, hosting, SaaS apps, advertising, marketplace fees, or any other business model. Open source itself has yet to discover a funding model.
If you're looking for a vendor to stand behind the open source you use, you might find one for the high-profile standalone products like databases and operating systems. But good luck finding one for the thousands of open source packages a typical web application relies on.
The power of community and collaboration
While Ballmer was correct about his narrow point, he missed the big picture. Open source does have downsides. But those are offset by a giant upside: today, every software developer on earth can work together.
It's about community and collaboration.
At Tidelift, we're running a Vue.js application with a Ruby backend, in a Linux container on Kubernetes, with nginx in front of it—that's only a partial listing of the open source projects we're touching directly, and already it implies thousands of discrete open source projects. We're also using a long list of SaaS apps from other vendors, every one of those built on open source as well. All told, billions of dollars worth of software. That's a hell of a head start open source gave us. Thank you.
There's no way this stack could be proprietary. No vendor could hire all those people; with company boundaries around the thousands of projects, there's no way they could all be made to work well together. And there's no way we could talk to thousands (or even dozens) of vendors to buy the software we needed—we wouldn't have time to spend even half an hour with each salesperson.
As much as we might complain about the complexity of modern software development, it's enabling amazing things (pick your favorite technological advance), and those things wouldn't be possible without open source as a tool to manage the complexity.
To get the benefits of open source, the world is willing to muddle through the downsides. After all, even Microsoft got on board.
Finding a maintenance model for our shared infrastructure
Ballmer's arguments have been addressed fairly well for a short list of projects, such as the Linux kernel. But today most applications—and tech-driven companies—rely on thousands of projects. And most of them haven't addressed Ballmer's criticisms.
Our belief at Tidelift is that the answer lies in scale: let's solve this once, together, for every project that's interested.
If you share our dream that open source could be even better — while keeping the community and collaboration that make it fantastic already — we wrote down our plan to empower maintainers to an 11-page-long level of detail in our lifter guide. Please take a look. I hope it will give you a sense of where we're going, and that you'll stay tuned as we make progress.