While I don't particularly like the idea of stuffing ads into npm logs, I don't have the same visceral negative reaction that many people have in these HN threads on this topic.
The overwhelming majority of the people complaining about this are well-paid tech workers writing code for well-funded companies that profit off of open source code without providing any reciprocal value to the open source projects in return. (Of course, that statement isn't true for 100% of companies, but I'd guess that less than 10% of companies using open source code donate back to the open source projects they use)
Something about this whole debate makes me a bit uneasy.
You have people working mostly for free, developing open-source, FREE code that provides incredible value to the for-profit companies that use the open source code to generate (sometimes) massive amounts of revenue.
Given the amount of value open source provides to for-profit companies (with the open source maintainers rarely getting any reciprocal value from the companies that profit off them), why is it so alarming to think that these maintainers might think of a clever idea like this to make a couple thousand bucks?
I'm not arguing that npm install logs should be packed full of ads (it shouldn't).
But instead of attacking the guy for trying, I really wish the discussion were focussed on how the community of open-source consumers can contribute back to the open source ecosystem in a way that promotes the sustainability of the projects and community.
>, why is it so alarming to think that these maintainers might think of a clever idea like this to make a couple thousand bucks? [...] But instead of attacking the guy for trying, I really wish the discussion were focussed on how the community of open-source consumers can contribute back to the open source ecosystem
You're (possibly unintentionally) distorting/diverting the issue. Nobody is criticizing open source maintainers for trying to get funding in an abstract sense. (We can all agree open source maintainers need income.) However, if the concrete implementation of trying to get money is unwanted and unexpected ads, then the correct focus of discussion is the criticism of that ad delivery method. The succinct version of this is: "The ends do _not_ justify the means."
As hypothetical examples...
- If Pi-Hole maintainers get the "clever" idea to get funding by changing "doubleclick.net" from returning "127.0.0.1" to the ip address for "BuyPiholeTShirts.com", people are going to criticize that "ad". It doesn't matter if Pi-Hole volunteers "deserve" more money, the correct focus of criticism/discussion is the sneaky ip redirect.
- If the maintainer of d3 Javascript library (https://github.com/d3/d3) decides to embed advertising such as "Try LINODE for 30 days!" in "README.md" and inside the source code comments of every js file, the correct focus of discussion is those ads and not whether the maintainer needs money.
The methods of soliciting funds do matter.
So far, socially acceptable ways seem to be Patreon, or getting hired by FAANG, or grants, etc. The "clever ideas" like NPM console ads are not socially acceptable.
This is an unfair go at the poster. He said "I'm not arguing that npm install logs should be packed full of ads (it shouldn't)."
That's clear as can be. He's asking the same question I am, how do we get sufficient funding for these projects. Re your patreon suggestion, I thought we recently had an article where someone got little to nothing on that.
> or getting hired by FAANG
So one way to support foss software is to get hired by a closed source company. Kind of defeats your point.
This is the problem right here, "I want but I'm not personally going to pay". We get ads (funding model of the modern web) or foss remains underfunded while non-foss companies get the cash they need. The problem is human nature. And yes, I've personally opened my wallet for them, and will again.
>This is an unfair go at the poster. He said "I'm not arguing that npm install logs should be packed full of ads (it shouldn't)." That's clear as can be.
Please reread my reply to OP carefully and notice I did not say he endorsed NPM ads. Instead, I specifically disagreed with his suggestion to redirect the discussion away from the NPM ads to the general topic of open-source funding.
>He's asking the same question I am, how do we get sufficient funding for these projects.
To be clear, that's a different question and I wasn't even attempting to answer it. I mentioned funding like Patreon as examples of social acceptability and not as examples of income sustainability.
>Kind of defeats your point.
My point was a narrow one : others are criticizing the unwelcome ad solicitation and that's a correct area of focus.
The other question of how to get sustainable open-source funding is also an important topic -- but that doesn't mean it forbids discussion of unacceptable spam/ads. They can be 2 parallel discussions.
> However, if the concrete implementation of trying to get money is unwanted and unexpected ads, then the correct focus of discussion is the criticism of that ad delivery method
But he'd already said, prior to that
> I'm not arguing that npm install logs should be packed full of ads (it shouldn't).
He'd already said no to them; you're both in agreement. There's nothing to argue about.
Having agreed that nobody wants ads, the next step is to determine how to not have them (and their nastier big sibling, telemetry and malware, which will follow) by providing funding.
Please stop having "you said he said" discussions. If someone clarifies their position that they meant to say something else than you read, please accept it in good faith and don't see this as an invitation to hark back to their previous messages.
This comment is not aimed at you specifically, but everyone in this comment thread who engages in this pointless arguing.
You’re missing the point and illustrating it further. The comment was garbage because it derailed the entire discussion around terminal ads to try to direct it to FOSS funding.
It doesn’t matter if they both agree that text ads are bad. It’s basically a “think of the children” derailment except it’s “think of the poor foss dev”.
I think you are making an extremely valid point; i often see the same “think of the children” argument made when discussing advertising and the web. Likewise, no one is saying websites shouldn’t have an income.
If you're only talking about how you don't like the solution; and refuse to talk about the underlying problem; you're going to keep seeing the bad solution again and again and again.
Here everyone says they don't like ads; and then are shocked that people want to talk about why ads are showing up and what to do about that.
> That's clear as can be. He's asking the same question I am, how do we get sufficient funding for these projects.
We don't. Only a fool would expect to make a living wage giving something away for free.
From the beginning FOSS has been either interested individuals or employees at corporations with a vested interest. There's no reason we should expect that John Q Developer independently working on a bunch of NPM modules to be compensated by the world at large.
> There's no reason we should expect that John Q Developer independently working on a bunch of NPM modules to be compensated by the world at large.
With all due respect, I feel this is a lack of imagination. We could have said the same thing about soup kitchens, or basic income, or social welfare, or anything else that doesn't cleanly draw profit.
So yes, it doesn't work. At least not until we demand it does and distort the legal, social, and cultural frameworks around it.
As one solitary example, what about a shift to using copyfarleft licensing that only allows MIT-level freedom to nonprofits and co-operatives, while for-profit orgs pay fees instead of just leeching. This has the added bonus of shifting benefit to platform cooperatives, which governments are already starting to ideologically favour as we all see the gleaming metal edge of platform capitalism.
There are a hundred more options if we believe building the commons is better than milking it dry.
> With all due respect, I feel this is a lack of imagination. We could have said the same thing about soup kitchens, or basic income, or social welfare, or anything else that doesn't cleanly draw profit.
Those are all driven by charity for the destitute. It’s not meant to be a patronage paid to starving artists. On the contrary the able bodied are expected to not draw from that well if they can provide for themselves so that more remains for the truly deserving.
> So yes, it doesn't work. At least not until we demand it does and distort the legal, social, and cultural frameworks around it.
As one solitary example, what about a shift to using copyfarleft licensing that only allows MIT-level freedom to nonprofits and co-operatives, while for-profit orgs pay fees instead of just leeching. This has the added bonus of shifting benefit to platform cooperatives, which governments are already starting to ideologically favour as we all see the gleaming metal edge of platform capitalism.
There’s no such thing as partial BSD style licensing. You’re either all the way there or you’re not. Favored status to non profits is no different than discriminating from “evil” usage.
I’m not saying one can’t do that, just that there’s no half measures. I make it a point to contribute to BSD style software that I actually use and explicitly do not contribute to “shared source” bullshit.
> There are a hundred more options if we believe building the commons is better than milking it dry.
I don’t see anything going dry. The system has worked fine till now. What’s changed is the unrealistic expectation of hand outs for something you’ve already agreed to give away for free.
I would like to disagree with your point on basic income. It’s usually called _universal_ basic income. Precisely to clarify that it is not a “charity for the destitute”, it is absolutely meant to be for everyone.
And for the larger discussion on building the commons I happen to think UBI is an important component. Focusing on the amateur work being done by the civil society at least, an UBI could be precisely the thing needed to free up time for cultivating the commons.
Now, granted, most UBI proponents do argue from a solidarity angle, and do think of it as some kind of charity. But I’ll offer an alternative view point. To me UBI is the foundation from which private property can be justified. Locke argued that commons, such as land, can only be taken as property when there is no contention, which is clearly not the case for anything having a market value. The just way to solve that conflict could be for the owner to simply pay the market value in rent to the commons, as compensation for the exclusive rights. Such payments could be divided as as an UBI. And I suspect it would also result i a pretty handsome amount. Enough to fund a few open source projects at least.
>
I would like to disagree with your point on basic income. It’s usually called _universal_ basic income. Precisely to clarify that it is not a “charity for the destitute”, it is absolutely meant to be for everyone.
In the credible UBI plans I've seen, the income is Universal in the sense that "everyone gets a check", but in practice that income is paid for by those with middle or higher incomes, such that for many earners that "income" is a net tax (or neutral). "Charity for the destitute" is a bit hyperbolic, but its absolutely income supplementation for the less well off at the expense of those better off.
Since when are FAANG companies considered to be closed source? Have any of them snatched up maintainers to continue development behind closed doors?
There are examples of large corporations hiring maintainers to work on open source and keep those projects open source. I believe pypi is an example of that.
I'd like to see that backed up, really. There are certainly criticisms to be made of how Apple has handled their open source projects (slow to update and push out new releases, not great at cooperating with upstream projects when Apple has forked them, typically cryptic Apple communication practices). But if Apple has taken open source projects, created closed-source forks of them, and hired original developers of and/or major contributors to the original open source project to maintain and develop the closed source fork without contributing back to the open source original, none of them immediately come to mind.
I got direct quotes from Apple employees about how their employment has banned them from doing anything related to GPLv3 code in their free time, specifically GCC.
I don't want to mention them in a public website in case that gets them in trouble.
That doesn't surprise me. The GPL, especially v3 and AGPL, are specific weird cases at a lot of companies -- sometimes because they want the freedom to close of forks, but often because they're convinced the GPL/AGPL could "poison" their work and force them to open previously closed source. (This turned out to be a problem for us at RethinkDB, which was AGPL-licensed.)
Well, depending on the employee, it would make sense. Apple funded a large part of clang/llvm, which many assume was specifically to avoid a GPL compiler. You'd hate to accidentally pollute a BSD(-ish) project with GPL code, if your primary purpose for funding the project is to avoid GPL code. Not that anyone would purposefully do such a thing, but it would be important for Apple to even avoid the appearance of anything like that.
Apple certainly hires people from their open source projects and keeps closed-source forks. Most of the changes make their way back to their original projects, though, but the caveat is that this only seems to happen if the project is used heavily outside of Apple and after the feature has "shipped" (which may be a while after the code was actually written).
I remember finding an article on HN about a developer for FreeBSD going to work on Mac OS[1], before returning to work in open source. Isn't the Mac OS user space an example of what you describe?
I don't think I'd say it is, no, because Hubbard wasn't hired to work on a closed-source fork of FreeBSD at Apple but rather as an engineering manager. AFAIK, Apple did not make any closed forks of major BSD-related work.
Apple keeps internal forks of projects where they can do so legally; it helps them prevent leaks and lets them add new features quicker. These changes often do end up getting merged back in, but this is usually after they have shipped.
Since always? Their core business is developing proprietary software. It's impossible to git clone and say, fix any of the popular complaints.
You might be confused because they build on top of a Free foundation, and do contribute changes back to those layers. But the bulk of their activity is plainly closed, especially the software directly associated with their brands.
I agree with the sentiment that shady things shouldn't be excused because "I'm an open source developer and I need money". You have a point there.
Although:
> decides to embed advertising such as "Try LINODE for 30 days!" in "README.md"
Are you trying to say that this is also not acceptable? Our company sponsors a few open source npm projects, and all of the projects we sponsor have our logo in the README.md - is that really not socially acceptable?
> Are you trying to say that this is also not acceptable?
Not OP but I think it's acceptable. I'm happy to see my favourite free (as in freedom) projects' developers being supported. If someone doesn't like it and if it's truly free software then anyone can fork it to remove that ad and we don't have a problem. That's how free software works, if you can't, then it's not free software. If one just won't fork and opposes what a free software project does then that's just entitlement.
Not OP, but I still think that's acceptable. README.md is one of a very small number of places that open source developers can reach their users. Most of the time I only read it once, so if there's an ad there, or a link to their other products, as long as it's not a GIF and they didn't find some way to embed a tracker in README.md, I'm cool with it.
It's about as relevant as advertising gets, and it's not coming from a pool of clickbait ads. It's a developer using their open source work to generate interest in the work that pays for it.
As an open source developer, I would refuse to "reach" my users in such a tacky way as selling ad space in my README. You're correct that the README is one of the few touch points with users, and I wouldn't dare waste that on something I consider so disrespectful.
Oh, I'm not talking about selling ad space. I agree that what Funded did was misguided at best. But what my parent was responding to was the idea of even putting a little ad for a paid product by the same developer or company.
If JetBrains, for example, wanted to remind me on the README for Kotlin that they have an IDE that works well with the language, that doesn't offend me.
I presume the user is assuming you could put a tracking pixel in the readme and have it rendered, the same way the build badges work. Github is, of course, one step ahead and hides those behind camo.githubusercontent.com.
> You're (possibly unintentionally) distorting/diverting the issue. Nobody is criticizing open source maintainers for trying to get funding in an abstract sense.
Yes they're very good at providing speech and debate lip service about wanting to sustain OSS devs, but then when we actually want to do anything except hold out a tip jar they treat OSS devs like trash. The person that wanted to throw people in prison didn't seem particularly interested in our ability to get funding https://twitter.com/kyledrake/status/1166801737534984192
if the concrete implementation of trying to get money is unwanted and unexpected
Every method of funding open source either doesn't work or is unwanted, so arguments like "get paid, just not this way" are disingenuous. When that guy tries a different approach instead of ads, people will be attacking him just as much.
It's time to move the discussion on to "all possible funding methods are unpalatable, so what's the least bad method?"
Open source project funding is a major open problem, which is something many people agree on. It can't sustain if we don't solve that.
What I don't see is the fairness argument. Developers have legal means to restrict commercial use of their software. The community has for decades had a conversation about licensing and none of this is new territory.
These developers chose to volunteer their time to corporations. If they don't like that choice they should change their behavior not make demands of others.
Otherwise it's just the high tech equivalent of the common street scam where somebody hands you an object and then demands a donation if you take it.
> These developers chose to volunteer their time to corporations.
Not so, these developers chose to volunteer their time to benefit the commons, and corporations occupy the same spaces once in a while. Whether or not there are abusive companies who stake out those projects for rent-seeking, to build walled gardens of their own, looting the commons making money for themselves and giving nothing back, is really not a function of the person who did something good for everyone's benefit.
We shouldn't be asking the person who is doing the good thing to change, friend! Reciprocity is an evolutionarily acquired trait, and while you can't count on favors to be repaid all of the time, anyway this is not a requirement in order for us to benefit from reciprocity.
Students of psychology have understood this as one of the favorable characteristics of human behavior which enabled us to survive up to this point. The idea that you can give someone something and receive something bigger in return, while both parties benefit, has been a part of community building for as long as humans formed communities. I would like to share this Sandi Metz talk about it in case you have an hour and want to hear more, I'm not the student of Psychology and didn't make this stuff up myself:
> Not so, these developers chose to volunteer their time to benefit the commons, and corporations occupy the same spaces once in a while. Whether or not there are abusive companies who stake out those projects for rent-seeking, to build walled gardens of their own, looting the commons making money for themselves and giving nothing back, is really not a function of the person who did something good for everyone's benefit.
It actually is, that's my point. The developers knew there were licensing arrangements that guarded against that possibility, and they chose licenses specifically designed to allow such looting.
Reciprocity is great. But if you license your code in a way that says "Feel free to take this and make money off it and give nothing back" when there are other options, then you made that decision and there is no obvious fairness argument that somebody should be punished for doing what you granted them license to do.
The point of the linked video, at least the relevant part about the street scammers that hand you something and then ask for money, is that we actually banned that kind of behavior in public spaces because it was exploitative.
People have evolved to trust in reciprocity, because it's to our mutual benefit as a society that reciprocity remains a thing, and behaviors which are pathologically exploitative of this evolved trust in reciprocity are fully in the wrong. We decided it and made laws about it, something like 30 years ago. I learned this watching the keynote myself, and was surprised (as it actually hasn't stopped, in spite of legal protections which you might assume put a permanent end to the practice, to the contrary there are still monks handing out little plastic bracelets outside of the Smithsonian in DC, and no shortage of people who are not wise to it, with the $20 to spare.)
If the next generation of developers can't anymore trust in reciprocity and they have to decide on non-free licenses as a result of these companies which plainly don't understand reciprocity, we will all have lost something profoundly important. (And if we assume these companies and their behavior is purely exploitative now, what makes you think a legal machination like non-permissive licensing is going to have more success at getting them to stop doing that? You might have more avenues for recourse, but at what cost...)
It's not about fairness or punishment, it's about protection of our shared mutual benefit via social cues, and we can exile or something like exclude them from polite society if they are not well-behaved. From the receiving end it might look like a punishment, but I prefer to think of it more like as "corrective prodding" or "defensive posturing," and if it works the bad behavior will change, or if it doesn't, then hopefully at least the blast radius can be well-contained.
There are corporations which have learned to behave more thoughtfully and in harmony with OSS, who made a point to be aware of their community footprint, and sure plenty of such individuals too. Those who are not well-behaved can either hopefully see the light, or maybe there's no hope remaining, they will totally take over, and complete the tragedy of the commons. I submit humbly that we should not degrade the commons though as a response to their influence, because even with the bad actors around and their bad behavior, the facts show that our innate understanding of reciprocity is mostly still a beneficial trait, worthy of keeping around.
Oh sure, but Industry has also browbeat people into believing the GPL is completely untenable.
I've yet to see an original monetization suggestion in these threads. People have tried it all. Companies and devs prefer to wait for a poor sap to make a free-as-in-beer version and then stiff them on tips.
A hub of software, like github or npm could acts as a general mediator of funding. A new license could be designed such that entitles above a certain size would have to donate a percentage of revenue to the hub, while also reporting which software they which to license (this only acts as a kind of voting for where to place investments, the donation size is fixed). The hub in question could then spend the income on the various projects taking popularity in account for prioritzation.
I disagree with Patreon and FAANG as possible socially acceptable routes, and have no problem with ads in the console. (Grant's are clearly OK). So I guess that might be subjective?
I do think that instead of everyone putting in an "ad dependency" is not the best way to go about it, but to at least directly negotiate with cloud companies to do it would be awesome.
I release a ton of my work with open source licensing and I've never thought of it as a revenue stream.
If people are financially burdened by making their project open-source; then don't make it open source. Donating something to the community and then getting offended when nobody reciprocates is disingenuous. It's part of the problem with "freemium" software these days where developers think I should be indebted to them for eternity because they did something with no ROI in sight. That's not my problem! There were 100,000,000 developers before you who had to write the ISA, the compiler/interpreter, the OS, the firmware in every device... If I gave each one a nickle I'd be in worse shape than you are.
Sure, it's possible to turn a profit making open-source software. If that's a goal you have then buckle up because it's not a smooth ride. I liken it to being a starving artist. It's not for everyone, so if you already bitch about being hungry all the time maybe you should just look into a day job instead.
> I release a ton of my work with open source licensing and I've never thought of it as a revenue stream.
That's the problem - nobody treats being an independent OSS dev as a possible career, so we either get 1) extremely privileged people that have the significant amount of time and resources required to contribute substantially for no payment, 2) open source that serves to promote a corporate goal, and 3) less and lower quality hobby contributions because the rational people realize they're doing free work to get treated by garbage by people that feel entitled to free-as-in-beer software and choose not to do that.
Imagine how much worse any industry would be if nobody got paid for doing it. Now imagine how much better the OSS ecosystem would be if more people could make a living doing nothing but OSS on their terms. That's the goal here. We want to transform OSS from a starving artists realm for privileged people to a place where people can make careers. I'd be totally cool to see some dev-focused ads to make that happen.
>If people are financially burdened by making their project open-source; then don't make it open source.
This is largely my position. I view contributing code to open source projects almost as altruism. I don't expect compensation or reward, and I do it out of a general feeling of wanting to contribute something unselfish to the world. The fact that some open source projects are important is a secondary concern; I know I don't consider any of my FOSS code to be important to many people other than myself.
That said, my primary income comes from working on proprietary closed-source software. I don't think I've ever interviewed for a position with a company that contributes most of its code to FOSS, so I've really never seen that model work in-person.
That’s a good point you bring up...where do we draw the line? Lots of projects use Debian and docker, etc...is it even ethical to donate to an npm package before donating to the dozens of free tech layers node sits on top of?
You can't live without a heart, but most people don't get cancer, is it ethical for me to donate to the American cancer society but not the American heart association because Cancer is built on the heart?
No it's my donation I'll donate where I want. If I find joy in donating to a small oss dev instead of a strategic donation to a well organized large one then that's what I do.
Look, all I'm saying is if some javascript developer guilts me into donating to open source, the right thing for me to do (I feel) would be to start from the top of the open source chain.
* Operating system
* Code versioning
* Container system
* CI/CD
etc...
It's a long way down before I get to "standard - the javascript linter configuration file".
That's a bit like arguing that Bernie Sanders should give up his housing in Vermont, because No True Socialist would own a house. A good action which is done with good intentions is wholely good, regardless of other good or bad actions that may occur in the same space.
You could donate to all of those projects, but there's no moral imperative to visit them all in order of importance, just because they all played a part.
A permissive license is permission to behave otherwise, and just like Open Source contributions are made voluntarily, your support in kind should be on a voluntary basis too.
Yea I didn't phrase that correctly. I tried to address it elsewhere but it just seems odd that these tiny projects are making so much noise over money while these larger, more integral ones have been going on for decades, providing much more value without turning your install process into a gofundme campaign.
FWIW, I agree. I don't remember the name of the NPM module from the article I just read, and I sure wouldn't have paid them any money if I had been alerted as part of their experiment.
I only donate to obscure Debian derivatives though, so...
>Lots of projects use Debian and docker, etc...is it even ethical to donate to an npm package before donating to the dozens of free tech layers node sits on top of?
Are you asking whether it is ethical to do something that the authors have explicitly said is OK?
> It's not for everyone, so if you already bitch about being hungry all the time maybe you should just look into a day job instead.
The problem is that there's an increasingly influential movement in the software engineering community to shun not only proprietary software, but also several alternative revenue models (such as "software as a service") that use open-source code. If you're part of this movement, then making money off of donations to open-source software is one of only two known, viable ways to be paid to write code (with the other being paid support contracts).
I am not part of this movement, only attempting to provide you with some additional context that might explain some of the opinions you see here.
> That's not my problem! There were 100,000,000 developers before you who had to write the ISA, the compiler/interpreter, the OS, the firmware in every device... If I gave each one a nickle I'd be in worse shape than you are.
Well, I have been giving them more than just a nickel since the late 80's, and still doing pretty ok.
If you are a software developer and you want to make money, sell your software. If you want give away your software for free, do that.
Giving away software for free and then using adware to make up the difference is something else entirely.
If someone wants to make money with developing software, they have many many ways of doing that. Framing this as poor starving software developers getting the shaft by for-profit companies is a huge mis-representation of the situation. No one is chained to their desk and forced to produce NPM packages.
In other words, don't do what Google, Facebook, Twitter, YouTube, Reddit, or Yahoo did.
I appreciate the sentiment (and it's what I do with my own hilariously unsuccessful software), but you can't walk into a room full of data-driven aspiring entrepreneurs and tell them to do exactly what the market has shown it doesn't want, even though that would be better for all of us.
Building a particular thing using a set of tools is not the same as infecting a set of tools with a thing.
More to the point: by injecting advertising directly into packages distributed through a package repository and/or a specific toolset / toolchain / language, the parties injecting the advertising are exploiting and mining the accrued trust of that project, toolchain, and/or language, for personal gain.
It's a tragedy-of-the-commons effect: socialised costs (building of the larger toolchain), privatised benefits (ads revenue).
The long-term consequence will be a very-well-deserved shunning of the toolchain by others. A cost largely born by the vast majority not acting antisocially.
None of these companies make money from Free Software. They might use Free Software but the majority of those companies run proprietary software as a service.
Data-driven aspiring entrepreneurs would notice that companies attempting to create and sell distributed free software haven't historically done so well. Putting ads in free software doesn't make it analogous to the business of Google and Facebook.
Indeed. In particular, using a MIT or BSD license is a choice, and one that comes with forgoing expectation of profits, in exchange for boost in chances of adoption. Want to make money and open source software? Try GPL and dual-licensing.
If you are a software developer and you want software without adverts, pay for it. If you want software for free, you accept whatever the author of that software chooses to do to pay their bills.
Software that has ads is no longer free (gratis). You're just paying for it with annoyance and intrusion instead of money.
And I think the collective opinion here is that we'd rather go without that software than to pay for it that way. In other words, we won't accept those terms and we won't use that software.
How did you arrive at that "collective opinion"? Google and Facebook still seem to be doing OK. Even limited to developers, StackOverflow is being used as much as ever.
I meant in this particular case. People accept that consumer products like Google and Facebook are funded by advertising.
We are talking about Free Software, libraries, and advertisements in the console. I think the collective opinion is that developers would rather not use that package than be subjected to ads in their console.
#3 is barely adware. Sometimes people are extra appreciative of someone's work and want to express that through action; this just tells them how.
On a personal level, I have no issue with an OSS author asking for donations. I draw the line at a company doing so. (An individual soliciting donations for something unrelated, like vim's "Help poor children in Uganda!" insert, isn't my favorite.)
I get where you're coming from. But doing an annoying thing is always going to bring negative attention, and doing a novel annoying thing is going to get a lot of attention.
That attempting to make money by spamming diagnostic mechanisms was going to annoy people was inevitable.
> But instead of attacking the guy for trying, I really wish the discussion were
I wish they guy had spent energy on "how the community... can contribute back", instead trying to get a payday by stripmining trust.
I have a lower tolerance for this crap than others, but any code I catch doing things analogous to this gets banned from my environments and the author names noted. What else will they do to my machines if someone dangles a buck?
Out of curiousity, does the organization you work for contribute money to the Open source libraries it uses via existing mechanisms (e.g. gratipay, Github sponsors)?
I work on Enterprise projects and we rarely (never) contribute back financially, because we cannot for practical reasons.
It is simply not possible for us to add a "donation" cost to our projects. That will not get past accounting.
A license, on the other hand, we would have no issues purchasing that.
We purchase (expensive) licenses to proprietary software all the time. We could and would do the same for the open source software, we use, but without being able to purchase a license, there really isn't any practical way of doing that.
Free for everyone, except for enterprise production environments, would work for us. As long as we get a license key and an invoice.
> I work on Enterprise projects and we rarely (never) contribute back financially
I work on Enterprise projects and we almost always buy support contracts, for both paid-license and open-source software, if they are available; you don't need creative licensing models to get enterprise to pay for open source software, you just need to provide an opportunity to pay to have a live person respond to and manage issues for enterprise customers.
Enterprise companies pay for "support" all the time. It's usually utterly pointless and very expensive annual fee that lets you enter a support ticket.
Enterprise companies also don't like to run "unsupported" software. So there is definitely an opportunity here.
It's just hard to "scale" across lots of individual open source maintainers/contributors who as individuals are unlikely to be able to keep SLA minimums, support query timelines (always answer in 24 hours), other such things that help corporate accountants and lawyers sleep at night. It also doesn't quite scale if those corporate accountants and lawyers have to sign and pay for O(N*M) such support contracts for the direct and indirect open source dependencies of the company's software.
If there is an opportunity here, it's most likely in collective effort. An open source guild/union could provide a support pool/cohort of contributors to cover 24/7/365 or what have you support agreements, an insurance pool for SLA guarantees broken/fees, broker and collectively bargain with enterprises for support contracts that cover costs and wages for entire direct and indirect dependency chains, rather than just obvious direct dependencies or splashy well branded dependencies.
What if it's a support contract that entitles you to a response to support requests on the basis of 'in less than twenty-four hours' as opposed to the usual 'I might respond on a best effort basis if I have time, but no promises'? Would that make it past accounting?
1. Do open source maintainers actually want to commit to that?
2. What if the response is "Yes, we don't support that and don't plan to?" and the company feels this doesn't qualify as enough support and causes a headache.
3. If the purchaser knows what they're getting into, what's to say their successor also does?
I think we have got open source funding all wrong. The thing that makes open source great is that, in parallel, half a million projects are ticking along from which we are learning what is good, what is bad, what is the future of our art. It is education. It is research.
We look for 100,000 individual solutions to making rent while FAANG are just sitting there with a quarter trillion plus in cash waiting to benefit from the best everything that emerges from this massive, free R&D pipeline. Take the best ideas, hire the best programmers, copy the best software, adopt the best practices. From top to bottom you could probably find 10,000+ open source contributors across their stacks, and to enable that open source software required even more contributors, and influencing it all was the previous generations of contributors.
I think the best solution is FAANG pay it forward and support the entire opensource R&D pipeline that enables them to hoard so much money. Between them they hire more people than there are open source developers so it's ridiculous they cannot support them all. It's a security issue that they do not support them at all for the most part, like with OpenSSL, like with injecting ads into node modules, like with selling modules to be repurposed as malware. We haven't even found the stuff compromised by state agencies yet.
To write React Facebook needed 20 years of R&D done by open source... jquery, mootools, long list of dead stuff today we needed to learn from. If Facebook needs 1000 projects to show them how to produce the best React then they need to keep 1000 projects in the pipelines so they can build the best successor to current solutions too. That's why they need to fund open source.
This is true of all software whether you're Facebook or a solo open-source developer; we all stand on the shoulders of giants, literally nobody doing work today can claim otherwise.
> That's why they need to fund open source.
They do. They pay employees to work on software they contribute to the open-source community. To build React, Facebook had to rely on "20 years of R&D" but also millions of dollars in engineering hours.
Funding open source != paying thirty people a few hundred grand and the thousands they depend on nothing. It is an obvious resource allocation problem.
Why should the resources not come from the companies extracting the most cash value from open source?
Those companies contribute back monumental open source projects that would simply never exist without the level of funding, organization, and real business knowledge that those companies provide. The amount of open-source code given away freely by FAANG and similar corporations is worth hundreds of billions of dollars to the wider community. Even much of the software itself is produced with open-source languages made possible by corporate sponsorship. All that open-source work contributes to the richness of the ecosystem just like everything that came before it, empowering the next generation to continue the cycle going forward.
Nobody is questioning that they give some software back but giving software back simply does not fund open source. Most people cannot convert their contributions into money as deftly as FAANG has converted 10,000s of people's contributions into a quarter trillion dollars.
It does not fund the tools that power their current open source projects.
It does not fund the tools their next open source projects will use.
It does not fund the brilliance their next open source projects will iterate on.
It does not fund the mistakes their next open source projects will know to avoid.
They need all of that stuff before they have even a clue what to make next, and they need the open source community to try everything a hundred different ways to see which is good.
We will still be arguing about this in twenty years as open source transitions into a mostly Indo-Chino-Russo-African dominated landscape because western developers can't afford to work on open source unless it's through their employing-FAANG company.
Long before that all the current FAANG open source we're supposed to be grateful to receive instead of funding will be obsoleted and tossed aside because only a handful of ideas in it actually mattered after all.
> Nobody is questioning that they give some software back but giving software back simply does not fund open source
As I already stated, yes, it does fund open source. That's literally what they're doing: spending funds on developing and maintaining open source code. Did they fund every transient piece of software in the technology stack? Of course not.
It does not fund the...
Corporate money funds all of those things you listed. No, not every single package that becomes popular, but many of them, including many informed by practical knowledge acquired through battle-tested experience operating such software in their businesses.
> western developers can't afford to work on open source unless it's at a FAANG company.
So what? If western developers can't afford to work on open-source software they shouldn't. I wouldn't expect anyone to work for free if they couldn't afford to do so.
You mentioned the wealthiest 0.000001% of open source projects in a discussion about how the other 99.999999% need funding as some kind of proof FAANG are pulling their weight. Just their cash savings weigh about 2,500 tonnes so they're obviously not pulling their weight at all.
The so-what is software development evolution comes to a grinding halt while we wait for third-world and developing countries to hit the sweet spot where people can afford to pursue their art and afford the tools and connectivity it requires and afford the many years of learning to understand the steps between hello world and inventing kubernetes. Google didn't even invent kubernetes as much as they extrapolated to it from experience and open source.
They don't need funding. Most open-source software is redundant, low quality, or extremely niche. It's ok if some open source software is simply never written.
I think it's fair for developers to charge (or otherwise monetize, including ads) for their software, even if they open-source it, but they don't "need" funding any more than any other arbitrary piece of software that someone somewhere thinks should exist.
> software development evolution comes to a grinding halt
What's wrong with this? If "software development evolution comes to a grinding halt" then it means we didn't need any more new software and existing solutions have solved all problems.
They do need funding or they wouldn't put ads in node modules. They wouldn't sell popular packages to bad people to repurpose as malware. These are telltale signs that open source developers are not being looked after. They are not making ends meet. These are people with popular open source and the reward for open source is not being distributed effectively for popular projects so it's surely much worse for the bottom million projects.
And the low-quality stuff is super-important too. Before someone can work at FAANG they need to write good software. Before they can write good software they're going to practice writing all kinds of dumb shit and good stuff building the experience and knowledge required to invent a kubernetes. The time investment to obtain the skillset to work for FAANG is years. It requires hardware and connectivity.
The problem with it coming to a grinding halt is we're obviously not finished yet. In ten years React should be in the trash like literally everything that preceded it is. We might still be using Flash if we were finished. Its syntax sure looks like it lent TypeScript some ideas.
What if software genius like Torvalds isn't even rare and we're still just too stupid to foster and enable it for common good...
> They do need funding or they wouldn't put ads in node modules
That's a tautology. They decided to monetize their open-source work through ads. I don't disagree with this approach, if users don't like the ads then don't use the software. That doesn't mean companies need to arbitrarily fund that project.
> Before they can write good software they're going to practice writing all kinds of dumb shit and good stuff building the experience and knowledge required to invent a kubernetes.
So what? They can write lots of practice software and not open-source it. Why should anyone be paying for them to do so?
> The problem with it coming to a grinding halt is we're obviously not finished yet. In ten years React should be in the trash like literally everything that preceded it is. We might still be using Flash if we were finished. Its syntax sure looks like it lent TypeScript some ideas.
If it should be so then it will be so. People will write software if there is a need for it. There is no inherent reason why React "should" be in the trash in 10 years, it will be in the trash only if new problems need to be solved and if they do someone will attempt to solve them.
>Why should the resources not come from the companies extracting the most cash value from open source?
This is easy to answer: Because most/all those open source writers explicitly said it's OK for the users of their software not to provide them cash for it. If I openly say you can use my stuff for free, and then later come and say you are morally obligated to pay me because you made huge profit from my stuff, then my integrity is compromised.
It's totally fine to say "I will no longer respond to support tickets for free", though.
They need all those projects to surface good ideas and they need all that parallelism to identify mistakes they can avoid.
Without it what do they base decisions on? React would be guesswork or an internal tool built in isolation that only solves their specific problems if even that good.
This is how software is evolving. If there is no parallel evolution it will take 1000x longer to do so. If it takes 1000x longer to evolve it takes 1000x longer to invent opportunity and savings for FAANG.
> You have people working mostly for free, developing open-source, FREE code that provides incredible value to the for-profit companies that use the open source code to generate (sometimes) massive amounts of revenue.
But these open source contributions are being done by people with free will. They are not forced to release the code they write to the internet for free. They choose to do it because that's what they want to do.
Instead of associating writing code with money, try to relate it to a hobby. I have 40 something repos on GitHub and posted 200+ blog posts on my site for free but I don't expect payment. I do it because it's fun and it helps me learn.
I'm not sure where I stand with banning terminal ads.
On one hand if someone wants to try and make money by spamming people with ads, I say let them do it because if it gets really obnoxious then ad blocking tools will remove them. On the other hand, if it becomes expected to have ads on every tool, I could get see that getting out of hand. And at the same time I don't think there's a clear enough line to constitute what an ad is. If I link back to my site without asking for anything (as a signature of some sort), is that an ad?
I disagree with the premise that companies don't contribute to open-source. It's a rare open-source library that I don't contribute back to in some way, and that was even more true when I worked at big or rich tech companies. All software has bugs. Half the point of using an open-source library is so I can fix them!
It's also strange to use "maintainers" as the worthy recipient here, since in almost every case I've seen, these people were also working for a big rich tech company, and very well paid already.
The programmer in question sold his last company to Yahoo. He's got a Patreon page (hundreds of dollars a month), a GitHub Sponsor page (at least hundreds of dollars a month, and possibly much more). The software in question is a "JavaScript style guide, linter, and formatter". I don't think any company is "generating massive amounts of revenue" from a JS style linter. The GitHub page has a "gold sponsor" ($500/month) advertisement, too.
The problem with advertising is that (as someone here described it recently) it's an arms race. When anyone starts using them, everyone else will struggle unless they match, and that makes life worse for everyone. Is contributing bug fixes to open-source software, plus the occasional corporate sponsor, not sufficient contribution to the community and ecosystem? What exactly is the goal here? Are we upset that developers don't earn enough money?
Something has to be done to ensure that Open Source which plays a vital role in our business ecosystems remains sustainable. There are real business implications if some package we all depend on is under-funded and implodes (we can all name well-known examples of this from recent history.)
Some projects may be of critical importance to the future, but without a business model they may fizzle out and die. There's an argument that some culling must occur for the overall benefit of the collective, and I have no doubt there is a market-driven solution that we can live with. I don't know if Tidelift is it, but it is definitely an approach.
Yes, there is a crisis. Critical infrastructure is maintained by single developers who get no money for their effort, while the companies using their work make billions.
I'd even say these ads were just one symptom, we'll see more and more until people realize that yes it's fun to use free(dom) software but if you don't follow the other part of the "contact" of contributing in some way, it's not sustainable. Someone once said on HN that FOSS culture has mixed with startup culture and the startup culture doesn't like the pushback, I suspect it's true.
There are also an increasing number of cases in the last few years of such maintainers moving on, and that infrastructure failing soon after that. The event-stream npm debacle, the left-pad npm debacle, the electron-native-notify npm debacle, the rest-client ruby gem debacle, the strong_password ruby gem debacle...
Single points of failures in underpaid open source maintainers are an amazing security risk to critical infrastructure. "Patching" the labor market of open source to better account for the realities of downstream profits relative to upstream labor efforts, might be at least one way to make the entire ecosystem better for everyone.
That doesn’t seem like a crisis to me. Are some of these critical infrastructure devs threatening to quit work unless they are paid. I’m not a big contributor, but I’m pretty familiar with a French projects and the contributions are made specifically because of the license. OSS licenses are designed to let companies make “billions,” that’s a feature not a bug.
please proof this claim... the majority of open source seems to be sustained extremely well... there are some outliers like OpenSSL and others that have been fixed but the majority is well sustained https://www.aniszczyk.org/2019/03/25/troubles-with-the-open-...
What I see in my day to day life is that OSS is generally behind paid systems. I use a bunch of software that I feel annoyed by because they are not as good and are not developing as fast as expensive proprietary alternatives.
Something that can really boost OSS community would be really good, but all I see in the market today are attacks on OSS. For example the recent amazon-mongodb debacle where a proprietary system is stealing money from an open project.
> I’ve spent over 3,000 unpaid hours over the last four years maintaining some popular open source packages.
> Maintainers do critical work which enables companies to create billions of dollars in value, yet we capture none of that value for ourselves.
From TFA, some Open Source contributors are burning themselves at both ends and they should not be reduced to selling paintings on street corners to make ends meet. I'm not arguing that just anyone should be able to earn a living by writing any code and licensing it permissively, but there are some utilities which should be funded that are not, and their ability to obtain funding on their own should perhaps not be the one deciding factor in whether they survive.
In my day job, I frequently insist that programmers are bad at estimating, but they persist in asking for fine-grained estimates and making their business decisions based on them. If the success of a programmer team or product team depends on each individual programmer on the team's capability to always make estimates correctly, then the effort is likely doomed. This is a foundational idea of Agile. You can prove this empirically with enough experience; programmers should focus on making their programming skills better, not on precision time accounting and making sure that to improve estimation to become more accurate. Those things have value, but working software is more valuable. A programmer skill level may be completely orthogonal to the programmer's estimation skills, and many of us may not have the capacity for improving both at the same time.
Similarly, the success or failure of an Open Source project may depend more on the maintainer team's ability to market the project as a product and derive revenue from it.
So, how can we make this easier and more efficient, without forcing everyone to become better at it, individually? (There may not be an answer, but you haven't really taken any time at all to explain what makes Tidelift "not even worth discussing" in your view.)
It's sustainable if you consider important code that we all rely on is being maintained by developers working for free and constantly burning out. Without proper support these developers will move on and stuff is going to get left behind. I mean, just look at OpenSSL a few years ago, almost everything is like that.
It's sustainable if you accept OSS is always going to have an incalculable maintainer churn rate.
I'm not involved in OSS circles, and don't really pay attention to the issues much beyond what I see on HN, but recently in a survey I completed for a tech company there were a number of questions asking my opinion on whether OSS is still a sustainable model, and if I believed it would be around 5, 10, 15, 20 years in the future.
So you admit you don't really know much about the matter, but consider your opinion qualified by virtue of somebody asking you for your opinion?
Yes, I admit that I don't know much about OSS. But I did not state that I have a qualified opinion. In fact, I answered "Don't know/no opinion" on those questions.
The reason I posted my reply was to indicate that there must be some people worried about the situation, or it wouldn't have appeared in a survey from a very large, frequently mentioned on HN, tech company.
You can ask me what I think about inflation but that wouldn't make me an economist, would it?
No, but you could relay the fact that somewhere there are people who are apparently concerned enough about inflation to ask you about it.
Would there be any significance to the question if the people asking about it weren't themselves economists?
It's a strange question, to ask if OSS will still be around that far in the future. It (albeit without the name) has been around longer than proprietary software. Did your survey ask if proprietary software would still be around in 20 years? I think it should have.
The people forcing those ads onto us "well-paid tech workers writing code for well-funded companies" are also "well-paid tech workers writing code for well-funded companies".
> The overwhelming majority of the people complaining about this are well-paid tech workers writing code for well-funded companies
I very much doubt that assertion is true.
> But instead of attacking the guy for trying,
I didn't see many attacks generally in the comments here, directed at the guy for trying generally (a few ad-hominems were thrown, but you could cure all forms of cancer and still attract some of those!). Most were criticising him for trying that way. "Bad idea, this is why I think so, please don't". Maybe the filtering here was sufficient to hide the worse reactions, and things were far less civil elsewhere.
My tuppence worth?
Adverts and other superfluous junk do not belong in build/install/other logs like that, for technical reasons rather than (or as well as) personal preference ones.
The same defences of the idea ("I need to make ends meet somehow", "But I'm only sending a couple of lines to each person", ...) apply equally to spam email so the idea shows the same lack of empathy about potentially inconveniencing others which might be a source of more aggressive reactions. As the title of the article he quotes (in his reaction to those reactions) says: "Open Source is Not About You", it isn't just about him either. And with regard to the quoted text "and the scope of their entitlement extends only to their own projects": exactly, other people on other projects that have the code as a dependency are potentially affected by these adverts - his idea was itself stepping outside the scope he expects others to keep to. Of course he is free to go ahead anyway, though others are equally free to fork the codebase to remove the adverts.
Again, this is not intended as a criticism for trying at all. This is just stating that I think this particular attempt is a pretty bad idea.
Money has really corrupted free and open source. The entire idea of free software is that it's free, without any catch. People loved to create and would create and give it away, the reward was in the creating and seeing other's use it. If you didn't care about that, you charged for it. Sometimes, the idea was that a bunch of random people would show up and create a free alternative against a very expensive software. For photoshop, see gimp. For oracle see mysql & postgresql. It was not free so companies couldn't profit off them, it was free for anyone to use, students, people without money, bums, anyone, companies included. The idea of open source was you can be free to inspect the source, tweak and customize to your taste, fix a bug if you have it, share your knowledge so other's can also borrow. This was the ethos of the hackers spirit. Build shit, share shit. Not hackers vs for-profit companies. We have coexisted along side for profit companies companies for a long time, they have built some cool shit that an individual or a random bunch of individuals couldn't. iphone, gpu, cloud some of those profit companies were started by hackers, and we have built shit they couldn't imagine or dare build. napster, torrent, bitcoin, linux.
So let's please stop this rhetroic about for-profit companies gaining value from open source. That was always the intent. Would it be nice if they gave back? Sure! But if they don't, no problem too. If they build cool stuff with open source that drives society forward, it's good for all. Case in point, see Linux or raspberry pi tons of amazing IOT devices out there that won't exist without it or worse running windows ce.
Companies are also giving back, go to Github. Sometimes it's just a single line of code commit, sometimes it's finding a bug, sometimes it's a correction to documentation. Then some are giving massively, see go, dart, react, angular, ionic, tensorflow, kubernetes. The symbiotic relationship between hackers and for-profit companies are really strong and we are not enemies. The only real battle that's been fought since the beginning is that information must be free. It's never been about the battle of money.
Want some money? Go get a job or start a business. Bill Gates did it, Jobs & Woz did it, Linus got a job. John Carmack has a job, Jeff Dean has a job, even Paul Graham works for his. If anything I'm very suspicious of those who want to get paid for working on open source.
Adware is malware, categorically. I don't give a damn if it's open source. If being adware is the only way software can exist, I'd rather it not exist at all.
When those redditor called it sleazy, they were being too gentle.
This seems like an overreaction. Are HN ads (those links to YC company jobs) malware? According to feross, the ads were just static hardcoded messages. I find it distasteful, but I don't see how it's "malware".
The entire advertising industry is scum. I worked in it for two years and wish I never did. That's a sin I now atone for by discouraging younger developers from making the same mistake, using the harshest language I think dang will permit.
It doesn't matter if there is no telemetry (and if this were to be normalized, there would eventually be telemetry. Such are the economic incentives in the ad industry. When it's possible for telemetry to exist, advertisers will desire it and some engineer will eventually decide to profit from implementing it) Advertising is propaganda inherently contrary to the interests of anybody subjected to it. It's rife with psychological manipulation. FM radio ads have no telemetry, but can anybody seriously deny that FM radio ads are sleazy as fuck?
You're too absolutist. How is advertising inherently contrary contrary to the interests of anybody subjected to it? How would you find about a single product people are trying to sell if they don't advertise?
E.g. would we better off if we couldn't advertise that free software alternatives exist?
Advertising is not a charitable act done for the benifit of consumers, no matter what anybody in the industry tells you. The relationship between advertisers and consumers is inherently adversarial, and advertising professionals are well aware of this fact even when they pretend otherwise (pretending otherwise is just one aspect of their complex web of lies and deceit. Whenever they do it, they remind me of what utter scum they are.)
If anybody needs proof of this, install an adblocker and observe as your life does not fall apart despite your now limited exposure to advertising.
> The relationship between advertisers and consumers is inherently adversarial
That is naive thinking. Advertising exists to reduce friction in the market. I'm a lot more likely to buy something if I know it exists. I won't go to the movies unless I've seen a trailer, for instance.
Maybe installing an adblocker doesn't super negatively impact your life but if we completely stop advertising as a practice then spending would slow and all of our lives would be worse off.
You may very well go to a movie theater and have a bad experience because an advertiser took a movie they knew was awful and made an appealing trailer for it. The advertiser is just as willing to persuade you to see a bad movie as a good one. They aren't operating in your interest.
Far from negatively impacting your life at all, blocking ads significantly improves it. Try it out yourself. I think you'll find that through various interactions with the general public, people who aren't paid to lie about products or services, you still find out about movies worth watching.
Fair question. I am chiefly concerned with the promotion of corporate goods or services. Authentic 'public service announcements' ("Smokey the Bear implores you to stop setting things on fire", etc) do not bother me, since the interests of the 'advertiser' and the target audience are reasonably aligned in cases of genuine PSAs. I consider personal advertisement ("I have a patreon" or "please hire me") tacky, but not nearly so bad as corporate propaganda on account of the relative power dynamics.
But yet, part of the allure of hobby magazines, for instances, are the ads.
Ads need not be scummy, and just because some are doesn't mean all are. Ads _can_ be primarily informational without being "scummy" or "sleazy".
Sure, yes, most of the ad industry is currently about being manipulative and invasive, but it need not be that way. We, as a society, need to figure out how to stop it from being that way across the board, because as you said, good actors will be at a disadvantage to sleazy actors.
Advertisements are designed to make you feel informed, rather than to actually inform you. When a product is bad, inferior to the competition or just generally harmful to you (think: sugary soda pop ads), advertising professionals will promote it with just as much vim and vigor, if not more.
(To the extent that bad products get more enthusiastic advertising, in a perverse sense viewing ads might actually make you a more informed consumer if you deliberately avoid any product with slick marketing. However I cannot advocate for such an approach because I think the theoretical advantage here is washed out by the practical reality that advertising will effect you in ways contrary to your own interest, but in line with corporate interests.)
Some, especially the Kato model Amtrak one, have some aspects of an aspirational ad, but I don't know if I'd condem them as such. They usually, as the Kato one has, information about the specific items that are now available and often some "ambiance" information that many hobbiests, especially people new to the hobby like to look at.
I don't mind ads like these as they're not designed to make you feel as though you need to purchase something to be better and they're not in a public space. They're they're to matter-of-factly says a service or product is available.
I could also show you the local pennysaver or Craigslist. All of those are also add, but they're not the "aspirational" kind. They're more matter-of-factly that someone is selling so (used) item, or provides some kind of service, or that there is a garage or estate sale at such-and-such address. How else would this information be made readily and easily available?
This is a great, great point. Ads themselves aren't necessarily scummy or manipulative. I can't even think of the number of restaurants I've found through their ads, products I've ended up buying through ads, or services I learned about through advertising. Which is sort of the point -- I have interests and some money to spend, and ads tell me of new people (or familiar people with new products/foods) to spend it on.
Specialized magazines (hobbyist, regional, etc) seem to hit the absolute right balance for this. People advertising in them know who they're advertising to, in general, and people picking them up know what they're getting; some interesting content (hopefully) and some ads relevant to their hobby/region.
Online ads have gone way, way, wayyyyy too far in getting into the scummy hyper-profiling, and they're not even selling stuff I'm then interested in! So what's the point? I mean, in practical terms the point is to try and differentiate their profiles of me from other people's profiles of me -- marketing techniques applied to the business of marketing -- but in real terms, who (aside from the companies building these profiles) benefits?
I'm personally holding out hope that the US will adopt a "you own your data and can determine its uses" legal framework, and bring the hammer down on anyone amassing profiles on the populace. Google, Equifax, Facebook, the million anonymous marketing and list-selling firms, all that stuff needs to come under heavy regulation.
I, like a typical nerd, was just pedantically annoyed by the misused of the term "malware". I don't actually disagree that the ad industry should burn to the ground.
Adware being considered malware used to be the norm. The temptation of money has normalized adware, but being normalized doesn't make it any less malicious. Subjecting people to advertising is an inherently malicious act.
Adware is malware. It's software that does a thing the user doesn't want it to do. That's definitional.
About the only exception I can think of would be oldschool stuff like the AllAdvantage toolbar that would pay users for watching ads. That was intentionally installed.
The longer term plan for tubermap, was to essentially have the site be a way of people determining where they should live based on commute times, cost of rent etc.
In that sense what you're calling an ad would actually be the primary purpose of the site, i.e. you'd go and look for apartments now you've figured out (based on that pricing information) where makes sense.
It just never actually materialized because, well, other projects, jobs, etc. The beta version has rent pricing but it was inaccurate due to people selling parking spaces as 1 bedroom flats on APIs etc.
So it's more like kernel.org having a link to lwn.net or something. No-one actually uses the site for navigation because there are better tools for that.
You'll note that none of my sites have third party ad networks, analytics, any of that nonsense. If I use CDN's anywhere subresource integrity should be on but there might be some older stuff that doesn't.
Sorry for throwing that curve ball, but to my excuse you do have your site in your profile :)
I still think that definition is unworkable. What "the user wants to do" isn't even an objective measure. Is VIM malware because it includes s message urging the user to donate to charity, which is unrelated to it'd purpose as an editor? Is apt-get malware because it included an Easter egg? By that definition, the answer is both yes and no, since it depends on who is using it wanting that or not.
When Microsoft put live tiles and telemetry in Windows, whoever signed off on that knew they were crossing a line.
It doesn't need to be defined that strictly. The OP talks about FM radio adverts. An announcer telling you that a new song like, exists, could be construed in some sense to be an advert, just as my profile telling you that I am indeed a software developer could be.
But that's not really what's pissing people off and abusing their attention here.
I think the only adtech specific skills for a programmer are 'ethical flexibility', which is more a form of moral corruption than a technical skill. It has not been hard for me to find work on things other than ad servers.
I appreciate your 'concern', but reading those sorts of books, recommended to me by my former coworkers in the advertising space, is what lead me to conclude that the industry is evil. The style advocated by that literature is insincere, cynical, and manipulative. Those who brushed up against it and didn't rejected it are irredeemable. Those who haven't yet corrupted themselves are the ones I hope to help, and I believe I can do so by creating a fanatical anti-advertising mob mentality that allows feelings of self-righteousness. (I am aware if the irony here, since these very techniques were turned into a science by the industry I want dismantled, but that's the way the world works.)
> Once again: All I need to do is think of one counterexample where both parties gained value (monetarily and psychologically)
You know damn well, but are unlikely to admit unless perhaps called on it, that an advertising professional that gives value to a consumer one day will be just as willing to take it the next. The advertising professional is not motivated by a desire to help the consumer and cases where that happens are incidental at best (and rare.) There is a lot of delusion in the industry too. Advertisers in the pharma space will swear themselves blue that they're helping consumers to find medication that will earnestly help them, but these advertisers are not altruists, they do I because they're paid. And more damning, their industry (pharma advertising) is illegal in other countries with good reason. But this is an industry that regularly turns its own techniques in on itself, using their rhetorical/persuasive skills on their own, to reassure their own that what they're doing is humanitarian.
>I appreciate your 'concern', but reading those sorts of books, recommended to me by my former coworkers in the advertising space, is what lead me to conclude that the industry is evil. The style advocated by that literature is insincere, cynical, and manipulative.
Claims without specifics or examples.
>Those who brushed up against it and didn't rejected it are irredeemable.
Very vague. No specifics.
>Those who haven't yet corrupted themselves are the ones I
hope to help, and I believe I can do so by creating a fanatical anti-advertising mob mentality that allows feelings of self-righteousness.
Reminiscent of No True Scotsman.
>You know damn well, but are unlikely to admit unless perhaps called on it, that an advertising professional that gives value to a consumer one day will be just as willing to take it the next.
Attributing things to the other party in a conversation is a tried and tested method of making a conversation go downhill.
>Advertisers in the pharma space will swear themselves blue that they're helping consumers to find medication that will earnestly help them, but these advertisers are not altruists, they do I because they're paid.
I don't recall that advertisers claim to do things out of altruism. The grocery store owner down the road is not an altruist either. Nor is pretty much any non-profit entity out there. You're merely pointing out that advertisers are in the same category as all businessmen.
Quite apparent in all your comments: A willingness to preach, and not a willingness to have a conversation. Even your response to me missed pretty much the entire point of my comment. Trying to convince me that advertising is bad is a clear sign of that.
Adware (and malware for that matter) were actually already banned by npm. Just don't tell feross that. He deleted my comment mentioning that part of the Acceptable Content policy and blocked me from making any more comments on the repo.
I don't agree with npm's ban, but open-source developers don't necessarily deserve payment for their work. I don't think there is much productive discussion to be had in the way of "how open-source consumers can contribute back". The reality is that the vast majority of consumers don't care about contributing back and never will; this is fundamental to the nature of open-source. Thus, if those developers want to get paid it's up to them to come up with a monetization strategy that works for them, whether that be the red-hat model, enterprise licensing, or even cli ads, let consumers decide if they can tolerate those terms.
For large corporations, it is easier to hire a developer to work on a critical piece of open source software than it is to go through the approval process of sending money (no strings attached) to a particular individual.
Which is quite something considering the dog and pony show that is the recruiting process of most large orgs. One suspects that if OSS developers routinely offered to invoice for "software support" rather than requesting a donation, this would be a vastly superior option from the company's viewpoint compared to having to go through the expensive palaver of hiring.
> companies that profit off of open source code without providing any reciprocal value to the open source projects in return
You mean follow the terms of the open source license? If the creator wants money all (s)he has to do is put it up under a different license. You can’t have it both ways. Promoting free usage and expecting money back as well.
Open source is good. I've been saying for years that OSS devs should be paid and the cheapskates who use OSS for commerce should put their hands int heir pocket instead of forcing devs into the humiliating position of begging.
Ads are cancer though. The idea that the only reliable way to fund anything is turn it into a billboard needs to die.
Everyone agrees that Free and Open software needs better funding models. If it could somehow manage to obtain one hundredth the revenue stream of Surveillance Valley, projects could pay full time employees to polish up UX and compete for popular mindshare.
The problem here is the showing an ad is working directly against the user, and working directly against the user violates a core expectation of open software. A thing cannot be supported by destroying the thing itself.
It would also be unacceptable to backhaul system information for "market research", run a Bitcoin miner, add entries to authorized_keys, flash epileptic trigger patterns, etc. We would rightly call such additions security incidents, as is this attempt at psychologically manipulating users.
> Given the amount of value open source provides to for-profit companies (with the open source maintainers rarely getting any reciprocal value from the companies that profit off them), why is it so alarming to think that these maintainers might think of a clever idea like this to make a couple thousand bucks?
Because it's not a clever idea at all. First of all, open source software should stay true to what is is, which is free and open. If maintainers really wanted to profit off of this, they should have never made it free or at least offer some sort of pricing model that doesn't affect the essence of the project being open source (e.g., offering paid support), projects like Sidekiq having Sidekiq Pro. Users shouldn't be the one "paying" for open source software through the ads. This is making developers pay for the project indirectly.
I'll second this downvoted opinion. The mismatch between economic good created by and economic incentive to create OSS is just tragic from a hard numbers perspective.
How do you fix it though? A large funding program? If the state or private industry were the backer, how do you prevent manipulation? The only viable models (that spring to my mind) are Spanish-Anarchist type stuff of generally funded unions of technical workers, but that doesn't feel likely.
We already have a large funding program called taxes. We seem to enjoy giving it to private interests instead of state and local governments directly.
Kind of wondering how, given that direct pipeline of transfer payments from the fed to private companies we can ever believe the “our economics is a free system of ideas.”
Prevent manipulation of the state by prioritizing policing of state acts, not average folks on the street.
Absolutely none of these ideas are new. It’s a fact of our biology that sees us favoring the mental model we know versus the unknown of a new social hierarchy. A reasonable “how to” is well detailed though.
The public must engage the political system directly and not through the business sector administrators inserted in the middle of the process via manipulation of the financial systems flow of capital.
Look what happens when there’s a half assed effort to get something like Obamacare. Imagine if the effort wasn’t so half assed?
This isn't about funding open source, this is about ads. Very, very, very specifically about ads.
> I really wish the discussion were focussed on how the community of open-source consumers can contribute back to the open source ecosystem in a way that promotes the sustainability of the projects and community.
Then you should post an article about that and vote it to the front page.
Ads are a cancer upon the world, far worse than poor free software funding, and people are understandably dismayed at seeing that cancer spread, no matter how justifiable the reasons given.
Paid software is increasingly filled with ads, and I would argue it is precisely the absence of a profit motive that has kept FOSS software so virtuous. See the effect it had on app stores.
What about the agency of NPM to not accept packages that are objectively inferior because they contain ads? If I submit purposely crappy code to a public repository should I be outraged if it gets rejected?
The parent comment seems to rely on the all-too-common assumption that the only means by which a software author can be paid is through internet advertising.
With that assumption, the argument against advertising then can be shifted to arguments for or against paying software authors for their work. Of course, this was not the issue that triggered the action or resulting commentary. It was advertising.
It is an evasive shift from one issue to another, a rhetorical trick. There is no debate for or against paying for software. There is a debate against advertising via internet. That debate has existed since the network opened to the public.
You are missing the point of open-source.
They are working for FREE because they choose to.
If companies are using the FREE software, they are not required morally or legally to contribute anything back.
I find it particularly ironic that the tech boom is seen as a triumph of capitalism when it depends so much on the free labor of an army of volunteers.
no one has forced them to do this if they didn't want to.
they are breaking the expectations and goal behind open source. They're more than welcome to do something else if they want to make money.
I know this is a controversial opinion and I know it won’t directly solve the issue at hand, but it’s related and it addresses some of the concerns raised by many people in this thread: how do we get open source the funding it needs?
Consider a world where the norm is not MIT/BSD but GPL dual licensed with MIT for a fee. This would give back control to maintainers of a library, and it would allow people without funds to use the software freely by contributing back to the community any changes they wish to further publish.
It puts the incentives in the right place, which is very important for a scalable, sustainable solution and to avoid tragedy of the commons!
It’s controversial because licensing has become a tribal issue, frustrating level headed debate. But I would argue that many people choose MIT without really thinking it through, “because it’s how everyone else does it”. You can see this in complaints from maintainers of code released under MIT, abuse which would never have been possible with the GPL.
I really think there is value in evaluating the community’s obsession with MIT, before we jump to pointing fingers at “companies”. Remember: if you get burned by the tragedy of the commons, ask yourself why did we set ourselves up to fail? It’s the hardest possible fight to win.
Again I’m not trying to derail this into MIT v GPL, I’m just saying: IF we all choose MIT, can we really complain now? This is what happens: people profit off your work and don’t contribute. If you feel so frustrated by that that you’re adding ads to your lib, maybe MIT wasn’t the right choice?
(MIT has merit and there are people out there using it for the right reasons. But they’re not the ones putting ads in their repos.)
> Consider a world where the norm is not MIT/BSD but GPL dual licensed with MIT for a fee
Note that the MIT license allows redistribution: anyone who bought a single MIT license could legally distribute MIT-licensed copies without continuing to pay the original author for additional licenses.
I'm not sure that would actually be that big of an issue.
Let's say you have some sort of model where a monthly subscription gives you an MIT license for all commits made that month. Who is actually going to go to the trouble of mirroring every commit or release from upstream to their own public repository? If somebody actually did that gratuitously, the copyright owner could just decline to renew their subscription the following month.
I'm sure there's some issues with this that I'm not thinking of, but I think generally if somebody is willing to pay you for a license, they're not going to be a jerk and try to undermine your business.
I agree with the parent post, and the sibling. MIT doesn't make much sense in your scenario. Dual-licensing is usually a copy left license, and some sort of private/commercial license agreement to protect against the case the parent comment mentions.
The people who want to support you are not the problem. They'd probably donate too if they would buy a license in this thought experiment. The people who don't want to support you are. One of them could buy a license, relicense as MIT. And either they'd get updates with their paid license, in which case they'd just release those as MIT too, or wait for your next stable version and buy again and so on. Or they would just fork the project, and start their own business around it, without having had any more cost than a single license....
Yes, Oracle does this with MySQL. If you want to use MySQL in a way that the GPL doesn’t permit, then you are supposed to buy a license. I have no idea if they are making a lot of money from this.
Has anyone considered that open source / free software is just fundamentally incompatible with capitalism? Society already has plenty of ways to fund projects -- we even created entire legal constructs, like copyright, to facilitate this very thing.
The zero-cost ability to copy software and mutate it (if you have the source) is at the heart of the movement. As is the realization that we can collectively build something that benefits everyone. Money doesn't have to figure into this.
Of course, plenty of developers have tried (and succeeded) at using free software for capitalistic ends. But I don't think it follows that free software should, or needs to be, funded the way that we purchase other software or how Google or Facebook funds their software.
I understand that Free Software is not concerned with capitalism but that doesn't address the question.
Free Software can still be incompatible with capitalism even if it doesn't address it directly. If you release your software with a Free Software license do you really "own" it in a capitalistic sense? I'm thinking no. As a consequence it's actually hard to make money with Free Software. But that difficulty and lack of ownership hasn't prevented Free Software from thriving, in fact, just the opposite.
Depends on one's definition of "capitalism" when applied to software I think.
Whereas I would not "own" the software, I would own the hours I'm willing to write software. As things are I can't freely sell those hours because of a monopoly on many programs, that is, no user can hire me to improve their proprietary software. I can only sell my hours to users of Free Software.
Now we have software "ownership" against the workings of a free market. Both of these are generally considered "capitalist", so it depends on your definition which is "more capitalist", but I hope it's clear that neither of them is strictly capitalist where the other is not.
At issue here is that the developer is not selling their time. They're putting in that time for free. And then they want to recover that income after the fact. This is traditionally how any kind of product is developed. You put in time and resources into a product and you sell that product to recoup that cost and hopefully make a profit as well.
If you don't own/control the software, due to it being Free Software, then that whole avenue of income generation is not available or very difficult. Time and again, we see individuals and companies trying to find a way to sell Free Software like traditional software.
I've had a theory for a while now that the only reason devs are so ok with working on ads is because they never see any (with pihole/ublock/hosts/etc...) and they don't know how creepy they are. On the rare occasion I have to turn off my adblocker I'm almost always amazed by how well the ads are tracking me - and that's while I'm actively trying to prevent it from tracking me!
I don’t agree with his problem statement that OSS developers need payment.
I think that paying people for valuable work is a good thing. But I don’t think there is a problem with this as evidenced by 50 years of great OSS software written by professional and amateur developers.
Saying I spent 4000 hours on a project without pay is not enough info to be useful to determine that I need payment. I volunteer time to lots of charities, I don’t then say I need payment for this time. I also spent countless hours on hobbies, this doesn’t entitle me to payment.
If I put an annoying ad into people’s consciousness because I spend 3000/year organizing my magic cards, that’s not really relevant to most people.
> Until you consider the fact that critical infrastructure depends on underfunded open source projects that sometimes have trouble staying afloat
This is not principally an issue of a funding problem for the maitnainers, but an issue of a risk management problem for the relying parties.
Unfortunately, it's probably going to take a massive costly, critical failure before it gets addressed, but once that happens it will be addressed quickly, and critical infrastructure will rapidly not be relying on underfunded open source projects. (Whether that is through those products—whether the existing core project or a new fork—getting better support from well-heeled downstream parties, as many widely-critical open source projects (e.g., SQLite) already have, or whether it means those products get replaced may not be consistent from product to product. If they do get funding, though, it's not going to be without the funding parties taking a keen interest in governance, as the risk doesn't go away with unaccountable funding alone.
Well the whole point is to /not/ be "permission culture" shutting things down because someone doesn't get their cut in something which never existed before.
I think another thing the author misses is that Standard is _just_ a formatting library. It doesn't need/deserve as much resources as libraries that do more and deliver more value for the developer/company such as Vue, webpack etc.
> If even I – with my fortunate position – can’t make a comfortable living working on open source, then how is anyone else supposed to make it work?
If living comfortably is Feross's goal, why not get a job? This is a high profile programmer in one of the highest demand, highest-programmer-wage places in the world. What am I missing?
Feross could easily get a job, but the point is that he wants open source to work. So much of everything you do every day depends on open source code, and every open source dev I know says its an utter shit show.
The alternative is Feross gets a job, and everyone invents their own stuff in-house, and we end up with 'open source' that is just what profitable companies want to have as open source. The set of things companies decide to open source is not a good overlap with the set of software that should exist.
Well, obviously selling paid software is a well known way to make money. However, it would be really cool if we could give away software for free and make money off it at the same time.
They do that by selling support, or additional non-free features bundled into an "enterprise edition" (at least in the case of Docker). I don't think that's something Feross or other open source maintainers are interested in doing.
I'm not saying that we are literally unable to make money off of free software. We can and donations / advertising / GPL license exemptions / crowd-funding all work to some degree.
My point was that even though the "don't give it away for free" model works, we should still try to improve the profitability of funding models where we can give software away for free.
That is worth reading, and he makes some great points, but there’s a jarring shift in it. At the start he talks about it in terms of:
I would love to find a way to help maintainers capture at least a bit of the value we create so that we can happily continue to write new features, fix bugs, answer user questions, improve documentation, and release innovative new software.
But after it was received badly, he switches to:
Folks who contribute nothing don’t get a seat at the table. Rich Hickey said it best in Open Source is Not About You:
Which seems contrary. Rich Hickey’s post is that open source is built for oneself (one person or one company) and then released to the world in whatever state it was used internally. Other people aren't paying, so they don't get a say. The opening position is that open source is created and maintained for the benefit of others.
It can be either, neither, or both for different projects, sure, but to suggest that people take up maintaining unseen infrastructure code so that they can answer user questions and write documentation and code new features to help people and also don’t no have to listen to anything those people say because it’s done for one’s self and not about those people at all.. which is it?
People who tidy the commons for the council are employees, and do what they're told. People who tidy the commons of their on volunteer effort get to choose what to do but don't get to stick a price tag on it. If you do it for yourself on your terms, you don’t get anyone’s money. If you do it for others and want their money, it’s a job but you have to be controlled by what they want because it’s a job.
If you do it for guilt and charity, who gets to thrive off charity work in other fields?
If you went to a local park and found someone had picked some poison ivy, and left an advert there instead, would you approve?
This is highly unrelated, sorry, but does anyone know the zsh theme used in that post (https://feross.org/images/funding-screenshot.png)? I didn't see anything like it in the list of zsh themes (https://zshthem.es/all/). The colored arrows look very appealing if they're contextual, like if they denote the status of git files (deleted/edited/added).
My ZSH looks like that, though the arrows are less bold. I don't remember configuring it much, if at all. I think it might be close to the default theme.
In my case, the arrows are purely stylistic. They never change color or ordering.
There is a lot of concern in this thread about open source projects needing funding and they're not wrong. There are a lot of projects that are underfunded--most of them, in fact.
However, it's not like the developers of and contributors to these projects naively go in thinking they're going to get paid anything. They graciously choose to make the fruits of their efforts freely available regardless of compensation. And, yes, there are companies making money off of that generosity.
My point is; nobody is in the wrong here. Both parties have entered into this agreement willingly.
Injecting ads like this is wrong because the developers are reneging on that agreement. It's as if the developers are saying, "You know what? I changed my mind and I want some money for this because companies are making money off of it now." What's worse is they aren't even charging the companies directly.
I'm all for a discussion around how to help generate funding for FOSS projects but have we not learned from Google, Facebook, and others how wrong a path advertising can be? At what point are the advertisers going to want demographic information and the module developers start requiring you provide that information at 'npm install'?
I totally agree about open source devs doing it voluntarily. But I disagree they have no right to stuff terminal full of ads. It is their code - they can do whatever. Ever change their mind and license from there and into the future. Just like npmjs.org is completely in their own rights can ban such projects from enjoying benefits of the package distribution platform.
In fact, if the project was important enough, and maintainer was stubborn enough, I am sure devs community using that code would rant, but end up using it anyway, with or without npmjs.org
It’s a slippery slope. The first packages with ads just printed a single line of text. Then others started adding more lines, more aggressive colors, and now you have npm ads painting a half a screenful of empty lines with their ad in the middle. Once can imagine an arms race of ever worse ads.
And considering that it’s not unusual to be installing hundreds of npm packages for a single project, the ads would soon render the logging output unusable, giving rise to an arms race between npm ads and npm ad-blockers.
So npm basically had to nip this in the bud, before it makes the ecosystem unusable through the tragedy of the commons.
That was the correct thing to do. Considering how many npm packages the average project consumes, having even a single line of advertising for each would make npm a pain in the ass to use, and people would be looking for ways to block the ads.
Clearly, you didn't read the article from the original author. Ads were deduplicated, so only a single ad was shown, even if 500 deps used the funding dependency.
That’s a big _if_. Until now, each package with ads have rolled their own, and since there’s probably more money to be had that way, there’s no reason that would not continue.
Far, far more harm is caused by a package repository electing itself as a censor than could ever be caused by a few additional chunks of ASCII turning up in a 4MB Travis CI log. Free software is supposed to be about freedoms, not having those freedoms dictated to me regarding what kind of software I can or cannot create.
There are limits to explore in this area, for example, I doubt anyone would disagree with censoring obvious malware. But for the rest? It is deeply political, and politicizing the distribution of free software is frankly repugnant. This puts me off spending much time with the JS ecosystem (not that I would have already), and worried about it setting precedents for ecosystems I actually do care about.
A glorified FTP server should never be telling you what kind of software you can write or how you package it. In this scenario, the glorified FTP server is no longer fit for purpose, and if such changes have community support, in my eyes that community is no longer a free software community.
NPM's move to ban the practice is unsurprising. Consider however that NPM has no qualms about showing various nag screens of their own, such as "a new version of NPM is available," etc. Perhaps they should consider taking leadership in the OSS funding space. "Hey, it looks like you're enjoying these packages x, y, and z! Click here to donate to your favorite OSS projects." Or something.
- Then there was idiomatic.js, from a massive bunch of JS community leaders https://github.com/rwaldron/idiomatic.js/, evolving some of the principles of jQuery style guidelines.
- Then AirBnB made their own style guides because they didn't realise the jQuery guidelines or Idiomatic existed
- Currently most JS devs who have been around a while use Prettier instead of eslint because it formats the code rather than just complaining (recent versions of Standard apparently do this too, but that came later) https://prettier.io/
Feross himself is awesome. The name 'standardJS' was a poor choice.
> see 'tape' and how it's 'the only test framework which supports TAP' because the tape author invented TAP
What? The tape package on npm? As far as I know, that was made by substack (James Halliday), whereas TAP dates back to 1987 with Perl (https://en.wikipedia.org/wiki/Test_Anything_Protocol says “the Test::Harness module was written by Tim Bunce and Andreas König”).
Yes, this developer has 100s of libraries most of which are just code snippets. That was part of the criticism here, it looks like this guy is trying to take advantage of jr devs without providing any real value.
I've seen this comment and reserved comment a few times but here we go...
Sure, Standard on the face of it seems simple technologically, and compared to many other things it is. But it's value lies in completely removing long winded and often unnecessary conversations within teams about code style.
Standard represents a standard style of writing JS that has gained widespread support (similar to Airbnb's linter config). It's value is that a team can adopt broadly sane conventions then never think about it again - which leaves those dev cycles for shipping features. Without widespread use, Standard would be just another linter config - but large parts of the JS ecosystem (regardless of what people think of JS) have adopted it and as a result it has saved the world a million conversations that "didn't need to happen".
If you care enough about style to not pick their choices, you're free not to use it. But for a lot of us we just want a broadly accepted opinion so we can focus on features.
And as it turns out, maintaining a style guide for how to write JS for the masses takes quite a lot of work. Not writing code necessarily, but considering and replying to all the feedback on that style.
Not for or against the funding project - but within the JS ecosystem Standard has meant many hundreds of hours that might have been spent biked shedding, have been spent shipping features.
Standard has been genuinely useful to myself and pretty much every other JS developer I know. And whilst I'm in no position to speak to weather I'm junior or not I know a lot of the most experienced programmers in the JS ecosystem reach for Standard so they can focus on more important matters.
It's not JS that has such opinions enshrined in law, Python for example has pep8.
"Just a configuration file" is an odd thing to say. People spend a lot of time thinking about configuration! A coherent option set that makes sense in a range of use cases is actually really valuable.
Feross was looking at some sort of profit sharing of the console ad revenue across multiple projects. The "opinionated eslint config" here just had the widest install base to get feedback quickly on the idea. It certainly got feedback quickly.
Yes. The idea was that eslint let's you do whatever you want, but it's daunting to download eslint and then be asked to create useful rules from scratch, and eslint doesn't have amazing defaults, and it would be kind of cool if the JS world could be more like the Golang world with gofmt. These are valid observations!
So Feross tried to solve this by, yes, making an eslint config and a thin wrapper around it to run it, then giving it a really pretentious name in the hope it would become The Coding Style for JS. It didn't work. Airbnb has always had a significantly more popular eslint config package, and more recently the Prettier tool has solved the problem Standardjs was trying to solve much better (and become much more popular).
And the issue with trying to do what Standardjs is trying to do is that if you're not the most popular solution, you're part of the problem. :)
I know it's not a npm package, but would the donation message for kids in Uganda when you started vim be considered no bueno with these rules? I guess it's not an ad technically
Same deal for Sidekiq, a very popular job worker library in the Ruby world. On startup, if you don't have a commercial license, it advertises the availability of one:
Upgrade to Sidekiq Pro for more features and support: http://sidekiq.org
I personally have no problem with this and I think the npm ruling is a bit too restrictive.
The important differences are Vim is much more useful and complex open source project, and it is an advertisement for charity (most people will give pass for this thing).
I’m hoping that with GitHub getting into the donation game, things will get a little better for funding open source.
This is just the symptom.
It’s really difficult to convince people to part with just $100 a year to fund something critical to our org. I do fund some projects, but there are plenty of others that I use regularly that I don’t fund monthly
The problem is that the $100 usually isn’t funding something critical to your org. If you are getting some key feature in return for your money most organizations will be happy to pay, a lot more than $100 really. But giving someone $100 for a product whose stated price is $0 doesn’t make as much sense.
They aren't getting Django or Vue in return for their money. They get Django and Vue for free. If there's an additional feature that doesn't exist and they need someone to develop it, they are typically willing to pay for that feature.
I suspect you'd see people doing this even if they were well funded. Charities often happily continue fundraising long after they've reached their goals.
It's a good article that highlights issues with Patreon like startups... but this was before Github got into the game, and it's definitely a different and much bigger animal.
Really ads in a terminal is a needless attack vector that is a dumpster fire for security that is part of the reason /why/ they have so many detractors.
A console.log in your npm package post-install is an attack vector? Sure, there are many nasty things you could do in a packages post-install, I think a text based ad is the least of your concerns.
It probably is the least of the concerns, although still it is one thing. (However, note there is a --ignore-scripts switch. There is also --no-optional, but I don't know how commonly such thing is in use that it would help; it would need to be marked as a optional dependency for --no-optional to work, probably. And then, there is also --dry-run.)
If the ad makes a remote call during execution (for an dynamic ad serve), it's an attack vector. There is always custom ad code for analytics that adserves use to fill (the ad placement space) and report back, called an admanager. As an advertiser, you can upload your own admanager (that that has your own custom code.
Reading the code of the NPM package will not typically help with understanding what it's going to do, because of the ad ecosystem, which guarantees running code you have never seen.
I could understand banning dynamic ad injection and telemetry. My ethical line would be if a package manager were to ban static links/symbols displayed in a README and that's not what NPM aims for, so it's fine by me.
>If the ad makes a remote call during execution (for an dynamic ad serve), it's an attack vector. There is always custom ad code for analytics that adserves use to fill (the ad placement space) and report back, called an admanager. As an advertiser, you can upload your own admanager (that that has your own custom code
Can you point out a real example of terminal advertising like this?
Currently it's "manually curated" which is a fancy way of saying, it's my own custom ad-tag that doesn't call an adserver. Replacing one field with a function that is immediately called and getting your value out, is how most people would integrate an ad-tag.
Using DFP or whatever, you can plug in an adtag call and parse values and you're in business. Ad platforms don't usually support plaintext tags, but I have seen them still supported by some of the older "native ad" platforms who started as platforms that served HTML strings (Taboola, etc).
The takeaway is that NPM nipped it in the bud because it's trivial to abuse.
> So you’re talking about software which doesn’t exist, right?
It exists on my computer right now (didn't use an actual admanager, just coded a remote call). You want to believe the gun pointed at the door with a string on the trigger and doorknob is not a danger because you don't want to open the door. Good luck with whatever.
I am assuming a more traditional terminal set up where it could be used for injection attacks and escape sequences to execute arbitrary code - combined with the dubious tradition of unchecked ads as a vector.
It is possible they had learned from mistakes of the past and have proper output and input segregation to prevent such shenanigans entirely. In which case that would still leave social engineering as an attack surface. "Use X for your product - except X is ransomware or harvests sensitive data."
If someone, for instance, takes control of their repo, then they can upload whatever they like. But that auth can be fairly securely guarded, and it's probably a very hard to do it quietly as packages are signed.
But now they're hosting the ads and potentially allowing remote code execution. Now the attacker only needs to get on to a webserver to deploy a payload. That's why it opens a new vector of attack.
Moreover, if they're able to own the server quietly, they can be deploying whatever they like to a ton of people over time.
Companies will often pay small amounts for needed support. It’s pretty common to just hire an external contractor to make some improvements to an open source project that you need. I know a number of people who have gotten open source work funded in this way.
What companies are reluctant to do is pay people money for nothing in return. There are just too many different open source libraries that you use in the normal course of development to communicate with all the developers, much less pay them.
Well, if we are talking about funding FOSS projects that people rely on, we should first establish what projects people rely on. When installing a package is so easy that you do it a hundred times without even knowing it, the download numbers don't really convey that information. It's more of an indicator of dependency penetration.
My feeling is mainly because they don't need to for F/OSS, but need to for closed source software. I don't even think it's the money in a lot of cases, just the administrative effort around it. Could be wrong though.
huh .. that's interesting. I wonder what RMS's take on that is. I know he worked on a project at one time that would let readers buy articles anonymously. I don't think it got anywhere though.
I don't like terminal ads either, but I wouldn't mind them if they meant that the creators of popular libraries can keep maintaining their work without giving up their personal lives.
Monetization is still a huge taboo in the open-source community and is badly viewed by many of it's biggest beneficiaries, developers who make their entire living out of skills that consist of knowing how to use these open source and free technologies.
Shouldn't the creators of these libraries that bring so much value not be able to make a decent living maintaining them, instead of working for some company maintaining a silly CRUD application during the best hours of their day, while their side project which is much more valuable to the world only gets the odd final hours of the day, at the expense of their family?
If more open source maintainers could make a living doing directly open source, this would mean better quality libraries, better documented, and more overall libraries that solve more common problems.
People would be able to contribute to open-source well into the end of their careers, and not stop due to family life imcompatiblity.
If terminal ads would the price to pay for that, I would not mind at all having them.
> Monetization is still a huge taboo in the open-source community
That's not true. Qt has managed to monetize fine, and it's no pariah. This is 100% about the way in which people are hijacking tools to promote monetization of their code.
Interesting, I was going through their landing pages and it's a bit overwhelming. It looks like a cross-platform development framework based on C++, but what is their business model?
Consulting, extra features, Saas, is it partially closed source, could you tell us how they did it?
I see the following when I run npm install on a Create React App. Are these things now verboten as well? Personally It feels a bit yucky to start making package install logs into a kind of bulletin board system so yeah maybe dialing it back a bit is a good idea.
You know, it’s funny, this exact ad is the first thing that came to mind when I read the headline. It’s a very popular package. I wonder if it was part of the decision.
Vim isn't ad-supported. Vim has one messsage that you might consider an ad, and the money doesn't support vim's development, it goes to charity. I think it also used to be possible to donate to vim directly to support the development, but I think that money goes to charity now too.
(I personally don't think "help poor children in Uganda by donating" is an ad).
I think in earlier vim versions, you could see a message if you opened vim without a file (vim -u NONE # to prevent .vimrc from doing whatever shenanigans you've set up)
Huh. My .vimrc is pretty simple and definitely doesn't include a "don't show donation messages" line, but I do see the message on the front screen when I do `vim -u NONE`. It's not there when I execute `vim`.
When you start Vim (without arguments) it says "VIM - Vi IMproved" .... "Help poor children in Uganda! type :help iccf<Enter> for information". I just noticed that it actually cycles a few through messages now (version 8.something), so you may have to restart a couple of times to see the message. But IIRC it used to always just display the "help children in Uganda" message.
Strangely, it doesn't do that on any machine I have access to, despite the fact that I can find nothing in my .vimrc file that would suppress it. If I run `vim -u NONe` as the sibling comment suggested then I do see the message.
I've been thinking about this for some time and have decided open source and funding for sustainability are fundamentally incompatible. Like another commenter said, few companies are donating of their own free will, but they are willing to buy a license. So the solution is to sell licenses.
But at that point, it is no longer open source. The world needs something in between totally free open source, and private closed source. I'm calling that in between model Super Source:
https://supso.org/
Think about it: what do the customers (primarily companies) like about open source? Primarily, that there's decent code already written that they can easily find and use. And that they can view the code, integrate it with their software, and perhaps make small modifications if needed, or offer drive-by pull requests. And sure, they like that it's free, but most companies would be willing to pay a small fee for licensing if they had to.
Projects that use Super Source have their code online, viewable, downloadable, and usually free for individuals. But for companies, they require a small licensing fee in order to use the software. So it's no longer technically open source, but still has a lot of the benefits.
This isn't just theoretical. Hundreds if not thousands of companies have signed up with Super Source.
Get in touch if you're interested in how it can work with your project.
I kinda agree with banning the ads because it would have grown out of control and a race to the bottom on who can make their ad more efficient than the others.
But here's an idea instead: we already have a Sponsor feature on Github, so how about a command in the package manager that lists all packages that could be sponsored, similar to how packages can be audited ?
That way everyone in on an equal footing instead of money going to money.
And if it's not enough, how about using private repos where you need a subscription to access the package ?
Furthermore, ads in the console only annoy developers, the people who are rarely in charge of the money. You want developers to advocate for you, not against you.
Also, a centralized command in the package manager enables generating lists that their accounting department can use, it can even be part of their automated pipelines and taken into account when they're billing projects to their users.
For larger companies (the ones that are most likely to afford this), making it easy for a problem to go away often matters more than the price itself.
Hm, difficult topic, I can see both sides. I'd be interested what would happen if npm decided to add a 'contains-ads' metadata field which package authors can set to true if they want to display adds. By default, those packages would not be listed when searched, and would not be be installable, except the user sets an 'accept ad-packages' flag for that (or all) packages (opt-in), on the client side.
I guess the main problem is that developers (rightly, in my way) think that the usual suspects of suggested open-source funding methods which rely on deliberate actions from users (donations, etc.) are not really feasible. Double-licensed copy-left at least requires users to make a decicsion to acquire a private license in case it's necessary. But if you for some reason don't want to use copy-left, I guess the ad model would seem like an option, as it does not require the user to do anything.
What I suggested above would take care of the fact that unwanted ads are pushed upon the user, and users would have to make an active decision to allow ads if they wanted to use a certain package. I'd be interested how many people who complain about this idea right now, would still be principled enough to not install such a package in the case where the package is high-quality, and there is no good alternative around...
I'm new to the wider development field so I'm pretty ignorant to the dynamics of how things work right now or what it takes to maintain an open source project; how come a bounty system isn't more prevalent?
I know bountysource exists, but I rarely see it brought up.
Wouldn't work for all packages or projects, but for the ones with big corporate use that are still being developed, it seems like a straight forward way to have a project be more self sustaining vs hoping ppl decide to donate.
Seems like a decent first step towards a wider system that could track what packages you use, or that you manually list, with each package or project having a monthly "sustainability goal" set by the maintainer. So that critical packages used by everyone can have more visibility and a more dynamic support system with lower barrier between the maintainer and the wider community. I've always felt that the "subscription" model of things like patreon or similar is too much of a mental commitment for most ppl. Besides, my needs change month to month, and so would what I want to support. Having wider "sustainability" goals with an easy way to donate to them would encourage me to efficiently support the projects I find most useful or inspiring to me. Basically having the data and seeing what projects that are important to me and are currently short funded, and also having an easy system to directly support them without long term commitments.
It's that visibility of the current state of different foss projects that I feel needs to be addressed, before any creative solutions on monetization can really be layered on top.
I didn't see anyone mention the amount of libraries this is depended on in in the comments. according to npm's site, it's 441 as I post this.
The developer himself claims about 33340 other projects use it. (or at the very least, that's what his automated use counter says: https://raw.githubusercontent.com/standard/standard-packages... )
Probably a good thing this was caught early, as the typically large number of node.js dependencies required for a package could have led to some sort of combinatorial explosion of ads on install.
Even assuming that any one ad package checked to make sure it only displayed ads once per session, very many people would want to put an ad into some library somewhere, especially if they have existing users/dependants for their pre-ad version. Careful maintenance would be needed to avoid putting other people's ad code in yours, but also keep it up to date to fix exploits.
standard is most often in `devDependencies` rather that `dependencies` which npm's site tracks, that would explain a lot of the disparity in the two numbers.
This idea seems right up there with "gee wiz, wouldn't it be neat to invent neurotoxic poison gas?" We don't need this. This would not make the world a more pleasant place to be.
To put in a nutshell, his strategy is making money somewhere else (Basecamp) then express himself without any expectation by developing open source project (RoR).
My strategies are similar to his strategy:
1. Create a LGPL/MIT/BSD opensource projects without any financial expectation to fulfill self-expression need and achieve fame,
2. Create GPL / dual license projects that I want to sell / commercialize (the downside is I can not expect other programmers to contribute to these projects).
The fullPage.js model IMO is the best way to fund an open source project, if you’re not getting paid by an employer specifically to maintain that project. Make a free option available for copyleft-compatible cases, and then charge in cases where profit is involved.
While I don't particularly like ads in Node.js libraries output, I do not like that NPM has anything to say in regards to whether ads are permitted or not.
Think about it, why is should a distributor be allowed to ban a producer?
(1) Most open source projects do not provide the outsized value impact that their creators seem to think they do. Most projects exist around the realm of "its 20% easier to install this than build it ourselves, so lets grab the dependency". That's nice, but lets be clear here: Standard.JS is not building Rails, or NodeJS, or Express, or React, or another seriously valuable project that saves companies thousands of dollars.
(2) Open source maintainers are deathly afraid of restrictive licensing. That could mean GPL, or it could mean a straight-up enterprise "pay for a key" licensing. I think these are fantastic ways to level the field between individual OSS devs and billion dollar companies, because most billion dollar companies take licensing very seriously. Where does this fear come from? I think a big part is that these OSS devs "want their cake and to eat it"; they want the ego and community of an altruist, but the income of a Capitalist. Another component is point (1); if you really tried to place a number on the value of their project, they'd be disappointed with the number customers would quote. They don't want to find out what that number is; they'd rather just ask for donations (of which they get very little, because, again, this software by-and-large does not provide outsized value).
(3) Its crazy to me that companies would pay for advertising space in an npm install script. I'd bet developers behind projects like StandardJS went to these companies and said "look we get millions of installs every month, that's millions of impressions", and I hope the companies are smart enough to know that (A) the vast majority of those installs are in unmonitored CI scripts, and (B) even if they are local, the text flies by so quick, and (C) even if they aren't quick, no one watches that progress anyway. Even if there's no deception today, one can easily see that monitoring "impressions" here is very difficult, and thus its very difficult to place a quantitative value on that ad space.
(4) The inability to sustain yourself on open-source development is about equivalent to "I can't sustain myself on volunteering time at a food kitchen for the homeless." If you're actually having funding problems to live your life, its time to reassess. Again, this sounds like some of these projects have some egotists behind them, or maybe they just feel like they can't leave (hint: you can. you're human. your priority is you. not the billion dollar companies who use your software without paying). Find help. Take a break. See if your full-time company can "sponsor" development by letting you work on it 5% of the time.
> That's nice, but lets be clear here: Standard.JS is not building […] [a] seriously valuable project that saves companies thousands of dollars.
This is quite debatable and hard to measure, given the problem that Standard solves. As an anecdote, I just started a new TypeScript-based project a few days ago and I’ve spent the past few days mostly dealing with configuration. That’s perfectly fine to me for a personal project where I’d like to decide every aspect of the configuration, but let’s say this was for a fast-moving startup, it’s probably a smarter idea, for most projects, to simply adopt Standard et al. and call it a day. Practically speaking, if you consider a software engineer’s salary and other important factors, I don’t think it’s fair, or accurate, to claim that Standard doesn’t save companies thousands of dollars; it almost certainly does
I don’t see the point of CLI ads for open source software. If the maintainers want money for it, they should simply require a paid license for commercial use.
Of course it is, and that's okay. It is NPM removing a package from its own servers. It is okay just like automatically deleting spam emails is okay and disallowing bad words during children TV shows is also okay.
It's not like NPM is preventing anyone to use some packages no matter where they are hosted.
Yup, just this week I noticed the npm package `core-js` used by the Babel transpiler was polluting my build logs.
It listed opencollective and patreon as possible channels of support. That I didn't mind so much, but then there was a message (repeated countless times in the logs) that the author was looking for a job. That's just spam in my terminal, unacceptable.
Background and heated discussion in the following GitHub issue (since closed without resolution):
The serious stuff is that this library that's used in over 3 million projects according to Github, let alone projects that Github doesn't count, is only making the author a measly $200 on Patreon.
I do understand your point of view, that free software can print any message in my terminal - or do whatever it wants, really, I'm using it for free and I have no right to complain.
I wasn't really offended by it, my reaction was without (much) emotion. It was just based on my own standards of acceptable behavior that I expect from what runs in the terminal. There's a time and place for ads (not in my logs), or people posting personal messages (maybe link to their blog or site?)..
Imagine if more package developers/maintainers decided to advertise in this way, it would ruin the calm and peace of working in the terminal.
"to think you should have a right to use their software for free and not be bothered by a short message from the author"
I don't know of any real rules about free software as far as what kind of messages someone should expect or shouldn't, but people can be bothered by it if they want.
It is annoying to me that I see the same message three times. Showing these messages after npm install just does not scale in a useful way, especially as there might be important usage messages that do show up on installation.
Doing open source without utilising the the code in some form of paid product is a foolish thing to do.
Essentially making someone else rich for free because Software-As-A-Service is seen as the morally superior method of generating revenue.
I'm sure we'll be reading many articles about some open source developer building some critical tool or library utilised by half the world. Only to live near the poverty line.
Doing open source without utilising the the code in some form of paid product is a foolish thing to do.
The entire computer industry was founded on people writing software for the joy of writing software and giving it away for free. 90% of software available through the early 80's worked this way. We called it "public domain software."
(As an aside, the earliest version of the word "hacker" that I can remember was when people would take public domain programs, "hack" out the original author strings, then redistribute the program as their own work. The definition of "hacker" has gone through about five permutations since then.)
I think that's revisionist thinking. I wrote software through that period; I remember it as expensive and closed. The free stuff was exceptional because it was free.
Come on; Linux started in 1991; Stallman was an unknown and just beginning his ministry in the 80s. Corporate software dominated everything, including the IBM PC which was the flagship of Silicon Valley. DOS wasn't free; software for it was for sale everywhere.
I think that's revisionist thinking. I wrote software through that period; I remember it as expensive and closed. The free stuff was exceptional because it was free.
I wrote software in that period, too. So, no, it's not revisionist. Yes, closed software was very expensive. You'd pay upwards of $1,000 for a compiler, or $500 for a spreadsheet. But there were tens of thousands of public domain programs that were also available. Some of the PD libraries from organizations like TPUG were massive. No, it wasn't all good. But if you wanted higher quality, you paid the money for it.
Come on; Linux started in 1991; Stallman was an unknown and just beginning his ministry in the 80s. Corporate software dominated everything, including the IBM PC which was the flagship of Silicon Valley. DOS wasn't free; software for it was for sale everywhere.
I think you're thinking of a later period in time than I am. I'm not thinking x86 era. I'm thinking Z-80 era.
>I'm sure we'll be reading many articles about some open source developer building some critical tool or library utilised by half the world. Only to live near the poverty line.
Sounds a bit like the Paul Le Roux story if you stop before the organised crime part.
I’m surprised Feross was the catalyst here. From his Youtube Instant days always struck me as the type who appreciated and championed FOSS. Seems he decided that the F in FOSS might be, erm, “reinterpreted,” much the way the notion of “free” has been by modern web companies.
For more context, in case anyone is wondering what I was trying to communicate amidst the torrent of downvotes.
Feross is a meaningful voice in open source. I've admired him for a long time, and still do. He's written some thoughtful posts in the past about FOSS specifically, hence the specificity of my comment (see his post from 2010 here: https://feross.org/stallman-stanford/).
Reading his justification for the "funding" experiment (here: https://feross.org/funding-experiment-recap/), I was struck by the fact that he didn't address an obvious slippery slope in his argument for what he was experimenting with, namely,
"For the record, funding had absolutely no tracking, no data collection, and no code from untrusted third parties. It was a console.log with some fancy formatting. Think of it like a newspaper classified ad. We just print it and hope that maybe some folks will see it."
I don't knock his attempt at experimentation with funding models for FOSS developers; however, there's an ongoing history lesson we're all living that serves as a cautionary tale for where ad-funded monetization models can go. Considering corporations are largely involved in FOSS today, could the normalization of monetization of FOSS with the wholly positive intentions of rewarding those who have dedicated their time to developing FOSS software, not evolve into a model wherein for-profit companies use this as a backdoor to monetize their FOSS contributions? For example, imagine compiling Kubernetes and getting an ad for Google Cloud services. Or compiling the Linux Kernel with features committed to the kernel source primarily by Google and getting an ad for a Chromebook as part of the boot sequence.
Sure this is all a bit dystopian, but I'm surprised someone as thoughtful as Feross didn't address the possible unintended consequences of his experiment, even if his original intentions were in no way nefarious.
Consider also the quality of advertising those organizations (newspapers, magazines, etc) submit their readers to in the digital domain. The worst sort. That newspapers printed on paper lack telemetry is not attributable to pure motivations on the part of the publishers. Rather, print newspapers lack telemetry simply because nobody has figured out how to put telemetry in them. Were it's possible, those same organizations eagerly adopt telemetry because of the nature of the economic incentives in the advertising industry.
Thanks for engaging me on this, genuinely appreciate it amidst the torrent of downvotes (would be interested to hear more of the opinions of those who downvoted me).
Yeah, good question and something I've been wrestling with a lot myself. I used to think "free" meant monetarily free, but lately (in the last few years, call it aging, I dunno), I've started to subscribe to the notion of "free" as championed by the Free Software Foundation. Here's a good quote that lack's context, but gives a good idea of what my thoughts are
"The free software movement campaigns for freedom for the users of computing; it is a movement for freedom and justice."
Thing is, while the "Free" in "Free Software" is ambiguous, the "F" is FOSS has always meant "free as in freedom". It's not a new interpretation by feross (and I think the downvoters are reacting negatively to that suggestion).
Yeah, I think my wording in the original post is to blame here.
What I was trying to get across was that Feross has previously been vocal about his belief that his software was both FOSS and monetarily free. Now, he seems to be exploring the possibility that his code can still be FOSS, and monetarily free in concept, but perhaps walks the path Facebook, Google, et. al have that has lead to the much maligned cliche' "if you're not paying, you're the product." How far down that path does one have to go to lose the spirit of FOSS, if at all?
Well, the GNU project itself, and its founder (RMS), who is by any standard a strict follower of that philosophy, thinks that Free Software should be sold - and for as much as one can charge [1]. I'd say that the two are not really on the same path; if anything, they work against each other.
> “Free software” means software that respects users' freedom and community. Roughly, it means that the users have the freedom to run, copy, distribute, study, change and improve the software. Thus, “free software” is a matter of liberty, not price. To understand the concept, you should think of “free” as in “free speech,” not as in “free beer”. We sometimes call it “libre software,” borrowing the French or Spanish word for “free” as in freedom, to show we do not mean the software is gratis.
The overwhelming majority of the people complaining about this are well-paid tech workers writing code for well-funded companies that profit off of open source code without providing any reciprocal value to the open source projects in return. (Of course, that statement isn't true for 100% of companies, but I'd guess that less than 10% of companies using open source code donate back to the open source projects they use)
Something about this whole debate makes me a bit uneasy.
You have people working mostly for free, developing open-source, FREE code that provides incredible value to the for-profit companies that use the open source code to generate (sometimes) massive amounts of revenue.
Given the amount of value open source provides to for-profit companies (with the open source maintainers rarely getting any reciprocal value from the companies that profit off them), why is it so alarming to think that these maintainers might think of a clever idea like this to make a couple thousand bucks?
I'm not arguing that npm install logs should be packed full of ads (it shouldn't).
But instead of attacking the guy for trying, I really wish the discussion were focussed on how the community of open-source consumers can contribute back to the open source ecosystem in a way that promotes the sustainability of the projects and community.