I mostly agree with your argument. But, if we just de facto accept everything for how it has been in the past. Then we stop making things better, for everybody involved.
Is Open-Source thriving? yes. Can we make fix the places where it's broken? Also, Yes.
> Can we make fix the places where it's broken? Also, Yes.
Two problems:
1. How is it broken? As I and others in this thread attest to, the thing that makes open source so powerful is, in fact, the lack of legal and moral obligation to do anything in exchange for the right to use the software. Not having obligations is a two-way street. Same for donations; donations do not give you any additional assurances.
2. If it is truly broken, then what is the solution? Nobody has really offered any solution, that I can see. If the solution is that everyone rushes to support a project the moment it hits the news, that's not sustainable. It's good that log4j and its maintainer(s) will get more attention and hopefully funding as a result of this snafu, but it's not a sustainable solution to a problem.
(As a clarification, I am not implying that the answer is "it's not broken." I certainly do agree that open source is underfunded, though I think this is more of a procedural issue than anything.)
I feel like a lot of this isn't that individuals are the ones who should be forking over money, but rather corporations who are making tens of millions or billions who rely on this stuff as a core to their stack, but do nothing to support the ecosystem monetarily.
Any large tech company probably uses thousands or tens of thousands of open source components (because the licenses are well understood). Sone even support the projects officially, or unofficially by paying salaries to developers who contribute in their free time.
I like licenses that bind all users equally: whether you're a lone developer, a charity, or developing nukes. If you do not like a certain class of use using your software, then choose a license that matches your philosophy. One shouldn't piggyback on common licenses for popularity and then complain about users keeping to the terms if the license.
"everyone rushes to support a project the moment it hits the news, that's not sustainable."
This is exactly how a lot of things function, especially in government and disasters. So apparently it is sustainable. It's just not ideal, but this element is always going to be a part of human nature as our collective consciousness can only focus on fixing a few things at a time.
If you give your work away for $0 then the world will expect to pay $0 for it. That’s it. It isn’t rocket science. If you value your work make companies pay for it.
Absolutely. However in reality if you give away your work for $0 then people value your work at $0 which means that they expect you to fix problems for $0. The problem is the maintainers giving away their work for $0. OSS is not about free (as in $0) it is about Open Source.
> OSS is not about free (as in $0) it is about Open Source.
FOSS has an 'F', which stands for "Free" in the sense that anyone can fork, modify, build and distribute the software. Without the 'F', you have code that is only open-source in the sense that you are allowed to read it. If you include the 'F', you have software that anyone can distribute, either for money or for $0. The market price is going to converge on $0.
Plainly some devs are willing to work for nothing, whether out of passion, for the props, or because the software is important to them. So the market price of any software that isn't ringed with patent and copyright fences is going to tend towards $0.
I favour a Universal Basic Income. Many people will leech; but many users of free software are leeching now. I believe people do productive work because they want to, not because they're paid mega-salaries. In fact, that's the only plausible explanation for free software. So make taxpayers finance a UBI. Admin costs are tiny (no eligibility checks, you just pay everyone). You can also get rid of most Social Security infrastructure.
I think UBI is unpopular mainly because people hate the idea that the taxes on their income from work will be paid-out to people who don't care to work. That's understandable, but is it reasonable? Do they also complain about the number of people who are paid out of tax revenue just to check claimants' eligibility for SS support? I haven't heard that complaint.
if this were true then FOSS would never have reached the popularity that it does now. FOSS users give a lot of valuable feedback that makes software better, and they don't generally expect their problems fixed for free.
that mainly comes from greedy corporations that exploit free resources for their own gain.
i give away my software for free to give back to the community that gives me tons of other free software and to get feedback and patches. if i were to sell it, that would just not happen because we would all compete on price.
and because i can't tell the difference between individual FOSS users and large corporations when the software gets downloaded i can't force corporations to pay. nor can i make a license that forces payment from a select group because that would not longer be FOSS.
Honest question: How do you know that FOSS is popular because it is great and not because it cost $0? If FOSS cost the same as the equivalent commercial software would people pick it? I personally don't think so. There is a lot of really buggy crappy FOSS (and commercial) code out there. I don't think one is inherently better than another. It depends on the quality of the team building it.
the key advantage of FOSS is not code quality or price but access to the source and the right to resell it.
code quality on average should be on par with closed source software, if not a little bit better because developers know that their code will be public.
if FOSS would cost the same, source access would still be a factor, whereas code quality would not really matter because it can't be inspected for closed source anyways.
the downside would be a smaller pool of FOSS developers since less people would be able to afford to pay. but actually not that much. if a linux distribution cost the equivalent of a windows license, most people would still be able to afford it. the challenge is rather all the additional applications.
for a more realistic comparison look at freeware. it costs the same as FOSS but the only really popular freeware out there was the netscape browser and what, winrar? (there are probably others, but i am not a windows user so i am not familiar with the ecosystem). but if cost was the factor, then freeware should be just as popular.
FOSS is popular because it endures. i personally use several FOSS applications where the principal developers had left the project and others took over. any equivalent commercial of freeware application would be dead by now and i'd have to switch to something else.
I think of open source as a force of nature, sure you can create incentives in your own proximity, and if you are FAANG the radius can be huge, but finite. The fundamental failure here is not related to open source but in how software is integrated and isolated. We need more robust typing in the integration and capabilities to define the isolation.
Capabilities alone might have eliminated this whole class of failure to escalate, but not eliminate the initial injection failure. Pretty sure that could have been demonstrated on wasmcloud.dev
Is Open-Source thriving? yes. Can we make fix the places where it's broken? Also, Yes.