Open Source Vigilantes Hurt Our Industry

You might be one of those unfortunate souls caught in the debacle where a singular developer decided to intentionally hobble open source libraries to spite corporate users. To you, regardless of where you work, my sympathies for the poor intentions of an individual.

What this one person has done, in an effort to hurt the Big Guy, is cast doubt on the veracity and stability of open source software. Open Source Software (OSS) has had enough challenges over the years to create and provide the ethos of legitimacy, that OSS is just as good (if not better) than commercial software. We have operating systems that are used by thousands of companies around the world that are chosen over commercial ones (like Microsoft Windows), millions of users choose Apache OpenOffice over Microsoft Office because it does as good a job for a majority of people without the cost, and an untold bazillion web developers who don’t have to constantly rewrite complex code because someone else has a stable library that does a better job. And nearly all of it operating in a feedback loop, with developers providing updates and fixes and improvements so that we can all benefit from it. But take one small piece away, and the house of cards starts to fall. There will be articles asking if we should trust open source software.

Yes, we need to wade into the darker waters of OSS and “Mega Corporations” (as the developer apparently called them), who profit from using “free” software without compensation or contribution to the Open Source community. Here be dragons, folks, and more than a few of them are too young to remember a world without the Internet, an era when software was only available in stores on physical media (or periodically pirated through dial-up BBS).

Thankfully, you have a few old farts like me who remember the evolution: how we got from then to now.

OSS was a thing long before the Dotcom Bubble. I missed Linus Torvald’s first “free UNIX” post in 1991 (I would catch the first releases in 1992 and tried it out myself). And no, Linux is not the first OSS project, but it is certainly one of the most famous. And OSS only exploded as a result of the Dotcom era, as everyone tried to get online to do business, what we now refer to as Web 1.0. More tools came to the table, supporting libraries like Mootools and jQuery, Google started releasing many of their tools (at least in a freemium model) that changed how we find things and people and places, and software platforms like WordPress started to completely rock the traditional software industry by providing (free) simple, solid solutions where none previously existed.

That evolution got us to Web 2.0, which was when Facebook, Google, and social media came to prominence and realized the horrors of what we’d created. (We’re not going go into that mess at this point.) But during Web 2.0, OSS evolved again, entire frameworks came to the table such as React and .NET (previously only in-house at Microsoft), we got new cloud technologies like Docker and Kubernetes. People wanted things to be better, and dammit if someone else wasn’t going to do it, they’d get the party started themselves.

Our modern (online) world exists mostly because of Open Source Software: your computer runs freely available software (some of it licensed, which we’ll get to), your phone uses OSS, your smart devices at home use it, even your car has it. It’s used by individuals who want to post a blog (ahem), it’s used by corporations to solve problems because it’s fantastically expensive to develop something like this from the ground up, and they get to leverage a wider community for support and direction.

The problem comes when people confuse individuals with a corporation. Corporations are evil, monolithic entities that seek domination and endless profits, right? They are legal entities in (most) modern industrial countries, hence why companies can sue one another. But corporations do not operate without one critical resource: people. Corporations don’t make decisions, people do. Corporations don’t build anything without an individual person doing something. And believe me when I say this (I know a thing or three about it) – corporate websites don’t exist without at least one individual (usually a team of several skills) spending many long hours working on turning business requirements into viable, functioning software.

So when one individual decides it’s his “liberty” to destroy a commonly-used piece of software to punish corporations for not supporting the open source community, who is actually hurt? And here, this particular individual is correct: the corporation doesn’t care, it just wants things fixed. NOW.

Individuals get hurt. And it doesn’t matter if it’s the singular blogger who’s wondering why their site suddenly stopped working, or if it’s the poor front-end developer who’s struggling to find out why their build process is producing garbage. The singular blogger might have to suffer through days of issues before something can be done; that front-end developer might be looking at serious overtime with an uncaring manager who just wants things fixed. I’ve been there, in both scenarios, several times. And I assure you I’ve lost more hair and sleep to the latter.

We have a dependence on OSS to solve our day to day software problems. That’s not an accusation or incrimination, that’s just fact. And it’s a good thing, too. I hold myself to be a “lazy developer” (I hold other developers on my teams to be the same): don’t reinvent the wheel when a perfectly serviceable one is avaiable. If it’s not a perfect fit, enhance one that’s mostly functional. Start from scratch? You’ve got some pretty specific requirements there, or you’re letting you’re “I’m a better developer” ego speak far too loudly. That OSS is as popular as it is speaks to how well it’s been working for us.

That’s not to say it isn’t problematic. The current topic aside, we’ve seen cases of malware being snuck into OSS distributions and contributors inserting bogus code as part of a research program. Though my biggest fault with OSS is the sheer amount of interdependency that exists in OSS projects, where installing a single software package usually incurs the installation of potentially dozens of other libraries (NodeJS and npm, I’m looking at you!)

Does this OSS vigilante have a point? Are corporations taking too much advantage of OSS without giving back? (We’ll ignore, for the moment, the percentage of “mega corporations” vs. small companies or individuals using the libraries, because that’s going to be too difficult to draw a line, especially without common context.) In short: Maybe? We cannot absolutely say “no, of course not, there’s no abuse going on here” because there will be, without question – corporations will take free in a heartbeat to save money. That’s capitalism, that’s how it works. But it’s also not fair to say that all corporations are going to take for free without giving anything back.

With few exceptions, developers don’t make any money from OSS contributions. (I mean, that’s the crux of this guy’s complaints, I’m sure.) They need jobs. The good ones – the ones whose libraries we frequently use – are (more of than not) working for (wait for it) software companies. James Gosling, who begat us Java, worked for Sun, Google, and Amazon; Rasmus Lerdorf (creator of PHP, one of the most-used programming languages) slugged it out at Yahoo! before becoming a Keyboard For Hire; John Resig (creator of jQuery) did magic at Mozilla. And for his gift to the world, Linus Torvalds got stock options in Red Hat, one of the biggest and most respected corporate Linux distributions. He also is sponsored by the Linux Foundation (which is, itself, sponsored by mega corporations such as AT&T, Microsoft, Facebook, and Toyota).

Imagine, for a moment, if Linus Torvalds pulled the same stunt, ticked off that mega corporations weren’t giving their fair share? Linux, as we know it today, wouldn’t exist. Depending on whom you ask (numbers vary wildly, but I’ll throw you something conservative), over half of the internet we know today wouldn’t exist. We relied on Linux because it was small, fast, secure, free of those pesky licensing fees, and we didn’t want to pay those fees because we were still trying to figure out what the “web” really was and we were trying to save every dollar we had for the individual people working on it. And Linus also gave us Git, a (free) source code control system that is immeasurably better than some of its predecessors and is a significant part of most modern software delivery systems. If Linus had tossed the same finger at us, our modern world wouldn’t exist.

Okay, so what of the “little guy”? They’ve got full-time jobs somewhere, most likely. And that’s how (some) large companies give back – not directly via funding, but through time, granted to those who are passionate enough to forward OSS projects. Which, IMO, is the single best way to support OSS. Giving money to organizations like the Linux Foundation helps, sure, but giving time to the passionate will forward smaller projects in far, far better ways. Is this a common practice? Who knows – no-one keeps good track of this, companies aren’t willing to open up their books to prove it, and some companies open-source projects that they wrote for paying customers (who might not know that it was done).

Still not good enough? Still want your dime? Then stop contributing to OSS. You want liberty, go off on your own, and license your code. If you wrote something good enough, and the cost isn’t outrageous, corporations will pay for the privilege. Oh, but you better be ready to ante up with some support. Forgot about that, didn’t you? That’s right, corporations want support, and the second they have to pay for something you had better be ready to handle technical support. Corporations want throats to choke.

OSS isn’t perfect. Those of us in the industry know that. We walk in, eyes open, knowing we might have challenges. And we will continue to have testing concerns – do all these extra dependencies add complexity, or security, or anything else unexpected? But that’s our problem to deal with. The last thing we need is some uppity vigilante making things worse.