I read this article (“Open Source” is Broken by Xe) written in the aftermath of the unfortunate
log4j2fiasco. The author discusses a pertinent problem that has plagued the FOSS (Free and Open Source) world ever since large for-profit corporations started their widespread consumption of FOSS, ever since countless “unicorns” raised infinite amounts of funding on valuations built pretty much entirely on FOSS, ever since FOSS got co-opted into corporatisation and capitalisation. And yet, countless maintainers of critical and widely used FOSS struggle to make a living.
Whose fault is this? I do not believe that this is FOSS’ fault as a conceptual framework or a system. If FOSS was broken, the internet as we know it today wouldn’t exist; the countless marvels of technology that we take for granted and techno-economies that thrive on them wouldn’t exist; millions of software developers (like me) who learnt to write code with FOSS and learnt to make a living with that knowledge wouldn’t exist.[…]
How is it that FOSS, a beautiful system that has uplifted and empowered massive swathes of human beings across the globe irrespective of their borders, race, creed, and economic backgrounds, is “broken”? To imply that FOSS is broken because it is abused by a certain category of users, is a form of victim blaming.
Reading the various hot takes regarding the log4j2 problems has been an exercise in frustration. The fact that the maintainers of this small but important piece of software barely received any donations or other forms of financial support, despite their software being extensively used by some of the largest corporations in the world is not a fault of open source – it’s the fault of garbage corporations only taking, but rarely giving. The issue here is not open source – it’s unchecked capitalism.
That being said, these maintainers, and other people who contribute to open source projects, know full well it’s most likely not going to make them rich, or even allow them to recoup any investments made. That’s the nature of open source, and it seems like the technology world has become so infested with venture capitalists that even the mere idea of someone working on something not for the money, but for other reasons seems entirely alien to a lot of people, meaning open source must, therefore, be broken.
Money corrupts anything it touches. I’m insanely grateful for the almost endless number of people contributing to open source projects not because they expect to become rich, but because they enjoy doing it, to show off their skill, for the community of people they love interacting with, for the recognition it sometimes brings, or for the mere secret knowledge that their small project nobody’s ever heard of is a crucial cog in the massive machinery that keeps the technology world spinning.
Open source isn’t broken. It’s working exactly as intended, and it’s by far the most powerful force in the technology world, and it will outlive any of the corporations so many people bend over backwards to please today.
Blaming people for being selfish is like complaining about the nature of humanity that has existed for thousands of years… it’s not likely to change.
I think it is an odd position that so much of our critical infrastructure is ‘unsupported’. It’s entirely possible that proprietary solutions also become unsupported, but there is a certain feedback in system. Your contract is up, the company goes bankrupt, the company sends you notice that the product is interesting end of life and future support will cost you more… Executives get nervous when this happens.
Personally, I think the way forward for open source is similar to the way governments fund say the arts/museums… You can argue that government shouldn’t be funding these things at all, but I think it’s a good working model. We’re not talking billions of dollars here. Best of all, we already have a workable organizational model. Log4j isn’t some random product run by some random person on the internet. A lot of the popular open source software gets pushed to formal organizations. In this case, the Apache Software Foundation. How easy would it be for governments to throw a few million it’s way to maintain our digital infrastructure same as they maintain our cultural or physical infrastructure.
Now would this complicate open source? Of course it would. Life is complex. Maybe they’d try and sway the open source model pushing software in certain ways, pushing political motives…
The US government is already trying to get firms to produce a software bill of materials (SBOM). Seems pretty reasonable to fund the most used components.