It's a bit wild that the sum total money spent on salaries for engineers handling potential problems stemming from this or defending against the possibility in the future could probably have covered paying the maintainer a living wage many times over.
Tragedy of the commons, shortsightedness and misaligned individual incentives.
Individual contributors in large companies, especially, would want their companies to fund FOSS projects they use. But approval processes are generally extremely complicated and there's nothing to gain internally by doing it. And we're talking about money that these corporations spend each millisecond. They barely need approvals for many other activities costing 10x, 100x in other domains.
Most of the companies that I’ve worked for have funded the FOSS that we used. By allowing me and my colleagues to contribute features we needed, or fix bugs that were affecting us. The core maintainers probably never knew these PRs were funded at an hourly rate paid for by some big bank, and sadly quite a few of the projects that I’ve contributed to have rug-pulled into some sort of non-FOSS enterprise product. We all benefit from FOSS, including all these disgruntled maintainers. The FOSS way should be to pay it forward, to contribute to projects where you can. If you’re expecting to get paid for it, it’s not FOSS. Deciding you can’t maintain a project anymore is fine, but pulling it out from under the people that are using it is incredibly anti-FOSS.
> The FOSS way should be to pay it forward, to contribute to projects where you can.
In theory, this was enforced by copyleft requiring derivative works to also be free software. In practice, companies use software with permissible licenses instead because then they can reap the benefits without any requirement to pay it forward.
> If you’re expecting to get paid for it, it’s not FOSS.
Being paid for your time has nothing to do with whether your source code is public or what freedoms users have when using your software. Conflating free software with volunteer labor is exactly what leads to situations like this one, where the author's business based on faker got copied wholesale by a competitor who simply ignored their attempts to reach out.
> Deciding you can’t maintain a project anymore is fine, but pulling it out from under the people that are using it is incredibly anti-FOSS.
The mechanisms that allow a rug-pull are entirely choices made by the users of the libraries for their own convenience; the author did everything needed for you to download a working copy and use it in perpetuity. It's your fault for choosing to rely on NPM, choosing to not cache your dependencies, and choosing not to pin your dependencies.
Copyleft software isn’t free, it comes with a very hefty price tag. You don’t pay it forward by handing over all your IP. You pay it forward by contributing back. I have no moral qualms about using OSS in any project I’m working on, commercial or otherwise. Because I have published my own libraries for anybody to use, and contributed a huge amount of PRs to the software I use. When you publish something with a permissive licence, it stops being yours, but you benefit from having a huge number of people improve it for you. That’s how it works, that’s how it gets paid forward.
The OP is also attempting to use a proven failure of a business model, and then throwing a tantrum when it fails. Sure he’s within his rights to do so, but he has no moral high ground here, and I don’t think he’s entitled to any sympathy for adopting a business model that everybody knows for sure doesn’t work.
Your conception of free software is not how free software is generally understood; free software is about the rights of the users, not the expectation that people contribute to it. Sure, if you _define_ free software as being about a lack of ownership by one person and expected contributions, then you can criticize this.
But what happened here is that free/open source software doesn't have a consistent stance on paying maintainers or contributors, and this author feels that it's unfair and (potentially in the midst of other personal issues, it seems?) took advantage of a problem with how the ecosystem pulls in dependencies to complain about it.
Working on someone's software that they make no money from isn't "paying" it forward or in any direction.
> it stops being yours, but you benefit from having a huge number of people improve it for you
It stops being yours, but somehow everyone who works on it can say they're helping you. This isn't fair. You don't have to pay for it, but fixing and adding features to the software that you use to make a living can't be counted as charity work.
FOSS has never been about getting paid to write software. It’s not a charity, it’s a contribution to a community. I contribute because I benefit from being part of a system that has contributors in it. The people who expect direct compensation for their contributions do not uphold those values, and are deteriorating the integrity of the FOSS system itself.
> In theory, this was enforced by copyleft requiring derivative works to also be free software. In practice, companies use software with permissible licenses instead because then they can reap the benefits without any requirement to pay it forward.
If you want to fix this, stop contributing to permissively-licensed software. If you have a change you want to make, make or find a GPL fork of it and contribute it to that instead.
Individual action is not gonna solve anything, you have to understand why people choose permissive licenses in the first place:
- They're contributing while at work and work only allows permissive licenses
- They're familiar with permissive libraries because of the previous point
- Permissive licenses are perceived as simpler
- They've been pushed away from the free software movement by the FSF/Stallman/Linus
- They don't think copyleft is the right form of enforcement
Fair! I didn't finish the thought, which was to address those shortcomings by either making free software work better for those needs (e.g. work with tech unions to negotiate guaranteed funding of projects used by companies) or by making it less attractive to use permissive software (e.g. via regulation).
As a matter of practicality, commercial entities using a maintainers' work should donate to maintainers to incentive them to, well, at least not go rogue, or to be on their good side when they rogue. Companies pay their employees to incentive them to function in the interests of the company. While this isn't fool-proof (principal-agent problem), it lowers the odds of a pissed off employee having the will/self-righteous fury to pursue something more aggressive than resigning in a huff.
For clarification, you're not referring to "contributing features [you] needed" or fixing bugs on the clock as funding? That's probably a nice thing, unless nobody needs a particular feature except the people who fund you at an hourly rate, but it's not "funding the FOSS" you use. That's when you give someone money. You can't eat features and bugfixes - without the rug-pulling you're decrying here.
FOSS is licensing, not religion. Rug-pulling a project from people who are enjoying using it isn't "anti-FOSS" IMO. This may not apply to you, but for all the contrast that OSS people project between their pragmatism and Free Software people being insane religious zealots on a jihad against money, OSS advocates seem to imbue a lot of flaky new agey spiritism into what FOSS is or isn't.
The author didn’t write all of the code, though. The code has a long history (including in other languages) and many contributors.
Why should this one developer collect payment but not everyone else who contributed it?
Regardless, it’s ridiculous to give something away openly under a permissive license and then later get angry when people use it exactly as you license it.
> Regardless, it’s ridiculous to give something away openly under a permissive license and then later get angry when people use it exactly as you license it.
Doing your best to live in a bad system does not invalidate the complaints you have about that system.
> That would involve exchanging his labor for currency.
That's the goal. Or at least one goal. But you can't just press a button and do that.
Being in charge of and an expert on open source software can be a way get people to buy your labor, but it's much harder than it should be. Instead many companies will demand you work for free, because it's open source!
Also trying to do something good for the world shouldn't make it so hard to make money. The companies get value but don't want to pay even a pittance.
> Being in charge of and an expert on open source software can be a way get people to buy your labor, but it's much harder than it should be. Instead many companies will demand you work for free, because it's open source!
It's hard to get paid when you decide to give your work away. If only there was some way a person could enter into a contract in order to guarantee payment in exchange for their work. What a radical idea...
> Why should this one developer collect payment but not everyone else who contributed it?
Exactly, no one said _only_ the lead maintainer should be compensated. _All_ of the labor, not just the labor that happens to have a day job that benefits from it, should be compensated. That includes non-coding labor like support or community management, too.
That’s just a a software development business. Open source exchanges labor for conditions the use of the product of that labor. If you want to exchange labor for money then exchange labor for money
The maintainer gave their work away for free. By definition - and by explicit license it isn't worth any wage, much less a "living wage many times over."
The maintainer wants to have their cake and eat it too - they likely believe in FOSS for moral reasons yet consider it immoral when companies take their software and use it freely under the terms offered.
If you want people to pay you for your work, don't give it away for free. If you give it away for free, don't have a temper tantrum if someone gets rich off of your work without compensating you, because those were the rules you chose to play under.
In America, most unskilled software developers make somewhere in the $80k to $140k range. A living wage is around $20k for absolute bare minimum essentials. Skilled devs still get around $200k.
Point is, maybe 10 people. And that’s if you like ramen.
I don't know where people get these crazy numbers -
Even in America outside of the coasts and outside of FAANG, making $140-$150+ as a senior developer is very good (and compared to almost all other industries is absurd) - salary.com which doesn't just rely on self-reported info as levels does reports the median salary + bonus for senior software engineers as $120k
Outside of the US, even in more expensive places in the EU, even the equivalent of $100k for a super senior lead architect would be Very Good - I don't know a single SWE in the midwest in the US - including senior embedded systems engineers working on medical devices, senior firmware devs working on networking equipment, or any web engineer that makes more than $175k and I know plenty of Very Good senior full-stack web devs that make $125-$150
$125k a year is still a top of the top salary in the US, so don't cry for them tho
I just don’t think HN is interested in this anymore. There was a time. It’s gone now.
Dumb comments saying software engineers make 100x a living wage (as if this would be a bad thing) are the flavor du jour. It’s hard not to respond in kind.
But thank you, for what it’s worth. I remember you from 2010. It was quite a time.
For what it's worth, I didn't read thefourthchime's comment in a way that would suggest that software engineers are making 100x a living wage. The way I understood it, they meant that the total cost of all engineer hours spent on rectifying the problems caused by the 'colors' and 'faker' issue would easily cover 100 living wages.
Moderately skilled it engineers other of backgrounds and devs can make much more than $200k, just go check levels.fyi
To the parent comments point
> It's a bit wild that the sum total money spent on salaries for engineers handling potential problems stemming from this or defending against the possibility in the future could probably have covered paying the maintainer a living wage many times over.
The collective effort across numerous companies is much more than just $200k and you can bet your butt on that.
