Originally published at: http://boingboing.net/2017/03/09/nekkhamma.html
Originally published at: http://boingboing.net/2017/03/09/nekkhamma.html
There is the curse of open source popularity that as an OSS project becomes more popular and gets more contributors, it becomes more complex. As a consequence. fewer people are able to understand it and make significant contributions to it. It’s still possible to make small and incremental changes, but this just exacerbates the problem since each of these changes are cobbled together without an understanding of how to properly connect them to the whole. In this way, bugs and performance problems linger since no one has the time, understanding, or incentive to fix them.
The best (only?) way out of this is to have one or more devs whose full time, paid job is to maintain and improve the project. Most (all?) of the biggest, successful OSS projects have full time maintainers. This has the added bonus of making it easier to filter and sort bug reports, feature requests, and pull requests. The people and organizations who pay the most money have their voices heard first.
The biggest problem here is that when the funding organization loses interest, the project is at risk of dying (see paragraph 1).
You mean like OpenSSL?
I used a question mark for a reason. But in a way OpenSSL exactly proves my point. Since there are no paid maintainers, no one had the time, understanding, or incentive to look for bugs like heartbleed. OpenSSL is generally useful to everyone, but specifically useful to no one. So, it is resistant to getting a full time, paid maintainer. There are dozens of other core OSS infrastructure out there that have the same problem. Last year there was a post about NTP and failing internet infrastructure. It’s all related.
The whole idea of OSS is kind of a weird anomaly. In the history of its acceptance, there’s a big unexplained gap between “that sounds kind of cool” and “this is a standard way to run massive complicated projects involving many thousands of hours of highly skilled work”.
I’m not complaining – a lot of useful software has come out of it, and the general expectation of public source code has opened many doors. But it’s getting a bit ridiculous that we still hand-wave away its fundamental problems. Like, if you look at the state of desktop Linux, it’s hard not to conclude that people have wasted a stupendous amount of effort in the last 20 years, and that a rose-tinted view of OSS is directly to blame.
I dunno. I’ve been paid for open source work for nearly ten years.
On my own hardware I use only Linux where possible. The desktop is fine. Almost all of the desktops are better for me than the Windows 7 shell. I run Ubuntu Unity on one machine and Linux Mint XFCE on another. At work I have to use Windows, currently Win7. The shell does not have any native user available functions for aligning edges of windows, windows cannot be moved if a program is busy, alt-tab is painful, there is no useful editor in the system. In order to make it work at all I have to run as a privileged user all the time.
I know nothing about OSS but what is described here could pretty much describe running community projects. I was a trustee of a Women’s Health Charity for years and the discussions were along the same lines. There is / was a need for a central coordinator but without adequate resources those central coordinators became drained and depleted handing over to the next person to be drained and depleted…
I now think that such projects especially the techie ones need to be considered as vital infrastructure funded and maintained according to those lines. Meaning along some sort of redistributive model (i.e. tax). You decide as a community that X is important and worth Y and then commit to contributing Y. I know it’s called socialism but it actually works quite well in building and maintaining infrastructure in much of Europe.
Another thing. A particular bug bear of mine.
The UK health service is nationalised yet the vital IT infrastructure is procured from private providers on a project by project basis. There is no sharing of development and learning from one NHS project to another. The systems are highly proprietary (to the point of impeding much internal improvement) and so every single hospital, region, speciality has to reinvent and pay for the reinvention of the wheel. If ever there was an opportunity for OSS work than surely NHS IT would be it.
I like your comparison to community projects. It’s both the same and different. I’ve been involved with non-software volunteer projects that could have just been awesome if only someone could have committed full time to work on it. And in the end, everyone just gets burnt out. This is just like OSS projects.
Where it’s different though, is that years after OSS projects can live on long after anyone is maintaining them. If the code is on github or the binaries are available somewhere, anyone can use it (whether or not they give back). This is both good (the project lives on) and bad (security bugs may linger and wreak havoc with no one in a position to fix them).
Regarding the idea of an OSS tax, I’ve seen it used in various places with moderate success. For one thing the project almost always needs to be part of a foundation (eg- Linux, Eclipse, Apache foundations to name a few). These foundations often accept donations to allow individuals to become “members” where they receive some minimal benefits (conference discounts, swag, etc). Companies and larger orgs can buy memberships too, where they get voting privileges in how the foundations are run. But the money typically doesn’t go to development. It goes to infrastructure, marketing, administration (all important, but doesn’t get those bugs fixed).
And if you have your own really cool project that lots of people find useful (but not critical), you are often SOL and have to maintain it on evenings or weekends, or not at all.
Yeah, that’s gotta feel pretty lame. I take my responsibilities seriously too, and I don’t like to let people down.
and because of that, you may have permanently discouraged them from open source
Whoa there buddy, no need to get all codependent about it!
There is a place between giving all your fucks and not giving a fuck.
It’s called giving a fuck. Not three, not two. just ‘a’
I initially read that as “code pedant”.
Was it OpenSSL, which is what @werdnagreb was talking about?
Nope becuase, as everyone knows, openssl couldn’t afford to pay people and was mismanaged in such a way that it didn’t fix that until heartbleed happened and others intervened.
The point being, it is possible to pay people to work on open source projects. It takes work and you have to structure things to that end though. Not all projects do this and have full time paid maintainers though.
By the way, I’m pretty sure I’m the one who brought up openssl…
I was thinking of it in the way we build roads. There are certain public services: Education / Health ( in the UK context) / Local Government which rely on a good IT systems. I know it’s too late to roll back the clock but it is beyond me why these contracts were not negotiated in a way that ensured that the benefits of such tax payer funded IT projects have to be shared around with the public. As it is / was government (i.e. tax payers) have been shafted in so many ways by large IT projects. Schools spending Millions on iPads then having no resources to maintain them…
In the early days libraries in the UK were very involved in rolling out IT to the public. But the packages were extremely inflexible and pretty useless. Supporting OSS with the same money would have been a far better deal all around…but you would have needed vision and a commissioner who could have stood up to some IT miracle worker peddling the magic tech product which will solve all past present and future problems in the universe…
That’s right. I used to be paid to work on OSS projects, and it was great. It is possible to structure some projects so that you can get paid, but this requires an equally large set of people who are not doing dev work, but working on the community. See my comment about OSS foundations above. I’m not knocking community bulding, administrations, etc at all. These are extremely important tasks to keep OSS strong, but they are a very different kind of task than most devs are used to, are able to do, and want to do.
Even the large foundations are constantly struggling to maintain relevance, corporate support and community involvement. Many of the older projects suffer from core rot where the foundational software hasn’t been touched for years since the original developers have moved on to other things. And no large organization is willing to pay someone to maintain this full time. This core infrastructure is just hanging on until another heartbleed comes along and the world takes notice.
I see posts like this pretty often, and it’s always surreal because it’s always from the perspective of someone who maintains a popular open source project, which is very abnormal.
Depending on how you count, I maintain somewhere around 100 open source projects (as sole maintainer) and I co-maintain a handful. This is fine because I am also, as far as I can tell, close to the sole user of nearly all of them. I have gotten a total of two pull requests in all my years on github.
The typical open source project is less than a thousand lines long, has a single maintainer, three users, and hasn’t been touched in five years because it works well enough. Large open source projects with wide popularity, though they have their own unique problems, are weird corner cases, and only their outsized impact on users keeps their management difficulties from being purely a matter of morbid curiosity. After all, pretty much any management system has strange problems at scale.
The various systems associated with open source software (from sourceforge to github, from mailing lists to open revision control to archives of tarballs) are ideal for low-traffic collaborative work on tiny projects of interest to technically skilled people – which makes sense, because that’s the norm for open source historically. If you get a patch or PR once every few years on any given project, it’s easier to handle than it would be with some other distribution or collaboration system.
And 7 is the least awful windows usability-wise.
i use a lot of open source , thank you all verry verry much !!!
I’ve contributed to a few repos in the Minetest community. There are generally only a handful of developers on the main project and only a pair per module.
The game has upwards of 350,000 players. The modules I’ve contributed to reach about 2500.
(For the record, my contributions have been minor bugfixes or rough prototypes)