Daniel Oberhaus at VICE Motherboard published an extensive essay last week delving into the history and future of open source development. It’s a great read and a compelling contribution to popular understanding of the software that underlies our modern civilization.
You should read the full article at VICE Motherboard.
The analysis kicks off with a recounting of the circumstances behind the familiar Heartbleed vulnerability in OpenSSL:
Clearly, something was broken with a system where the security of the global internet was almost entirely supported by the selfless efforts of one overworked and underpaid programmer. As for who was to blame, Marquess pointed to the “commercial companies and governments who use OpenSSL extensively and take it for granted.”
Oberhaus continues with an exploration of the origins of the free software movement of the 1980s and its distinctive role in the dotcom hype bubble of the 1990s:
Unlike the digital castles-in-the-air being churned out in the offices of Silicon Valley venture capitalists, free software worked.
Next up is a synopsis of some of the economic arguments for why open source works, including an important insight about the nature of open source software as a common good and whether it is subject to the tragedy of the commons:
While code itself can’t be used up in the same way as other economic goods like food or land, the resource that can be depleted is the attention and energy of the programmers responsible for developing and maintaining that code.
That leads into some visceral examples of the challenges open source creators face when projects reach massive scale:
The rising tide of companies that depend on open source software means that open source developers are deluged with feature requests and issues with the code and many of these companies expect that their improvements and issues should take priority. In other words, it seemed as though many popular projects in the open source community were poised to become victims of their own success.
Oberhaus discusses new business model approaches that better align the interests of open source creators and users, including Tidelift:
Tidelift CEO Donald Fischer told me that the biggest barriers to the adoption of open source projects, especially in heavily regulated industries like banking, is the lack of assurance that the software will work like it was supposed to. Unlike proprietary software, there’s generally no customer support line for an open source project. If a company is using open source code and then the maintainers stop working on it or don’t immediately address a bug, there’s not much the company can do.
As [Ruby on Rails creator] Hansson pointed out, from a maintainer’s perspective, this ability to selectively engage with users is part of the luxury of not monetizing open source projects. Fischer agrees that if programmers don’t want to monetize their development time providing customer support to users that’s just fine, but for those that do want to monetize their work, there ought to be a space for them to do that. Enter Tidelift.
Tidelift is sort of like what Red Hat did for Linux, but for all the other FOSS projects: Businesses pay for support services related to the open source projects they’re using. As Fischer described it to me, Tidelift is applying the same logic to the FOSS community that AirBnb brought to the hospitality industry and Uber brought to the transportation industry.
Tidelift uses a custom program to track changes across hundreds of open source libraries so it can track how code changes affect companies that have registered with the service. If a code change in one of those libraries result in security, licensing, or maintenance issue, developers that have signed up with Tidelift work on any issues associated with that change. Under this model, companies pay a flat rate to Tidelift, which then takes a cut and distributes the rest to the developers, who are paid according to how many companies are using the code that they are maintaining.
Finally, Oberhaus concludes with this sentiment:
Most developers are in agreement that if there are ways to sustainably fund the open source community, this will ultimately lead to even better software.
We couldn’t agree more.